8 Essential Habits of Successful Leaders

Practical Advice from Today's Information Security Executives You've heard of Stephen Covey's "The Seven Habits of Highly Effective People?"

Well, information security leaders also must cultivate healthy habits to proactively manage their careers. Following are the 8 essential habits identified by successful security leaders:

#1- Understand Your Employee: "Successful leaders need to habitually focus more on people and study employee behavior," says Mark Lobel, a principal with PricewaterhouseCoopers in its security practice. To succeed in this effort, Lobel says, leaders must:

Pay close attention to the challenges and needs required by their employees to succeed in their roles.
Support employees help them understand the specific capability and value they bring to the organization.
Communicate with employees about what management expects from their behavior in the future.
Remember to acknowledge those employees who achieve the high expectations established, and inspire them to do better and
Invest in appropriate training, education and security awareness programs to bring them up to speed with current industry standards and best practices.

#2- Think More Deeply: "Security leaders need to develop a healthy balance of looking at issues critically and deeply," says Kent Anderson, founder and managing director of EnCurve, LLC. Usually senior executives spend majority of their time going through metrics, looking at budgets to measure success. And often they get into a rut by treating the symptoms, not the cause. What they really need is to develop a habit of not accepting everything on the face value and delving deeper into issues and root causes of vulnerabilities, risks and understanding the process behind these technologies. Going back to the basics and asking fundamental questions of "what is causing all of this to happen," Anderson says.

#3- Recruit Smart People: "Always have people smarter than you are," says Hord Tipton, executive director at ISC2 to security leaders. As a practice, leaders should hire and retain valuable employees that create a good diversity in the team to get fresh perspectives on issues, generate new ideas and make well founded and informed decisions based on the team's input. Leaders should weigh their strengths and weaknesses to know where they need added support and expertise, and then seek the best and brightest in their field.

#4- Be an Expert: "Revisit your leadership skill-set annually and create an action plan to improve every year," says Brian Dean, senior VP, KeyCorp, based in Ohio. Leaders need to establish themselves as an expert; someone who is informed, confident during a crisis, with the forethought to leverage that knowledge when formulating a vision, and who can articulate the knowledge in a brief elevator conversation or in detail when need arises. In short, leaders need to be well versed in their area of expertise, industry and company. As a habit, leaders must be prepared, well read, understand their environment and have the ability to quote verifiable respected sources.

#5- Cultivate the Security Culture: "Effective security is not one person's job or responsibility; it's everyone's responsibility," says Lobel. Security leaders need to focus on creating an intentional security culture by developing an effective corporate security program and governance process that defines the company's security vision and strategy, making security a function of the business process. Rolling out a proactive and predictive enterprise-wide risk management program and investing in continuous employee training and education helps to promote a culture of integration and consolidation by letting employees know how their work impacts the organization's overall performance.

#6- Communicate Effectively: "Being able to articulate a cogent succinct message real-time with executive management, in terms they can understand, is crucial," says Dean. Consider this scenario: As a security leader, you run into your CEO, board member, or similar senior management in the hall. They ask you a focused question in your area and its ramifications to the company's bottom line. If you are not able to articulate the message in terms they understand, you now have very senior management questioning your abilities, your knowledge and your leadership. "They will likely tell others," says Dean. Leaders must make a strong effort to improve and focus on their communication skills to come across as proactive and strong.

#7- Adapt and Lead Change: "Willingness to adapt and lead change is a mark of a true leader," says Tipton. Managing change is perhaps one of the biggest challenges that leaders face in today's organizations. The more significant the change, the greater the fear, uncertainty and resistance. Security leaders therefore need to remain open, adaptable and ready for change. It is critical that leaders create new processes, keep up with market demand and invest in new tools and technologies while keeping employees motivated and at ease with upcoming changes.

#8- Continue to Learn: "Leaders as a habit should make it a point to invest time and money in their continuous learning and require their staff to do the same," says Dean. Often leaders let their daily routine and workload dictate where they focus their efforts. They consciously need to value this learning and must put together a feasible action plan to incrementally improve each year. Besides the professional training and education, networking with industry leaders is also informative and a solid augmentation to formal learning programs.

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.