Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Cyber Tactics / Cyber Security News

The Top Three Cyber Security Leadership Qualities

There likely are hundreds of traits associated with great leaders.

June 1, 2013
/ Print / Reprints /
ShareMore
/ Text Size+

There likely are hundreds of traits associated with great leaders. For starters, great leaders demonstrate honesty, integrity, loyalty and humility. They treat people fairly, and they consistently display good judgment. Great leaders tend to be highly intelligent, and they are confident and effective communicators with the ability to inspire others, especially when times are tough. They accept responsibility and value the hard truth. They are calm under crisis, empathetic, and often have good senses of humor. Based on these factors, great leaders are trustworthy, and they repeatedly earn that trust.

It will come as no surprise that each of these qualities also is important and perhaps essential when it comes to cyber security leadership. Yet, of all that is required, these traits may not be the most significant. Consider instead my Top Three: Strategic Vision, Passion for Coordination and Courage to Drive Culture.

 

Strategic Vision

There are few areas as broad as cyber security, where so many resources are committed with such an imperfect view of the scope of the problem and how best to define success. The first order of business is to establish the risk environment. In this regard, cyber security leaders must distinguish and prioritize between risks associated with their internal corporate networks, their outward-facing customer networks, any computer integrated manufacturing systems, those products or services that are enabled by computer chips, and finally the impact that vendors might have on each of these. There’s a big difference, for example, between protecting the Personally Identifiable Information of your employees and customers from hackers versus ensuring that the medical devices or fighter jets your company produces doesn’t contain malware.

Which leads to the second strategic issue: recognizing the breadth of the bad guy’s playing field. Threat actors can and do come from most everywhere around the globe, and they have motives ranging from making a profit to causing harm. They can attack our cyber security through any of four distinct vectors: through the supply chain (to include the design, manufacture, delivery, installation and updating of software and hardware); remotely (whether through network intrusion, drive-by download, email attachment or DDoS attacks); proximately (including, for example, using rogue wireless access points); and by insiders (be it a corporate spy or an unwitting employee).

The third strategic issue is to appreciate the varying degrees to which your company’s risk may be lowered either through threat mitigation, vulnerability mitigation, consequence mitigation or a combination of the three, not all of which are equally effective against different threat actors or activities.

It is only upon identifying and prioritizing company data, products and services; evaluating the methods and motives to harm them; and considering the return on investment of specific mitigation strategies to protect them that a cyber security leader can define and implement a meaningful vision.  Significantly though, for a vision to be strategic it must mean more than a combination of well-designed policies and achievable programs.  It must answer the questions, “What does success look like, and are these policies and programs likely to get us there?”

 

Passion for Coordination

When some people talk about their jobs, they say, “It’s not my work, it’s my passion.” Seldom, however, do you meet people who list coordination as one of their passions.  Yet, that’s exactly what cyber security leadership requires, because the problem and the solution set are diverse and organizationally dispersed. The best cyber security leaders are inclusive, and understand the need not only to adopt the latest techniques for identifying malware, but also the need to assess technology procurement decisions, physical access controls, prioritization of key assets and services, legal compliance regimes and more.

For the federal government, the question had long been asked, “Who’s in charge” of cyber security? The answer was hard to come by. Finally it became clear, the true leaders were those who brought together multiple departments and agencies, determined all of their equities and capabilities, consolidated those into a national strategy and unified budget, and got approval from the President and Congress to move forward. It was through leadership through coordination.

 

Courage to Drive Culture

Although “You can have it all” makes for a catchy ad slogan, it’s a pretty lousy IT policy. Still, many employees consider it unacceptable to have “better” technology at home than in the workplace, or to be restricted from accessing certain websites from the office. Leadership requires the courage to press pause, and sometimes even to hit reverse. It is not necessary for a company’s most sensitive data to sit unencrypted on devices connected to the Internet, or for all employees to have access to that data. Instead, what is increasingly necessary is for leaders to step up and explain the business demands and cyber risks in such a way so employees appreciate, comply with and help achieve the strategic vision. That often requires the courage to drive culture, specifically a culture of security. 

 

About the Author:

 Steven Chabinsky is Chief Risk Officer and Senior Vice President of Legal Affairs for the cyber security technology firm CrowdStrike, where he advises the company and its clients on CrowdStrike’s incident response services, cyber intelligence products, and intrusion detection and attribution platform. He previously served as Deputy Assistant Director of the FBI’s Cyber Division. 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Steven Chabinsky

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.