Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
'Motivating People Who Want the Struggle': Expert Advice on InfoSec Leadership
Industry veteran and former Intel security chief Malcolm Harkins pinpoints three essential elements for leaders to connect with their employees and drive business objectives.
Malcolm Harkins doesn't seem like a violent guy. But he is passionate, a trait that emerged fully to the surface in a recent encounter with a CISO during a panel discussion.
"The CISO said, 'I'm an adviser to the business.' I wanted to leap across the table and beat the guy," Harkins recounted in his presentation at the Cyber Strategy Retreat, a professional development event for technology and risk management leaders in Boston this month. "I took this guy to task in front of a couple of hundred people. I said, 'Where the heck is your accountability? As an executive, you're an owner. You own security. If the CEO makes all of the decision, well, why the heck does he need you?'"
The incident is an example of the messaging Harkins is focused on these days — that is, leadership, and specifically how security leaders can lead and inspire teams to own the security mission, believe in the goals laid out for them, and drive business objectives. It is the focus of a talk he is taking around the country titled "I believe, I belong, I matter."
"It's about motivating people who want the struggle," Harkins says. "How are we doing that within our security teams? How are we doing that despite the fact that the CIO doesn't give you the budget you need? Or the GM doesn't show up to your meeting. If people don't want to struggle, that is our fault as leaders. The result will be a continued manifestation of risk."
From Call Center to Security Leader: Understanding the 'Mission'
Many know Harkins as a well-established luminary in security. He was the first chief security and privacy officer at Intel, a company he joined immediately out of grad school as an analyst in 1992. He eventually moved on to become CISO at Cylance, which was later acquired by Blackberry. His most recent move is to security startup Cymatic, where he is the chief security and trust officer.
A winner of multiple industry awards, Harkins is also a regular contributor to industry publications and has authored numerous white papers and a book, "Managing Risk and Information Security: Protect to Enable."
Harkins got his professional start not in security, but in a call center working for May Department Stores in its credit department in the late 1980s. It was, as he describes it, people calling to "bemoan their credit bills," and he got his first taste of leadership when asked to manage the center while his own supervisor was on lunch break each day.
Malcolm Harkins
The real test of his ability to lead came one weekend when he was working in the call center and May officials attempted to bring the company's chairman in for a tour.
"I said, 'You are causing a distraction. You want a tour of this department, make an appointment.'" The tour was cut immediately short and the group left stunned.
Rather than take heat for the incident, management saw it as proof that he understood the mission of the call center, and Harkins was elevated to management himself. In his new role directing the call center, he insisted May make every available manager go to the call center when needed and take calls themselves.
"Those call center agents that were paid low and yelled at weren't being respected," Harkins explains. "To have a vice president sit down and say, 'How do you do this?' changed the culture. It took that call center from worst to best in the credit industry."
The Recipe For Getting Employee Buy-In
The shift in mindset among employees that Harkins first implemented at May's call center is what he has aimed to reproduce in each place he has landed throughout his career. The belief set he embraces — and now espouses as a leader — has little to do with security, specifically, and is much more focused on human nature and a sense of mission and community among workers.
Harkins' thesis on what makes employees happy lies in three tenets:
I believe: I trust the organization's mission, its management, and my peers.
I belong: The people in the organization frankly demonstrate they care about their employees.
I matter: The work I do and my organization make a difference.
It is a recipe that has served him well in nearly three decades of management.
"Those who believe what I believe, they lean in hard with where I go. Those who don't, I can either ignore them or go engage them," Harkins says. "You can't believe in the message if you don't know what the messenger believes and if they're not clear about what they believe."
Add to this a feeling of belonging in the organization — a sense of being cared for and connected, Harkins says, and then layer in ways to make employees understand why their work matters. This is the essential recipe for team success.
"You need to figure out how to create a security mission with the mission of business," he adds. "The ideal state is when you have all of these. I've managed a lot of teams, and every problem I have ever diagnosed comes back to this framework."
And with a high-functioning team that clicks and works hard, the objective is to give them purpose and clarity, Harkins says, so they truly understand what they are working toward each day in order to make security a business driver.
"Our job is to protect to enable," he says. "If we don't, we are getting in the way. We are getting in the way of the business mission."
An Approach for Work and Home
Harkins leadership philosophy is one he employs in his personal life, he says. During his recent presentation in Boston, he showed the audience a picture of a book he created for his wife, Kim, about 10 years ago on their 20th wedding anniversary. It was titled "I believe, I belong, I matter," and in the book's final inscription it says, "I believe in you. I belong with you. I matter because of you."
As a team, the Harkins raised their children, sharing the challenges of parenting their middle son who has Asperger's Syndrome – a high-functioning autism spectrum disorder – which at times tested Harkins' own leadership style and beliefs, he says.
For example, during his time at Intel, Harkins was teaching a leadership workshop based on the book "Model The Way," by Barry Posner and James M. Kouzes. But putting it into practice at home was entirely different. One night after returning from a business trip, he noticed his son's bedroom was disorganized and covered with toys, so he decided to "model the way" to a neat bedroom by cleaning the room himself. When his son came home from school later that day, he saw his room and had a breakdown. It took hours for Kim to settle him down.
Harkins' son later told him he reacted that way because he "couldn't find anything." This was a wakeup call.
"I realized I had modeled my way," Harkins says. "I hadn't modeled his way of doing things."
His son, he says, saw the tidiness as a message that he couldn't play with his toys. He told his dad he liked things out and visible, where he could see them and find them easily. To this day, even in his 20s, he keeps his room this way, Harkins says.
The lesson made Harkins consider going forward how often he imposed his way on others instead of taking unique needs into account, he says.
"Not that everything has to be customized or catered to — that would not be practical," he says. "But where we can and where we should, we need to make sure when we model the way we do it to help others achieve their best."
Because each team member is unique, Harkins says he understands leaders will get at the fundamentals of "I believe, I belong, I matter" differently. But ultimately it is about connection with a team and getting them to buy in to your vision for success.
"If your actions inspire others to dream more, learn more, do more, and become more, you are a leader," he says. "I never once had a talent issue. I had people begging me to work through the night, 70 hours a week. The only way I know how to do that is to figure out this stuff and create this kind of culture."
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024