When Leadership Style Is a Security Risk

Risk-aware leaders can be a cybersecurity advantage. Their flexible leadership style and emphasis on security first help set the tone and demonstrate a commitment to avoiding risk.

5 Min Read
Red arrow on a tile: Leadership concept art
Source: Cagkan Sayin via Alamy Stock Photo

Effective leaders have the power to motivate, inspire, encourage, and guide their teams. While C-suite leadership may receive the most accolades, it is leaders at all levels who hold the keys to the culture of a company. Leadership style is of the utmost importance when it comes to improving widespread cybersecurity readiness.

Here's how.

Setting the Operational Tempo

Leaders make important decisions every day, often within tight confines. At the same time, they're expected to think through things thoroughly, tactically, and act in accordance with the events set before them. The military defines this concept as "operational tempo," meaning that the speed and intensity of one's actions must be relative to those of unfolding events in the operational environment.

Leaders must be strategic and intentional in everything they do, and a manager's approach to cybersecurity is no exception. Operational tempo is an integral part of an effective manager's day-to-day world. Some decisions can be methodical, while others necessitate almost immediate action — especially when cybersecurity is a concern. For instance, leaders must act with haste when dealing with an active threat that could persist or worsen within the network. If they're unable to define a path forward, vulnerabilities can be left open, attacks can go unaddressed, or other risks may continue under the surface without correction.

The concept of operational tempo stresses that there is an important link among leadership styles that can prioritize, make timely decisions, and maintain an advantage over the adversary.

Vigilance & Readiness in Leadership

How can leadership style become a cybersecurity advantage, rather than a security risk? Adaptability, preparedness, and informed confidence are a great start. A security risk-aware leader will make rapid yet informed decisions, especially in the face of a potential threat. They will be alert to any changes in the threat landscape, new strategies, and ways to mitigate risks. They will have a comprehensive understanding of the risk landscape, risk leadership strategies, and evolving technologies. A risk-aware leader will have incident response plans in place, and playbooks developed to conquer various situations that may come their way. Clear communication helps them articulate complex technical information clearly and concisely. They will constantly adjust to recover from a setback, take ownership, have accountability, and thereby set the tone across the organization. Finally, they will have ethical integrity, which is important not just as a security leader, but as any leader across departments and industries.

Culture Counts

Leadership style directly impacts company culture as well, and both of these have a deeper impact on cybersecurity than one may think. In an office where employees trust one another, where there is a high level of psychological safety, and there is an open-door / open dialogue approach, it's much more likely for colleagues and peers to speak up when they see someone making a risky security choice.

Consider a situation where a direct report observes their manager acting in a way that could potentially expose the organization to risk. Under healthy leadership, that direct report would have the freedom and confidence to figuratively tap their manager on the shoulder and respectfully lend advice or insight.

In addition, poor culture and poor leadership can result in wrongdoing from an insider threat perspective. For instance, a manager might display behavior that could damage the organization's relationship with a particular employee, who then may be led to conduct malicious activity such as stealing confidential information or selling data to a competitor.

These types of situations highlight the importance of taking a human-first approach to security and leadership in general. It's important for leaders to take an active approach when it comes to addressing risk and confronting security issues early on. This is only possible, however, if there is a tight-knit and trusting work environment. Cultures with a focus on openness, transparency, and respect foster environments with lessened security risk. Contrastingly, leaders who struggle to create a healthy culture will often find themselves reacting to security threats instead of being preventive.

Garnering Shared Responsibility

A key tenet of effective leadership is the ability to delegate. This doesn't mean assigning work to others and abdicating accountability. Rather, it's motivating a team to share in the work that needs to be accomplished. It's determining how to divide work with shared responsibility. Under the guidance of leadership, every person within an organization must be expected to make good decisions when it comes to cybersecurity.

With that established, we can better understand the role of awareness and transparency in security culture. Most security awareness and training campaigns are lip service. Translating that awareness into something actionable is where many organizations may fall short.

Leadership style can determine if and how action can take place. In some cases, a manager might be transparent about security risks but fail to take action to mitigate that risk. This puts ownership and accountability into question. Businesses should adopt a principle that underlines the importance of sharing responsibility for risks or challenges of which they are aware and taking definitive steps to address them. While there are nuances in terms of authority structures, responsibilities, etc., inaction can undoubtedly lead to severe consequences with respect to cybersecurity.

Managing Security Well

Creating incident response plans or playbooks, committing to take decisive action when exposure occurs, and volunteering for security awareness training on a regular basis are among several actionable steps leaders can take to improve their organization's security posture. While all of these, on the surface, may seem like small actions, they demonstrate a manager's commitment to vigilance and proactiveness to peers.

Leaders must adapt, be flexible, and continue improving. After all, good security never stops. Technology isn't the golden ticket, either, which is why it's imperative for leaders to invest in the human element of security awareness. Focusing on ways for managers to enhance their role as security-minded leaders while also creating a security-first culture can help organizations avoid risk and maintain their defenses.

About the Author(s)

Tyler Farrar

CISO, Exabeam

Tyler Farrar is the Chief Information Security Officer (CISO) at Exabeam. In this role, he is responsible for protecting Exabeam — its employees, customers, and data assets — against present and future digital threats. Farrar also leads efforts in supporting current and prospective customers’ move to the Exabeam cloud-native New-Scale SIEM and security operations platform by helping them to address cloud security compliance barriers. With over 15 years of broad and diversified technical experience, Farrar is recognized as a business-focused and results-oriented leader with a proven track record of advancing organizational security programs.

Prior to Exabeam, Farrar was responsible for the strategy and execution of the information security program at Maxar Technologies, which included security operations, infrastructure governance, cyber assurance, and USG program protection functions. As a former naval officer, he managed multiple projects and cyber operations for a multimillion-dollar US Department of Defense program.

Farrar earned an MBA from the University of Maryland and a Bachelor of Science in Aerospace Engineering from the United States Naval Academy. He also holds a variety of technical and professional certifications, including the Certified Information Systems Security Professional (CISSP) certification.

Gianna Driver

Chief Human Resources Officer, Exabeam

Gianna Driver is Chief Human Resources Officer (CHRO) at Exabeam, responsible for managing strategy and processes related to building, investing in, and retaining top talent. Driver brings nearly 20 years of executive human resources management experience in small, large, private, and public global companies to Exabeam.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights