Patrick Lencioni on Security Leadership: Keep It Simple

Patrick Lencioni is a leading management consultant who has written several books and appeared in the Harvard Business Review. John Hartmann is a leading security practitioner at Cardinal Health. CSO brought these leaders together to tackle the tough questions on a tough problem: effective management in security.

By Scott Berinato

Page 3

Now, the other thing you have to have, in addition to passion, is a lack of fear of losing your job. I know that's easy to say.

Hartmann: Along with the passion, along with the balancing between business needs and what's practical for a corporation is knowing when to make the decision and the ability to adjust your decision as you go. I'd love to see you [talk about one of the concepts from your books]: clarity over certainty.

Lencioni: People in security have to be able to make a decision without perfect information. They can't wait until they know all the answers, because it's often too late. And they have to do that without a fear of being criticized or being wrong or, ultimately, of losing their job. Security officers have to be more independent in the sense that they're taking ownership and responsibility for security, sometimes to an even greater extent than the chief executive or the executive team.

And if they do that honestly, and with passion and without fear, and if they can make decisions without a fear of being wrongnow, that's a tall order, but that is probably what's required.

You know what's interesting as I'm thinking about this, John, if you want to be popular, you shouldn't be in this field.

If you're working to be the chief security officer so that you can say, I'm in charge of security and I feel good about that, it won't work. Probably, if there's one job in the company that can't afford thatother than the CEOit's the CSO. You're only as good as your last nonevent. Status only detracts from your attentiveness and your diligence. I want you to have a healthy paranoia, which means I want you never to feel comfortable, never feel complacent and never feel particularly satisfied with what you've achieved.

Hartmann: Patrick, can you talk a bit about accomplishing your goals through others?

Lencioni: That's a difficulty for a security person. If an executive says to the head of security, Listen, I'd like you to go sell my people on all of this, I'd say, That's a waste of time. The CSO should say [to the executive], I'm going to sell you, and you're going to sell them.

Hartmann: That's a good one. In my opinion, companies that have recognized the need for a CSO have at least, at some significant executive level, some commitment to security.

Lencioni: Exactly. If you're going to hire that person, have the courage to go to people and say, Don't screw with him. If you want people to debate the return on investment, that debate needs to happen at the executive level. But if you think they have to keep debating it down the chain, that's crazy. And a chief security officer needs to be patient and persistent in getting the executives to figure it out. Once they commit, it should be a done deal.