Patrick Lencioni on Security Leadership: Keep It Simple

Patrick Lencioni is a leading management consultant who has written several books and appeared in the Harvard Business Review. John Hartmann is a leading security practitioner at Cardinal Health. CSO brought these leaders together to tackle the tough questions on a tough problem: effective management in security.

CSO: You talk about collaboration, having a firm hand making decisions, simplicity. I can see people rolling their eyes and saying, Teamwork, blah, blah, blah. A theme in your writing is that these are just words until you apply brutal honesty. Can you talk a little bit about bridging that gap from saying things like teamwork and really creating it through this brutal honesty?

Lencioni: Teamwork is not a virtue; it's a choice. Teamwork is something that people have to be willing to sign up for. And saying it but not doing it is worse that not doing it at all.

So, when people sign up for it, they have to say, I'm going to build trust with my teammates. I am going to engage in conflict. I'm going to commit to things. I will hold them accountable and let them hold me accountable. And I will focus on results, not on my own agenda or my own ego. And those are hard things to do.

Teamwork is actually a natural fit and a requirement for great security because things happen so quickly, and you have to be so on top of things. The cost of not holding each other accountable, of not committing to a common solution, of not trusting each other and engaging in conflict is huge.

Who's best at this brutal honesty? The military, fire departments, people who live in crisis situations.

Hartmann: Your last comment, obviously, hits home. What about CSOs holding their direct reports accountable?

Lencioni: So often people don't like to hold others accountable because they look back and realize they never really clarified what they expected. They kind of said, Do your best. Having a really good discussion up front about what you expect from people both behaviorally and in terms of outcome is a great way to give even the most hesitant manager or leader the courage to hold someone accountable.

Hartmann: Well, I guess it's easy to hold accountable the folks that work here directly for me. But when there is a security policy or rule that's been mandated for the company and in some remote part of the world some little portion of the company doesn't comply, it's much more complicated trying to get enforcement or accountability.

Lencioni: The best thing I can say there is, go back to the executive team. I remember once I went to the executive team and asked for a million dollars for the leadership and management training, and the company said, "Hey, Pat, what's the ROI on this?" I said, "You know something, I can't tell you exactly. But you have to understand in your gut how critical this is. So I'm going to take it right off the table with you guys." And I told them, "We have to do this because we believe in management training. If we're waiting for a spreadsheet, then we're never going to do it."