Patrick Lencioni on Security Leadership: Keep It Simple

Patrick Lencioni is a leading management consultant who has written several books and appeared in the Harvard Business Review. John Hartmann is a leading security practitioner at Cardinal Health. CSO brought these leaders together to tackle the tough questions on a tough problem: effective management in security.

By Scott Berinato

Page 5

CSO: Was the brutal honesty and the passion communicated to them? Because I think that the ROI question probably turns John's stomach every time he hears it.

Hartmann: Fortunately, after four years here, we're kind of past that. But I can tell you that early on there was nothing but the ROI question.

CSO: And you have to kind of go, Well, the ROI is that nothing will happen.

Hartmann: Now, we talk about what are we saving from a business interruption standpoint by taking certain mitigating stepsby looking at what we may lose, as opposed to what we're going to get back. That's been really successful for us.

CSO: So, the CSO can sell his results?

Lencioni: Yes, I think so. But I think that's something probably that a lot of people in that field aren't very good at. Because the nature of the people that go into it is kind of no nonsense.

Hartmann: I would agree with that. The softer skills, I think, are the most important ones. Having the ability to communicate a set of priorities, to pull together a team of people who can give advice, and then take a decision and drive results, I think that's really important. And I think that some of those issues aren't well suited to the often black-and-white thinking of security professionals.

Lencioni: Chief security officers are in an interesting situation in that they're taught not to trust, and they have to verify because over-trusting is, by definition in security, ill-advised. At the same time, they have to develop trust with their constituents within the company. Vulnerability is not an easy thing for a security person to do.

CSO: John, do you feel like since 9/11 last year your job has changed?

Hartmann: Yes. In some ways the sales piece of the job has become easier. There's a recognition now that, gosh, things out there in the real world can affect the way our business works. Visibility has changed slightly.

Lencioni: But things haven't changed all that much.

Hartmann: Right. The fundamentals haven't changed.

CSO: That's an interesting point because a common refrain all last fall and winter was that everything has changed.

Hartmann: Everything has not changed. We just need to keep doing what we've been doing a little bit better. At our corporate headquarters, we used to screen our visitors in the lobby. Now, we screen them at the guard gate. It's just slightly different. We've been doing the same thing for years at our company, but we just kind of kicked it up a notch.