Stop focusing on gaps to gain influence as a security leader

A relentless focus on gaps in security negatively impacts our performance and degrades our influence. It’s time for a change in approach.

mind the gap
Credit: RJP

How many gaps are you addressing in your environment?

I read headlines and listen to stories about all sorts of gaps. Talent gaps. Breach gaps. Detection gaps. Response gaps. The list is long. It seems we find gaps everywhere we look.

Do you actually call them gaps? Have you presented them as gaps?

That’s a problem.

Focusing on gaps erodes your value as a leader. It diminishes your influence. It makes it harder for you to earn the respect you deserve. Security leaders focused on gaps get perceived as weak. If only by connotation of the word gap.


Because gaps are negative. It creates a problem for us in two ways: our mindsets, and how other leaders view us.

Relentless focus on gaps poisons our mindset

Mindset is a powerful influence on performance. Not limited to sports, what we consume and how we think impacts our results.

Already overrun with a steady stream of negative news, most security leaders are on a bad mental diet. Sometimes it causes us to question if security even matters. It does. Read more here.

An external influence, the bad mental diet impacts our internal thinking. It changes the stories we tell ourselves. Looking for and finding gaps reinforces the negative stories. It builds into frustration. Countless hours. Endless gaps. Bigger gaps. Not enough time, talent, or resources. It never ends.

It’s like a steady stream of punches. Sometimes it feels like we can’t win. Whatever winning means anyway.

The solution?

Stop focusing on gaps.

Presenting gaps to others signals failure

A typical gap analysis shows the difference between the current and desired states.

But that’s useful, right? So what’s the problem?

The problem is the word gap.

When officers and directors of a company hear gap, they consider it to be a sign of poor performance. A gap is a sign that the allocation of assets and efforts missed the mark. It signals poor performance.

Only presenting and addressing gaps suggests a chronic inability to lead.

Some find this hard to accept.

They see a gap analysis as a good thing. It reveals where to focus. Sometimes you are accurate and literal, but still wrong. This is one of those cases. The word and the concept is negative. Use it and assume the baggage that comes with it.

The leadership approach is to let go of gaps and change the approach.

Instead of gaps, explain how the world has changed

It's remarkable how the way we work changed in the last two decades. Our networks are different. The amount of applications and data is staggering (and growing). The many devices and myriad of methods to access systems and information is impressive.

Sometimes it is easy to overlook how much we’ve improved. How much has changed for the better. While it may seem minor, it signals the need for a shift in our approach. It changes how we discuss issues and request funding.

Consider the stories you tell others. It is time to relate to people. Present what they need, in the way they best absorb and act on it.

Despite the headlines (the bad diet), people are more aware of security. More concerned, too. It means they are ready for real leadership. With the right approach, it puts us in a position of strength.

Adopt the language of leadership to advance

You have your way. I have my way. As for the right way, the correct way, and the only way, it does not exist. ~ Friedrich Nietzsche

Adopt the language of leadership. Forget about gaps. Instead, just explain what you need to do to protect systems and information. Consider 8 steps successful security leaders follow to drive improvement.

As a security leader, our task is to advance our craft, improve the posture of the organization.

What language do you use? Share your experience and thoughts in the comments and with me on Twitter (@catalyst).

Insider: Hacking the elections: myths and realities
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies