8 steps successful security leaders follow to drive improvement

These are the steps successful security leaders follow to reframe their efforts and enjoy the success of an improved program, less stress, and recognition from other leaders

nate2b (Creative Commons BY or BY-SA)

Your pathway to better results and less stress

Security leaders experience pressures and challenges no other leader in the organization faces -- or understands.

Improving the security program, aligning with the business, and recognition as a peer from other leaders is possible. Done right, it even generates less stress.

Here are 8 steps you can follow to strengthen your leadership while improving your security program.

bad news
Alex (Creative Commons BY or BY-SA)

1. Change your mental diet

Successful leaders recognize that surrounding themselves with negative news -- and negative people -- is a recipe for disaster. Instead of fixating on headlines and lamenting people who “just don’t get it,” these leaders change their mental diet.

They make the time to celebrate success. They acknowledge their team and focus on what is working instead of obsessing over whatever is challenging.

Check out Why our bad mental diet leads us to question if security even matters for more ideas on shifting from external sources from negative to positive.

Read more here.

popup book
Tom Small (Creative Commons BY or BY-SA)

2. Tell yourself a better story

Once you focus on increasing positive external influences, pay attention to the internal dialogue you have.

What story are security leaders telling themselves? outlines strategies to successfully respond to the steady stream of negative news.

If nothing else, stop focusing on gaps.

“Focusing on gaps suggest we missed something. It signals failure.For the most part, we don’t have gaps. We face a changing enterprise, shifting technologies, and more determined, disciplined attackers.”

Once you change the story you tell yourself, it gets easier to change the story you tell others.

Read more here.

woodleywonderworks (Creative Commons BY or BY-SA)

3. Accept security is not about winning or losing

Successful security leaders practice Thinking about security beyond winning and losing.

“When we treat it like a game (or worse, a war), then we obligate ourselves to keep score. We focus on each detail to maximize our impact. We move with urgency, sometimes in conflict with those we support.

When the game feels short and the pressure is high, we hyper focus on winning. Sometimes at all costs.”

Want to be more successful? Embrace the notion of an ‘infinite game.’

“Instead of asking how we win, what if we focused on making sure security was worth engaging. It places emphasis on connecting with individuals and providing useful information that leads to better decisions.”

Read more here.

Wonderlane (Creative Commons BY or BY-SA)

4. Know when to take a tactical pause

Without a doubt, security is frequently overwhelming. When it seems like there is too much to do, and not enough time or resources, it’s time for a tactical pause.

Explained in Why you need a tactical pause to build a successful security program, the purpose of a tactical pause is to step back and slow down -- just enough -- to get perspective.

In practice, “...take enough time to place focus on the 3 areas that deliver the highest overall value. Otherwise the team ends up unfocused, trying to do everything, and producing mediocre results.”

This is the opportunity to assess how your environment changed, align assets and efforts, and move from a position of confidence. It places purposeful action over wasteful reaction.

“Executed well, it presents an opportunity to reconnect with the business, demonstrate value, and gain confidence in the direction of the team. It regains momentum for necessary efforts and aligns forces for new ones.”

Read more here.

Michael Clark (Creative Commons BY or BY-SA)

5. Be brave and cross the line

When security gets focused, it can turn into a silo. While that sometimes helps address specific challenges, it often leads to an isolated approach to influence and learn from the organization.

As a result, Smart security leaders know when to cross the line.

“Physically step outside the confines of the security team with the intention of engaging and learning from others.”

Crossing the line is a combination mental and physical exercise. There are multiple ‘lines’ to cross, and plenty of people to invite to cross the line into your experience. It’s an opportunity to learn, to build relationships, and to improve.

Read more here (to learn the lines you can cross and learn how to maximize the experience).

parking meter
Ian Sane (Creative Commons BY or BY-SA)

6) Value your time

What is your time worth?

Successful leaders use the value of time to boost security team results. This is because understanding the value of an hour -- for yourself and your team -- provides clarity in the cost of actions. When compared against the value of the outcome, it gets easier to move away from low and negative value actions in favor of creating value.

Read more here - including the 3 steps to calculate what an hour of your time is worth and how to use it to your advantage.

less difficult
Sasquatch I (Creative Commons BY or BY-SA)

7. Do less, but do it better

In a somewhat counterintuitive approach, successful leaders get better results by focusing on less, not more.

As explained in  Why you need to do less if you want better security, the key is focusing energy and effort on the highest value actions. That necessarily means crowding out tasks and activities that are “risk catnip” -- momentarily thrilling (satisfies the need for adrenalin) without creating a corresponding increase in value.

It also means taking a break and allowing your mind and body to rest. By working less hours, but with more energy, it’s possible to get more done. Combine that with a focus on the right priorities, and the results speak for themselves.

Read more here.

Konstantin Stepanov (Creative Commons BY or BY-SA)

8. Tell a better story

Each of the previous steps focuses on changing the conditions in which successful security leaders operate. In order to realize success that includes less stress and recognition from other leaders, it is important to tell a better security story.

Which security story are you telling? lays out an approach to use the three elements of story to craft stories that influence thinking.

“If we fear someone just doesn’t get it - they might not. But that limitation might be more on us than on them. Check your story. Was it a true story, or just a listing of facts? Did you skip to the punchline, expecting someone else to naturally understand?”

The ability to deliver a good story is a skill developed with practice. That might mean spending 20-40 hours just to get a 2-minute story right. Some spend longer.

Successful leaders make the investment in the training and effort necessary to master this essential competency.

Read more here.

Copyright © 2015 IDG Communications, Inc.

Related Slideshows