• United States



The Anatomy of Leadership – A Sun Tzu perspective

Apr 21, 20104 mins
CareersIT Leadership

What is Leadership?  Most of us will agree that it is a quality or set of behaviors that engenders sufficient trust and respect as to have others follow someone.  Can you point to the elements that contribute to leadership?

In The Art of War, Sun Tzu characterized leadership as a mix of five traits: Intelligence, Credibility, Humaneness, Courage, and Discipline.  Every organization is characterized by processes and culture that influence the conduct of business. Sun Tzu referred to this as the Tao, or way. The Tao impacts, and is impacted by, personnel at all levels. The leadership, however, plays a unique role in the organization – leaders are entrusted to rally support for, and implement, a strategy.

Intelligence – If leaders are to succeed, their competence must permeate every aspect of their work. Their technical proficiency must conform to or exceed expectations. They must understand the needs and challenges of their colleagues. They must also understand the position of the organization in relation to their competitors. Leaders must take care in how their intelligence is perceived. Boastful shows of intelligence may be perceived as arrogance.

Credibility – Credibility emerges from a reputation of trustworthiness and competence. A leader must demonstrate his ability to employ his experience and knowledge to address a challenge relevant to the company. “The leader must first understand the priorities and values embodied in the Tao,” said Sun Tzu. Armed with this knowledge, a leader’s time and energy can be focused for greater value.

Humaneness – Leaders must demonstrate respect for those with whom they interact. This applies to subordinates, peers, and competitors. The security implications of this trait are significant. Information security managers who treat their reports with consideration and respect garner more cooperation. These leaders recognize the critical, enabling role their reports play.

Given the structure of most organizations, humaneness must be exercised between the leaders. Information security managers must balance the needs of many stakeholders against the security mandates of the company. They employ communication strategies that not only recognize the stakeholder visions but emphasize the common mission of the organization.

Humaneness must also be applied to the perception of organizational challenges. Leaders must shift to viewing individuals or teams as solution enablers. I have encountered the political fallout created by adversarial-minded security consultants. These individuals blamed the stakeholders for the control deficiencies they discovered and set a tone of mistrust that permeated their relationship. The resulting lack of confidence in security consultants was a significant challenge to overcome. Key to my evangelizing efforts was to empower the stakeholders in addressing the security gaps.

Courage – Leaders must project decisiveness and courage in the face of challenges. The credibility of individuals who vacillate under pressure suffers. Consequently, their judgment is questioned by both subordinates and peers. Courage enables a leader to recognize the opportunities inherent in all risks. The confidence projected by a courageous leader lends credibility to his actions and decisions. This trait allows the leader to “mobilize his team to take advantage of opportunities,” said Sun Tzu. It also enables the leader to guide organizational adaptations to a changing environment.

Discipline – Throughout The Art of War, Sun Tzu stressed the importance of trained and disciplined personnel. The leader’s job, he said, is to “prepare his forces for all tactical contingencies that may arise in the field of battle.” This sage advice is applicable to building an effective security program. Leaders are positioned to evaluate the training needs of the team and enable said training. Training, however, does not stimulate discipline. “Discipline,” according to Sun Tzu, “is enforced through consistent application of reward and punishment.” Information security managers ensure that secure policies and practices are enforced with appropriate penalties for nonconformance.

Sun Tzu stressed that the leader must refer to the organization Tao when finding the appropriate balance of these traits we have discussed. Ultimately, a leader is self-aware and strategic in his ability to adapt.


Steven F. Fox provides security guidance to ensure compliance with Federal standards and requirements as a Senior Security Architecture and Engineering Advisor for the IRS. Fox contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup and the Security and Privacy workgroup. He brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He is a syndicated blogger covering IT Governance, Risk Management and IT-Business fusion topics. He also volunteers his time to the Ponemon Institute and Security BSides Detroit. Follow him on Twitter - Join his LinkedIn network -