Thursday, December 19, 2019

An Abdication Of Cyber Leadership To Consultants


Cyber leaders seem to proudly point to bringing in outside consultants to convince executive to take action on items that have lingered for years. Social media is full of threads of such proud proclamations by both cyber leaders and consultants.



Wait.  What?!? 
  
Critical items that have lingered for years?  An outsider with more trust?  Something else seems broken there. 

Let me restate the issue:


A vendor came in and within a short time put together compelling communications, a need for prioritization, and a plan that were understandable enough to resonate with the executive team and convince them to take action on something really important but that the cyber leader wouldn't (or couldn't) shape or gain traction for years with the same executive team.


Read the above again. Can you see the problem now?


There are only a few unfortunate conclusions that can be met


Those conversations simply never happened
Conversations that did happen were not understandable
Understandable conversations weren’t compelling
Compelling conversations didn’t have an associated achievable plan
The executives have lost confidence in the cyber leadership


The hard message here is that all of the above are leadership problems.   

The first few might even be indicative of a cyber leader that has wholly abdicated their responsibility to the cyber program. Or, bringing the wrong skills to the role rather than the executive communications and negotiation skills that are needed.  Both are extremely problematic. This might explain why that same leader proudly points to having outsourced the conversations with executives or the quality of those conversations.

Cyber team members, the organization, and the Board all deserve better. 


Consultants are necessary but left un-managed they’ll sell what is most beneficial to them. When what is most beneficial to them overlaps with your organization’s needs, you have a match. The ground level view of issues makes sense particularly when assuming a new role. But, that isn’t always the case.


You can successfully outsource work but you can’t successfully outsource the program leadership, program direction, or liability for a breach. 


As cyber leaders, these are ours to own.


Like what you've read enough to follow me on Twitter? @Opinionatedsec1.


SEE ALSO


Cyber Leaders And the Adult Table 

Servant Leadership In Cyber Security 

The Cyber Security Leadership Challenge

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)