Being able to prioritize and being able to say no are two closely
linked critical skills for cyber security leaders. The linkage is strong. Without being successful at
one, it can be very difficult to be successful at the other.
Don’t get me wrong. The learned and practiced skill of being
able to say no is really about the ability to say, “yes”.
No to the wrong things, and yes to the right
things.
Yes should be driven by your cyber program’s priorities. And,
if your priorities are truly aligned with the organization’s strategy as they
should be, saying no should make more common sense than saying yes.
Think of your
priorities as a set of pre-negotiated yes answers.
Being able to say no means that you have a prioritization
that other stakeholders agree is working.
Over time and with confidence in your priorities, your
non-cyber executives should begin to be able to predict your response to disruptive work.
No, as in “No, this disruptive work
isn’t a priority.”
No, as in “not now,
but this will become a priority at some point so let’s find space in the future.”
Yes, as in “yes, we didn’t
foresee this. Let's reprioritize something that we are working on, get to a good
stopping point, and get started on this.”
The hardest no should be to the assumption that you’ll just keep
adding low priority work in with high priority or take on more high priority
work than the team is scoped for. Your team will end up swamped. Worse yet, it’s hard to make the point that your team
needs more resources when the leader keeps saying yes.
Good leaders can say yes to the right high priority work by saying no to less important work.
Your ability to say no reflects a lot about your leadership and the effectiveness of your priorities.
Say no more often.
Like what you've read enough to follow me on Twitter? @Opinionatedsec1.
SEE ALSO
No comments:
Post a Comment