The Importance of Leadership in the Information Security Industry

Firewalls, proxy servers, intrusion detection systems, etc. are all essential technological factors that contribute to information security.  All of these are installed, maintained and controlled by what has commonly been termed ‘The Human Factor.’ We the people, so to speak, are the ones who put these tools to use.

The single greatest ingredient to the success or failure of IA initiatives is the people.  What guides the fate of the people?  If you answered leadership, then give yourself a pat on the back.

There are many factors that contribute towards leadership. Communication, accountability and trust, however, are the golden trifecta of what creates and sustains influential leadership.

COMMUNICATION

Communication is “the art and technique of using words effectively to impart information or ideas.”[1]  Of course, there is much more to this topic than a simple one line definition.  

Communication is the cornerstone of Information Assurance.  Products, services, research, governing bodies, and a host of other entities come together to form the multi-billion dollar international IA industry.

There are a few components that go into providing effective communication.

• Be concise. Identify your concerns in short order.
• Be clear. Say what you mean directly and tactfully.
• Be consistent. It is permissible to change messages, but to change the meaning of a message after the fact breeds instability.
• Be acknowledged.  Make sure that other parties comprehend your message.  There are numerous ways to verify this. Pick one and make sure you are understood.

ACCOUNTABILITY

People depend on accountability. In order to provide accountability in this industry: logs are created, certificates are issued. Information is collected, verified, and reported all to hold each process, each application and each person is responsible for actions they undertake.

Accountability depends on:

• Who is responsible? 
• What exactly are they responsible for?
• Does authority accompany responsibility?

It is not difficult to find someone in a position where their daily obligations do not match their assigned job description.  Some would call that ‘flexibility.’ It is simply poor leadership.

Leaders explicitly set goals and define expectations. They utilize clear, concise, and consistent communication to identify the responsibilities of each team member. Leaders ensure that the necessary authority is designated allowing goals to be achieved. They also monitor progress to assist in overcoming obstacles.   If goals are not established in the beginning or if they are not met in due time, the breakdown is a failure of leadership.

As a leader of any size group or organization of people, it is essential that you put in place a structure that provides accountability. This gives clarity to your followers of what it expected of them. It is just as crucial that you as the leader are held accountable for your actions. This is how you will begin to instill trust into the dynamic.

TRUST

When communication is effective and accountability is conscientious, trust is established.  For trust to be established in relationships among co-workers, vendors, clients and leaders, it cannot be assigned. It must be earned.

The beauty of trust is that it can be established in a work setting regardless of personal connection or conflicts. Not every one of your followers has to ‘like’ you. They have to trust you. If you as the leader change your demeanor from one person to the next in order for them to like you, then you are not staying consistent. Consistency is part of what establishes accountability. If you unwavering in the way that you present yourself, your followers will always know what to expect. This type of consistency is what gains trust.

Leadership can be thought of as a triangle. The edges of the triangle are made up of communication, accountability, and trust. When one side of the triangle is removed, the structure will collapse and become non-existent. In order to establish and maintain effective leadership, it is essential to continuously be evaluating your leadership triangle and assessing it for any structural weaknesses.

Leadership is not the duty of management alone; it is the responsibility of us all.  If we are to succeed in the Information Assurance arena, technical prevention measures alone will not suffice.  We must have solid leadership.  

[1] Dictionary.com: “communication.”