Companies need to understand the differences between management and leadership, and provide the means to work effectively with employees and teams during challenging times.
Speaking at the Infosecurity Europe Virtual Conference, Sajed Naseem, CISO for New Jersey Courts, said businesses need to identify “all degrees of bad,”citing a recent senior sporting official, and identify the “least bad” challenge.
Naseem said that a lot of leadership is about knowing how you feel, how your team feels and how teams connect to other teams. He called leadership the “skills of motivating, guiding and empowering a team towards a socially responsible vision” and “in cybersecurity, leadership is required to provide opportunities to make cyberecurity stronger in the organization.”
Whereas management, he added, requires “a set of well-known processes like planning, budgeting, structuring jobs, measuring performance and problem solving. The difference between management and leadership is that cybersecurity management “must make sure upper management’s business objectives and cybersecurity tie together and there are no misunderstandings.”
With regards to questions that should be asked in order to achieve the goal of creating an effective management/leadership strategy, Nassem cited the following:
- Who will set the vision?
- Who will set the strategy?
- Who will break the silos?
- How will digital transformation be sustained?
- Who will shop for the 'groceries?'
- Who will stand up to say the “budget is decreasing” and “the workforce is expected to be cut?”
- Who will speak with empathy in the decreasing workforce?
- Who will stand up against “budget is decreasing” and “workforce is expected to be cut”?
- Who will make the right decision even when it isn’t a popular one?
- Who will say “I don’t know” and who will find out the answers?
- Who will look past the fears?
Naseem also encouraged knowing each member of your team, and to ensure they are engaged, and that you are engaged with them.
To conclude, Naseem encouraged CEOs to hire and support cybersecurity people, and to keep them abreast of mergers and acqusitions so they can measure cyber-readiness and performance. “Your business may be a money making business, but if you miss cybersecurity, you miss the point.”