CEO and co-founder of OpenVPN Inc., a leading-edge networking and software technology company.
getty
I’ve been leading teams in the security space for decades now. I’ve served as the CTO and CEO of multiple tech companies, and I co-founded OpenVPN Inc., a company entirely focused on keeping business networks secure. In leading these kinds of groups, I’ve noticed a few similarities—a few elements that, when implemented correctly, can make all the difference as you develop your team. Some leadership strategies are universal across any industry, to be sure, but some particularly stand out here. Whether you’re leading an entire company focused on network security or you’re a CISO or an IT admin for another organization, there are some essential things to keep in mind.
First of all, your team needs the freedom to create and take risks. While I do believe this is essential for any team, with network security it takes on a unique flavor. By its very nature, security is a rigid discipline and can attract those who value that kind of structure. This can easily lead one to assume that your team is rigid by nature, that it’s opposed to risk-taking.
But I’ve found that’s usually not the case. Of course, the team doesn’t want to take risks when it comes to your network, but when it comes to development? They crave the freedom necessary for creativity just as much as any other team, if not more so. Finding the areas where structure is important to them is essential, and from there you can find where they want to take risks. This process, however, involves a lot of open communication and trust. Work with your team, discuss this explicitly with them, and find out what works.
The second thing to consider when leading this kind of team is that different roles will have wildly different perspectives on security. Those whose specific role is network security will always have it top of mind; that’s all they’ll be thinking about. But someone in DevOps, for example, often isn’t considering security much while they ideate and develop new features or products.
It can be extremely difficult to consider security when you’re focused on developing software; it’s too easy to get lost in the idea, the creation, the excitement of that newness. This means it’s important to educate and establish a process. Train all team members to consider security aspects—while also having at least one (or more) people whose entire focus is on information security. As these two groups work together and develop processes for review and deployment, you can work to communicate a vision—that’s your role as a leader, right? So how does security play into your vision for the company? The more your team is trained in security aspects, the more you can connect this to the big picture and the more invested your team will become. They will be more equipped to incorporate security into the creative vision of their work, and they will value security that much more deeply in the process. That value is essential.
This brings me to the last, and possibly the most important, element you’ll need when leading this kind of team. For security people, a common challenge occurs when their work is not valued. Network security success can be difficult to measure, simply because it’s easier to track what does happen than what doesn’t—and successful network security is all about keeping things from happening. When you’re not seeing those metrics as a leader, it can be easy to forget how valuable network security work is. It’s even easier for the rest of the team to minimize it in favor of the work they want to do—work that might be blocked by security problems otherwise.
But if your network security team does not feel respected, does not feel like their work is valued, then they will respond like any other employee: They won’t put in as much effort. They won’t be as invested in their work. Why should they be when their team and boss don’t recognize the value they bring? So make sure you’re finding ways to measure their success (i.e., set goals with them and watch those goals come together). Show them you care about and respect their work. Find out ways you can connect network security to revenue—a knowledge that will benefit you just as much as it will help encourage them. This is how you get a real, accurate picture of what’s keeping your business afloat. I guarantee that network security is a part of it; you just need to find a way to make that more visible.
Security and tech professionals are a unique kind of team; they make the work we do possible, bringing all kinds of incredible innovation to our culture and our companies. If you want them to succeed at your company—because, let’s face it, they can likely go to almost any company they wish—it’s important to implement these strategies. The more you do this, the more you’ll keep your team happy and your network secure.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
