What is Cybersecurity Leadership?

Leadership

What is leadership? For some executives, this can be a difficult question to answer. I have a few favorite leadership quotes that provide me with a deeper understanding: "To an extent, leadership is like beauty: It's hard to define, but you know it when you see it" (Warren Bennis).

Leadership is a continuous journey requiring personal investment by an executive in today's global environment. Before people can learn to lead, they must learn something about this strange new world," sage advice from Bennis, the man known as the dean of leadership gurus.

Cybersecurity Leadership

How does today's business executive define cybersecurity leadership? This is an even more complex question to answer. Many disciplines and facets to cybersecurity exist at the tactical, operational, and strategic level for any cybersecurity professional to learn and understand. Such cybersecurity disciplines include system administration, cyber defense, penetration testing, digital forensic investigation, incident response, and threat hunting just to name a few.

But what do today's senior executives need to know about cybersecurity to lead effectively when it comes to their responsibility for effectively managing the enterprise wide cybersecurity risk of their organization?

Consider your personal leadership journey into your current position as a senior executive within your organization. For many senior executives, this may include both an undergraduate and graduate degree in an academic field of study such as business, law, or engineering. For non-business majors, an executive Master of Business Administration (MBA) program may have been achieved during your leadership journey.

Remember how much you had to learn regarding business operations during these undergraduate and graduate courses, such as accounting, finance, economics, marketing, to prepare you for your journey to the point where you are today?

Now let us look at cybersecurity. How many courses in cybersecurity were part of your respective undergraduate and graduate studies program? If you are currently a senior executive, the probable answer to this question is very few to none. Cybersecurity was just in its infancy. Today's evolution of technology has transformed cybersecurity into an area which must be considered in all phases in the implementation of any digital transformation in today's organizations.

Self-Reflection Questions

As a senior executive within your organization, are you properly prepared to effectively lead your organization's enterprise wide cybersecurity efforts to protect the organization from all cyber threats?

Only you can answer that question. This is truly a time to consider what cybersecurity education or training you have taken to effectively understand cybersecurity at a tactical, operational, and strategic level to best carry out your executive-level cybersecurity responsibilities.

For some, the question may arise as to what constitutes a senior executive who is cyber savvy? Is it a senior executive briefed on cybersecurity threats by the organization's Chief Information Security Officer (CISO) or Chief Information Officer (CIO) on a regular basis?Is it someone who reads the constant media reports of the latest organization to suffer a massive cyber breach, costing the organization millions of dollars? Is it both? In today's environment with numerous cybersecurity breaches and incidents impacting today's small, medium, and large businesses, some senior executives may be cyber fatigued: cyber fatigued and plain tired of cybersecurity briefings and the many horror stories of what a victim organization suffers when impacted by a significant cybersecurity event.

Cybersecurity Leadership Definition

I define cybersecurity leadership as the leadership which is comprised of having a solid foundational understanding of the various facets and disciplines of cybersecurity which allow leaders to effectively and continuously execute their responsibilities of creating and continuously maintaining the most mature enterprise wide cybersecurity risk program, therefore providing the most effective cybersecurity posture to best protect their organization from the most sophisticated cyber threats and cyber threat actors.

Cybersecurity leadership is a required skillset for today's senior executive. Cybersecurity is an enterprise risk; therefore, an organization's cybersecurity enterprise risk management program is the collective responsibility of all senior executives, not just the CIO or CISO. If you do not believe this statement, ask yourself who in your respective organization would be involved in addressing a massive cyber event, such as an advanced cyber threat actor intrusion resulting in the theft of sensitive information (intellectual property, customer personal identifying information or health information of your patients)? If you are a senior executive, there is an extremely high probability you will be heavily involved in the tactical, operational, and strategic decisions made by senior leadership as a result of this massive cyber event.

Challenges to Becoming a Cyber-Savvy Executive

Historically, executives have seen cybersecurity as an IT issue. Cybersecurity was not previously seen as a critical component of an organization's business strategy, an enterprise risk, or an executive leadership issue. The many examples of tactical cyber intrusions resulting in an organization's loss of millions of dollars and negative impact to its brand has changed this mindset. Today's executive-level mindset has transformed cybersecurity from an IT issue to an enterprise risk senior leadership must manage effectively.

Another impediment to becoming a cyber-savvy executive is the unspoken fear and lack of understanding of the technology, terminology, and acronyms associated with cybersecurity. Further, some executives lack the desire to learn a challenging, new skill not only required in today's world but complex and constantly changing.

Today's senior executive is expected to understand all facets of the strategic challenges facing their organization, including cybersecurity. But how many senior executives want to admit they do not understand the various facets and disciplines of cybersecurity? Some senior executives would prefer to stay silent, maintain the status quo, and hope their organization is never impacted by cyber threats or cyber threat actors. The problem with this line of reasoning is today's organizations are constantly under attack by sophisticated cyber threats and cyber threat actors. If an organization's senior leadership is not cyber-savvy, the organizations should expect to suffer a significant cyber event which will have negative tactical, operational, and strategic consequences.

Another barrier to becoming a cyber-savvy executive is the cost and time commitment required for training and certifications. There are many respected cybersecurity vendors with numerous courses for cybersecurity professionals. Some courses are multiple days for various levels (beginner, intermediate, advanced, and expert) in one cybersecurity discipline, such as system administration, penetration testing, and digital forensics. These courses cost thousands of dollars with additional fees for certification, travel, hotel, and per diem expenses.

What senior executive with today's hectic schedule has time to take a 5-day cybersecurity course that only covers one specific discipline in cybersecurity? Today's senior executive needs cybersecurity leadership training short in duration that covers multiple facets and disciplines. This training should provide the executive with a solid foundation in different areas of cybersecurity.

Cybersecurity Leadership Training

Many cybersecurity vendors offer quality cyber leadership training designed for CIOs and CISOs or for obtaining a prestigious cyber certification such as the ISC² Certified Information Systems Security Professional (CISSP) or the SANS Institute GIAC Security Leadership Certification (GSLC). These offerings include multi-day courses or programs which last multiple weeks or months. These are excellent courses to consider after obtaining a foundational understanding of cybersecurity.

Hacking the Cyber Threat Cybersecurity Leadership Program for Executives and Leaders

From my experience as a retired 27-year FBI Special Agent, FBI Cyber Division Executive, FBI National Academy Cybersecurity Leadership Instructor, Big 4 Accounting Firm Executive-Level Cybersecurity Consultant to boards and C-suites executives, CPA, CISSP, continuous advanced cybersecurity technical training, and educating executives on the cyber threat since 2010, I have developed a cybersecurity leadership program designed for today's executives and leaders.

The Hacking The Cyber Threat Cybersecurity Leadership Program for Executives and Leaders is a 9-hour online course designed for today's executive. The course consists of 15 modules that provide foundational cybersecurity training for executives in the following 15 areas:

1. Introduction
2. Integrating The Cyber Threat in Strategic Planning
3. Understanding the Cyber Threat Landscape and the Basics of Information Technology
4. Understanding Malicious Software
5. Information Operations (Nation State Actors/Advanced Persistent Threats)
6. Critical Infrastructure and Industrial Control Systems
7. Wireless and Mobile Devices
8. Web Infrastructure and Third-Party Risk
9. Cybercrime, Hacktivism, and Insider Threats
10. The Cyber Underground
11. Cyber Defense, Incident Response and Recovery
12. Cyber Education and Cyber Training
13. Cyber Regulators and Cybersecurity Frameworks
14. Private Sector and Public Sector Partnerships
15. Strategic Challenges Facing the Enterprise

After completing each module, each executive is provided with "Questions to Consider" to assist them in having a more robust conversation with their CIO/CISO/IT Director regarding the specific module cybersecurity topics. Each module has an assessment for each executive attendee to reinforce the key lessons from each module. In addition, I provide two recommended study schedules to incorporate in each executive's busy schedule. Future quarterly updates will be offered to maintain a current level of executive cyber-savviness.

Start your journey today in becoming a cyber-savvy executive by enrolling in a cybersecurity leadership program for executives available today here. If you would like to download this entire article, the first in a five part Cybersecurity Leadership Perspective Series, click here.