While there are certain universal experiences when it comes to leadership, the number of new things to learn never ceases to amaze me. Through hosting the podcast, “Cyber CEOs Decoded,” I’ve had the privilege of speaking to CEOs from all walks of cybersecurity life: those at the helm of marquee names, as well as those steering the ship at scrappy startups. Each person’s unique experience has been illuminating, providing new insights into all the responsibilities, struggles, and triumphs that the cyber CEO journey has to offer.
We recently kicked off season two and it has me reflecting on some of the most interesting things I’ve learned from some of my past guests. I’ve curated some of my favorite tips from our episodes to date in the hopes that you will benefit from them too.
Mistakes are inevitable, and your ability to learn from them speaks volumes
A good leader understands that avoiding mistakes completely isn’t possible. Current Snyk CEO Peter McKay, a long-time security veteran, noted the importance of being able to recognize and learn from mistakes.
“There are a fair number of mistakes I’ve made over the years. You’re moving incredibly fast. You’re growing 150% year over year. You’re hiring a lot of people, and you don’t get them all right,” he told me. “We’ve made some decisions that I would definitely take back, but we made a lot more right than we did wrong. And when we make a wrong decision, we call each other out. ‘We made a mistake. Let’s not make it again, and let’s move on.’ That’s been our culture. Not every decision was the right one, but it was based on the data you had at a particular point in time. And it’s okay to make mistakes.”
You can’t predict the future, but you can plan for it
Temple University mathematics professor John Allen Paulos has been quoted as saying, “Uncertainty is the only certainty there is, and knowing how to lead with insecurity is the only security.” That applies to the life of being a CEO in cybersecurity in so many ways.
Mimecast CEO Peter Bauer shared a lot about leaning into that uncertainty, especially when you’re starting a new position and don’t know how long your tenure will be, or exactly how the company’s trajectory will proceed.
“You don’t know [how long it will be] and you can’t control it, so you ask, ‘What’s going to be the most high-functioning mindset to show up with for the team, for my stakeholders, for myself?’ At the start of the journey, you’re most open to learning, most open to fresh thinking, and most energetic. So, [you want to] lock into that ‘start of the journey’ mindset,” he told me.
It comes down to being able to use your imagination to really consider the future with fresh eyes and look at it from the perspective of what someone coming into the company in 10, 15 years would want to fix or prioritize, he explained. Being able to take that forward-looking perspective can enable you to better build a sustainable company for the long term.
The power of mentorship and training can’t be underestimated
A refrain I hear over and over – and one I strongly espouse myself – is just how powerful mentorship and training is at every level of the career ladder. And frankly, this is key to how we as an industry build a full and more diverse workforce. It can’t just be lip service; meaningful action must be taken.
Deidre Diamond saw a strong need in cybersecurity to address both the skills gap and the diversity gap. That led her to found two organizations: CyberSN, a talent-matching services company, and Secure Diversity, a not-for-profit that specializes in addressing the diversity gap in cybersecurity. While the status quo is improving, it’s estimated that women represent just a quarter of today’s cybersecurity workforce. Mentorship and training are key to changing this, and Diamond emphasized the difference these resources have made in her own career.
“My first real job was at a recruiting agency, and it’s a really powerful story that we all were trained and developed in, which is that you pay it forward, you train and develop people, you care for your people, and you give them skills,” she said. “And they did that for me from the minute I walked in, for a solid five years. Then I took over and ran things and did all of that for others. There is no way I would be sitting here without that kind of program.”
Having a clear company vision is essential
Another takeaway from my conversations is how important it is to have a clear vision for the company you’re leading.
“I have certain truths that I believe, one of which is just to always have a big, audacious vision – really ambitious. That’s what I feel is important,” Brendan Hannigan, CEO and co-founder of Sonrai Security told me. “It pushes you every day to not get too squirreled away in some narrow segment…. It’s a philosophy. And the counter to that for everybody in our team is to have a strategy. What’s our strategy for the year, for the quarter, for the week?”
Check your ego
Finally, Patrick Morley, cybersecurity board member, adviser, and former CEO of Carbon Black, had some great insight into the danger of hubris in a team:
“Arrogance and hubris break the team. If we align on something as a team, and then I walk out the room to do my own thing because I think I’m smarter than the rest of the team, then I break the team,” he said. “There’s nothing that hurts the ability to build a great company, a great team, more than having an arrogant person on the team. One day you have one person who’s not a team player. And the next thing you know, the next quarter or two, you got a whole team of people like that. So, you’ve got to get rid of that. And the best way to do it is just to say it: We don’t want that hubris in this company.”
These are just a few of my favorite moments from the podcast so far. Get all the highlights from season 1 or listen to the first few episodes of season 2 here.