I have the honor and privilege of mentoring and coaching a number of seasoned and aspiring cyber professionals on best practices in cyber leadership and career growth. Recently, the topic of cybersecurity teams dealing with last minute, heroic course correction efforts and a lack of program management enforcement came up.
Consistent Failure of Cyber Leaders to Set Expectations
One mentee shared the following perspective: “
I hate cybersecurity leadership that surround themselves with teams that lack respect for the concept of management”. At first, I was confused and asked them to explain their viewpoint in more detail. They further described their frustration with leaders that have no idea how to manage, believe that management and process is the devil, and do nothing to enable scalability. As we continued talking, I realized that the issue a consistent failure by managers expectations for their people and then hold them accountable.
My mentee went on to explain that it was common in their organization for “heroic efforts” to be made every time the company had to meet a deadline. They said that it was frustrating because the last minute effort, such as working nights and weekends, was repeatedly rewarded even though the management team was not provided advance notice of the timeline slip, which would have given them the opportunity to correct issues, address roadblocks, or build extra hours into the project.
As I reflected on this management cycle, I realized that as leaders and managers we should not reward the driving of “heroic efforts” at the upper echelons of an organization. We certainly should reward employees who make personal sacrifices to meet deadlines, but too often the entire leadership team and team members responsible for that deadline are rewarded for hurriedly completing a project past the initial deadline—leaving little time for proper documentation and resulting in mistakes and poor quality.
Cyber Leadership Must Set and Enforce Deadlines
As leaders, communicating vision, getting our teams excited and setting a direction is only half of our job. We must also set expectations, deadlines and enforce those expectations and deadlines. As our companies and teams grow, we must put repeatable processes in place that do not stifle innovation, yet hold team commitments accountable. This also means setting company policy, procedures and expectations that postures middle management and supervisors to help enforce good behavior and correct the bad.
We must also show our teams the value in communicating issues before they miss a deadline, forcing the company to invest in overtime and employees working extra hours to complete a project. Frequent communication gives the management team an opportunity to fix a situation, remove roadblocks, or change deadlines.
Communication Drives Return on Cybersecurity Investment
Actionable recommendations for senior leaders and managers:
1.
Set expectations. Expect when a deadline is agreed on with your team that it will be met or ensure that your project lead will communicate that the deadline will slip as soon as possible. Make a point to reward projects that are completed on time.
2.
Work with your project leads and set deadlines together. Ensure that both parties agree on deadlines and address any concerns early on.
3.
Hold daily, weekly, and/or monthly status updates. Provide an opportunity for team members to communicate and share roadblocks and brainstorm ways around them.
4.
Take action when people miss deadlines and fail to communicate issues in advance of deadlines. Act! Send employees to relevant training, clearly explain how continual deadline slips without explanation can affect their performance review or their status at your company.
More cyber leadership insights . . .
For more cybersecurity leadership best practices, check out the net article in this series, “
Executive Strategy Best Practices” with
Bonnie Stith, former Senior Cyber Executive in the U.S. Intelligence Community and Founder of
Stith Associates. Stay tuned for our next article in the GPSG Cyber Leadership series, coming soon.
To connect with us on cyber leadership risk management best practices, contact GPSG at cyberteam@gpsg.co for a free consultation.
