This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
You've held a technical role in IT or information security (InfoSec) for a number of years, and now you'd like to move into a leadership role. Maybe even become a CIO or CISO. Good for you! There's a need for good people in those roles.
Stepping into a leadership role, however, requires new soft skills you may not have acquired while sitting in front of a console or racking machines in a data center. Skills like building influence and alliances within the organization, and communicating effectively to senior executives. Sometimes technical people feel more comfortable debugging a complex program than selling an IT strategy to the board of directors.
I consulted with Wisegate, a community of IT and InfoSec practitioners and leaders, to get their guidance on how to be an effective leader. The pointers below come from the Wisegate e-book, A CISO Handbook to Effective Leadership & the Art of Influencing People, which assembles the wisdom of members who have ascended through the ranks to become the company leaders they are today. (Note: The link opens a PDF.)
It helps to have a strong technical background so you are well versed in the issues of your new leadership role, but you can't underestimate the value of the soft skills. A recent survey of Wisegate members ranked collaboration, strategic thinking and influence as the most important skills for security leaders.
Wisegate points out that IT and information security officers often lack executive authority over the rest of the organization, so they need to foster cooperation and collaboration in order to get things done. One member says, "It’s necessary to build alliances within the organization so that you build a rapport with these people, and understand what’s important to them. As soon as you start supporting them, they’re going to turn around and support you.”
The community provides the following tips for being successful at using your influence:
- Keep people informed with frequent updates, giving them the essential points they need to know. Provide access to additional data that they can explore if they have the time or interest.
- Concentrate on what's most important to the business. Ask business units about their projects and priorities and figure out how to support them.
- Make things easier for others, not harder. Where IT and information security are concerned, don't burden people with stiff rules that hold them back.
- Deliver what the business wants. Don't be a barrier to business, or others will go around you.
Remember your college days when you didn't have much interest in those mandatory English classes with their required essays and speeches? Well, try to dust off those forgotten communication skills because they are important to being a company leader. For example, you might be asked to go in front of the board to explain why the company needs to make a strategic investment in a new technology. The board won't want to hear the bits and bytes of the technology, but will want to know how it will help advance the business.
Having "been there, done that," the Wisegate member provide these tips on communicating with business people:
- Know your audience. Before planning a paper or presentation, take some time to analyze who will be receiving the communication. It helps to know their interests, their concerns and their level of technical understanding.
- Understand the importance of being a bit of a salesperson and a marketer. You might need to sell others on your ideas and point out the benefits of what's in it for them.
- Watch the use of technical jargon. Speak the language of your business audience, not the language of your IT colleagues.
- Be clear about your message. Make sure your audience understands what you want to convey by putting it in their context and explaining the value to them.
- Focus on the result. IT is a complex topic and we like to get into the weeds, but your audience won't appreciate talk that is not their business. Focus on what you want to accomplish and the business result to achieve.
- Keep the audience's attention. Technical topics can get boring to non-technical people. Add humor and relatable content to keep people engaged.
The Wisegate e-book provides a lot of good advice for new tech leaders, like how to find other people to elevate into leadership roles, opportunities for development, weighing the importance of certifications, and more. Check out the e-book for yourself at http://www.wisegateit.com/resources/downloads/CISO-softskills-handbook.pdf.
Wisegate takes the concept of a social network and puts it on steroids. This is a by-invitation-only community of IT and InfoSec practitioners and leaders who share with and learn from each other. There's no influence from vendors, analysts or other "blah-blah" people who aren't actively involved in providing or directing IT and IT security services for their own organizations. Members exchange their experiences in group discussions and one-on-one settings. It's one place where the members can pose a question and get answers from others who have already walked that path. For more information go to www.wisegateit.com.