How do you step into a leadership role without a leadership or manager title? Should you be leading without the title? Should you be getting recognition with a title or other compensation if you're leading but don't yet have the title?
All these questions and more are at the center of this central question of how do you lead in cybersecurity without the formality of a title?
Leadership is not something defined by a title or a specific role. It's an act of influencing and guiding others toward a common goal.
Leaders are recognized by their actions, behaviors, and the value they bring to their team and organization.
Maybe you want to strive towards a CISO, Head of Security, Director, or Manager role, but you're stuck in a chicken-and-egg problem dynamic. We need all of those roles, especially in larger organizations. We need leaders in cybersecurity, and everyone can't be the CISO at the same time. Not only does that not make sense, it wouldn't be productive.
So, how can you step up and lead your cybersecurity team without the official title to do so? This article is going to answer this question for you.
1. Look ahead
Doing project or operations work is often about dealing with the work right in front of you. Leaders focus on the larger picture at hand. So, if you're working towards that leadership role, you need to do the work in front of you but be actively thinking about how it all relates to the bigger and broader mission. Start asking yourself questions like:
- How does this work connect to the organization's mission or strategic plan?
- Are there any risks to this work that we're not discussing beyond anything technical? Think resources, prioritization, complexity, etc.
- Is there a way we could be doing this more effectively?
- Are there other stakeholders we could serve doing this work?
2. Build momentum
Stepping up into a leadership position within your team, you should build momentum through trust with others, empathy for their role, and understanding of all the work. This should be focused on creating a greater sense of engagement and connectedness within the team.
Engagement drives momentum on the work at hand and the amount of creative thought that goes into the work.
If you're wondering how to do this, try practicing active empathy for others or take a page from Simon Sinek's playbook.
3. Wield influence
A lot of the work we do in cybersecurity is done through other people. Patches get applied by system owners. Offboarding is carried out by human resources teams. Budgets are set by the finance team.
You get the idea.
As part of your efforts to think about the big picture and the risks surrounding the work you're engaged with, consider the myriad of stakeholders involved. These might be people on the team that need to deliver specific work. This might be decision-makers on other teams that need to be engaged. It might be a group of people that need to be informed of updates or decisions made.
Spend some time mapping out the people and teams and their respective roles in the process. Once you've done that, get to work on figuring out how to proactively do that relational work with the people you've identified.
This is no surprise, but leading isn't all about sitting back in an ivory tower. Aim to lead from the front as you work in a leadership position. This doesn't mean micr0-managing, but it does mean taking a position where you're not afraid to roll up your sleeves and help out with whatever is necessary.
Take the initiative when you see things that can be done.
Aim to be proactive, not reactive.
You don't need to take over. Rather, offer solutions, listen to others, and help make things happen.
5. Humble yourself
Don't jump into this work expecting that you're going to get handed a shiny new title on a silver platter. Do the work to do the work. Trust the process and be consistent.
Setting any kind of ego aside in this process will help you keep your morale high and your focus locked in.
Also, remember your team when praise comes around for a job well done. Don't jump to the front of the line to take all the credit (look back at that Simon Sinek clip).
Stepping up as a leader in cybersecurity doesn't necessitate a formal title. It's about embodying qualities like expertise, empathy, initiative, and collaboration. Put these 5 actionable steps into practice in your body of work, and you'll start emerging as a leader within your organization, with or without the title!