Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Poor leadership causes security issues

Dr Mansur Hasib

14-May-2015 Why leadership, governance and culture – the human elements – are key to cyber security.

“We have plenty of technology. Our troubles are from leaders making the wrong decisions,” said Dr Mansur Hasib, who is speaking at SC Congress Toronto on June 10 this year. “Even the technological decisions you make, for example not to harden all of your servers the same way, is a leadership decision; not a technology issue. The same for bad security habits at a company in which people don’t follow rules. When top leadership doesn’t believe in accepting responsibility for security, workers will follow their leaders."

His most recent book is on that topic. Cybersecurity Leadership is part of the US State Department cybersecurity training program, which is available to all US federal workers.

Unlike most C-suiters who view security as a cost, Hasib sees security as a way to increase productivity.

“Humans are the innovators – technology isn’t going to innovate for you,” he said. “We don’t pay attention to cyber security leadership, yet I believe that is the key. If you don’t do that right nothing else will work.”

Nor will spending money on technology help, because people are the weakest link in the chain.

“Yet people can be your strength, if you do it right. It’s not the size of the team; it’s what they can accomplish. Even when I was a CIO there was never a time when someone was off for two weeks and therefore something didn’t get done. I often covered for them while they relaxed and de-stressed.”

People were more productive and able to comment on any other team members’ work. All helped each other, even student interns.

Security problems are preventable with proper leadership. Without continuous improvement, you can never fix them.

“Continuous improvement has to become the culture in your organization… that’s what will move it forward,” Hasib said. “If you don’t have continuous improvement, you cannot have cyber security. Once you embrace culture innovation you’re going to improve all aspects of your company.”

As a result of you trying to do cyber security you’ve elevated the technical innovation level of your company. That’s why working on the people aspect is so important.

Once you make innovation a culture of your organziation, you’re innovating every aspect of your company, because culture is a mindset.  

“If you become a great leader in this aspect you will be a better CEO than many CEOs today. Many of them come from Finance. They have not embraced using technology as a business differentiator.”

The other aspect Hasib sees is a lack of ethical leadership. As the company grows, people who helped it grow are left behind.

“The benefits of the profit somehow has to go back to the people who gave it to you in the first place,” he said. “But over the last 30 years we’ve given up on that, and taken away so many worker benefits. You’ll not have good security if layoff is your corporate culture.”

While every company has a mission, Hasib is convinced that mission cannot be solely to make money.

“You are there to solve a societal problem. Whatever it is, you have a parallel mission. If you keep losing people, the quality of your mission has to decline.

“Look at the decline in worker longevity. Right now the only way to rise in a company is via lateral movement. It hasn’t always been that way. We need to go back to the roots that made American businesses great, which was ethical leadership.”

How are you going to get people to innovate for you when they don’t see themselves receiving benefits from that innovation they provide?

“When I was leading my organization, I told my workforce as long as I have a job they’ll have a job, as long as they’re doing a job,” Hasib said. “When a CFO told me to lay off one person, I told him that if money is the only issue, he might as well lay me off. As CISO I receive the most money. And if you force me to lay off someone, my team will have a hole in it, and important things won’t be done. That gave me incredible innovation. The team could focus on the job and have fun.”