We are pleased to announce that Lares team members, Andrew Hay and me (Mark Arnold), appear in the Tribe of Hackers (ToH) Security Leaders edition, the 3rd in the series ToH books. The newest release has already received acclaim and reception by noted reviewers, including Ben Rothke's Book of the Month Review for the RSA Conference. ToH editors, Marcus Carey and Jennifer Jin posed the following questions to a diverse set of leaders:
- Do you believe there is a massive shortage of career cybersecurity professionals? If so, how do we bridge the gap?
- What's the most important decision you've made or action you've taken related to business risk? Why did you choose that path?
- How do you make hard decisions? Do you find yourself more often making people, process, or technology decisions? Why?
- What's something that you struggle with as a leader, and how do you overcome that? Was there a particular role in your career has been the most challenging? Why?
- How do you lead your team to execute and get results? How is that different or similar to how you contribute as an individual?
- Do you have a workforce philosophy or unique approach to talent acquisition? How do you hire the right people and retain them?
- Have you created a cohesive strategy for your information security program or business unit? How do you ensure those goals are aligned with the overall corporate strategy?
- What are your communication tips for interacting with executive leadership? How is your approach different or similar to conversations with your boss, peers, direct reports, and the rest of your team members?
- How do you cultivate productive relationships with your boss, peers, direct reports, and other team members?
- Have you encountered challenges collaborating with revenue-generating teams like sales and product development? How do you approach partnerships with these teams?
- Have you encountered challenges collaborating with technology teams like information technology and software development? How do you approach partnerships with these teams?
- Do you have any favorite books to recommend for people who want to lead cybersecurity teams? How do you choose worthwhile reading material?
Andrew provided salient advice on cultivating productive relationships with your boss, peers, direct reports, and other team members. “Figure out what they need and determine how to get it to them without compromising the objectives of the information security program,“ said Andrew. “There’s a time to give in and a time to stand firm.”
Andrew also states that neither should get in the way of forging productive relationships with others in the organization. “If you can determine a need or want, deliver on it, and not compromise your personal or program beliefs,” said Andrew. “The relationships will materialize.”
In response to the question about hard decisions, I opened up about my kryptonite, the passion for people to succeed, while ensuring business alignment. I try to make decisions based on risk these days. Some of the hardest risk management choices have been 'people decisions,' given my passion for people. I have always been biased toward the success of the team and the individual resources that comprise it. However, I have experienced instances where loyalty to the 'team' clouded my judgment and adversely affected business risk appetites and goals in my effort to save colleagues. I have learned the hard way to balance my 'people passion' with risk management to reduce business deficiencies in the pursuit of business outcomes.
The leadership book I recommended was Team of Teams: New Rules of Engagement for a Complex World by General Stanly McChrystal.
I asked Marcus what he (and Jenn) thought about the latest ToH volume. "To be honest, it's probably the most important book in the series because it brings everything together about leadership." Carey remains staunch in his advocacy of diversity of leadership to close cybersecurity gaps and build capable teams. "We're going to need [diverse] leaders that can lead blue, red, and purple teams. More important than the individual contributions is the call to teamwork. Teamwork still makes the dream work."
The current volume is not the first in which a Team Lares member has appeared. The second volume in the ToH series highlights the contributions of our own Chris Nickerson and his recognized expertise in the field of Red Teaming. The inclusion of our team members, along with luminaries and leading voices in cybersecurity, is a testament to our thought leadership and community presence. Most importantly, Team Lares continues to share its collective wisdom to the betterment of the industry and improved security outcomes for all.
Mark Arnold has a 15+ cybersecurity career, serving 8 of those years in leadership roles. As a transformational leader, Mark has built security teams and programs, authored maturity model blueprints to optimize risk management processes, and implemented security domain practices at large enterprises and service providers. Mark’s areas of interest include cloud security, threat intelligence, and vulnerability research, nation-state attack methods and related activities (e.g. information operations and disinformation campaigns) and their collective impact on nations and society. Mark recently completed an executive education cohort on the intersection of cybersecurity and technology at Harvard’s Kennedy School.