What to cope with day-to-day complexity and the

What is leadership?

“Leader” comes from the old English noun lædere meaning
“one who leads… (is) first or most prominent,” derived from lædan
“to guide, conduct” (Etymonline.com, 2018), and is defined by Google as
“the person who leads or commands a group, organization, or country”
(Google.com, 2018). It evokes an imagery of freedom fighters and trendsetters
such as Mahatma Gandhi, Nelson Mandela and Martin Luther King, prominent among whom.
Within the modern, corporate context, Kotter (2012) defines leadership as a set
of processes that creates or adapts organizations to significantly changing
circumstances, defines the future, aligns people with that vision and inspires
them to realise it despite the obstacles, with leaders such as Steve Jobs
fitting the description perfectly.

What makes leadership different from management and
engineering in the Information Security (IS) context?

Kotter (1990, 2012) distinguishes leadership from
“management” by defining the latter primarily as the ability to cope with
day-to-day complexity and the former as the ability to cope with rapid change,
adding that while management exists to plan and budget, organise and staff,
provide control and solve problems, leadership sets direction, aligns and motivates
people. “Engineering”, on the other hand, is, arguably, a hard(er) skill,
compared to “leadership” or “management”, which focuses on applying scientific
and mathematical models and knowledge to add practicality to the architecture,
construction and functionality of infrastructures and systems (Wikipedia, 2018a).
The application to Kotter’s vision of leadership to the Information Technology landscape
is relevant, given the rapid rate of change, which in the context of
Information Security is happening, both, above, and below, the surface (dark
web). It can also further highlight the distinction of leadership from
management or engineering. Arguably, a good Information Security Leader is one
who is at once a visionary, a manger and an engineer, capable of defining the
future, leading by example, managing complexity and architecting the
infrastructure needed to achieve success.

  Kotter’s 8-Step Change Model (below) (Kotter,
2014) can be mapped to Information Security Leaders as follows:


a sense of urgency – Understand the threat landscape, evaluate the risks
and opportunities, champion and sponsor strategic change.  

2.       Build a guiding
coalition – Incentivise stakeholders, leverage internal and external networks.

3.       Form a strategic
vision & initiatives – Define a clear roadmap aligned to the business
goals and end-user needs as well as criteria for success and metrics for

4.       Enlist a volunteer
– Communicate a clear action plan with defined roles, set achievable,
measurable goals, enlist and coach influential managers to lead the change
effort, delegate and observe.

5.       Enable action by
removing barriers – Lead by example and by exception, empower teams,
flatten hierarchies, favour a transformational style over a transactional leadership

6.       Generate short-term wins – To raise team morale and justify project viability to stakeholders, leverage
the 80/20 Pareto principle (Wikipedia, 2018b) and aim for the “lowest-hanging
fruit” based on the premise that 80% of problems stem from 20% of the causes.

7.       Sustain
acceleration – Create a healthy
corporate culture to retain momentum, embed healthy best practices (DMAIC, 5S,
7 Wastes, Agile, DevOps, Service Integration and Management, FMEA), to improve

8.       Institute change – Efficient
knowledge management of lessons learned, constant training and communication to
raise awareness in line with the speed of the technological and threat

Which core strengths are fundamental to effective

The following key leadership attributes have been
extrapolated from the Kotter 8-step change model above:

Goal setting – by setting challenging but realistic goals based on a
potential-optimisation strategy and a future-state macro-vision of the
organisation (Dweck, 2012), so as to avoid over-prescribing
goals and thus, causing non-goal areas to be neglected, risk perception to be
skewed, unethical behaviour to increase, learning to shrink and other corrosive
side effects on the organisation (Ordóñez et al, 2009). GE’s ex-CEO Jack
Welch’s adoption of S.M.A.R.T. goals is a good implementation of goal setting (Shin,


Networking – with “strong ties” (big stakeholders) as well as “weak ties” (smaller
ones) (Granovetter,
1973) to achieve organizational goals via personal
influence and by building macro-micro (stakeholder) bridges. Amazon CEO, Jeff
Bezos is famed for having such networking, and direct communication skills (Estes,


Storytelling – by defining an inspirational vision and communicating it via
effective storytelling (Jick, 1989), by “crafting business narratives that captivate,
convince, and inspire” (Schwabel, 2012). Apple’s Steve Jobs is widely
recognised as such an effective, corporate story teller (Gallo, 2015).


Team building – by creating stable, supportive, mutually accountable teams (Katzenbach and Smith,
2005), mentoring and coaching them, and then giving
them the independence to succeed (a move to the right on the
Tannenbaum-Schmidt Leadership Continuum Model (below left) (Dudovskiy, 2013),
and to the left on the Hersey-Blanchard Situational Leadership Model (below right)
(Thefutureofwork.net, 2018)).
Sir Alex Ferguson of Manchester United embodied these very leadership virtues (Elberse,


Empowering – by delegating responsibility, promoting growth, personal and
collective achievements (Kokemuller, 2018), and overcoming cultural (Earley and Mosakowski, 2004)
and generational (Meister and Willyerd, 2010) challenges. Google CEO Sundar
Pichai advocates and practices this philosophy (Pichai, 2018).


Motivating – through active listening (Axialent, 2015), negotiation (Malhotra and
Bazerman, 2012), by managing difficult conversations (Davidson, 2002),
especially with superiors (Sasser, 2011), and above all, by creating an
inclusive culture by mobilising, persuading and encouraging others. Microsoft’s
Bill Gates is said to have ably managed the business as well as the
technological aspects of motivation (Spolsky, 2006).


Example setting – through an exemplary work ethic so as to inspire others and set the
direction and pace for them to follow (Lipman, 2016), such as that of Tesla
CEO, Elon Musk (YouTube, 2014).


Facilitating – by institutionalising best practices and cultural change through
clear communication, direction, resource provision and support. This is best
achieved incrementally to avoid transformation effort failures (Kotter, 1995). IBM’s
ex-CEO Lou Gerstner famously transformed IBM this way (Lagace, 2000).

What are my core strengths and weaknesses?

In a recent StrengthscopeLeader™ evaluation performed by Imperial
College London (Adegbiji, 2016), my results revealed certain strengths and
weaknesses (right). According to this, my strengths lie in the emotional and
thinking quadrants, followed by the executional quadrant. On the other hand, it
would appear that I need to develop my relational skills more, if I hope to succeed
as a leader.

I have over twenty years of industry experience, of which
eleven have been in Information Security. As Chief Information Security Officer
and Governance, Risk and Compliance Consultant working for clients of all
sizes, all around the world, I have learned to manage and achieve buy in from
macro (business) and micro (IT, IS) stakeholders. This has often helped remove
obstacles from the project path and allow the institutionalisation of change at
the end of the same. I have also gained experience in creating teams with
cohesive, and ambitious but collaborative IT and IS professionals, and
motivated them through empathy, example setting and empowerment. My attitude
towards goal setting has been to set measurable and realistic goals, which are
still challenging enough to keep professionals interested and achieve
innovation. Conversely, where I believe I could achieve much more is in my
networking and storytelling abilities. I believe the root cause to partly be
attributable my shy attitude towards social media. Also my academic and
professional formation have both been more geared towards managerial positions
within IT and IS and therefore, I lack the same level of knowledge relevant to
the technical aspects of IT and IS, which I am keen to change.

How would a Master’s degree at the Sans Technology
Institute align to my objectives?

While your Master of Science in Information Security
Management degree aligns closely to my existing body of knowledge and
experience, it is my belief that the Master of Science in Information Security
Engineering (MSISE) degree, would be the perfect complement to my existing
“soft” IS skills, and help me achieve a more comprehensive skillset. It would increase
my confidence in my current roles as Virtual Chief Information Security Officer
and Governance, Risk and Compliance Consultant. It would allow me to translate
my clients’ corporate objectives into traceable, technical requirements, easily
understandable by the IT and IS staff and aligned to the people, processes and
technologies available. I also hope to meet highly skilled Information Security
professionals through the Sans Technology Institute, whether from among other
students on my course, or from the alumnus and educators’ network. It would
allow me to gain confidence and start building a network of some of the best
Information Security professionals worldwide. I also hope to be able to
reciprocate by sharing my knowledge, experiences, unique case studies and views
with colleagues, alumni and educators so as to contribute to the collective
body of knowledge. I am willing to introduce my professional colleagues and
partners to the Sans Technology Institute’s offering of certifications and
degrees in favour of their own continuous professional development.

To me, a perfect leader inspires a vision, a dream, a
challenge and enables everyone to achieve the same, be it via coaching,
encouragement or example setting. Empathy, confidence, coherence and clear communication
add value while arrogance, selfishness and discrimination reduce it. I have developed
an 8-step strategy, based on “Ferguson’s Formula” (Elberse, 2013) which I hope
to implement as an iterative cycle as suggested by Kotter above:

1.     Consolidate my

2.     Rebuild myself and my

3.     Set high standards
for all.

4.     Never lose control.

5.     Always tailor the

6.     Prepare to win.

7.     Observe, listen,

8.     Never stop adapting

I believe that this “formula” supported by the Sans Technology Institute Master’s
degree would help me achieve my long-term goal of being an Information Security
Thought Leader.


Axialent. (2015).
Conversations can change our beliefs. online Available at:
https://www.axialent.com/advocacy-and-inquiry/ Accessed 31 Jan. 2018.

Davidson, M. N. (2002)
Saying What Needs To Be Said case study. Darden Business Publishin

Dudovskiy, J. (2013).
Leadership Continuum Theory by Tannerbaum and Schmidt. image Available at:
Accessed 31 Jan. 2018.

Dweck, C (2012)
Mindset: how you can fulfil your potential. Chapter 1. Robinson. ISBN:

Earley, P. C. &
Mosakowski, E. (2004) Cultural Intelligence case study. Harvard Business

Elberse, A. (2013).
Ferguson’s Formula. online Harvard Business Review. Available at:
https://hbr.org/2013/10/fergusons-formula Accessed 31 Jan. 2018.

Estes, A. (2015). Jeff
Bezos: If You Have a Problem With Amazon, Email Me. online Gizmodo.com.
Available at:
Accessed 31 Jan. 2018.

Etymonline.com. (2018).
leader | Origin and history of leader by Online Etymology Dictionary. online
Available at: http://www.etymonline.com/index.php?term=leader Accessed 31 Jan.

Gallo, C. (2015).
Forbes Welcome. online Forbes.com. Available at:
Accessed 31 Jan. 2018.

Google.com. (2018).
google online dictionary – Google-Search. online Available at:
Accessed 31 Jan. 2018.

Granovetter, M.S.
(1973). The Strength of Weak Ties. American Journal of Sociology, 78(6), p.1360

Jick, T. D. (1989) The
Vision Thing case study. Harvard Business School.

Katzenbach, J.R.,
& Smith, D.K. (2005) “The discipline of teams”, Harvard Business Review,
83(7 ? 8)? 162-171.

Kokemuller, N. (2018).
The Concept of Empowerment in Leadership. online Smallbusiness.chron.com.
Available at:
Accessed 31 Jan. 2018.

Kotter, J P (1990)
What leaders really do Harvard business review. pp.103-11

Kotter, J.P. (1995)
Leading change? Why transformation efforts fail. Harvard Business Review,
73(2)? 59-65.

Kotter, J. (2012).
Leading change. 1st ed. Boston (Massachusetts): Harvard Business Review Press.

Kotter, J. (2014). The
8-Step Process for Leading Change – Kotter International. online Kotter
International. Available at:
https://www.kotterinternational.com/8-steps-process-for-leading-change/ Accessed
4 Oct. 2017.

Lagace, M. (2002).
Gerstner: Changing Culture at IBM – Lou Gerstner Discusses Changing the Culture
at IBM. online HBS Working Knowledge. Available at:
Accessed 31 Jan. 2018.

Lipman, V. (2016).
Forbes Welcome. online Forbes.com. Available at:
Accessed 31 Jan. 2018.

Malhotra, D.,
Bazerman, M.H., (2012). Negotiation genius: how to overcome obstacles
and achieve brilliant results at the bargaining table and beyond. New York:
Bantam Dell – Chapter 1

Meister, J. C. &
Willyerd, K. (2010) Mentoring Millennials case study. Harvard Business School.

Ordóñez, L. D.,
Schweitzer, M.E., Galinsky, A.D & Bazerman, M.H. (2009). Goals Gone Wild:
The Systematic Side Effects of Overprescribing Goal Setting. The Academy of
Management Perspectives. 23: 6-16.

Pichai, S. (2018).
Google CEO Sundar Pichai: Digital technology must empower workers, not alienate
them. online Recode. Available at:
Accessed 31 Jan. 2018.

Sasser, W. E. (2011)
Challenge the Boss or Stand Down. Harvard Business School.

Schawbel, D. (2012)
How to Use Storytelling as a Leadership Tool. Forbes.com.

Shin, L. (2016).
Forbes Welcome. online Forbes.com. Available at: https://www.forbes.com/sites/laurashin/2016/03/30/how-to-accomplish-more-on-your-most-important-goals/#7054e0641856
Accessed 31 Jan. 2018.

Spolsky, J. (2006). My
First BillG Review. online Joel on Software. Available at:
https://www.joelonsoftware.com/2006/06/16/my-first-billg-review/ Accessed 31
Jan. 2018.

(2018). Leadership: It All Depends – but on What? | The Future of Work…
unlimited. online Available at:
http://thefutureofwork.net/leadership-it-all-depends-but-on-what/ Accessed 31
Jan. 2018.

Wikipedia. (2018a).
Engineering. online Available at: https://en.wikipedia.org/wiki/Engineering
Accessed 31 Jan. 2018.

Wikipedia. (2018b).
Pareto principle. online Available at:
https://en.wikipedia.org/wiki/Pareto_principle Accessed 31 Jan. 2018.

YouTube (2014). Elon
Musk – Work ethics, Principles, Attitude, Failure – Pearls of Advice.. video
Available at: https://www.youtube.com/watch?v=NU7W7qe2R0A Accessed 31 Jan.