I started a series where I depict the meaning of the CISO acronym to me starting with the article “The C in CISO is for Connecting” followed by “The I in CISO is for Influence”. It is time to reflect on the S in CISO which to me, it stands for Service, for Servant Leadership.
I was recently asked what I believed were the main contributions to the organizations that have worked with during my career and when I looked back it the answer was undoubtedly turning around ungagged tech and security teams to service teams that are closely aligned with the mission of the organization. This, as I reflected on this question it seems to be one of the themes through my career perhaps because being of service is one of my core values.
While our mission as security leaders is primarily to provide assurance to stakeholders that we are properly managing risk and protecting assets, it is important to understand that this mission cannot be carried out without understanding what the expectations, challenges and opportunities are from the stakeholders point of view so that we can build strategies to address those, in essence being empathetic, a core principle of Servant Leadership. When you look at the most prominent servant leaders in history such as Martin Luther King Jr., or Mother Teresa you can see that they were not in it only for what they believe in, but also for a greater good, and their accomplishments were the result of being of service.
But why? Why shifting to being a service organization first? By focusing on providing service to the organization you move security form be the “nay-sayers” to being a trusted partner who business units feel comfortable with bringing challenges up because they know that the team will work with them to find risk-based solutions that deliver value to customers while securing assets properly, which builds a community and partnership, another core principle of servant leadership.
Who are those stakeholder that security leaders and professionals serve? Let’s take a look.
Here are some suggestions to serve stakeholders on the way to transforming the security team into a service organization (some may or may not apply to your situation).
The results of this approach? Well in one organization I observed the perception towards the security team shifting from “security is going at 45 mph while the rest of the business is going at 65 mph” to being engaged in supporting more than 150 initiatives across the organization in a period of three years which is a way to measure maturity of the program. Here at Citizens I also see many business leaders reaching out to me or others in my team to consult on risk related matters or even engage in conversations with external stakeholders and they now know us for being “a collaborative team who will help us figure out how to solve business problems while addressing risk” as an executive put it.
By becoming a servant leader, and a servant team security will be able to manage risk in business terms and get the support needed from leadership. Try it, it is worthy!