Avoid being Scapegoated

Want to avoid being scapegoated for the next breach?
You need Total Trust alongside Zero Trust

You are a new CISO in the financial services industry. You are excited about the job but anxious due to the scale of the cyber threat from a range of actors: lone-wolf hackers, organized crime syndicates, governments and their proxies, and insiders. As you think through your game plan for addressing these threats, what’s your most important first step?

A. Get the latest technology and management tools.
B. Develop new, mandatory, IT security training for the company or client.
C. Bring in consultants to advise you on the latest threats.
D. Tighten protocols and increase penetration stress tests.
E. None of the above

Unless you picked E you will end up as just another victim. Your company will be
inadequately prepared to prevent a breach. Your team’s flat-footed response after the breach
will result in major losses to the business. You will be the scapegoat.

When your back is against the wall and you have to prepare your team to deal with new and
unprecedented threats, this is what you should do. It’s the opposite of what every guru is
preaching.

Your first step: Build Trust. Up and Out; Down and In

Zero Trust is an important technology and cyber security precaution. No one should be
granted total access to information.

A zero-trust approach to workplace relationships, however, is disastrous. When dealing with
your people and teams and those you support, you need to earn Total Trust.

You were hired because you seemed to be the best qualified person for the job, but that does
not mean you are trusted by your CEO, peers or team.

Compared with people at low-trust companies, notes a Harvard Business Review study, people at high-trust companies report: 74% less stress, 106% more energy at work, 50% higher productivity, 13% fewer sick days, 76% more engagement, 29% more satisfaction with their lives, 40% less burnout.

Lack of total trust sets you up for failure:
 You will not make much headway on getting cyber security imbedded in the culture;
 You will not be invited to board meetings to discuss cyber security;
 You will have little interaction with the CEO;
 Your C-suite colleagues will try to poach your budget and client;
 You will be seen as an impediment to growth; a distraction from business;
 You will have high rates of employee burnout and turnover;
 Your team’s vigilance and responsiveness to threats will be unequal to the task.

Fortunately, you do not have to share in this fate.

When building trust, think 1) Up and Out and 2) Down and In.

Up and Out: It is tempting, particularly for leaders of highly technical teams whose missions
are poorly understood across the company, to start building relationships from your silo –
your comfort zone and point of view. This common approach is the fast track to poor
communication and mistrust.

To build a trusting relationship with your boss and your peers, you have to meet them at their
bus stop. That is, you must see things from their point of view, talk their language, and
understand their interests and concerns. They won’t trust you fully unless they know you “get
it.”

How do you know that you are on the right track?
 You can “see yourself” and the business from their point of view.
 You discern how they view you and your team.
 You recognize their perceptions about how you affect their performance and the company overall.
 You understand the company’s vision, mission, goals and values and how you contribute to success.

Question: Can you explain all the above so clearly that it makes sense to a 5-year-old? If not,
you do not know it well enough.

Down and In. Build trust with your team. Trust is earned. It is not given because of your
position.

Being trustworthy means being worthy of trust. This is most powerfully expressed in your
competence and your character. Your team needs to believe that you can do the job, that your
word is good, that you will treat each employee with respect, and that you will be a good
steward of your people, teams and organization.

How do you know that you are on the right track?
 You set clear performance and behavior expectations;
 You meet those expectations yourself;
 You hold everyone equally accountable – no favorites;
 People bring you bad news immediately without sugar coating;
 Employees provide you with candid feedback without fear of backlash;
 Your employees understand their mission clearly and how it relates to the mission and goals of the company.

Question: What have you done today to show your team that you are worthy of their trust and
respect?

When you have total trust, your CEO and board want to hear what you have to say, your
colleagues will see you are a partner, and your team will have higher rates of engagement and
lower risk of burnout and turnover. Your company’s cyber security will be far stronger, too.

Christopher Kolenda, PhD, founder of the Strategic Leaders Academy, helps CISOs and
Cyber Security leaders elevate the performance of their teams, slash disengagement and
burnout, and boost the quality of their strategies and plans.

When you are ready, here are four great ways to work together

Speaking: Do you want a professional keynote speaker to talk with your team on leadership, culture, and strategy? I’ve talked to business, NFL, academic, government, nonprofit, and military audiences. I always tailor the presentation to you, so the message inspires action for you and your team. I’m a professional member of the National Speakers Association, which means I have a proven track record of professionalism and performance.

Training: If you want an even higher impact for your team, training and workshops are a great way to go. I teach teams and organizations on a range of Leadership, Culture, and Strategy themes, to include: how to elevate your team’s performance, how to build a culture of excellence, how to slash employee burnout and turnover, how to develop a winning strategy and how to prevent expensive mistakes. Programs for you range from half-day primers to three-day intensives, to include offsite at places like Normandy and Gettysburg.

Self-Directed Courses: Do you want your team to stay engaged on these key themes but do not want to send them away to an executive education course? We have a suite of online programs that are perfect for you. The courses are excellent ways to follow-up a training event to keep your team learning at your own pace.

Consulting: Do you want to improve your leadership development programs, build a culture of excellence, and create a winning strategy? Unlike the big, gucci, consulting firms that are slow, bureaucratic, and stick you with junior MBAs, I work personally with you and your team, so you get results quickly and cost-effectively with no hassle.

What results can you expect? Check out these video testimonials.
Reach out to me anytime you are curious about working together.