While this is not directly related to information security, I found this book was a great resource around leadership, which really is industry agnostic. I have focused on being a better leader as part of my life for over ten years at this point. This was initially driven by sports, but has definitely helped in my professional life. I am moving more into formal leadership roles at work, but have seen my contributions to our team as opportunities for leadership from day one. So much of our work is team-based that this felt like a natural continuation of my sports-based leadership contributions. There are certainly some big differences, as the nuances of a corporate team differ from a football team, but the guiding principles are certainly the same.
While the quotes I pulled out below signal some of the key points, I highly encourage folks read this book. This was a 5-Star read for me.
We saw how successful leaders could create victory where victory seemed impossible. We also witnessed how poor leadership could bring defeat upon teams that seemed invincible.
…the principles of leadership are “simple, but not easy.”
Leaders must find the equilibrium between opposing forces that pull in opposite directions. Being aggressive but cautious, disciplined but not rigid,
I had to be ready to follow.
The goal of all leaders should be to work themselves out of a job.
There is a time to stand firm and enforce rules and there is a time to give ground and allow the rules to bend. Finding that balance is critical for leaders to get maximum effectiveness from their team.
I do not see leadership as something that is tied to positions or rankings, at least not directly. There are some folks that think once they’re at a certain level they are automatically a leader. This is not true, and that thought process leads to trouble for the entire team.
The best leaders I have been able to work with have been folks that really focus on empowering the team. They work to find obstacles for the team, and remove them. They’ve worked to help the team grow. In my case, these people have helped me find areas I am passionate in, and have fostered that, to the point of building my skills to the point of being able to take over their job. This was a win-win as they had more time to take the job of their superiors.
As far as the balance between standing firm and bending the rules, I find this is an exercise in trust. I am far more likely to go out on a limb for people who have worked to establish trust between us. This does pose the chicken/egg issue, as establishing the trust requires going out in smaller limbs. I don’t know of a shortcut to this incremental growth of the relationship, but do understand the importance of getting to the point of trust quickly.
Most underperformers don’t need to be fired, they need to be led.
…performance of the team trumps the performance of a single individual.
…advanced tactics are worthless if a team can’t do the basics well.
Training must be continuous for everyone.
Hard training is essential, but smart training is crucial to maximize the use of time and enable optimal learning.
The “basics” are critical in any discipline, yet we constantly need to be reminded to go back and practice them. To look at the sports examples, some of the greatest coaching I received focused on the first step after the football is snapped. We would drill taking a single step over and over – get in your stance, take a step, repeat.
Bringing it back to cybersecurity, I have been thinking about “the basics” a lot over the last year, and have been working on solidifying some concrete thoughts (NOLACON 2020),but in general I think we, as an industry, talk about basics, but miss the mark on execution. I don’t necessarily think people are intentionally not doing the basics, but I think we may be focusing on the wrong things.
Continuous training is something I strongly support. I never understood why the idea of homework (taking your own time to expand your knowledge and skill set) seemed to end after formal schooling ended. Yes, there are plenty of professional certifications that require CPEs, but I see that as the absolute minimum. Unfortunately, people see that CPE number as the target, and often struggle to get there annually.
I have been trying to encourage this continued training at work, most recently with forming a book club. We’re on our second book, and we’ve grown the group from the first book, which is promising to see. We focus on technical books related to our industry, and have started with a fairly low bar. We’ve been averaging 1-2 chapters per month, and that seems to be a sustainable level for now.
Problems aren’t going to solve themselves—a leader must get aggressive and take action to solve them and implement a solution.
“Aggressive” means proactive. It doesn’t mean that leaders can get angry, lose their temper, or be aggressive toward their people.
… when taken to an extreme, too much discipline—too many processes and too many standard procedures—completely inhibits and stifles the initiative of subordinates.
… it’s not what you preach, it’s what you tolerate.
Leaders must be willing to listen and follow others, regardless of whether they are junior or less experienced.
… leaders must be detached, must pull back to a position above the fray where they can see the bigger picture.
Another area of developmental focus for me is problem solving. As I move away from being an individual contributor, and more into a management role, problem solving has been shifting from an occasional task to a more prominent part of my week. I have been making an effort to detach from the immediate problem to try and see both a bigger picture view of the scenario, and alternative angles to the situation. The alternative angles may technically fall under the bigger picture view, but I have found it useful to challenge assumptions made that led up to the present.
…you should strive to have the same relationship with every boss you ever work for, no matter if they are good or bad. Whether they are an outstanding leader whom you admire, a mediocre leader who needs improvement, or a terrible leader for whom no one on the team has respect, you must strive to form the same relationship with all of them.
… the relationship to seek with any boss incorporates three things: 1) They trust you. 2) They value and seek your opinion and guidance. 3) They give you what you need to accomplish your mission and then let you go execute.
In About Face, Colonel David Hackworth wrote that he had learned this fundamental truth from his U.S. Army mentors: “An organization does well only those things the Boss checks.”
About Face by Col. David Hackworth was another great read, which I picked up after hearing Jocko Podcast #2. This quote highlights the importance difference between what someone says (e.g. policy documents) and what they act out in person. If a company has policies in place, but management never checks in on these items, the chances that the employees will fully enact the policy is slim. Additionally, there needs be be alignment between what the policy says, and what is actually being measured. Make sure the important things are being measured, and make sure there is a clear alignment in those priorities.
Likely there were some SEALs among us who felt they were above carrying sandbags—that somehow they were “special” and “elite” and we should leave this work to the “conventional” forces. They were wrong.
A leader must be humble, must listen to others, must not act arrogant or cocky. But a leader must balance that and know that there are times to question superiors, to push back, to stand up and make sure the right things are being done for the right reasons.
But being too humble can be equally disastrous for the team. A leader cannot be passive. When it truly matters, leaders must be willing to push back, voice their concerns, stand up for the good of their team, and provide feedback up the chain against a direction or strategy they know will endanger the team or harm the strategic mission.
“If you’re gonna be stupid, you better be strong.”
Humility is an absolute requirement of leadership – at least for anything that would be considered long-term success. As soon as someone considers themselves “above” some of the menial tasks that come with any team, they start losing the respect of their teammates. Now, this is not to say a leader should always be performing the tasks of the newest member, but there is an important distinction in delegation for efficiency, and being “too good/advanced/etc.” to do the task at all.
Translating some of these items to the corporate world, managers are sitting on both sides of this fence. They need to be humble enough to be ready for subordinates to push back against their ideas. Being able to listen to these concerns, and either enact changes, or identify where there was a miscommunication is key – an ego being hurt will do no good here. On the other side, managers may have to provide that very same push back to their higher-ups on behalf of their team. Some may feel uncomfortable with this, but your job is to clear obstacles for your team, and there may be times where that obstacle is a bad idea being pushed from the top. The last caveat here is that you may not know the full picture, so your push back may be due to unknown circumstances. Either way, the act of pushing back can bring light to the knowledge gap, and everyone will be better off.
Overall, I really enjoyed this book. There are a lot of lessons that can be translated to teams of any sort.