Becoming a leader in information security can be overwhelming. As demand for security professionals increases, technical contributors find themselves thrust into management and leadership positions. Often these contributors feel poorly equipped for their new roles. Unfortunately, they grapple for answers, resources, and support in a haphazard way, lacking clarity or effective practices.
This presentation introduces the fundamental activities a new manager should adopt. It outlines a method of practice which produces professional value over time. It addresses the differences between technical contribution and management, and between management and leadership. The intended audience are those hungry for guidance, those starting to figure things out the hard way, and those who simply want to deliver outstanding value to their employers and the security profession.
Drawing from the teachings of management guru Peter Drucker and the extensive practical guidance provided by the _Manager Tools_ organization, this Management 101-style session bridges the gap for information security leaders without a corporate training program. The topics include concrete recommendations about how to develop one’s team, build relationships, make decisions, and get results. If you’re ready to meet others who are wrestling with similar issues and are driven to perform as a leader, let’s get started.
2. SECURITY MANAGEMENT 101
OVERVIEW
▸ Why?
▸ Introducing the Fundamental Management Practices
▸ Get to Know Your People
▸ Communicate about Performance
▸ Ask for More
▸ Push Work Down
▸ Execute
2
3. SECURITY MANAGEMENT 101
OVERVIEW
▸ Be Productive with Your Time
▸ Build Relationships
▸ Make Effective Decisions
▸ Leverage Strengths
▸ Encourage Health for Yourself and Those Around You
▸ Go Forward and Grow
3
5. PEOPLE DON’T BUY WHAT
YOU DO; THEY BUY WHY YOU
DO IT.
Simon Sinek
SECURITY MANAGEMENT 101
6. SECURITY MANAGEMENT 101
WHY?
▸ We NEED You
▸ Are You Ready?
▸ No Corporate Training Program? No Problem!
▸ Management vs. Leadership
▸ What is an Effective Manager?
▸ Being Effective
6
7. THERE IS NOTHING SO USELESS AS
DOING EFFICIENTLY THAT WHICH
SHOULD NOT BE DONE AT ALL.
Peter Drucker
SECURITY MANAGEMENT 101
9. RANK DOES NOT CONFER
PRIVILEGE OR GIVE POWER.
IT IMPOSES RESPONSIBILITY.
Peter Drucker
SECURITY MANAGEMENT 101
10. SECURITY MANAGEMENT 101
INTRODUCING THE FUNDAMENTAL MANAGEMENT PRACTICES
▸ 4 Critical Behaviors
▸ 5 Practices for Effectiveness
▸ The 10 Essential Practices
10
11. SECURITY MANAGEMENT 101
THE 10 ESSENTIAL PRACTICES
1. Start with why, then ask what must be done?
2. Meet one-on-one weekly with every direct report.
3. Adjust performance with frequent feedback, positive and
negative.
4. Develop your team by coaching and delegating.
5. Set clear goals and be disciplined in execution.
11
12. SECURITY MANAGEMENT 101
THE 10 ESSENTIAL PRACTICES + **BONUS**
6. Manage yourself by tracking your time.
7. Communicate effectively thereby building relationships.
8. Support decisions with a business-driven mindset.
9. Leverage strengths, yours and your team’s.
10.Encourage health (mental, emotional, physical).
11.Journal and reflect.
12.Read.
12
13. GET TO KNOW YOUR PEOPLE
SECURITY MANAGEMENT 101
14. SECURITY MANAGEMENT 101
GET TO KNOW YOUR PEOPLE
2. Meet one-on-one weekly with every direct report.
▸ Break All the Rules
▸ Meet One on One
▸ Scheduled, Weekly
▸ Take Notes
14
16. SECURITY MANAGEMENT 101
COMMUNICATE ABOUT PERFORMANCE
3. Adjust performance with frequent feedback, positive and
negative.
▸ Behavior, not Intent
▸ Address the Current
▸ Encourage for the Future
16
20. SECURITY MANAGEMENT 101
PUSH WORK DOWN
4. Develop your team by coaching and delegating.
▸ Free Your Calendar
▸ Empower Your Team
▸ Develop Your Successor
20
22. SECURITY MANAGEMENT 101
EXECUTE
5. Set clear goals and be disciplined in execution.
▸ Focus on the Wildly Important
▸ Create a Compelling Scoreboard
▸ Translate Lofty Goals into Specific Actions
▸ Hold Each Other Accountable
22
24. EFFICIENCY IS DOING THINGS
RIGHT; EFFECTIVENESS IS
DOING THE RIGHT THINGS.
Peter Drucker
SECURITY MANAGEMENT 101
25. SECURITY MANAGEMENT 101
BE PRODUCTIVE WITH YOUR TIME
6. Manage yourself by tracking your time.
▸ Parkinson’s Law
▸ Know Your Time
▸ Priority is Singular
▸ Improve Incrementally
25
26. SUCCESSFUL PEOPLE SAY NO TO
ALMOST EVERYTHING.
Warren Buffett
SECURITY MANAGEMENT 101
32. MAKING GOOD DECISIONS IS
A CRUCIAL SKILL AT EVERY
LEVEL.
Peter Drucker
SECURITY MANAGEMENT 101
33. SECURITY MANAGEMENT 101
MAKE EFFECTIVE DECISIONS
8. Support decisions with a business-driven mindset.
▸ Be Business-Driven
▸ Diversity of Opinion
▸ Elements of an Effective Decision
▸ Measure and Revisit
33
34. THE PURPOSE OF A
BUSINESS IS TO CREATE A
CUSTOMER.
Peter Drucker
SECURITY MANAGEMENT 101
38. SECURITY MANAGEMENT 101
ENCOURAGE HEALTH FOR YOURSELF AND THOSE AROUND YOU
10.Encourage health (mental, emotional, physical).
▸ Be Proactive
▸ Balance Your Life
▸ Reflect Regularly
38
40. SECURITY MANAGEMENT 101
GO FORWARD AND GROW
▸ Find a Mentor
▸ Progress Your Career
▸ Practice Makes Perfect
40
41. THE BEST WAY TO PREDICT
THE FUTURE IS TO CREATE IT.
Peter Drucker
SECURITY MANAGEMENT 101
42. SECURITY MANAGEMENT 101
THE 10 ESSENTIAL PRACTICES
1. Start with why, then ask what must be done?
2. Meet one-on-one weekly with every direct report.
3. Adjust performance with frequent feedback, positive and
negative.
4. Develop your team by coaching and delegating.
5. Set clear goals and be disciplined in execution.
42
43. SECURITY MANAGEMENT 101
THE 10 ESSENTIAL PRACTICES + **BONUS**
6. Manage yourself by tracking your time.
7. Communicate effectively thereby building relationships.
8. Support decisions with a business-driven mindset.
9. Leverage strengths, yours and your team’s.
10.Encourage health (mental, emotional, physical).
11.Journal and reflect.
12.Read.
43
44. SECURITY MANAGEMENT 101
RESOURCES
▸ The Effective Manager
▸ The Effective Executive
▸ Start with Why
▸ First, Break All the Rules
▸ The Four Disciplines of
Execution
▸ Execution
44
▸ Getting Things Done
▸ Essentialism
▸ Deep Work
▸ Create Great Choices
▸ Questions Are the Answer
▸ Strengths-Based Leadership
▸ The Daily Stoic