Alex Weishaupt, Practice Lead Cyber Security, Morgan Philips
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
So my name is Alexei for the nun Germans. My last name is pretty hard to pronounce, so I just might leave it out. But for the German ones, it's vice helped. And so I am working within an global acting recruiting agency, and I'm focusing on the topic of information security and digital risk. Now for the past seven years after a joyful career, as an German armed forces officer.
And so, as you said, thanks a lot for the nice central the human factor is well on the one hand, my job and my passion with the combination of cybersecurity. And so apart from trying to find the proper talent for the security community's needs or the organizations out there's needs, I'm also consulting organizations with regards to leadership insecurity and the human factor. So to speak insecure when it comes to regards like awareness, creating a secure culture communication. And that's my topic. Thanks a lot for being here. I hope you're gonna have some good like 20 minutes.
And first of all, after my short intro, I would like to talk a little bit about the meaning of leadership in cybersecurity. Then of course, some of you who is, who is a security leader here in the audience, Former. Very good. So what are the challenges for security leaders? And the third topic would be how should a cybersecurity leader look like and what are the relevant traits? And then in the end, before a short Q and a, I would talk about shaping a cyber secured culture in an organization, okay, let me just dive right into it.
So the meaning of leadership in cybersecurity in a nutshell, leadership is the art of influencing people to act in accordance with one's intent for a shared purpose. That is in a nutshell, what leadership generally actually means. It's about convincing people to follow my lead, to reach the bigger goal in the end. Leaders are the ones we look for, inspiration, guidance, reassurance, and the hope of, and hope in the face of adversity. They see opportunity and exploited. They build teams and unify people to, to achieve common goals and they mentor others to ensure a bright future.
They are trailblazers, the inventors and the real and the rally points for realizing potential and making the world a better place. I know this is very pathetic, but that's what it is. Leadership and the profile of leaders, not technology are the heart of the execution prod around the cybersecurity in today's digital world. People trust, trust other people, and you need the right leaders to get things done around security. We have the right balance of technical understanding management, acumen, personal gravitas, and emotional intelligence.
Well, now here comes the hard stuff. What are the challenges for security leaders?
Well, it's real time information sharing. And that is not only about the leaders that's for the entire security community. I guess one of the biggest challenges as well, widespread collaboration in security.
Again, not only the leaders job creating and promoting a common vision for integrated cybersecurity and promoting the technology platform. We need to make things work. How should a cybersecurity leader look like? So leaders are individuals, individuals who are able to inspire others and to work together, to achieve common goals. As said already earlier, whether leading a small team or a large one complex organizations, the value of good leadership cannot be overstated. This holds true for security organizations as well.
Good security leaders will not only positively influence their security team members to dignity, protect their organizations, people, information, and assets. They will possibly positively, positively, sorry, positively influence their organization as well. And their organization's leaders to appreciate and understand the important role that security plays in mission success.
And I think that sentence really sums up a, a lot of topics that are out there and killing CSOs and security business units, nurse, because that's exactly it security's mission generally is to help organizations to be successful. A good security leader will display many leadership traits among these most important are knowledge and skills, intelligence, and vision, moral courage, interpersonal skills, honesty, and integrity, and institutional acumen. These are qualities that you want in your security leader. I guess what are the relevant traits?
Then the list of traits attributed to great leaders is long and varied. Indeed courage, strange strength, intelligence, honor, energy adaptability innovation initiative. And there are many, many, many more.
In fact, when it comes to discussing leadership attributes, journalists, historians, and social scientists seeking to Chronicle and analyze the exploits to great leaders are constraint only by vocabulary and imagination. The attempt to define any single set of leadership characters is, is, is to risk over simplification, certainly situational factors, such as available resources, environment, team capabilities, and more than often that not the less tangible factor of luck being at the right place at the right time, all combined to make a successful leader.
However, there are certain predominant characteristics that we have found common in successful security leaders. So these are knowledge and skills talking about knowledge.
Of course, they need to know their job, but it's also very important that it's not only their own job that they need to know about. They also need to know about culture within their organization. They need to need to know about the business because of course, no one wants to be a business blocker. We all want to be business enablers, right.
And, and skills. Well, you know, as said knowing their job intelligence and vision.
Well, of course I think the vision is something that is really important, especially when we're talking about creating a secure culture within the organization, moral courage. I think that is also something to just withstand standards or expressions or politics within the organization and, you know, be yeah, the more Apostol so to speak more or less honesty and integrity. I think that is very important as well. Interpersonal skills. I think that is something that is also one of the bigger topics for, for security leadership sta people, because of course you need to be a good communicator.
You need to have the ability to talk to non-technical people about security, to, to talk to everyone within the organization, because security is something that really relates to each and everyone within an organization. And of course, as well, last button, least institutional acumen. What is the relevant skill set then?
Well, communication and presentation skills already mentioned that communication is key as it is in any situation, policy development and administration. Of course you need to also to be good and able to be ahead of all the administrative stuff, political skills as mentioned earlier, knowledge and understanding of the business and its mission. I think that's as well as said already, that is somehow key to be successful.
Collaboration and conflict management is also a very, very important skill planning as strategic management, obvious supervisory skills, incident management, knowledge of regulation, standards, and compliance as just referring to my pre speaker, knowing a little bit about, you know, the legal and regulatory aspects as well. I think that's also really important.
Well, you don't, you are not a lawyer and you don't need to know the entire loss word by word, but of, at least you should know where you can get the relevant information and last but not least risk assessment and management scales. So shaping a cybersecurity culture, instill the concept that security belongs to everyone.
And that's, as I already said, I think that is something that is really key that each and every employee or every part of the organization is relevant to security focus on our awareness and beyond if you don't have a security development life cycle, get one now reward and recognize those people that do the right thing for security. There was a, there was a, an interesting incident while, you know, Corona mixed up the entire world more or less, but there was an interesting thing that happened to a UK railway organization. So the security tribe, they used the chance to test their staff.
So they did a fake fishing campaign offering a bonus if they trust, reply to get a yeah. So to speak a Corona benefit bonus on that one. And of course, 98% of the staff clicked on the relevant link. So it was a huge disaster and it all got reported to the CEO and they said, well, you know, we gotta do something. It was a real nightmare.
And well, what turned out what happened was that the entire staff who clicked on the link got punished for that. And I think that it's definitely not the right way to reward and recognize people that try at least to do the right thing. It is very important. If you do things like that, that, you know, you stay on top of things and really have an eye on how you send these things out.
Well, of course there is danger, but if people are not educated or trained or whatever people will do, it build a security community and building a security community does not mean just my tribe. It is the people out there. It is the mid-level management folks. It is people from the, from outside the organization who might be relevant for us. It's it's third party service providers, the larger the community, the better it is, and last, but no least. And I think that is the most important sentence, make security, fun, and engaging. And because with that, you will have all your people on board.
They will know what they need to know in order to do nothing wrong and they will have fun at it. And they will be enga will be engaged to that.