What Is a Leader’s Role in Cybersecurity?

Expensive infrastructure, employee training, and creating a culture of innovation are some of the challenges organizations face when implementing cybersecurity measures. In this video, Heather Adkins, Director of Information Security and Privacy at Google, discusses the critical role leaders play in driving cybersecurity awareness and developing risk mitigation strategies. 

The Harvard VPAL Cybersecurity: Managing Risk in the Information Age online short course equips you with the skills to protect the integrity of digital assets and lead your team through the complexities of risk management.

Transcript

Cybersecurity is going to be one of the biggest obstacles for organizations today and in the future.

The organizations that are succeeding at it are ones where their leaders are setting the tone and the cadence for the organization around cybersecurity. Especially a culture, where at every opportunity they’re taking the time to lay out how important it is to the organization.

I think the leader’s role in this is to educate themselves, of course, but also to inspire their organizations to focus on cybersecurity. It is a permanent function in their organizations, and only then will everyone feel like they can participate in that conversation. It is important that in security, we think of it not being just the role of experts, but the role of everyone. Everyone has a part to play.

C-suite leaders have a very particular role in the organization, with regard to cybersecurity. And I often tell my friends who are going into a CSO role, or a chief security officer role, to only pick the companies where you’re not going to have to push your agenda, but someone’s going to be asking for your agenda. Whether it be the board or whether it be the CEO. And to pick a role where you’re going to have that relationship and a bidirectional dialogue.

Cybersecurity is one of the hardest things the organization’s going to have to do. It’s expensive to continuously modernize your IT infrastructure, and it’s difficult to educate large workforces of people. And those things require a culture that supports change, and sometimes difficult change. And so, that relationship needs to be absolutely solid. And the CEO, the CIO, the CTO, and especially the CSO, need to all be on the same page about where you’re going.

If we are going to suppose that the C-suite leadership and middle management leadership own a part of the conversation and the dialogue, setting the tone and values for the culture, then I think that when you hire, you have to hire for your culture.

That means asking different kinds of questions. How do leaders, especially in the technology space, how do they see the role of technology and the human? I had a mentor who said, “For every new security thing we were going to put in place we were going to take away two.” And the idea there is to set a culture that says, “We’re going to be innovative about security, rather than traditional.” And, I think, it’s important that if you are trying to set that culture in your organization, that you have people thinking in these new and radical ways to make security a little bit easier for everyone in the company.

Make sure that your IT infrastructure is modernized, and that you’re keeping on top of that. We’re no longer in a time where we can buy something, and it’ll still be relevant ten years later. Technology turns over so quickly now and security improvements happen with each iteration.

Be modern in your fleet, as we call it, the machine fleet. And be modern in your thinking about how your employees interact with that technology. You’re going to need things like two-factor authentication and good cryptography. Let your roadmap really guide you, but don’t be afraid to push the boundaries of technology.