Making the Leap from Engineering to Cybersecurity Leadership


Manage episode 267955537 series 2643387
By Steve Moore, Exabeam and Steve Moore. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

In this episode of The New CISO Podcast, the host, Steve, and guest David Rule of HarbourVest, discuss the skills he learned to transition from engineering to executive management, the evolution of leadership styles, and better ways to prepare for crisis management.

Transition from Engineer to Executive Manager

The first topic we covered was David’s transition from being on the tech side of security, to assuming a CISO position. We discuss how this change may be more challenging than originally anticipated, so in order to focus on developing leadership skills, David suggests entering a management role in a field in which you are familiar. He understood security and coding, and therefore he could spend more of his time learning how to be an effective leader.

Nontechnical Managers

While David’s path benefitted him, we also talked about the growth of more nontechnical leaders in cybersecurity. There are advantages and disadvantages to working under a nontechnical manager. How can you, as the employee, support your boss? Well, David points to the important skill of communication. Learning how to explain complicated concepts to someone who has less specific knowledge than you do proves to be an imperative skill for yourself, your manager, and the team.

While nontechnical managers offer knowledge in other areas such as business or client relations, they have to be careful when it comes to proposals. If the company proposes a specific plan, the nontechnical manager could sometimes miss spotting future issues once s/he delves deeper into the tech itself.

Administrative Rights of the Technical Manager

As a technical manager has specific background in cybersecurity, s/he can be tempted to fiddle with the coding. However, the technical manager must stay away from the daily, more administrative tasks, for several reasons. Listen to the podcast to hear our different points on this subject!

Advice for the Younger Self

Another interesting conversation we had was on the type of advice we would give to our younger selves. David feels he should have been more self-aware, and more willing to accept constructive criticism. To him, feedback is a gift, and you can only improve once you see it as such. In addition to self-awareness, we discussed situational awareness. This skill helps guide you in knowing when to speak and when to listen. Listen on to hear more about how this tool can aid you in meetings and increase your social relations at work.

Client Relations

A key aspect to any management role that other employees do not always have is navigating relationships with clients. David walks us through his approach to speaking with new clients—and it doesn’t begin with the tech. You can hear more about the specifics in this episode.

We also covered mentoring junior staff when it comes to client relations. David points out that meetings with clients helps junior staff members in two ways: you can explain to them what needs to be accomplished in the meeting, and then they can see you do it in person. This real-life experience helps them grow as an employee at a much more rapid rate. From you, they can learn how to deliver difficult news and still maintain grace.

Crisis Management

Another essential topic we spoke on was how to best train your team to manage a crisis in an effective way. David points out an astute observation: that by the time people have reached a leadership role, they haven’t worked through the problem at that level. They find themselves spending time on introductions and acclimating to the situation, which, in a crisis, is the worst time to have to do these things. To resolve this issue, David began an executive tabletop crisis discussion to help teach CISOs and other mangers how to handle a breach in a controlled environment. We also dive into getting ahead of the breach in terms of communication with clients, and how to manage their fears. Listen on to hear more specifics to how he facilitated conversations with not just the cybersecurity team, but the marketing and PR teams, and how to address clients in the face of a crisis.

Different Metrics for Different CISOs

We conversed about how formulating a program is an art, not a science. Every CISO builds a program that incorporates different sets of data. As a result, each CISO measures the success of his/her program via different metrics.

A Good CISO vs. a Great CISO

As different CISOs generate various styles of measuring the success of the program, it can be difficult to determine if your program is excelling. How do you know if you’re a great CISO—or just an average one? We talk about how world events influence the CISO position greatly and what the best CISOs do that separates them from the crowd. This role is a demanding one, and with the support and trust of the team, CISOs can effectively build trust in how their system works.


Exabeam: Website

New CISO Podcast

Steve Moore - Linkedin

HarbourVest Website

David Rule - LinkedIn

32 episodes