Behind Every Effective CISO, a First Sergeant is Clearing the Path for the organization’s success.
The way we’re setting up our CISO structure is NOT working as expected. The threats keep on coming. Organizations put their fingers in the dike, plugging security risks while exhaustingly bailing water from a sinking boat. This is a no-win process, with the miscreants increasing while the defenders are worse than Rocky III yelling, “Hit me, hit me, hit me.”
Our trajectory will never build up the talent pool to the point of replacing the burnout churn.
People talk about a security market opportunity with year-on-year cybersecurity growth of $1 trillion annually. Security vendors love this “grow.” People don’t see a dysfunctional ecosystem where “cyber spend growth” equals increasing damage, financial loss, lower margin, and people dying.
There is hope. The industry can turn things around. Step one – focus on a new role in today’s CISO/Infosec organizations. This new role would be someone with experience who supplements the CISO, knows the organization’s morale, and has a bag of teamwork/people tricks to clear the path to success.
We can learn from organizations that live in high-stress “battlefield” environments. The most successful battlefield units do not have one person (i.e., the CISO) leading the team. Leadership has a make it happen, clear the path, and finger on the temperature of the organization’s stress “shadow leader.” The unit’s First Sergeant or “Master Chief” is a secret to the unit’s effectiveness.
What if every CISO had a First Sergeant or “Master Chief?” This “Master Chief” function is not someone who has direct reports. The role is not a function head. Take an example from the US Airforce’s expectation of a First Sergeant:
I am a first sergeant. My job is people—everyone is my business. I dedicate my time and energy to their needs, their health, morale, and welfare. I grow in strength by strengthening my people. My job is done in faith. My people build faith. My job is people—everyone is my business.
A true first sergeant will begin his or her march at the front and then march at the rear to ensure no one has fallen behind. He will take care of each troop’s needs. The unit knows the first sergeant watches over them and always makes his voice known in a time of need.
The CISO’s First Sergeant/Master Chief role would:
- Know the organization. The CISO’s Master Chief is the person who works broadly and deeply inside the CISO’s team, throughout the organization, and with peers outside the organization.
- Proactively Fix Broken Things in the way of the mission. They do not wait until there is a problem but use their experience to find emerging issues and help proactively resolve them.
- Listen to the team, streamlining their work and responding to barriers. They are finding the bottlenecks and applying their expertise to clear the path to success.
- Push up Everyone on the Team. They quietly work with individuals within the team to motivate, remove obstacles, and push them up. The best First Sergeants/Master Chiefs would be quietly smiling on the side of the team’s victory. Long-term success in today’s security whirlwind is a team success.
- Seasoned Experts. They are looking deep with the experience and wisdom to help younger peers jump across barriers to drive forward with the mission.
- The CISO’s Master Chief can be inserted into a crisis and lead the team by pulling everyone up by their bootstraps so that, in the end, everyone is victorious and feels part of the team.
The top professional military organizations worldwide have figured out the burnout problem. They empower First Sergeants/Master Chiefs for their execution wisdom, clear the path to success, and push up the people in the team …. all to win with the mission.