Leadership Principles for Cybersecurity

Show Notes

In this episode of the Cybersecurity Mentors Podcast, we discuss the critical role of leadership in cybersecurity, emphasizing the principles of Extreme Ownership as outlined in Jocko Willink's book. We explore how effective leadership goes beyond technical skills, focusing on communication, team dynamics, and the importance of humility. The conversation highlights the need for cybersecurity professionals to develop leadership skills, build relationships across teams, and prioritize tasks effectively in high-pressure situations. We encourage listeners to take ownership of their roles and invest in their leadership development for personal and professional growth.

If you want to join the conversation about leadership in cybersecurity, leave us a comment below. Check out our swag shop to represent the podcast, and don't forget about our new "Networking is King" training to help you build professional relationships.

Extreme Ownership Book: https://a.co/d/i3OqhSR

Jocko Podcast: https://jockopodcast.com/

Chapters

• 0:36: Introduction to Leadership in Cybersecurity
• 2:42: Navy SEAL Origins of Extreme Ownership
• 6:25: Extreme Ownership: Taking Full Responsibility
• 11:22: No Bad Teams, Only Bad Leaders
• 17:22: Believing in the Mission
• 26:21: Checking Your Ego
• 40:00: Cover and Move: Team Collaboration
• 46:40: Prioritize and Execute Under Pressure
• 51:49: Leadership as a Skill and Call to Action

Transcript

Speaker 1: 0:03

Could you teach me First learn stand, then learn fly. Nature ruled on your son, not mine.

John: 0:12

I know what you're trying to do.

Speaker 1: 0:16

I'm trying to free your mind, neo, but I can only show you the door. You're the one that has to walk through it. What is the most inspiring thing I ever said to you? Don't be an idiot. It changed my life.

Steve: 0:36

Welcome back to the Cybersecurity Mentors Podcast, the show that helps you break into and grow in the world of cybersecurity. I'm your host, steve Higuretta. With me, john Hoyt.

Steve: 0:45

Today we're kicking off an episode that's all about leadership, and not the kind that you learn when you go to a management seminar or something like that. We're talking about real world leadership in cybersecurity. So when things go wrong hits the fan, when stakes are high and when you need someone to step up and take charge. That's what we're talking about, and we're diving into the core principles of extreme ownership a powerful book by Jocko Willink and Leif Babin and how they apply directly to growth in cybersecurity for you as a professional and a leader. So what are we going to really focus about and talk about? Why is taking ownership? Why does taking ownership change everything, how leadership not just technical skills drive teams performance, and why cybersecurity needs more leaders and not just more technologists. So, whether you're already managing a team or we're just preparing for the next big step, this episode will change how you think, lead and how you show up, so let's get into it.

John: 1:50

Yeah, but before we jump in, a couple of things, we really appreciate everyone's support. I'm wearing some Simply Cyber swag today. Steve's got his Cyber Mentors swag as well, and we have a swag shop too. So if you would like to represent the podcast, check out the link and take a look at we've got lots of different options and this season we're really promoting our new course called networking is king, where we dive into, we talk about networking and how important it is, especially right now in this job market, how to connect, how to build relationships, how to actually maybe discover some of those hidden jobs that are not even posted right, and ways to connect with others and how important that is in your career.

John: 2:43

So, moving on to this episode, why, why should you listen to this episode? You know, maybe you're like I don't, I hate, I don't want to be a leader, I don't want to be a manager, right, and hey, that was me. I was that way. I thought, you know, I don't want to have to deal with people, I don't want to have to have to deal with people problems. But you know, I had just become a kind of thrust into leadership, in a way, when we first started up a student run cybersecurity operations center, a SOC, and like I didn't know anything, I'd never been a leader in my life and so I kind of put my name in the hat and I said, look, you know, I love working with students, I love what I do, I love being able to share what I know with others, but I don't know how to lead a team, I don't know how to manage a team, I don't know how to do any of this stuff. So it just so happens, you know, serendipity I had just been I'm a big podcast fan, obviously we're doing a podcast but I had been listening to the Tim Ferriss podcast and this gentleman called Jocko Willink started talking about his story from Navy SEALs into leadership and his new book called Extreme Ownership, and like it really turned my whole thought process around leadership on its head.

John: 4:13

The big thing about it was that you kind of you know at least I had this idea at the time that leadership was just. It's just, you're born this way. You know, if you're a leader, this is how you came out and you're just naturally gifted at leadership. But really listening to him and his humility and what he taught about these skills that you can learn really changed my idea and it was just fortuitous because I was getting ready to lead a team and I was getting ready to try to figure this out. I didn't know what I was doing, but I dove all in Right.

John: 4:47

I took this as a, as a tome of sorts and still do of like principles and guidance around leadership and many others, but this is one for sure that changed my perspective, perspective, and a lot of it really was because of what I had had as leaders, for leaders, that I had not seen in this, in these principles, and it was like an aha moment of like, oh, okay, this is what real leadership looks like. And you know, just an example, most of the leaders I have had had had up until that time were, you know, they're just ego driven, right. They're just look at, look at me I'm looking to be the lead, I want to be the leader because I want to be put out there, I want to be put on a pedestal, I want to run the show, I want to be the top dog, right? And just like the lack of humility, the lack of, you know, support for for their team, it was all about them. That's really what it was about. It was all about them and this, the principles in this book, really flipped that on its head.

John: 5:51

And even this guy who if you see Jaco, he's a big dude, you know Navy SEAL, just really how humble and talks about how important you know losing your ego is and how humility is really the number one thing that totally changed my perspective and really made me think about, wow, this, that's what it should be like, that's what I, when I saw that and I heard that, I said, okay, that's what I want to be as a leader, that's how I want to operate as a leader. And so from there really kind of changed and started, like I said, going into the book. But also he started a podcast, started listening to the podcast. So this is my opportunity to share and I have shared this before with others, I've given the book away but to share with people that maybe think maybe one day they want to be a leader.

John: 6:38

Right, maybe it happens to them. Maybe you only have two people, maybe you have a dozen people, whatever, maybe you have hundreds of people, but these principles are solid, no matter what level, no matter if you have nobody that reports to you. You can lead from where you are, you can lead from your position and help in a positive way influence up the chain of command which they talk about in this book too. But it's really for anybody, but especially if you think that one day you want to be a SOC manager, a director, a deputy CISO, a CISO or whatever. These principles are really solid to come back to.

Steve: 7:26

Yeah, no, I completely agree with you, john, and John did gift this book to me when I joined Clemson, when I was stepping in for him as the SOC manager. So, yeah, so this is a great book. It's got great stuff and we're going to talk a little bit about that in this episode. But going back to the question, why should you listen to this episode and care about what we're sharing, especially in cybersecurity?

Steve: 7:51

If you're in cybersecurity, cybersecurity needs more leaders than technologists, plain and simple. We have a large number of people who start in cybersecurity. They start down the technical path, the technical route, and they may not. At the beginning, you may not think that far ahead. That's fine. Some of you may. Some of you have your life planned out, the next 10 steps of what it's going to be like, which is great.

Steve: 8:19

But even if you don't know, it is still very important for you to understand and know what being a leader means and what that is about. Even if you don't plan to be a leader, even if you don't plan to move into one of those positions that John listed, those are still skills that will help you professionally, but even at a personal level, just day to day. So it is something important that you really should consider. It is something important that we're going to try and share with you all. But from a cybersecurity standpoint, even a SOC analyst or someone starting needs to understand the importance of just leadership and being able to put yourself in that position if there's an incident, if there's something going on and you need to step up. There will always come a scenario situation where something's going on and you might be the first to see it and you really do need to step up into that role and help lead those efforts, even if it's just at the beginning, before it gets triaged or moved over to another team, member or group or whatever it may be.

John: 9:29

So, yeah, John I was just going to say you know, we talked about this in the previous episode is the lack. When you look across the organization, you know an IT organization. You think, okay, man, we got a lot of smart people, we got a lot of IT people, we've got a lot of it technical people, cybersecurity, technical skilled but it's it's really challenging to identify people that are also potential leaders right when you're looking and you're like, okay, these leaders are there, there are the. They're good or they could be potential leaders because of just what they focus on those soft skills, like what they're really prioritizing. The people that stand out are the ones that you know are trying to build this skill set or trying to get better in the people skills and the soft skills.

John: 10:20

But it is a neat, another unique thing that sets you apart in an organization in your career. I get it. Maybe not everybody wants to lead people, but what I've found in my experience is it's been very rewarding. I've been able to give back, help others, serve others in bigger ways than if I had just been. My goal was to be just in the technical track, to stay in the technical track, just be the best technical person. I can be Right, but now, looking back, I can see how much more of an impact I've been able to have as a leader. So you know, it's not for everybody, obviously, but I do encourage you, but I'm hopeful that you're.

Steve: 11:09

You're interested and and this is the episode for you to take a listen to- yeah, and even, like we mentioned at the beginning, right, even for those people who are in leadership positions now, they're maybe found their way, kind of like like you mentioned that you did. You know, you kind of were just you found your way into a management leadership position. You weren't really looking for one, you didn't really go after one, you just found yourself there. So, yeah, definitely this could help a lot of people absolutely yeah.

John: 11:41

So let's move into the first principle, really about extreme ownership and what I like about this principle so much this is the book title is as a leader, it's really on you, it's your responsibility, and I talk about this in a story that I shared in the Simply Cyber Conference last year. I talked about storytelling, but a story in particular the short version, is a student working for me basically brought down the entire network twice because I had set her up in a lab environment and it went awry, things went bad, and I discovered it and when I discovered it, it was. It was definitely an oh no feeling, because here I was as a new leader, a new sock manager, and every I mean literally the whole network was going down, went down twice, at least twice, and I was like man. But there was this moment of you know, blaming the student, thinking about it's their fault, and I literally had just read this book, right, and I was like Nope, it's not on her, it's on me, right, it's my fault, I'm, I'm in charge, I'm responsible, I'm the one that you know needs to to step up and and and no matter I mean it could, I don't know what's going to happen, they could fire me, I don't know. Right, I, you know, I was hopeful that they wouldn't, but how much more obviously humility, dropping the ego, but how much more that comes across as a leader when you say, look, I know, yeah, it's my person on my team, but I'm the leader, I'm the one that's in charge of it. So we'll talk about some of that. That backs us up in the next principle.

John: 13:32

But in the book itself there's a blue on blue incident and really in military jargon that's really where it's like a friendly fire incident and he's looking around trying to figure out who to blame and really it came back to him in that realization of like, well, he's in charge, he's the leader and he would put his career on the line. He's like, look, this is on me, I'm the one that should have made sure this didn't happen as much as possible. But I'm the leader, right, should have made sure this didn't happen as much as possible. But it's, I'm the leader, right. So that that whole starting cornerstone principle I think is huge when people are thinking about as a leader, you know, taking that responsibility right now.

John: 14:16

You, you don't get. It is called extreme ownership, but it's not like. You know, you can only do so much as a leader for people, right? You? You try to give them everything you can. You try to serve them as a leader, which sounds backwards but really is important. But it's on them also to to take advantage of those opportunities to show up to get after it, right? So? But if you look at this poor performer and maybe you didn't give them everything that they needed, maybe you're not communicating well and maybe you didn't give them everything that they needed. Maybe you're not communicating well, maybe you're not telling them why, maybe they don't understand. There's a lot of things there that you should reflect on for the performance of your team. As you, as the leader, are you communicating everything clearly? Do they understand the priorities? Do they understand what's necessary? Do they have the training to get it done Right? So a lot of those stuff comes down to you and that leadership role. What do you think, steve?

Steve: 15:12

No, I agree, and I'll be honest when I first I actually listened to this book I didn't read it, I did an audible. When I first listened to that, I was like, wow, that flips things upside down for me Again. I had never been in a leadership position before I read this book. I found myself in one, but I was excited and eager to learn and I was like a sponge, ready to just soak up as much information as I could so I could be the best manager I could be. So I could be the best manager I could be.

Steve: 15:44

But this did kind of open my eyes and I was like, wow, okay, this is not at all how I was thinking about this. Like this, really, it is really on me, it's on my shoulders. Like I, it's on me, you know, it's my job to make sure, like the example you just gave, to make sure that my team has everything they need to be successful. Um, not just tools, but training and just, uh, you know, feel that camaraderie, you know, build a good culture. Like there's a lot of things that you as a leader, as a manager, supervisor, whatever, um, that really depends on you. It comes back to to you. So this was something that, for for me, definitely opened my eyes and I was like, okay, yeah, this is definitely this is this is. This is different than what I was thinking Um, but yeah, I agree.

John: 16:37

Yeah, I think um it's. It's human nature for us to say well's their fault, you know yeah they're, they're missing it.

John: 16:46

It's, it's our nature. We want we, we are me. I think that was the first reflection we have is why are they doing this, why did they do that, why did they say this, whatever? Um, but but really, what this flips on its head is just like, well, what could have I done? What could have I done better? Yeah, what, what could I do? Did I do something different than I should have done? Those kind of things, and so I think that's why this, this principle, is so important. So, on the principle number two there are no bad teams, only bad leaders.

Steve: 17:24

I don't know if I agree with this one.

John: 17:26

Even when I read it I was like sometimes your hands are tied, my friend, sometimes your hands are tied, and I'll go into more detail about my specific scenario, but yeah, no, I mean, I just think if you start from there right I mean mostly you would hope that if you, as a leader, are doing everything possible to build your team, to support your team, to set clear expectations, to set goals, set priorities, communicate clearly all these things that your team is going to operate efficiently, now will everybody be a top player.

Speaker 1: 18:05

No.

John: 18:05

That's just how it works. Not everybody is an A player. Maybe you've got a bunch of C players, a couple of B players and maybe one A player. It's unfortunate. This is a reminder for you guys out there and girls, you want to be an A player.

Speaker 1: 18:21

You do Right, at least B+.

John: 18:24

You want us to look at you and be like dude. They are killing it, they're getting after it, they're getting stuff done. They're taking the extra initiative. I'm not talking about working 60 hours a week, I'm just saying getting after it, getting stuff done.

Steve: 18:38

Yeah, make those hours that you are working count.

John: 18:41

Make them count.

Steve: 18:42

Don't go to the bathroom for two hours and then expect.

John: 18:45

Don't be micromanaging If we the bathroom for two hours and then don't be micro if we're micromanaging you.

John: 18:50

It means something right, right, yeah, yeah, yeah. So I mean, I do think, if you start from there, if you look at team, look at take a second look at everybody. Look, I want you to look at your organizations. Okay, think about your organization that you're in right now. Think about the teams that are performing well and the teams that are sucking, that are not doing well, and we all know who those are. We all know who those are. Right, it comes down to leadership. I would say 85, 90 maybe right now, the players on the team make a difference. Right, there's a reason. You know those, those teams that dominate. It does start with leadership, but they're also very good, right, the team players, but still the leadership. If the one bad leader man can just just just take it all downhill, just really really no, I agree it can.

Steve: 19:46

One bad leader can cripple an organization and if that leader is in a key role, part of a key team, oh man, yeah, that's a nightmare. It's a nightmare, yep. So when I listened to this, this also was like okay, okay, that makes sense. Like when I first listened to it, I was like, okay, it makes sense, it makes sense. Then I was put in a situation where I came into an already established team. You know people that were already hired, they've been working there and I came in, you know, and tried to be a good leader. Try to get to know my people, understand their needs, their wants, listen, be active, active listener. You know giving feedback, really really being in there and, like you said, when you are there, you support, you do the best you can to provide the best toolage. You do the best you can to provide the best training. You do the best to provide and establish the right culture and just make sure that everybody feels part of the team.

Steve: 20:47

There are always those who fight you on it, whatever reason it may be, they are just not a team player. They have been there. Who knows how they ended up in that position. Who knows why they've been there for so long, whatever it may be. But you come in and they're just fighting you and they're just like not wanting to play ball, not trying to be a team player. And then it's not saying that one person could kill the entire team, because that's not at all what happened, but it could.

Steve: 21:24

One bad apple could really really damage a team. Thankfully, in this situation I'm talking about that one bad apple, no longer part of the team, found better opportunities elsewhere and left, and we were able to then really focus on the replacement, hiring somebody to come in and since then, amazing, amazing, right and this goes to those people who are applying, people who are looking to get a job whether you're new, whether you're experienced, showing that you are a team player is very important. Giving examples of you being a team player in an interview or even if you are not, asked a simple, straight up question about teamwork, you should work, do your best to try and put that in there somewhere while you're having a conversation, while you're interviewing about teamwork and how that's important to you, because that is very key and sometimes, when you are a hiring manager and you're in an interview, you might be more focused on the position description. You might be more focused on the resume, just making sure that you know the candidate can actually back what they say is on their resume.

Steve: 22:43

And this has happened to me. We're hiring someone, we're focused on hiring them and teamwork never really crossed my mind. And then they start and then we're actually now trying to bring them into the team and it's not as easy or it doesn't flow as well as I thought it did. Now, you know it's hard to say hey, is this person really going to be a team player by meeting them once, twice? But there could be certain questions, certain things that you could ask that could give you an idea of what has their, what they've done or how they've acted in in the past.

John: 23:21

Anyway, like I'm rambling now, so well I'll push back a little bit on whether or not you think this is totally true. Not that you were a bad leader, but your team wasn't bad. You had maybe some bad apples along the way, but your full team effectiveness was good, right, so you can only do so much with some people, right?

John: 23:52

so yeah, you can only do so much with with some people, but your complete team wasn't ruined, destroyed. You know, whatever like wasn't bad because of this. So now, if I looked at you and you just not get anything done, everything's chaos. I'm looking at you, right, as a team, incomplete like this is your job, your responsibility, um, and also we've all we've learned, especially when you get into leadership. There's a lot of things you're going to learn about conflict resolution, personality. Like I said last episode, technical problems are easy, people problems. It's a whole nother level, right, um. So you know when I think about I do think it's a true statement from a full team. You know perspective. Now you might come in as a new leader and you're like, man, this is bad. Right, then you gotta. You know they're, they're getting this on you.

Steve: 24:39

Yeah, you gotta get to work, yeah yeah I think, yeah, I mean, I think, looking at it from a big picture, I think absolutely, I think I do agree with this. Now, I'm sure I actually would love to hear from our listeners, especially those that have gone into leadership positions or are in leadership positions Do you agree with this, you know? Do you agree? Do you have some examples? Do you want to challenge, do you want to push back on this? Because when I first heard it again, again coming from having no experience, I was like, okay, that makes sense, the dots are connected, got it.

Steve: 25:15

Then, when I actually went into a situation and put this in practice, I was like, oh, I don't know if I fully agree with this now, um, because you know, just, I mean, I'm just being honest because, and I know, you know, we all, everyone has worked for someone at some point now, right, and there are leaders, managers, supervisors, whoever, who are just good people, good human beings, and they treat their team well and they care, and there are others who don't give anything about anyone other than themselves and they're just trying to use people as stepping stones to get to where they need to get. So it can go both ways. So, yeah, anyway, want to hear your thoughts on this. Do you agree that there's no such thing as bad teams, only bad leaders?

John: 26:11

Yeah, all right. Moving on to the next one, believe and I think this one also ties into not only just believing in the mission. You know, if you're trying to roll out some new technology Back in the day MFAfa, right, everybody hopefully has mfa now. But I remember when we first started talking about rolling out mfa and they're like you're never going to get all faculty and staff to to sign up for and students to do mfa, and I'm like what are you talking about? This is 10 year old technology. We should all be doing this. Oh no, no, they'll never do it Right.

John: 26:51

And if you're, you're trying to push this and you don't believe in it or you don't believe that people will follow it, it's not going to go very far and you're just trying. You know, when you're setting your, your team up for success and you're trying to communicate to them the goals, what are we trying to achieve? What are we here for? Right? What's the mission? Right, then, if you don't believe it, it's going to be tough yeah, and you won't be able to sell it yeah, you're not going to be able to sell it.

John: 27:23

And if you don't believe it, it's difficult for you to explain the why. This is one thing that came from this book that I really, really liked. Is you think in the military it's like hey, you know, yes, sir, sir, yes, sir, right, I just do what I'm told. But but humans are humans, you know they might say sir, yes, sir, but maybe after they leave and go do something else and they don't believe it and they're not backing your mission because you didn't tell them the why behind it, because you don't believe it, then is it going to get done effectively? Maybe not. Same thing for our teams. As a leader, you know you need to be able to understand the mission, understand why we're doing it, believe it's, it's valuable, believe and be able to communicate that to your folks and explain hey, we're going to go do this thing. I know you don't like it, maybe it's something that's going to not be fun. I know this ain't, this is not going to be fun, but here's the why behind it and why we think I believe this is the right thing to do right now. Sometimes, as a leader, a lot of times it's out of your control and there's a bigger objective going on, but you're still communicating that to your team, like, hey, it is what it is. We don't love this right now, but this is what we got to do in order to move the needle in some fashion or be successful in the long run. This might suck right now, but in the long run, this is going to help us be established. For look that team. They killed it. They did the thing. They didn't. I know it wasn't fun, but look how they stood out in this role or in this task.

John: 29:03

So the belief behind it, you know it's really simple. It sounds simple, but you can tell right. You can tell if somebody is giving you something to do and they're and it's just a thing. They're just telling you to do it, because it's a thing to tell you to do right. Versus, this is going to help make us better. I mean, I know it's going to be tough, but this is this is the why. And then it it really. I had a lot of leaders that did not explain the why. It's like when your kids say you know because? And you tell your kids because I said so yeah because why can't I do this?

John: 29:36

because I said so, and usually you say that when you got tired of answering all the other why questions, and so you get to the 10th why question. You're like I'm done with answering this question. This is because I said so now. But that is true, right? If you don't understand the why, what they call in this book the commander's intent, your intent as a leader, then they're not going to be behind the mission, they're not going to be behind the task, they're not going to be behind the project Right. So this is super important. What do you think, steve? The project Right.

Steve: 30:08

So this is super important. What do you think, steve? No, I completely agree, and I have seen a shift. You know, sometimes for me this is a me personal example I sometimes get too focused, too carried away with getting things done Right Checklist Boom, boom, boom, boom, boom.

Steve: 30:27

I may know what the end goal is, I may know what the big picture is because my leadership shares it with me, but if I am not sharing it with my people, my team, my group, you know the belief may not be there and the will or the want to, you know, want to be a part of this big picture. That is exciting. It's something we're striving for. If they don't know the information, how can I expect them to be as passionate about this as I am? Right? So just being able to share that information. And I've seen a shift where, you know, I wasn't being as communicative about that with my team. That has changed. That was brought up to my attention. Feedback, feedback is amazing and that has changed. And now it's just, I see the change in sharing and some people may say, oh well, you may overshare. Some people say you overshare, john, but I feel like it's important, I feel like it's good, it's good to make sure that everybody's on the same page and they understand why things are being done.

Steve: 31:36

Now, like you said, we may not always agree with the decision, we may not always agree with the route we're taking, but if we know the why, if we know why this is being asked of us, then that helps us and that lets us understand. Okay, well, this is how I can contribute, this is what I can do to help us achieve that. So, just communicating, being open and just understanding why things are happening. It's very important for a leader to communicate that down as he gets the information, and for a leader who may not know, it's good to ask why to your leadership. Right, it's good to ask for the big picture, to understand. Well, I understand what you need from me and my team and we're going to get it for you, but can you help me see the big picture, help me understand why we're doing this? So there may be other things that we can help with as well. So, yeah, just my two cents there.

John: 32:34

Yeah, no, and uh, I I kind of feel like sometimes I'm oversharing, but it's a lot of. It is because I have had so many leaders that just didn't. They were just like go do, go do, go do, and they didn't give me information. Everybody wants to know why you're doing something. I mean, it's normal, it's human nature, it's a common thing. Yeah, it's a human nature. Hey, I want to know why am I doing this? Is it important? Does it make a difference? No-transcript. So I might go, I might be the very verbose version of that. Sometimes I try to try to keep it in check, but, um, yeah, moving on to the next one, um, checking the ego.

John: 33:11

Ego, and this is one of the biggest things that stood out to me in this book about humility. And again, you think these, the guys who wrote this book, right, navy SEALs, they're going to have a big ego. They're coming at it from like, look at, look at these guys, they're amazing, they're snipers, they're, they're just leaders and and the navy seals, they're navy seals, but really, they really stress this point and how important checking your ego is. And, um, and and, and I had again, I had not seen examples of this. Most of my leadership at that time had big egos in there. They want to be the. You know, look at me, look at me. There's a reason they wanted to be in leadership because of those you know the ego really is is to be seen as the leader. Not, hey, I'm here to make a difference. I'm here to make an impact. I'm here to help, I'm here to serve my people. I'm here to do big things for my team and the organization. Not I'm here to look good, I'm here to promote myself. I'm here to put my name out there for the next opportunity, right there, for the next opportunity, right, um, but in, even in, as a as the leadership role.

John: 34:31

Ego, it really it's, it's all ever present and ego is a good thing. There's a good ego and there's bad ego. Good ego is like look, I want to be the best, I want to be seen as the best, I want to be seen as is killing it. Getting stuff done is like look, john's after it, he is number one, right. But I'm not trying to promote myself as, look at, look at me, look at me, look at me. But ego can drive us to perform, to succeed, to strive and you know, a lot of times sometimes I'll give steve a little bit, a little bit of competition. Like hey, this is uh, this team over here, I don't know, steve Right, steve's like, oh, they're going down, let's get it.

Steve: 35:14

They're going down. Save the rest, John.

John: 35:16

Right. So that ego is not a bad thing, but when it overtakes you and it becomes of shining the spotlight on you and not your team, again, as a leader, that's what you should be thinking about is how do I help my team and make them look good? Also, as a leader, and as every position, I believe that your goal should make your boss look good, and I tell steve and others this is like yeah, if you're making me look good, I'm making my boss look good, so I'm looking good, right? Um, again, it's that take the spotlight off you. So here's the thing as a leader, you're going to get. You're going to get the, the criticism when things go bad and you're going to get the kudos when things go good. But you should be quick to reflect that back on on the team.

John: 36:11

It's not about you, right? You? You couldn't do this by yourself. Even if you are awesome, you couldn't do this without your team and it. You have to reflect on that like, oh, okay, I got this, I got these kudos, but I need to talk about it wasn't me, you know, I was there to be there to lead, to lead, but it's the team that made it happen. Right? So that ego. Checking your ego, you should check it like, hey, am I? How is it? Am I letting it come up? Am I letting it get take over? Or is it healthy? Is it a healthy ego?

Steve: 36:44

yeah, no, I mean, I think I think everyone has, even if it's small, big, whatever some type of level of ego, and you do. And when you jump into leadership again, I I mentioned that earlier if you haven't yet, one day you may. If you don't, you're very lucky. But if you have, you've worked for this person or you've worked with a person who has a huge ego and, oh my God, it is so annoying, it is just off-putting, it is just ugh, right, but those people exist and you have to be able to work with them and just focus on yourself right Now. Moving on to that point that you just made, john, about giving kudos, I absolutely agree with that.

Steve: 37:37

I have seen, I've been in meetings where I've been involved in a project. I've been to the meetings, I've done the email, everything just been a part of the project. I might not have been doing the actual work, but I've been in the project, I've been informed, I kind of know what's going on, just to that level. But I notice things and I've seen that this individual has really done most of the work. And then I am in these leadership meetings we're presenting hey, how's that going? This and that, whatever, and their manager is sharing the status and they get all the praises and not once did they say, oh, it wasn't just me, it was my team, or it was this person or whatever. And that is so annoying and I try my best to say thank you for saying hey, steve, great job, thank you. But I really have to thank my team Like I make it a point. I make it a point, I make it a point. If I'm ever talking about something that we've done or just explaining to somebody how things are done here, I always make it a point to say yeah, we myself and my team were able to do X, y, z. Or if it's one person specifically, I specifically say John Doe here. They were the ones who really did all the work and we really appreciate their hard work and what they've done.

Steve: 39:17

You know like it's, it's little things like that that you may not think it matters and if you have a big ego, you want all the praise for yourself, but if you are a true leader, you will see the value and the importance of doing that, because when you are in that meeting and that person who's broken their back for the last six months working on this project is sitting right there next to you and your boss gives you the kudos and you turn around and say, well, actually I want to thank John Doe, here with me because he's really been doing all of the work. So, thank you, we appreciate you. That right there oh my God, that is gold. That person will look at you and be like man, I feel seen, I feel valued.

Steve: 39:56

I really appreciate Steve for for seeing my hard work and valuing what I'm doing and just being humble, because sure, you are the leader of that team, but the team is really the who's doing the hard work, the heavy lifting and, like you say, john, they're doing the hard work, they're making you look good. But you can't take that all for yourself. You have to make sure that you shine the spotlight where it needs to be, where it's deserved as well. So just my two cents yeah, no, uh, 100.

John: 40:30

I, I definitely agree. Um, it's a constant thing though, like we've talked about, it's not. Oh, I got this. Um, the ego's gone, he goes in check. No, it's, it's really every day, every week. Um, all right, moving on to cover and move.

John: 40:47

So this concept, it kind of makes sense, right, and my military, if you're thinking military, if you came from the military, oh yeah, cover and move. You know, I think about paintball. I used to be big into paintball, um, and you know, and nobody ever I played, I never played paintball with anybody that actually knew what they're doing from a like cover and move and tactical and flanking. It was all just like chaos, free for all, everybody's running, running a gun and running a gun, and no, no actual teamwork, no actual coordination, unfortunately. But, um, you know, imagine a military scenario. You've got one team, that's, you know, maybe being fired upon and they need to move closer to the target, they need to move closer to the bad guys, and then you've got another team beside them, maybe in a different position, that's laying down cover, fire so that that team can move. So they've got that team's back and then they do it again. So now Team A covers and lays down cover fire for Team B, and then they can move, and then they do it again. So now team a covers and lays down cover fire for team b and then they can move, and then they can move right or flank or whatever. So the you know, obviously it's navy seals wrote this book, so those kind of concepts come to mind. But really I just you know, it's a great picture in my head of other teams that you're going to work with. Right, you got your team, you're the leader, you're taking care of your team, everything's good, you got your ego in check. But now you're interacting with other teams and your people are interacting with other teams. How do they work with those teams? Do they help? Are they helpful for those teams?

John: 42:16

Um, there's, there's always like a potential for different teams, especially with cyber security. Your security team a lot of times it's the networking team and they don't see eye to eye and they don't get along because the network team is trying to move packets and they're trying to make everything fast and the security team is trying to inspect those packets, slow things down. We've got to take a look, we've got to inspect and they can butt heads. Often in organizations and in my experience we've gone back and forth in different times. We have a good relationship and it's all about nurturing that relationship, but when you have those situations where there's opportunities for them to watch your back and you can help cover their back Right. So a good example might be if you don't have a good relationship and it all comes back to relationships maybe they do something that they don't tell you about that you might, because you might slow things down or because they don't have a good relationship with you. So they decide to just kind of do this thing and they don't include you in that decision or that information because they don't like you and that decision or that information because they don't like you and you've burned them right.

John: 43:29

Again, that comes back to humility and owning up to problems or mistakes that you made when I brought down the network, the network guys still don't, let me live that down right, they're like you. Remember that time? Yes, I remember right, but I owned up to it versus trying to hide it. You remember that time? Yes, I remember Right, but I owned up to it versus trying to hide it, trying to and they do it in a joking way mostly, um, like you know you remember that time, yes, but like that being humble and owning up to it and then helping them out, right.

John: 44:03

So it's not all about your team and you're just your mission again. It's kind of stepping back of like what's the big mission for the whole organization? If I win and they lose, then we lose. Really, if it's a lose for them which impacts the bigger mission, then it's not a win. Even if I won, it's not a win for the organization. So it's it's also just thinking about that. From what are their priorities? What is what it's on their plate? What's on what are challenges that they have? Empathy we talked about that last episode.

John: 44:40

Yeah, putting yourself in their shoes yep okay and and this is a challenge sometimes, right, there's a little bit of competitiveness. Sometimes, um and I know steve, you know he likes to win, but, um, I'll have to talk about that but really like, how can I help other teams? And in the long run, it's going to help us because of built the relationship we built for the greater good.

Steve: 45:04

Yeah, no, I agree, and, for the record, I think a little competition is healthy, healthy. It's healthy, it's team bonding no, but yeah, I mean, we talked about this in the last episode when we were talking about social skills, teamwork, right, teamwork, just being a team player. Having cybersecurity is not, it's not just a responsibility of the security team, it's the responsibility of everyone in the organization and building those relationships and building those relationships and having the confidence that other teams within your organization, within your IT organization, will have your back and will reach out to you and say, hey, this is what we're seeing or hey, we're thinking about doing this. What do you think about it from a cybersecurity standpoint? Because the last thing you want, like John mentioned, is for someone to see the security team and see you as a roadblock, as a speed bump, and try and work around you instead of with you. So it's very important. It is very, very, very important.

John: 46:14

Yeah, especially as a security team, you're across so many different domains and other teams that you get involved with that you get involved with. It's unique in our role to be across so many domains and be part of the bigger goal, the greater good for the mission, for the organization. All right, last one that we'll cover today. There are others in this book, but these are kind of the main ones and this is probably one of my favorite ones and probably one of my favorite sayings from this book, other than extreme ownership, but prioritize and execute. So, as a new CISO over three years ago, I had a lot come at me and we were short on staff. We really didn't have a, a big team to rely on. And bad guys don't care, they're doing their thing right. They're trying to trying to make bad things happen and I, as I talked about in the last episode from from the disc score, I'm a high c, what that means, I like to have all the information possible before I like I like to have before I make the decision. But I had to adapt and in the disc scoring thing they talk about you know how you have your baseline, but then your adaption, your adaptability, and we talked about being adaptable, but I had to adapt to look. I can't, I can't wait. I gotta be make a decision now, and especially in security, at in the operational side, that things are happening, the attacks are happening, incidents are happening. You got to be able to make a decision. This is what you're here for, leaders. This is what you're here for to make decisions and get and get stuff done really like. Those are the two things getting things done. Number one and and this isn't in this list, but that's really what makes you a good leader is. I look at you and I say is are they getting stuff? Is their team getting stuff done? But in order to get that, you need to be able to go through like where, what's what's happening right now? What do I need to do first and then do it? How do I prioritize what's what's facing me right now, especially in a intense, stressful situation? You're not going to have everything. You're going to have you, you know, maybe, some information and you have to be able to make a call, and it might be the wrong call. It's definitely possible. It's the wrong call, but you only have, you can only do with what you got right.

John: 48:54

But in the book it talks about stepping back, you know, and their example. It's like if you're leading a team and you're in the front and you're in the firefight, it's very difficult for you to see the big picture, as steve talked about. But if you're able to detach and step back and see okay, I see my team here, this is what's going on now, I can see the bigger picture and make a make a decision. You know, because if you're in the mix of it, it's hard to make the decision because everything's happening. You're part of everything that's happening and, trust me, what you know we've had, we had, as a new CISO, things were happening and I didn't have everything and there were a lot of new things I had to do, figure out and figure out on the fly, and figure out in the fires, and that's where you know being resilient under stress, under under duress, but really comes down to let's, let's refocus, and you're constantly prioritizing, constantly reprioritizing.

John: 49:57

Let's look at our list. Let's look what we got. Let's look what's happened today. Let's look what the team is doing. Let's look at what the team is doing. Let's look at what this team is doing. Let's focus. All right, hey, we're going to shift this priority. I know this was a priority, but stuff happens and now we've got to shift it, and now do it and then execute. So I love this concept.

Steve: 50:19

Yeah, I mean. No, I mean for you as a CISO it's very important, right, and I think when, like you just said, when you became a CISO, things were thrown at you, situations that hey, let's go, yeah, let's go, we're going to figure it out Sink or swim.

Steve: 50:43

And you went like Michael Phelps and won eight gold medals. But you know that's that. No, but no, I completely agree and it's something that I am focusing on myself, trying to get better, trying to expose myself, put myself in more of those situations just for my professional development, for my career growth. But it is something that can help just anyone across the board within cyber security. Whether or not you want to be in this leadership position, there will come situations where you be put under pressure and you need to prioritize and then you need to go after it and execute. So it is something. It's very valuable and it's something that you can practice and you can get better at just putting yourself in those situations, because it will matter and it's just a matter of time. Just when people say, oh, it's not if I get hacked, it's when, when you get hacked, will you be ready?

John: 51:39

No, absolutely no, I think. Let's recap what we've talked about today. So we talked about extreme ownership, this book you can go buy this book. It's on Amazon, right?

Steve: 51:50

We don't link in the description.

John: 51:52

Yeah, we don't get kickbacks from it. You know we don't have anything there, but I definitely recommend it. And the Jocko Willink their podcast, awesome podcast. I still listen to it to this day. But just extreme ownership, taking ownership, right, it's, it's all about you, it's from a leadership perspective of, hey, it's on me, it's not somebody else's fault. Um, helping your team set up, setting them up to win, you know, believing in your mission, checking your ego, cover and cover and move, prioritize and execute right. These are all some. This isn't everything from this book, and there's much more. There's other books that we're not covering here, that I also recommend the Dichotomy of Leadership and Leadership Strategies and Tactics. I've got all these books, but one of the things that I would just preach and I have kind of been preaching a little bit, but I would just preach is that leadership is a skill. We talked about some of these concepts.

Speaker 1: 52:51

Yep.

John: 52:51

But it is a skill and if you want to be a leader, you should start investing in those skills. That's what I did is I took it seriously. It can be a little woo-woo. People get into this. They're like, oh you know, whatever you know, this stuff is whatever. Right, because it's not a hard skill. It's back to the soft skill. It's not something that you can see like I'm building my Linux skill set so I can be better here, right. So it's in that it's definitely in that domain of like. Well, how do you measure it? Sometimes it's hard to see how you're getting better at this and you have to continue to get better and continue to be reminded of these things. Right, but it is a skill, right? So I would just that's the biggest thing I would challenge you with is think about these as skills, start investing.

John: 53:40

There's many more books that I have listened to and read about leadership, podcasts I've listened to about leadership. I've just taken it seriously and tried to apply it. That's the other thing about all the stuff that we talk to you guys about Don't just listen, Don't just take it as like, oh, that was a great episode. The only thing that's going to make a difference in your life is action, prioritize and execute. Execute right is if you listen to this and you think this sounds great, it's not, that's fine, okay, great, give us a nice review, give us five stars, whatever, but that's not going to change your life. The only thing that's going to change your life is to put this stuff into action, and you don't have to put everything, but you got to put it in place and start doing it yeah, start slow, one thing at a time yeah, yeah.

Steve: 54:29

So call to action what you got, steve yeah, well, hey, listen, I want to hear from all of you. If you are already a leader or want to be a leader one day, leave us a comment below. We'd love to chat and talk about this topic in more detail.

John: 54:45

I know John loves this topic Definitely Also just say in the comments, just say, hey, I want to be a leader, I want to be, I want to be so, I want to be whatever Like. What do you? What's your dream?

Speaker 1: 54:58

If you want to be a leader one day.

Steve: 54:59

Yeah, yeah, absolutely. Also just reminder hey, if you want to take over the world with us, check out our swag shop. The link is down below. We got all kinds of goodies there Definitely help us represent and just keep moving forward. And if you are looking to sharpening some of your soft skills, check out the Networking is King training, which is now live Again, the link is in the description and let us help you build strong professional relationships and with that that's a wrap.

John: 55:31

We're done, Thanks everybody, thank you. Thank you for tuning in to today's episode of the Cybersecurity Mentors podcast Remember to subscribe to our podcast on your favorite platform so you get all the episodes.

Speaker 1: 55:45

Join us next time as we continue to unlock the secrets of cybersecurity mentorship do you have questions or topics you'd like us to cover, or do you want to share your journey? Join us on discord at cybersecurity mentors podcast and follow us on linkedin. We'd love to hear from you until next time. Time. I'm John Hoyt and I'm Steve Higureta. Thank you for listening.