The SANS Technology Institute

Leadership Laboratory

Leadership Lab: Management Competencies

Leadership Essay - Updated April 6th, 2010
Effective Communication Leads to Understanding - May 27th, 2010
Making Time Zones Work For You - March 5th, 2010
Applying the Pareto Principle to Information Security Management - March 18th, 2010
Trust and Leadership - February 24th, 2010
The Erosion of Personal Privacy - Updated March 3rd, 2010
Situational Awareness Advice for Security Managers - February 4th, 2008
Temet Nosce - January 29th, 2008
Waking Sleeping Dogs: Information Security Ethics - March 29th, 2009
Using Key Competencies to Manage Career Development and Direction - May 30th, 2008
The Meeting before the Meeting - September 17th, 2008
Leadership in a Technical Role - September 17th, 2008
Motivation Mistakes Inexperienced Leaders Make and How to Avoid Making Them - March 10th, 2008
Improve the performance of a project with a good start - January 11th, 2008
Project Management for Security Managers: Develop a Plan - January 29th, 2008
Resolving Performance Issues Caused by Lack of Skill or Ability - December 24th, 2007
Living Life on Purpose - Personal Branding - Updated September 6th, 2007
Positional and Personal Authority - Updated September 6th, 2007
Cross-training: A Case Study - July 27th, 2007
How to "Pushback" - July 17th, 2007
Should I Apply for this Middle Management Position? - Updated June 13th, 2007
Groups in Conflict: How to Manage their Relationship - June 8th, 2007
Creating the Next Generation of Cyber Security Leaders - May 8th, 2007
How To Budget Time - Updated February 10th, 2010
The Security Manager and Business Situational Awareness - Updated May 17th, 2010
How to Address Shortcomings in Employee Evaluations - January 1st, 2007
Conducting an Exit Interview - Updated October 6th, 2009
Measuring Employee Performance - Updated April 29th, 2009
Coaching to Improve Performance - Updated November 19th, 2009
Google Power Searching for Security Managers - December 3rd, 2007

Leadership Essay

April 6th, 2010
By Stephen Northcutt
Version 1.6

Definition of Leadership

A leader is a person who guides or inspires others within an organization or community to achieve a goal. Leadership development begins with the simple realization that you want to be a leader. Life has many opportunities to press forward and take charge of a situation, or conversely, to shrink into the background. This is why we ask prospective students to write an essay about demonstrated leadership when they apply to our school.

Leadership and Competencies

What does leadership mean, how do you measure leadership? One approach is through management and leadership competencies. We define competencies as measurable skills, knowledge, and abilities that identify successful managers in the information security discipline. In your college career, you will be exposed to core competencies. They are covered in your required course, SANS Security 421. Some of the competencies that you will be taught are reinforced by specific course work and exercises:

• Team Development: This will occur during the first residential institute (work study), and both of your group projects.
• Relationship Building: This often happens during the first residential institute (work study).
• Importance of Communication: The presentation skills course will help you develop your oral and written communication skills.
• Self-Direction: We will be monitoring your progress throughout the program, but it will be up to you to sign up for classes and get the work done on time at a proper level of quality.
• Coaching and Training: MSISM students are required to serve as Teaching Assistants, and your final requirement will be to teach a Security Awareness course in your geographic area.
• Leadership Qualities: Many of the faculty you will be working with are leaders in information security field, they will consistently model leadership in the information security field.
• Vision Development: Gold papers cannot be a rehash of tired already published ideas that cannot add value. You will be required to produce original, creative work.
• Project Planning: You will learn about Project Management Planning in MGT 525 and you will be required to submit a project plan as part of your Joint Written Project.
  

Other competencies listed below will be taught in your required courses:

• Conflict Resolution
• Employee Involvement
• Change Management
• Motivation of Employees and Teammates
• Leadership Development
• Leading Tribes
• Brainstorming
• Leading Change

Two competencies are more important than all the others. How does a leader guide or inspire? They have to be great communicators. Therefore two of the most important skills you will work on are:

• Ability to communicate well orally
• Ability to communicate well in writing
  

The leaders in information assurance have different goals. That is the purpose of the outcome statement STI students prepare as part of their admission package. We invest a lot of time and money in each accepted student and we want to be sure that your goal is worthy of the investment. Some leadership roles in security are similar to other disciplines, others are unique. A few examples of security leadership roles are listed below:

• Manager, team leader or project manager
• The technical "go to" person
• Thought leader, often through writing and speaking
• Instructor, mentor
• Tribe leader, someone that can build a large following to accomplish a goal
• Change Agent, someone who uses their thought leadership position to alter the way we look at technology or process
• Technical tool author who creates or leads the team that develops a security tool whether open source or commercial

As a resource for you, we have posted a number of essays by faculty members and fellow students that either further define the core competencies or discuss additional competencies. What is the difference between a manager and a leader? A successful leader needs all of the same competencies as a manager, but some of the competencies must be more developed. For instance, vision. You can manage with a minimal capability for vision and that is even something Human Resources may look for in an industry that is based on repeatable tasks. However, you cannot lead without vision. The Security Thought Leaders interview series introduces a number of visionary leaders in the information assurance industry. In addition, you must have power beyond your positional power, the authority that comes with your role or job description. For many students in the MSISE program, this will be something called referential power, based on your knowledge of technical security. Our goal is for you to be able to work at the highest technical level in your organization. For many students in the MSISM program this will be something called personal power, people will want to work with you because they feel that you have both programmatic skills and a strong understanding of technical issues. They will look for you to be a bridge between management and technical groups in your organization.

Senior Leadership and Statesmanship

One reason to start focusing on your leadership skills today is that leadership is learned over years, not months. The best way to become a senior leader is by studying competencies and having the discipline to make them become habits and tools in your life. We can define a senior leader as someone who attains a highly respected rank, examples include:

• CEO, CTO, CSO, CISO
• Board member, Chairman of the Board
• President, Vice President
• Bishop, Cardinal
• Mayor, Senator, Representative

Perhaps the highest level of leadership is the statesman, a respected leader in national or international affairs, a person that devotes some or all of their energy to public service and to improve the common good. They have mastered the management, leadership and governance competencies and use the experience from a long and respected career to benefit others.

Leadership Essay Version 1.6