How can the Chief Executive Officers and the Organization's Top leadership help to remove the I.T. and Cybersecurity leadership gridlock?
Photo Credit: Sam Rugi

How can the Chief Executive Officers and the Organization's Top leadership help to remove the I.T. and Cybersecurity leadership gridlock?

Be warned as you read this, understand it was written by an underdog, a middle I.T. and Cybersecurity Professional, who you may find to be biased, but note he is a self-taught and self-sponsored through education and certification and career relocation and migration from one continent to another for the greater part of his life.

He likewise recognize the support of many great well-wishers as he worked in Government, the Private sector, and International nonprofit organizations in different roles and capacities.

My sincere apologies if you don't find this to be an informative article, as it is a product of meandering career chaos engineering and something you may not like.

My point of view here is philosophical and based on lived experiences, and it is not specific to any particular work experience or geographical location. It is meant to trigger thought-provoking ideas to enhance the Cybersecurity culture to rebuild resilient I.T. and Cybersecurity-compromised modes Of Operation (Plan B)?


Early in March 2024, a well-known Big Five auditing firm published an informative article called "Building cyber-resilient supply chains."

The article provided valuable insights for our business leaders and readers, particularly in identifying our shortcomings and often overlooked aspects. One key observation was the misconception of security as a purchasable commodity.


Currently, most of our organizations focuses on security technical controls as the first thing, which usually leads to a belief that security should precede everything else, including dumping well-researched academic and Government labor considerations.


This creates a superficial impression that Cybersecurity is a "product" one can get on a store shelf. In contrast, it relies on a foundation of scientific principles, which are meant to be an evolving practice and an integral security culture led by well-trained and passionate practitioners.

The main gap the CEO and Executive leadership can fix immediately is: recognition of the role of "I.T. Security or Cybersecurity Managers.

According to the U.S. Bureau of Standards, "I.T. security managers."

Oversee their organizations' network and data security. They work with top executives to plan security policies and promote a culture of information security throughout the organization. They develop programs to keep employees aware of security threats. These managers must keep up to date on I.T. security measures. They also supervise investigations if there is a security violation.


Education Qualifications.

Computer and information systems managers typically need a bachelor's?degree?in?computer and information technology?or a related field, such as?engineering technologies.

These degrees include courses in computer programming, software development, and mathematics.

Management information systems (MIS) programs usually include business and computer-related classes.

Many organizations also require a graduate degree in computer and information systems management. A Master of Business Administration (MBA) is standard and takes two years beyond the undergraduate level. Many people pursuing an MBA take classes while working, an option that can increase the time required to complete that degree.


I encourage all CEOs, from large corporations to start-ups, to immediately audit their organization for the people with the above qualifications and, with immediate effect, grant all the qualified individuals the title of "I.T. Security or Cybersecurity Managers.?"


Hold these individuals responsible for building an organization's security culture other than approaching enterprise security or Cybersecurity as a product, and keep them accountable to the code of conduct from their certifying bodies, which are internationally recognized cybersecurity bodies. The professionals should be required to participate in their industry-recognized capacity to help improve the security culture regardless of the department, the work, or the assignments, but only if they officially opt in or opt out.


As of today and in my analysis and experience, people with these qualities and qualifications are all locked and stockpiled as individual contributors, and roles made less attractive, a mechanism that cripples their career growth but also denies the organization and the community to benefit fully from their wealth of industry knowledge and exposure.


Secondly, by granting them the title I.T. Security Manager/ Cybersecurity Manager, you automatically open the closed gates in the community. In most cases, only people with manager titles are invited to participate in external critical community events and leave out the great experts, the so-called individual contributors, even though they choose to serve in that capacity.

It is shocking that even at this age, middle-career Cybersecurity professionals can only make a presentation at a high school or a community event if they are people managers or hold that title and require approval from the highest leadership. Yet, we want them to become independent and accountable leaders while babysitting and policing them throughout their career growth.


In my humble view, we are in denial of the industry suffering from acute security paranoia disorder, which needs to be neutralized to create an inclusive community with well-rounded experts to build reliable and cybersecurity-compromised modes of operation (Plan B)


The leaders need to realize that Middle career professionals are the critical drivers to shaping the security culture, and while a good number are being systematically "differentiated" against their choice not to take a role as people managers to avoid another societal conflict or even further fail to recognize for the career investment or time contribution in the communities they help.


A great CEO must stand with this group of highly competent individuals and help them pass by the old organizational or community practices that sideline individuals by titles or the mere fact they have chosen to provide expertise without directly managing people for whatever reasons. This choice must be respected, treated equally, and supported as any other role!


Another avenue to unlock the IT and cybersecurity career jam is forming the Chief Executive Officer Cybersecurity Board of Professionals Advisors, which has clear roles and objectives composed of middle-level I.T. as Security managers or Cybersecurity managers.

The individuals must have developed their I.T. and computer science careers in their undergraduate or master's degrees, attained industry certifications, and been recognized by their community.


They must showcase a track record of fearless self-investment in building a cybersecurity career, a qualifier to identify those who are passionate, give them the higher priority to serve at the front line, and assign them leadership mentors. They have already proven the resilience competence required to create organizations' "Plan B," and those who got full support are lucky or were favored by conditions when developing the career that came after.


The CEO Cybersecurity Board of Professionals Advisor's primary role should be to share new Cybersecurity strategies for the business, which the CEO and the leadership team can adopt or consider discussing with Cybersecurity leadership. It should be documented, kept, and protected as institutional knowledge outside the sight of cybersecurity or I.T. leadership to avoid interference while generating new innovative ideas without fear or repercussions.


These individuals should be acknowledged for their contribution again outside their reporting line to ensure their career is supported within and independently outside their teams, pay for their annual certifications maintenance fees and at least for one Cybersecurity conference per year(virtual or in-person), managed and vetted through the organization training and career development and not through cybersecurity teams.


This would ensure we unleash a passionate talent that can not blossom under the shades of competitive and combative-minded security teams due to the nature of work, which may suffocate the diversity of thoughts, malnutrition the organization, and expose the organization to more consequential danger in the broader integral digital ecosystem.

Photo Credit: Sam Rugi


With this core group empowered and protected both in the organization and the community, we all stand to benefit from Deloitte's thoughts and ideas by:


  • Developing a Compromised Mode of operation (Plan B), which should identify and cater to our organization's, customers and community's critical enablers of data flows.
  • Identifying and protecting all critical processes required to ensure all mission-critical systems function at times.
  • Customize in-house Cybersecurity solutions to simplify our operations when compromised or under systems malfunctions or outages.

Sam's Executive Leadership Cyber Toolbox

  1. Shift I.T. and Cybersecurity perception from a commodity to an integral, innovative, and evolving security culture within and outside the organization.
  2. Empower, recognize, and promote qualified individuals to the industry titles as I.T. Security Managers or Cybersecurity managers.
  3. Establish the Cybersecurity Professionals Board of Advisors CEO to provide independent research material and trending insights from middle-career professionals.
  4. Support middle-career I.T. security managers or cybersecurity managers/professionals through mentorship under the CEO Cybersecurity Professionals Board Advisors organ.
  5. Invest in passionate talents outside the line managers backed up by industry professional bodies to unlock the potential of the minorities or sidelines voices in the fast-moving tech industry.
  6. Thanks, Deloitte, for writing an article which you never read, and has activated my thoughts about writing this piece while I was supposed to be sleeping!


"Building Cyber-resilient Supply Chains." Https://Www.Deloitte.Com/, 2 Mar. 2024, Building cyber-resilient supply chains Building cyber-resilient supply chains. Accessed 23 Jul. 2024.

"How to Become a Computer and Information Systems Manager." Https://Www.Bls.Gov/Ooh/Management/Computer-and-information-systems-managers.Htm#Tab-4, 17 Apr. 2024, www.bls.gov/ooh/management/computer-and-information-systems-managers.htm#tab-4. Accessed 23 Jul. 2024.


Disclaimer: Opinions, views, and suggestions are based on the author's personal life and as an underdog, in IT and Cybersecurity career experience.


要查看或添加评论,请登录

社区洞察

其他会员也浏览了