“Leverage both positional and relational authority to influence change in an enterprise cyber security program.”
We are all on the same ship – the sooner we act like it the better. Everyone struggles with governance of cyber security, no matter what your size or limited resources. When influencing others two primary types of authority are involved, positional and relational. If you have positional authority, aka you are the boss, people do what you say because they have too or they have negative consequences. A good manager champions the hopes and dreams, skills and talents, and roles of each staff member. More important, a great manager knows the heart of each staff member and has a relationship that is beyond that of a positional role of authority. Managers who also can serve as a mentor, who are respected, sought, and looked up too, influence the heart, loyalty, and passion of a staff member.
When evangelizing an enterprise security program positional and relational authority are both required. This is especially true in an organization where IT has matured to some sense of security, but cyber security is NOT viewed or promoted as an enterprise based role and function. IT/Security managers may struggle in those early years to get others on board, overcome historical challenges and culture, and difficult personalities and agendas. As a manager seeking to influence without authority focus on listening, really well, and make sure everyone is heard. Do what you can to create allies and champion efforts of others; put in extra time and effort for the sake of others even if it doesn’t benefit your agenda directly. Gain trust, earn respect, and build relationships. Go out of your way to get to know others and spend some off-time with them also, perhaps a lunch together or drinks after work occasionally. These efforts build relational authority, where you are viewed as an advocate and are trusted; you have influence! Warning – you can try to do this with a manipulative intent at heart, but it is a house of cards and will fail. You have to put your heart into it and be genuine while balancing your frustrations or concerns about how others are not embracing cyber security.
Be patient young Padawan, for the force is great within you. Great things often take great time and it will be worth the effort. Commit to the journey, build up a team of people below, around, and above you that you can trust, and watch things change! It can be personally and professionally exciting and rewarding if you’re willing to commit on a heart level and put the time in necessary to build relationships.