Director, Information Security
Brian Wrozek is the director of information security with Optiv’s Office of the CISO. In this role he specializes in enabling CISOs by sharing practical recommendations and confronting the many cybersecurity challenges with a “glass is half-full” attitude.
Freshen Up Your Yearly Goal Setting Activities
It is that time of year when managers and direct reports should be getting together to set performance goals and objectives for the upcoming year. There is a wealth of information related to effective goal setting so I will not attempt to reproduce it here. Instead, I encourage you to look beyond the traditional project and tactical related items that are an obvious outcome of these discussions. Goals like, “in this year’s disaster recovery exercise, you along with the IT operations team will rebuild the current production version of the point of sale terminal software in the recovery data center and process a transaction within 48 hours of declaration,” are important to identify and document but do not adequately address the personal development of the individual employee.
When you hear personal development, I suspect the thought that immediately pops into your mind involves drafting a plan to address a known weakness or deficiency in a technical area or soft skill, and that plan includes some form of formal training and education. This is a solid approach to improving skills and rounding out your overall portfolio of capabilities. You cannot simply ignore your weaknesses but I encourage you to stretch yourself by including the following additional items to your goal setting agenda:
- Highlight a key strength that should be further utilized or one that is not currently being used at all then align on two potential opportunities for leveraging this strength in the upcoming year. There are a number of benefits in turning the discussion towards your employee’s strengths. Michelle McQuaid, best-selling author, workplace wellbeing teacher and playful change activator, recently highlighted 10 compelling reasons in a Huffington Post blog. Imagine the burst of energy that will come from your employee when they are allowed to do what they do best. The payback will be even more pronounced if that strength has been lying dormant. Putting your employees in the best possible position to succeed is good for them, good for you and good for the company.
- Identify a relationship that you want to build or strengthen then align on two potential ideas for cultivating this relationship in the upcoming year. Even the best technologies and solutions fail when people do not work together. “The most important single ingredient in the formula of success is knowing how to get along with people,” said Theodore Roosevelt. You send a strong message that there is more to the job than Access Control Lists (ACLs) and Indicators of Compromise (IOCs) by specifically listing a relationship-building goal as part of your employee’s priorities. In my experience and what I have heard from others is that the person whom you choose feels honored and touched by your sincere efforts to build a more effective working relationship and will work hard to make it successful.
What does this have to do with security? Being a CISO requires more than security expertise. You must be an effective leader and excel in everyday manager duties. I would argue that few, if any responsibilities are more important than the investment you make in developing your employees. Everyone is struggling to attract and retain good talent. Therefore, take the time to have meaningful performance development and goal setting discussions with your employees. Avoid falling into the same rut of listing various projects and administrative duties or focusing too much attention on weaknesses. Instead, put emphasis on leveraging everyone’s strengths and building meaningful relationships.