CEO guidance: Handling dynamic change in the cybersecurity industry
In a little over 18 months since SonicWall split from Dell, the company has become operationally and financially independent. “In fact, while achieving independence, we are thriving, surpassing financial objectives for six straight quarters as of Q1 2018,” the company’s CEO Bill Conner proudly states.
“Looking back, I’ve been fortunate to have seen the ‘ins’ and ‘outs’ of various departments within service providers, software and security companies. These experiences and opportunities have enabled me to build a strong company foundation with realistic and industry-specific company growth goals, and it’s because of that we are seeing such an explosive growth.”
Before helming SonicWall, Conner was president and CEO of Silent Circle. Before that, and for over twelve years, he was the president and CEO of Entrust. And for a decade before that, he held various executive positions at Nortel Networks.
So when he offers advice on “how to CEO well” in the infosec industry, it’s worth it to take the time and listen.
No clear vision = chaos in the workforce
For those aspiring to become a CEO one day, he advises fostering a “lifelong learner” mentality for the industry they work in – whether that’s physical security, data, storage, cloud, mobile communications or cybersecurity. Additionally, staying up-to-date on news and trends within that industry is a must.
“Then learn to extend your knowledge base beyond your specific specialization. Working across industries will make you a more versatile and sought-after professional,” he says.
A CEO in the cybersecurity industry, where so much is at stake, has to have both strong leadership skills and cybersecurity knowledge.
“In order to build a strong cybersecurity team, you must have the leadership skills to recruit and inspire the right kind of employee as well as the industry-knowledge to train and mold these individuals into experts that will eventually take on more leadership roles,” he points out.
“Decisions are sometimes made quickly and you can’t second-guess yourself. This is when you rely on your cybersecurity knowledge and decades of experience to complement your leadership skills.”
The “lifelong learning” mentality also has to encompass learning from past experiences – both good and bad, he adds.
Next, a CEO has to have good communication skills and a clear vision, and has to make sure that vision is shared and consistently communicated throughout all levels of an organization.
“Finding the appropriate message and best method for delivering that message is vital, as it differs from individual to individual, group to group and company to company,” he advises.
Finally, a CEO in the cybersecurity industry must be persistent and determined in the midst of dynamic change: “With the ever-changing technology and security landscape, it’s important for executives to maintain a level of confidence and fortitude in order to achieve success.”
Infosec lessons learned
Conner’s 30+ years in the IT and cybersecurity industry have taught him a number of lessons.
“I’d say that no matter the business, a leader will tell you to tap into the mind of the customer first, and the rest will come later,” he shares. “I find that people are doubtful of advancing technology and often put an end to innovation before we’re able to see the full results or reap the true benefits of the idea.”
He has also learned that when discussing the implementation of a new technology or app, security, policy and privacy need to be taken into consideration before launch. But, one has to keep in mind that these three factors differ across each industry and should be handled differently on a case to case basis.
In IT/cybersecurity, companies, employers and employees need to be focused and vigilant at all times as there’s a lot at stake and cyber attackers are constantly innovating.
“The time commitment and 24/7 response expectation is often an overlooked challenge in running a global cybersecurity company,” he adds.
“Cyber threats come from around the world with different intentions. The clock never stops on incoming threats. Security experts need to be willing to work long, hard hours and security executives need to find ways to better proportion the time commitment imposed on their employees.”
The future of cybersecurity
“The cybersecurity market is currently very fractured due to the changing technologies and networks that are being developed but, within the next 10 years, the value proposition of security will rely on how each organization manages and protects their own assets, not one vendor solving it all,” he says and predicts that once companies begin to prioritize security as their number one concern, we’ll see a large cultural shift in the market.
He also believed that cloud technology will play a significant role in how business and security will evolve over time.
“While cloud technology benefits seem overall positive, from a security perspective, it introduces an entirely new set of risks. Therefore, traditional security technologies will need to adapt to the cloud or be left behind,” he notes.
“Consider purchasing technology that includes a layered and dynamic approach, with integrated and automated breach detection capabilities. These capabilities should have the power, intelligence and flexibility to deploy what they want, when they want and where they want to eliminate potential network vulnerabilities,” he concludes.