As I finished Chuck Klosterman's latest book But What If We're Wrong?, I remembered a particularly salient quote from another book of his: "Everybody is wrong about everything, just about all the time."
For good or bad, this line sticks with me, inflicting no small measure of grief and self-doubt. This particular line of introspection suffuses many of the tactical and strategic cybersecurity decisions organizations make. Cybersecurity leaders are brilliant second-guessers.
This indecision isn't a result of inexperience, ignorance, or a weakness of character. Instead, a good leader fully understands what is at stake: an organization can be broken on the wheel of a cyberincident with no warning and even less remorse. When it comes time to make a weighty decision, the refrain echoes in the far back: What if I am wrong?
As I reflect on my years of security decision points, both good and bad, what stands out aren't the lucky strikes or the dismal failures—it's the consistent thread weaving throughout those formative experiences. Some simple advice shared during an ordinary meeting allowed me to finally identify the unifying theme that connected these events.
In a one-on-one meeting with my manager regarding several projects that were running behind, I expressed doubt regarding my performance. Pausing the conversation, he told me something that was relatively simple but changed how I think about leadership, particularly at the tactical level.
"Ryan, a big part of good leadership is knowing who to trust, and then just trusting them. Also, you better figure out who not to trust."
My initial assessment was correct: I had a stranglehold on every detail that I was responsible for managing, and I was concerned about my ability to keep the plates spinning. But my manager's words cut through my doubt and freed me to let my team use their talents and skills fully. And by letting go and simply trusting my team, they finished the project ahead of schedule.
Advice on building trust as a leader is plentiful. Robert F. Hurley wrote an entire book on it, The Decision to Trust, which should be mandatory reading for anyone taking on a leadership role. In a Harvard Business Review article of the same name, he defines trust as "confident reliance on someone when you are in a position of vulnerability." That's a good definition, and Hurley is exactly right. If you intend to be successful as a leader, you need to decide who you can trust, and then you need to actually do it, especially when you are in a tight spot. Find people, both subordinate and above you, to seek advice from when you need support. These relationships are foundational to a successful career as a leader.
In cultivating these trusted relationships, you build a community dedicated to success—both yours and your team's. When you begin to doubt, you can leverage an objective opinion. The goal is to align the right resources with your vision—and you need to trust those who will help you achieve that vision.
But again, we doubt. What happens if you decide to trust someone and you get burned?
Carry on.
Continue to cultivate trust. Because long before your trust was violated, you should have been doing the right thing anyway: being honest and ethical and giving it your best.
At the end of the day, that's all you have. When you're alone with your thoughts, you have to answer to yourself. And there's the rub: you have to trust yourself first. You have to learn to trust your own motives and decisions to be able to extend trust to others.
Although this reasoning may seem cliché and derivative of "career builder" clickbait articles, it nonetheless rings true. Trust your people and trust yourself. Surround yourself with high-performing peers and mentors. Building a culture of trust—predicated on excellence and integrity—starts with you.
Ryan Halstead has worked in cybersecurity for a decade, both in higher education and in the corporate world. Ryan writes about security culture, leadership, and career. Find him at rjhalstead.com or @rjhalstead.
© 2016 Ryan Halstead. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.