The Habits of a Security Leader
We are all habit forming people. That is, we develop a fixed way of thinking, willing, or feeling through repetition. Our habits are often unconscious. After all, we don’t indulge in self-analysis while going about the routines of our day.
George Finney, CSO of Southern Methodist University, understands this unique characteristic of being human, and helps us leverage it to master our individual and corporate security responsibilities.
In his new book, Well Aware, he offers a timely take on the leadership issues that businesses face when it comes to the threat of hacking. Finney argues that cybersecurity is not a technology problem; it's a people problem. Cybersecurity should be understood as a series of nine habits that should be mastered. The nine habits include literacy, skepticism, vigilance, secrecy, culture, diligence, community, mirroring, and deception. They are drawn from the knowledge the author has acquired during two decades of experience in cybersecurity. By implementing these habits and changing our behaviors, we can combat most security problems.
I believe our conversation before the publication was timely for all risk, resilience, and security professionals. Since Finney leans on lessons learned from psychology, neuroscience, history, and economics, I believe we can apply many of the habits to our physical, logical, or operational security programs.
As a member, you will see Finney’s book on our member resource page.
For those who purchase his book during this time, he is also offering an online master class. Let us know if you would like an introduction.
Finney says: “For anyone who wants to be a CEO, a VP of Sales, or even start their own business…Cybersecurity is now a now a required qualification. And if you're in HR you can help train employees to have better cybersecurity habits. You need to understand cybersecurity or else you’re going to be passed over in favor of someone else who does understand it. Just like you’ve had leadership coaches or mentors in your career, you need a cybersecurity coach.”