Do Cyber Managers Need To Be Ninjas?

Photo by cottonbro from Pexels

A question I will ask new and emerging cyber managers is, “Do you need to be a ninja, to be a good manager?” Not surprisingly, many of them believe they do.

Like other engineering disciplines, many cyber managers were promoted to their leadership position based on their prowess as a cyber ninja. Unfortunately, a big difficulty transitioning from a front line ninja, to a cyber manager, is coming to grips with the idea that we have to put away some of our weapons because battling the adversary, isn’t what we are being paid to do now.

As a ninja, cyber martial arts was something that energized us. Our impact was measured by our ability hunt down intruders, engage in martial combat, and vanquish our adversary. Our value (and much of our perceived self worth) was linked to our mastery and application of the black arts. Some of us might even have been a Sensei to developing ninjas.

It’s understandable then, if we long for the sting of battle; and feel anxious with worry that our skills are perishing. The anxiety can be so strong in fact, that some managers will head into battle with their ninjas. Or at least sneak into the dojo for some robust martial arts refresher training.

Which brings us to the question, “Do cyber manager’s need ninja skills to be effective?”

Unfortunately, like many things in the our domain, the answers vary according to the kind of company we work for, their business model and market segment, and the size and complexity of our cyber organization.

So instead of trying to decide if cyber managers need ninja skills to be effective, let’s look at four common reasons for why they think they do.

A lot of cyber managers believe they only have credibility with their ninjas, if they are able to spar with, and on occasion, defeat them. I caution any cyber manager who holds this belief.

As a manager, your job is to support your ninjas by removing barriers and obstacles to their success. You need to be able to gather information and understand the technical challenges they face. To be effective, certainly requires that you keep your technical knowledge razor sharp. But a lot cyber managers use this as an excuse to continue advancing their own training.

The issue isn’t whether you should or should not keep ninja skills sharp. The issue is why do you want to, and how it might impact your staff?

Our credibility as cyber managers should be based on how capable we are supporting our organization — ensuring they accomplish the mission. It’s usually detrimental to base our credibility on our ninja skills, because invariable its comes down to a comparison. This kind of comparison naturally creates a competitive environment between us and our staff, which can have unintended negative affects.

We are most effective when our credibility is based on how well we leverage our knowledge and experience to help our employees succeed. We can further our credibility by investing in developing their skills instead of our own.

As former ninjas, it easy for us to take on the mantle of problem solver for our staff. It is immensely gratifying when our they come to us with a problem, and we demonstrate our intelligence and wisdom by quickly handing them the solution. They leave feeling happy and we do too!

But when we stop and think about it, we realize see that while rewarding, this approach is both inefficient, and unsustainable. It’s inefficient because the time we spend solving the myriad of problems our staff deals with, is less time available for us to spend on things that only we can, and should do. And it’s unsustainable because we have become a stop gap and a single point failure because our staff is dependent on us. With this approach we’re not building critical problem solving skills in our staff, and we are short circuiting their growth and development.

A better approach is to assume the role of coach, (as opposed to teacher or mentor.) Coaching is a means for helping your employee arrive at a solution on their own. It is the proverbial ‘teaching them to fish’. With mentoring or teaching though, we are apt to unconsciously guide them to our answers; i.e., ‘feeding them fish’.

The kind of challenges cyber managers should focus on include:

  • managing the impacts of digital transformation,
  • build organizational talent, and
  • managing organizational performance

Managing the impacts of technology insertions, building talent and managing performance are constant challenges that we must continuously stay on top of.

This is another common misconception; especially among newly minted cyber managers. And while not true in every case, most senior leaders are looking for skills other than ninja skills. Skills such as:

  • strategic planning
  • organizational development
  • leadership development

Strategic planning and critical thinking are essential for success as a cyber manager. Unfortunately, the tendency is to limit our focus to cyber risk and risk response, and we fail to consider broader aspects and impacts to the business.

Successfully accomplishing our mission is directly linked to our ability to build and sustain a high performing organization. Yet many cyber mangers don’t devote nearly enough time and energy to this critical activity.

And finally, nothing has greater impact on the success of our organization, our company, and ourselves, than our ability to develop and advance the next generation of leaders.

I apologize for being blunt here, but if you feel that your technical skills are being wasted in your cyber manager role, you shouldn’t be a cyber manager. Building and managing a high performing cyber organization requires a whole set of skill most manger must develop.

Your ninja skills may have gotten to where you are today, but they won’t get you where you want to go, if you want to continue to succeed. In your new role, you’ve inherited a larger set of responsibilities with a greater potential for impact. And as I pointed out earlier, the adjustment can be challenging.

If you are still putting on you ninja armor and battling with the adversary, you’re most likely, undermining your own organizational effectiveness.

Chances are you are:

  • Preventing your employees from learning and growing their ninja skills
  • Neglecting duties and responsibilities that are more appropriate to your role, and that would make a larger contribution to your organization
  • Driving unecessary cost into your company because are a more expensive resource than one of your employees, who could also perform the work.

I don’t think they do and I worry they are a distraction at best.

But every cyber organization and culture is different, and the expectations I have for my managers, will certainly be different, at least in part, from the ones your manager has.

Discuss your ideas with your manager. Make sure you both are clear on what success looks like, and then adjust your expections and responsibilities accordingly.

If you choose to maintain some level of ninja skills, make sure you are leveraging the ongoing investment wisely, and be mindful of how your decision impacts your organization.

Make sure you are getting the organization results you want.

Cybersecurity leader. Futurist. Writes about the future of cybersecurity leadership, cultural issues, and workforce strategies.