Get a demo

The Habit Transforming Cybersecurity Leaders from Good to Great

In cyber, the difference between success and failure often hinges on the habits and strategies adopted by leaders

Frances Fedoriska | July 9, 2024

decorative image

Threats and the technology built to respond to them are ever-changing, but there are some practical steps that you can take - whether it's your first day on a new job or your 1000th - to create the habits that lead to consistent, effective practices and ultimately to better outcomes for your organization.

The Critical Role Habits Play in Cybersecurity Leadership

Habits can get a bad rap as they’re often associated with complacency and lack of drive or failure to innovate. However, in cybersecurity, that routine is essential to maintaining peak performance.

Consider the habit of locking your front door every time you leave the house. This routine isn’t rooted in laziness, it’s a proactive security measure. On a much larger scale, and with added complexity, cybersecurity leaders and their teams need to take proactive measures - consistently and continually - to ensure security. If a habit isn’t adhered to - the attack surface grows. John Morello, CTO of Gutsy, put it this way, “the bad guys need to be right one time out of a million. The good guys have to get it right a million times out of a million.”

What is “Going Back to School”?

Simply put, it’s taking the time to immerse yourself in every aspect of the business - beyond the department you report to. In a recent conversation with Morello and former CISO Justin Somaini, the two agreed that understanding what every department does for the organization - from marketing to sales to operations to partner and channel and beyond - separates good leaders from great ones.


Taking the time to get the full picture of what everyone is working on, to see what they are all working towards, and perhaps most importantly, see whether all those goals and desired outcomes are aligned to a bigger picture serves long-term goals.

“Go back to school,” Somaini explains, “security leaders are general pretty good at finding solutions to the problems, but the divergence I generally see is, ‘Do they understand the business?’”

Somaini outlines two big benefits security leaders enjoy after spending a few weeks job shadowing in their new organization: education and context.

“I’m Here to Solve Problems”

New security leaders who take the time to embed themselves in other departments tend to have an easier time getting support across the organization when they need help with a bigger lift. “Getting people on the bus,” Somaini says, “starts with those early days of asking questions and winning the hearts and minds.”

The groundwork laid in the first 90 days builds solid relationships in that there is a mutual understanding of others’ challenges and roadblocks, and gaining the respect of being a partner who has been hired to solve mutual problems in the context of the business.

More Insights from Top Security Experts

You’re invited to hear more insights from top security experts on maintaining consistent, effective cybersecurity practices. Download your personal link to listen to the rest of Morello and Somaini’s conversation, titled “Outwit, Outsmart, OutOperationalize: How to Survive Security Governance Challenges.”

During the discussion they covered other ways security leaders can thrive when they encounter unique operational challenges including:

  • Current Security Governance Processes: Explore which security governance strategies are/aren’t working well for many organizations and why.
  • Data Sources that Matter: Learn which metrics security teams need to present to guide investment decisions by the board and investors.
  • Benefits of Closer Scrutiny of Communications and Disclosure: Understand how you can align internal and external communications, while balancing the responsibilities of the role.
Watch on demand