Embrace your role as a security guide to earn a seat at the table

Group of unrecognizable hikers are walking at majestic sunset in mountains
Helping people figure out what they want can guide them to achieve their goals, says leadership columnist Michael Santarcangelo.

If you had the choice, would you rather be Luke or Yoda?

In the epic saga of Star Wars, Luke is the reluctant hero, guided by Yoda, among others. In the recent saga, we get to experience the power of Rey. Young children everywhere have a hero to admire and emulate.

During a recent office hours, we talked about the challenge of being the hero in security in relation to how we earn — and keep — our seat at the table.

This raises a simple question: Do you need to be the hero?

Most stories have a single hero, but multiple guides. When we try to introduce another hero, we create competition, conflict and friction. The same friction that erodes value, destroys trust and burns people out. As a result, everything gets more complicated, takes longer and costs a lot more of everything.

I see this happen a lot today when a vendor pitches a virtual or fractional CISO offering to a current CISO; basically, they’re offering a current CISO to provide them with a virtual CISO. That’s injecting a second hero into the story, and it creates problems.

Some security leaders confided in me that offering them a virtual CISO was off-putting enough to find a different vendor. So if you’re in the business of offering a virtual or fractional CISO solution to current security leaders, consider picking a better way to describe your service.

Now consider what happens when security tries to be the hero in the enterprise, invariably stepping into someone else’s story where they are (or want to be) the hero.

Now we’ve inadvertently created unnecessary and often unhealthy conflict. Maybe you’ve experienced some of this friction.

What if you were the guide?

Consider this quote from Donald Miller's "Building a StoryBrand":

“In a story, audiences must always know who the hero is, what the hero wants, who the hero has to defeat to get what they want, what tragic thing will happen if the hero doesn’t win, and what wonderful thing will happen if they do.”

Break this down for a second and consider what this means for us acting as a guide:

  • We know who the hero is.
  • We know what the hero wants. And if we don’t know what the hero wants, we need to find out. Sometimes we have to help — dare I suggest, guide — folks to figure out what they want.
  • We need to identify the stakes, including the risks and rewards. Bonus points if you capture multiple perspectives here and take a bigger, more business-centric view.
  • We know why this matters and how this delivers a valuable business result.

Turn these into action steps, and we gain all the insight we need to call people to action and guide them to success. Their success becomes our success.

Consider how this plays out.

Instead of telling people what they need to do, we give them the power. They take the actions to achieve their goals while protecting information.

Guides are essential to every hero’s journey and story. And sometimes what starts out as the hero becomes the guide, just like Luke guides Rey.

Keep in mind that the guide usually has a seat at the table, along with other guides.

So, do you want to be the hero or the guide?

Michael Santarcangelo

Michael Santacangelo is the founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework – with our favorite question, “What problem are you trying to solve?”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.