leadership Essays (1287 words) - Computer Security, Security

My first step in preparing to write this essay was to gain a clear understanding of the word leadership and the set of qualities that make a good leader. I found this extremely difficult. I came to the realization that leadership is a term that is freely used but rarely understood. However, leadership is central to the mission of SANS Technology Institute (STI) (1), and the process of applying to STI's Master's program has pushed me to clearly define and concisely state my own understanding of leadership. According to Stephen Northcutt, President of the SANS Technology Institute, ?a leader is a person who guides or inspires others within an organization or community to achieve a goal.?(2) This ties in with my own belief that the qualities of an effective leader vary depending on the personality of the individual and the dynamics of each situation. There are, however, certain qualities that are unchanging in a leader; specifically, a good leader must have a vision, must possess the ab ility to communicate that vision, and must be determined to make that vision a reality. General George Patton and Mahatma Gandhi were both great leaders who exhibited very different leadership qualities. Patton became an effective military leader who can be described with adjectives such as controversial, outspoken, opinionated, flamboyant, and violent. Gandhi, on the other hand, became a great political and spiritual leader who is described as peaceful, thoughtful, insightful, and pensive. At first glance, these two men appeared to be very different. On closer inspection, they shared several key leadership qualities. Both had a vision regarding how to conquer their enemies, they had the ability to communicate their visions to others, and they were determined to make their vision a reality. When I began my career in the field of information security, I had the opportunities to learn and the management skills to ensure that my endeavors were successful. My first security endeavors included managing a physical security and network intrusion detection system. I made use of my management skills to successfully oversee these security controls. Although I demonstrated good management skills, I was not yet demonstrating leadership since I had not yet formulated and communicated a vision, and according to Stephen Northcutt, "you cannot lead without a vision." (2) My vision for security began to develop as I participated in several SANS seminars and studied for my CISSP certification. These training endeavors, in conjunction with my security engineering responsibilities, became the foundation on which to base my vision. In 2008, I made a conscious decision to take a stronger leadership role in security when I decided to accept a new position with a new company. Though the new position did not come with a prestigious title or staff, it did come with the opportunity to implement my vision. My new employer had the desire to protect its information, but not a vision to accomplish the task. Prior to my arrival, the IT department spent large sums of money to purchase intrusion detection systems, encryption software and firewalls in the effort to protect its information. These endeavors were in response to tactical issues spawned by a gap in compliance with the Payment Card Industry's Data Security Standard. Though security was desired, security was only driven by compliance. My initial goal after arriving at the company was to communicate a security vision to the Information Technology Department as well as senior management that matched the dynamics of the IT staff and the requirements of the business. Since my position was the only dedicated security position within the IT department, I needed to communicate up through my management chain my vision for the department. The dynamics of this situation required a decentralized security model in which responsibilities were spread throughout the department. This vision would also use a governance, risk management, and compliance model, to lead the IT department's efforts to protect the company?s sensitive and critical data. To successfully communicate the vision to the department would take determination. In this model, governance is the foundation that supports risk management and compliance. Governance generates the policies that empower other initiatives. The first step was to obtain senior management support through formal and informal communications. I attempted to demonstrate how the department could