Leadership Laboratory

Leadership Lab: STI Degree Candidates' Leadership Essays

SANS Technology Institute's mission is to develop the leaders of the future for the information security industry. One of our admission requirements is that an applicant complete an essay describing leadership qualities they have demonstrated in the past.

Leadership Essay SANS Technology Institute

May 23rd, 2009
By Trenton Bond
I recently read an interesting story about a prominent Harvard Business School professor, Bill George. He once had one of his colleagues present him with a compiled list of some fifty-one characteristics or attributes that would make a "great leader" "’You forgot one,’ said George, as he read through the list. ‘Walks on water.’"[1] Indeed, there are probably too many leadership traits to count or list, and any of them, effectively used, could produce an influential, powerful, and dynamic leader. Some of these skills, such as communication, passion, and vision, are perhaps more obvious and may be first on every known list. However, I believe it is the more subtle, less apparent attributes of leadership that can make all the difference and have proven powerful for me.

Builder
I was recently the lead technical engineer on an enterprise security project dealing with log data from an array of network infrastructure and applications. Relying on my experience and knowledge of different technologies along with a little research, I probably would have been able to produce an adequate solution on my own; however, I wanted to take advantage of the opportunity to build associations and a greater sense of security ownership with as many engineering disciplines as possible. I requested resources from each needed engineering group and helped them see how they were stakeholders in the results of the project. Over a three-month period we worked together to establish a strategy, identify critical data, and implement a design. With a solution better than I could have produced on my own, the project was completed successfully, under budget, and ahead of schedule. Perhaps more importantly, to this day the partnerships built during the project are still yielding fruit. The engineers I worked with are now responsive to my recommendations, move quickly during potential security incidents, and even proactively bring security issues to my attention.

I have often reflected on an old Chinese Proverb: "Behind an able man there are always other able men." To me this statement suggests that a leader always has a good team behind him or her. How does a leader build a good team? First, a leader will recognize his or her personal strengths, limits, and weaknesses; then seek to build a team of forces that compliment or compensate. Then, in my experience, there is always something to build momentum and motivation from, whether it is a common goal, a common idea, or a common belief. Finally, a leader builds confidence and trust in his or her team; members must be confident in the leader’s abilities and trust in the end objective.

Persistence
I am part of an organization that maintains websites that are hosted and managed by third-party providers in many different countries. Unfortunately, during the past couple of years there has been a pattern of compromises, defacements, and other security concerns for some of these sites. After personally identifying one of these compromises, I notified the organization; but they were hesitant to react since the impact was not necessarily a financial one, but primarily one of "image" and "inconvenience." I volunteered to continue to gather information, keep track of incidents, and assist in the clean-ups while they decided how to proceed. It would have been very easy to let this assignment fall to the bottom of my priority list or let it go all together because the situation was not necessarily receiving a lot of attention. However, I had a deep and vested interest in seeing this organization succeed. I was persistent and gathered simple reconnaissance data that highlighted possible security deficiencies about each site, documented several incidents, and faithfully reported what I knew. In each incident report, I included recommendations and technical proposals on how it could be securely engineered. One year after detailing these situations, I am now overseeing the security aspects of a project to build out the systems, platform, and monitoring to properly host these sites.

A leader has the tenacity to do what he or she says he or she is going to do, to keep going even in the face of hesitance and resistance. If the desired results are not exactly what were expected, a leader quietly persists until the winds change in the leader’s favor. Some baseball games are won with one last dramatic homerun, but usually, the game is won with persistence - one base hit at a time.

Positive Attitude
Early in my career as a security engineer, it came to my attention that there was a large project to implement internet filtering for an enormous user population covering thousands of remote locations. Several engineering groups had made attempts to implement a solution, but without success, and program management had been struggling for months to find someone else willing to take on the task. Being new, and even though it was not necessarily related to typical security work, I asked to lead the project and thought it would be a good opportunity to turn it into something we could utilize as a security team. My objective was to provide a way for my team to identify malicious requests as well as behavioral statistics that often point to malware-infected end users. Though a colossal challenge, I was able to lead the project to completion; but, even more significantly, I was able to implement a solution that provided additional security visibility into thousands of remote locations around the world that we would not otherwise have.

A mentor once told me, "Successful people do what unsuccessful people are unwilling to do." I have to admit that being the technical lead for an internet filtering project no one else wanted was not the most fascinating or exciting part of my being a new security engineer; but I was able to put a positive spin on the project and actually create meaningful security data. A leader always has a "can do" attitude regardless of the task and makes the most of the situation in which the leader is placed.

Perhaps when someone thinks of leadership, the attributes cited above would not necessarily be the first that come to mind or the first to be found on a list. However, as I reflect on my past experiences and seek out new ones, it is apparent that every leadership trait has a place and is valuable no matter how recognized it might be. Aristotle said, "What we have to learn, we learn by doing." I hope to continue to have opportunities to learn and develop new leadership skills, which is one of the important reasons why I wish to participate in the SANS Technology Institute Master’s Program.

[1] Dourado, Phil. "There is no list of leadership attributes." Weblog. Bringing together the world's best leadership minds. 12 Nov. 2008. Leaders in London. http://blogs.informa.com/leaders/category/bill-george/

January 8, 2009