Management Laboratory

Management Laboratory

Leadership is a "squishy" concept. It is hard to measure success or progress. Many organizations use Management competencies - skills, knowledge, or abilities - related to leadership to assess leadership skills. This website is devoted to the consideration of leadership and management competences. Feel free to drop us a note at stephen@sans.edu. If you enjoy reading our content, you can get the latest articles by visiting this page or subscribing to our RSS feed:

Click here to subscribe to the Management Laboratory Article Feed

Click here to subscribe to the SANS NewsBites Feed


Leadership Lab: Management Competencies

View this series only

Leadership Essay

By Stephen Northcutt

This essay defines the management and leadership competencies taught at the SANS Technology Institute. Most of them are covered in MGT421 Leadership and Management Competencies; MGT512 Security Leadership Essentials; and, MGT525 Project Management and Effective Communications.

View Article

Excerpts from STI Student Work Study Leadership Essay

By SANS Technology Institute (STI) Students, Editor - Stephen Northcutt

The Community Program Requirement for the SANS Technology Institute (STI) Masters Program serves as an orientation for the students and ideally happens early in their time with the school. We ask them to write an essay about their experience directly relating it to leadership competencies.

View Article

SANS SMART Action Item Assignment

By Stephen Northcutt

We have put together a form to assess action items based on the SMART concept, a vital management strategy we teach in SANS Mgt512: Security Leadership Essentials for Managers: "SMART" is how you should work. That is, you need to know that the action items you assign are specific, they can be measured for completeness and quality, and they are achievable, realistic, and time-based. Following are the questions you need to ask in order to know if your action items are "SMART":

  • Is the action item sufficiently specific that a person knowledgeable about the task could describe it to someone else?
  • Can the task output be measured?
  • Can the task be done? This question sounds too obvious, but remember that no job is impossible for the person who doesn't have to do it. Make sure you don't fall into that trap.
  • Is the goal realistic? Again, will it withstand scrutiny by a knowledgeable third party? If not, perhaps the objective needs rework. Is the objective stated in such a way that the person responsible can be expected to know when it is due?

View Article

Leadership Competency: The Power of Careful Word Choice

By Stephen Northcutt

One of the characteristics of leaders is that they understand the importance of language, and here we discuss the definition of "enterprise", a pivotal word for the vision statement of SANS Technology Institute.

View Article

How To Create a Ten Point Plan

By Stephen Northcutt

As a leader we sometimes need to flesh out our vision to achieve coherence and direction with our direct reports. A 10 point plan is a tool and management competency we can use to demonstrate the path between our current condition (where we are) and our target condition (where we aspire to be).

View Article

View Archives

Varied Paths Taken to Information Security Competency - Feb 23rd, 2012

By: Stephen Northcutt, Editor

This is a snapshot of the responses I received from about 50 members of the GIAC Advisory Board when I asked them: If you would be willing, I would appreciate a one paragraph explanation of how you first started working in security and how you became fully competent.

View Article

Leadership and Mentoring of Young Employees - Dec 7th, 2011

By: Jim Horwath

Jim Horwath, MSISE student at SANS Technology Institute (STI) examines the importance of mentoring young employees in order to build future leaders.

View Article

One-On-One Meetings - Apr 27th, 2011

By: Richard Wanner

Richard Wanner, MSISE student at SANS Technology Institute, examines the importance of one-on-one meetings in the workplace and provides a framework for implementing successful one-on-one meetings with employees.

View Article

Effective Communication Leads to Understanding - May 27th, 2010

By: Vince Fitzpatrick

An effective leader must share their vision by structuring and communicating the content of their message in a way that the listener will accurately decode the meaning of the message; this paper will explore the means for a leader to implement an effective communication plan

View Article

Applying the Pareto Principle to Information Security Management - Mar 18th, 2010

By: Charlie Scott

Charlie Scott, MSISE student at SANS Technology Institute, explores how information security managers can use the Pareto Principle to their benefit. The Pareto Principle, in general, means that approximately 80% of any given effect can be attributed to approximately 20% of the possible causes. Charlie prepared this paper for the SANS MGT 421: Leadership and Management Competencies course.

View Article

Making Time Zones Work For You - Mar 5th, 2010

By: Stephen Northcutt

Most people complain about time zones, they consider them an impediment. Let's consider some strategy to make time zones work in our favor as opposed to being a problem.

View Article

Situational Awareness Advice for Security Managers - Feb 4th, 2008

By: Stephen Northcutt

Whether you are a newly appointed leader with security responsibilities or an established leader, today is a great day to assess yourself. Make a new day's resolution to be more effective, to increase your personal alignment with the needs of your business and your group's effectiveness in serving your business. Great leaders are aware of their surroundings, and they ensure that their team and co-workers are also aware.

View Article

Temet Nosce - Jan 29th, 2008

By: Stephen Northcutt

As computer security managers, we need to honestly understand our capacity for effecting change. We need management skills, security skills, and a track record of putting them to use. Our chance of effecting change in ourselves is much higher than with others, so here we explore some meaningful and practical steps to assessing one's self as a manager.

View Article

Waking Sleeping Dogs: Information Security Ethics - Mar 29th, 2009

By: Eric Conrad

Eric Conrad, MSISE student at SANS Technology Institute, discusses ethical dilemmas that he has faced, and the importance of doing what is right even when it is not popular. Eric prepared this paper for the SANS MGT 421:Leadership and Management Competencies course.

View Article

Using Key Competencies to Manage Career Development and Direction - May 30th, 2008

By: John Hally

John Hally, MSISE student at SANS Technology Institute, explores the four key competencies he believes are essential to managing and controlling the direction of a person’s professional career path: Visioning, Professionalism and Relationships, Self Direction and Flexibility. John prepared this paper for the MGT 421 Leadership and Management Competencies course.

View Article

The Meeting before the Meeting - Sep 17th, 2008

By: Brad Ruppert

Brad Ruppert, MSISM student at SANS Technology Institute, describes how to host an effective meeting when faced with attendees of higher rank. Brad prepared this paper for the MGT 421 Leadership and Management Competencies course.

View Article

Leadership in a Technical Role - Sep 17th, 2008

By: Rodney Caudle

Rodney Caudle, MSISE and MSISM student at SANS Technology Institute, describes twelve attributes which, if developed, will develop leadership in a technical environment. Rodney prepared this paper for the MGT 421 SANS Leadership and Management Competencies course.

View Article

Motivation Mistakes Inexperienced Leaders Make and How to Avoid Making Them - Mar 10th, 2008

By: Russell Meyer

Russell Meyer, MSISE student at SANS Technology Institute, examines some common motivation mistakes made by inexperienced leaders and discusses how those mistakes could have been avoided. Russell prepared this paper for the MGT 421 Leadership and Management Competencies course.

View Article

Improve the performance of a project with a good start - Jan 11th, 2008

By: Stephen Northcutt

Many projects fail due to cost overruns, falling behind schedule, and so forth. We can reduce the risk of project failure by investing some time in up front planning before we start. A key to success in project management is to identify all stakeholders and ensure that they clearly understand and support what the project should achieve.

View Article

Project Management for Security Managers: Develop a Plan - Jan 29th, 2008

By: Stephen Northcutt

I like to think of a project plan as something similar to a recipe in a cookbook: it gives me the ingredients I need, and often includes a picture of what the finished product will look like. It gives me the steps in the sequence that I need to follow in order to create the final deliverable. Many times there are intermediate steps along the way, such as creating a sauce to be used later. You can think of these as milestones. As a manager, when someone asks you to review a project plan, it is strongly advised that you give it the cookbook test.

View Article

Resolving Performance Issues Caused by Lack of Skill or Ability - Dec 24th, 2007

By: Kevin Bong

Kevin Bong, MSISE student at SANS Technology Institute, discusses what a manager should do when she suspects the employee is unable to perform a task due to lack of skill or knowledge. Kevin prepared this paper for the MGT 421 Leadership and Management Competencies course.

View Article

Living Life on Purpose - Personal Branding - Sep 6th, 2007

By: Stephen Northcutt and Ted Demopoulos

Personal branding is what prevents you from being a commodity and receiving commodity pay. It's why people want to hire you, work with you, have lunch with you, and generally associate with you. Your personal brand prevents you from being outsourced, ignored, or easily replaced. It's why you are not just another cog in the machine. Your personal brand is the unique value you bring to the table.

View Article

Positional and Personal Authority - Sep 6th, 2007

By: Stephen Northcutt

The effective manager has to be brutally honest with themselves, and understand their mindset and their ability to effect change. As you work through the abundance of budgetary, technical, and management information in your profession, it is important to understand where you are now and where you need to grow. This will help you to periodically develop a "short list" of things you want to ask, change, or implement.

View Article

Cross-training: A Case Study - Jul 27th, 2007

By: T. Brian Granier

This article is presented as a case study outlining the reasons for cross-training, methods of implementation and analysis of the results as it applies to his personal experience with an IT services team.

View Article

How to "Pushback" - Jul 17th, 2007

By: Stephen Northcutt

This essay looks at a unique mechanism for resolving differences, called "pushback". When you say "I am pushing back," you are reminding the other party that you seek conflict resolution, not an argument. It is also a tool to help the other party remember to listen to your position.

View Article

Should I Apply for this Middle Management Position? - Jun 13th, 2007

By: Stephen Northcutt and Kevin Bong

An opening has come up for a middle management position, should I apply? Odds are it means a pay raise at the beginning, but unless you work hard to develop the skills that a middle manager needs to be successful, you may actually be less employable in a few years as you lose your technical edge.

View Article

Groups in Conflict: How to Manage their Relationship - Jun 8th, 2007

By: James Voorhees

James Voorhees, MSISE student at SANS Technology Institute, explores ways to manage conflicts between groups. He prepared this paper for the MGT 421 SANS Leadership and Management Competencies course.

View Article

Creating the Next Generation of Cyber Security Leaders - May 8th, 2007

By: Richard Hammer

Richard Hammer, MSISE, the first graduate of The SANS Technology Institute, discusses how today's top level cyber security directors must have good technical skills; no longer will only being politically savvy qualify someone as a cyber security director. These leaders, to be successful, will need to have both the technical ability and the communication skills to speak with authority on cyber security solutions.

View Article

How To Budget Time - Feb 10th, 2010

By: Stephen Northcutt

To be successful as a leader we need to budget our time, our resources, and our finances. Often we do not give sufficient consideration to our time. Take a minute to check your Daytimer; if you do not have regular appointments six months out or more to do the critically important tasks such as planning, personnel management, and systems and budget reviews, it is an indication that you are living day to day. It means every crisis that comes up can derail your program. Studies continue to show people that say what they are going to do, as well as when and where they are going to do it outperform those that do not.

View Article

The Security Manager and Business Situational Awareness - May 17th, 2010

By: Stephen Northcutt

Business unit managers and business operations leaders are always telling information assurance managers that "Security needs to be aligned with business". This is one of the primary goals of both the SANS Technology Institute's Master of Information Security1 programs and also the SANS Security Leadership Essentials2 course, but what are the fundamental things security managers can do to help align security with the needs of the business? We suggest that progress is possible if there is a process in place to develop and maintain business situational awareness.

View Article

Conducting an Exit Interview - Oct 6th, 2009

By: Stephen Northcutt

When employees leave your company, for whatever reason, a well planned exit interview can be of great benefit to both management and the departing employee. This essay looks at four major issues to consider when conducting an exit interview.

View Article

How to Address Shortcomings in Employee Evaluations - Jan 1st, 2007

By: Stephen Northcutt

It is something every manager is uncomfortable with, you have an employee that is a pretty good worker and on four of their five evaluation objectives they did fine, however how do you talk about number five?

View Article

Measuring Employee Performance - Apr 29th, 2009

By: Stephen Northcutt

Forward looking organizations can use quarterly performance reviews to shape to work place and help them develop the hot skills needed to leverage technology accelerators. Certifications increasingly set a baseline or minimum standard and SMART quarterly reviews allow managers to measure experience as it is earned.

View Article

Coaching to Improve Performance - Nov 19th, 2009

By: Stephen Northcutt

A coach is a person who enables clients to master specific skills and knowledge and to develop abilities. Like counselors and mentor, coaches offer prescriptive advice, error analysis, expert opinions and "how to" guidance. Coaching is one of the keys to business execution. If an otherwise skilled employee is struggling with a particular skill or ability, coaching can help them get over the hump. There are seven primary benefits a coach passes on to the client: Encourage Life Long Learning and that is Healthy!; Promote Self Esteem; Learn Goal Setting; Encourage and Model Teamwork; Develop Time Management Skills; Learn About Dealing with Adversity; and, Have Fun with the Task at Hand.

View Article

Google Power Searching for Security Managers - Dec 3rd, 2007

By: Stephen Northcutt

One of the important Operations Security tasks is to determine your organization's exposure to search engines. In the same way, you want to use search engines like Google to gather information about your competition. The most important thing we need to do in a search is to reduce the number of findings. So many times Google will return with over a million pages and this will only get worse as the Internet continues to grow. This first set of operators helps you narrow your search and then we will show a series of commands to find additional information.

View Article