SANS Technology Institute: Leadership Laboratory
Welcome to the Leadership Laboratory. I'm Stephen Northcutt and like many of you I am an information security manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security management as well as the people side of the job. The "Leadership Labratory", for you creative spellers, is an informal set of articles and whitepapers, almost a blog, about management, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Management 512 Security Leadership Essentials For Managers and the GIAC Security Leadership Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu. If you enjoy reading our content, you can get the latest articles by visiting this page or subscribing to our RSS feed:
Click here to subscribe to the Leadership Laboratory Article Feed
Click here to subscribe to the SANS NewsBites Feed
- Leadership Lab: Management Competencies
Situational Awareness Advice for Security Managers - February 4th, 2008
By Stephen Northcutt
Whether you are a newly appointed leader with security responsibilities or an established leader, today is a great day to assess yourself. Make a new day's resolution to be more effective, to increase your personal alignment with the needs of your business and your group's effectiveness in serving your business. Great leaders are aware of their surroundings, and they ensure that their team and co-workers are also aware.
Tenet Nosce - January 29th, 2008
By Stephen Northcutt
As computer security managers, we need to honestly understand our capacity for effecting change. We need management skills, security skills, and a track record of putting them to use. Our chance of effecting change in ourselves is much higher than with others, so here we explore some meaningful and practical steps to assessing one's self as a manager.
Motivation Mistakes Inexperienced Leaders Make and How to Avoid Making Them - March 10th, 2008
By Russell Meyer
Russell Meyer, MSISE student at SANS Technology Institute, examines some common motivation mistakes made by inexperienced leaders and discusses how those mistakes could have been avoided. Russell prepared this paper for the MGT 421 Leadership and Management Competencies course.
Improve the performance of a project with a good start - January 11th, 2008
By Stephen Northcutt
Many projects fail due to cost overruns, falling behind schedule, and so forth. We can reduce the risk of project failure by investing some time in up front planning before we start. A key to success in project management is to identify all stakeholders and ensure that they clearly understand and support what the project should achieve.
Project Management for Security Managers: Develop a Plan - January 29th, 2008
By Stephen Northcutt
I like to think of a project plan as something similar to a recipe in a cookbook: it gives me the ingredients I need, and often includes a picture of what the finished product will look like. It gives me the steps in the sequence that I need to follow in order to create the final deliverable. Many times there are intermediate steps along the way, such as creating a sauce to be used later. You can think of these as milestones. As a manager, when someone asks you to review a project plan, it is strongly advised that you give it the cookbook test.
Resolving Performance Issues Caused by Lack of Skill or Ability - December 24th, 2007
By Kevin Bong
Kevin Bong, MSISE student at SANS Technology Institute, discusses what a manager should do when she suspects the employee is unable to perform a task due to lack of skill or knowledge. Kevin prepared this paper for the MGT 421 Leadership and Management Competencies course.
Living Life on Purpose - Personal Branding - Updated September 6th, 2007
By Stephen Northcutt and Ted Demopoulos
Personal branding is what prevents you from being a commodity and receiving commodity pay. It's why people want to hire you, work with you, have lunch with you, and generally associate with you. Your personal brand prevents you from being outsourced, ignored, or easily replaced. It's why you are not just another cog in the machine. Your personal brand is the unique value you bring to the table.
Positional and Personal Authority - Updated September 6th, 2007
By Stephen Northcutt
The effective manager has to be brutally honest with themselves, and understand their mindset and their ability to effect change. As you work through the abundance of budgetary, technical, and management information in your profession, it is important to understand where you are now and where you need to grow. This will help you to periodically develop a "short list" of things you want to ask, change, or implement.
Cross-training: A Case Study - July 27th, 2007
By T. Brian Granier
This article is presented as a case study outlining the reasons for cross-training, methods of implementation and analysis of the results as it applies to his personal experience with an IT services team.
How to "Pushback" - July 17th, 2007
By Stephen Northcutt
This essay looks at a unique mechanism for resolving differences, called "pushback". When you say "I am pushing back," you are reminding the other party that you seek conflict resolution, not an argument. It is also a tool to help the other party remember to listen to your position.
Should I Apply for this Middle Management Position? - Updated June 13th, 2007
By Stephen Northcutt and Kevin Bong
Version 1.1An opening has come up for a middle management position, should I apply? Odds are it means a pay raise at the beginning, but unless you work hard to develop the skills that a middle manager needs to be successful, you may actually be less employable in a few years as you lose your technical edge.
Groups in Conflict: How to Manage their Relationship - June 8th, 2007
By James Voorhees
James Voorhees, MSISE student at SANS Technology Institute, explores ways to manage conflicts between groups. He prepared this paper for the MGT 421 SANS Leadership and Management Competencies course.
Creating the Next Generation of Cyber Security Leaders - May 8th, 2007
By Richard Hammer
Richard Hammer, MSISE, the first graduate of The SANS Technology Institute, discusses how today's top level cyber security directors must have good technical skills; no longer will only being politically savvy qualify someone as a cyber security director. These leaders, to be successful, will need to have both the technical ability and the communication skills to speak with authority on cyber security solutions.
How To Budget Time - February 8th, 2007
By Stephen Northcutt
To be successful as a leader we need to budget our time, our resources, and our finances. Often we do not give sufficient consideration to our time. Take a minute to check your Daytimer; if you do not have regular appointments six months out or more to do the critically important tasks such as planning, personnel management, and systems and budget reviews, it is an indication that you are living day to day. It means every crisis that comes up can derail your program.
The Security Manager and Business Situational Awareness - January 29th, 2007
By Stephen Northcutt
Business unit managers and business operations leaders are always telling information assurance managers that "Security needs to be aligned with business". This is one of the primary goals of both the SANS Technology Institute's Master of Information Security1 programs and also the SANS Security Leadership Essentials2 course, but what are the fundamental things security managers can do to help align security with the needs of the business? We suggest that progress is possible if there is a process in place to develop and maintain business situational awareness.
How to Address Shortcomings in Employee Evaluations - January 1st, 2007
By Stephen Northcutt
It is something every manager is uncomfortable with, you have an employee that is a pretty good worker and on four of their five evaluation objectives they did fine, however how do you talk about number five?
Conducting an Exit Interview - March 22nd, 2007
By Stephen Northcutt
When employees leave your company, for whatever reason, a well planned exit interview can be of great benefit to both management and the departing employee. This essay looks at four major issues to consider when conducting an exit interview.
Measuring Employee Performance - November 14th, 2006
By Stephen Northcutt
Forward looking organizations can use quarterly performance reviews to shape to work place and help them develop the hot skills needed to leverage technology accelerators.
Coaching to Improve Performance - March 12th, 2007
By Stephen Northcutt
A coach is a person who enables clients to master specific skills and knowledge and to develop abilities. Like counselors and mentor, coaches offer prescriptive advice, error analysis, expert opinions and "how to" guidance.1 Coaching is one of the keys to business execution. If an otherwise skilled employee is struggling with a particular skill or ability, coaching can help them get over the hump. There are seven primary benefits a coach passes on to the client:2 Encourage Life Long Learning and that is Healthy!; Promote Self Esteem; Learn Goal Setting; Encourage and Model Teamwork; Develop Time Management Skills; Learn About Dealing with Adversity; and, Have Fun with the Task at Hand.
