Cyber Risk Leadership: Essential Leadership Lessons from Malcolm Harkins

By Selena Templeton, Column Editor, IT Security Planet

According to Malcolm Harkins, Global Chief Information Security Officer, although the security industry thinks that it has the role of a leader, it doesn’t—there are too many economic incentives to be a manager instead.

As a risk and security expert at Cylance , the company that’s revolutionizing cyber security through AI and machine learning, Harkins had much to share about the cycle of risk from his 25+ years managing people and leading teams.

The difference between managing and leading, he says, is that the former tries to prevent negative outcomes while the latter promotes positive outcomes—and quite frankly, too much time is spent on managing in this industry. The results of an informal poll Harkins did show that a whopping 95% of a leader’s time is spent managing rather than leading.

These days every company has become an IT company, whether they like it—or know it—or not. Harkins has spoken to many enterprise leaders who simply don’t believe their company is affected by cyber risk because of the “non-technological” nature of their business. But today we are all exposed to risk through the technology we use—from building bionic eyeballs to improving roads (it’s no longer just about bulldozers and asphalt).

Because InfoSec has no financial incentive to solve problems, the industry focuses on fear and risk which simply causes more friction so that vendors can sell you yet another “solution.” But Harkins says that’s not a solution—that’s managing risk. Instead, what we need are solutions that:

  • lower risk
  • lower cost
  • lower control friction

Towards the end of his ISSA LA Summit 8 session, he returned to answer his opening question: what is leadership? As Harkins puts it, it’s the art of motivating others to want to struggle for shared aspirations. It’s what gifted strategic thinkers do to motivate people’s purpose, passion, and persistence in order to move forward and achieve goals—in the world in general, but also in the InfoSec space.

These days we’re so busy managing risk that we’ve got alert fatigue, so a true leader must be able to inspire everyone in the company to say:

  • I believe!
  • I belong!
  • I matter!

However, you might want to chant this in your head—nobody wants to be the office nutball.


About Selena

Selena Templeton is the Column Editor for the Women in Security column on IT Security Planet. A freelance writer whose work has appeared in The Hollywood Reporter,JenningsWire and IT Security Planet, Selena also writes and edits for a variety of clients, both solopreneurs and companies, from the entertainment industry to the digital marketing industry.

More about Selena