Tech and security leaders are often asked: What keeps you up at night? Typical answers include “a major breach,” “the bad guys are too good” and “not enough money.”
As I think back over my years working to protect data and people from cyberattacks, including stints in the U.S. Department of Defense and private sector, I worry most about talent.
Do we have the right people? Are they doing the right things? Will they stay? Who will replace them if/when they leave? How can we build a better team? What are we missing?
With the endless list of scary headlines describing ID theft, Edward Snowden revelations of NSA monitoring activities or even talk of global cyberwar, why place such a premium on finding, attracting and keeping the right people?
Success requires excellent technology, tested processes that work and staff members with the right skills. But if I had to pick one, the right people will ensure that the best technology and processes are implemented. The best technology won’t help if the wrong people are on the team.
A look at the percentage of failed tech projects worldwide (that were well funded) demonstrates the need for more than just top tech and business processes. Talented experts can even find the money and build the business case for more resources, despite a tough fiscal environment.
Sports fans know that success comes from the players on the team, the manager’s decision-making and the team’s chemistry. The same is true for operational and strategic security success. Experienced leadership is needed to change the culture of organizations.
If you’ve been on a high-performing team on a winning streak, you know what I mean. Work becomes fun, and achieving difficult goals becomes the norm. Conversely, keeping that team together or rebuilding it when essential players leave is the major challenge.
Michigan has lost several outstanding security professionals in the past few years. Backfilling those positions with experienced staff is becoming harder than ever.
There are thousands of articles on how to attract the best staff, create a top 100 workplace or build a succession plan. But do those ideas work in government? Pay packages often don’t attract the best people, and it’s tough to compete with stock options and more offered by companies like Google, Facebook or tech startups.
So what’s to be done (and avoided) to build effective teams and find/keep talent? Here are seven ideas:
1. DO — Know your team. Reward the performers in currency that matters to them. (Tip: Maybe money is less important than time off, recognition or opportunities to speak publicly.)
2. DO — Provide a mix of vendor and government staff that work well together. Build trust.
3. DO — Train your people. Bring in students. Build a security career path. Mentor rising stars.
4. DON’T — Outsource security or hire staff augmentation that doesn’t fit in or work for the medium to long term. “Experts for hire” who fly in from across the country probably won’t last if an opportunity becomes available closer to home. I try to find local talented people, if possible, who plan to stay in the area beyond a quick resume boost.
5. DO — Partner with companies that can offer long-term stability and be held accountable for specific deliverables and services. If vendor staff leave, your partner must cross-train and find you the right replacement.
6. DON’T — Buy into vendor promises that a “new black box” will solve all of your problems. Solutions require answers in people, process and technology categories. People issues are the hardest and most important element to success.
7. DO — Have fun. Celebrate successes. Throw a party just because.
A final thought: Football coach Lou Holtz once said, “Your talent determines what you can do. Your motivation determines how much you’re willing to do. Your attitude determines how well you do it.”
Leaders must identify all three — the skills, motivation and right attitude in our teams.