A conversation with Skip Mann, Lenovo’s chief security office’s managing director for Security Advocacy. This is one of a series of security leadership profiles prepared by Cybersecurity Collaborative in conjunction with SC Media. Cybersecurity Collaborative is a membership community for cybersecurity leaders to work together in a trusted environment. Find out more here.
Skip Mann is responsible for promoting and evolving Lenovo's commitment to security, with a particular focus on data privacy, infrastructure, product and service, supply chain, and physical security. With more than 32 years of experience in the security profession, Mann has led risk management, cyber and physical security, business continuity, and critical infrastructure protection efforts at regional, national, and global levels. Prior to joining Lenovo, Mann held executive positions at the Department of Homeland Security's Transportation Security Administration, Catalysis Learning Alliance, and several Department of Defense agencies, including U.S. European Command, the Central United States Registry, U.S. Army Headquarters, and U.S. Africa Command.
What makes a successful security leader?
An exceptional security leader is akin to a human Swiss Army knife, combining visionary thinking, technical expertise, and an unwavering commitment to fostering a security-first culture. They align security initiatives with strategic business objectives, communicate complex concepts effectively, and lead by example with ethics and compliance. Proactive risk management, continuous learning, and resilience in crises define their approach. Elevating the security team and instilling a culture of excellence ensures the organization embraces security as a foundation for agility, competitiveness, and resilience against evolving threats.
What are some of the external priorities and internal priorities that leaders should be focusing on?
Today's security leaders must navigate a complex cyber landscape by prioritizing their actions and resources effectively.
Internally, building a strong security culture and awareness is crucial. They must educate and train all employees on best practices like password management, phishing prevention, and data protection. Fostering a collaborative and trust-based culture between the security team and other business units, along with encouraging reporting and feedback mechanisms for security issues, is essential.
Externally, strengthening the security partnership and ecosystem is paramount. This involves establishing and maintaining robust relationships with peers, customers, partners, regulators, and law enforcement agencies. Active participation in information sharing platforms, security forums, and collaborative initiatives is vital. Each organization may have unique needs, so aligning security strategies with business goals and continuously monitoring and improving security performance is key.
How can cyber leaders work with corporate peers to win buy-in from C-suites and boards of directors?
Cyber leaders face the challenge of gaining buy-in from corporate peers, C-suites, and boards of directors for investing in cybersecurity. To achieve this, they must employ strategic approaches that resonate with these stakeholders:
Speak their language: Cyber leaders should communicate cyber risks and benefits in business terms, such as revenue, reputation, customer satisfaction, and compliance, avoiding technical jargon and acronyms that may confuse or alienate the audience. Think translating tech-speak into exec-speak.
Demonstrate impact: Using data, metrics, and benchmarks, cyber leaders must showcase the impact of cybersecurity on business performance and objectives, illustrating how it can enable or hinder growth, innovation, and differentiation.
Align with the strategy: Cyber leaders should align the cybersecurity strategy with the business strategy, showing how it supports and facilitates business goals and initiatives, identifying key drivers and priorities to address cyber risks and opportunities.
Build trust and credibility: By being transparent, accountable, and collaborative, cyber leaders can establish and maintain trust and credibility with business leaders, providing regular updates and reports on cybersecurity status, progress, achievements, and challenges, and seeking feedback and input.
Partner with stakeholders: Cyber leaders need to collaborate with various stakeholders, such as finance, legal, human resources, and marketing, understanding their needs and involving them in cybersecurity planning and decision-making, leveraging their expertise and resources.
It is important to note that each organization may have unique cultures and dynamics, requiring a proactive, persuasive, and adaptable approach for success.
What kinds of non-technical training do security leaders need to be successful in leading global enterprises?
Security leaders must possess a balance of technical and non-technical skills to effectively lead global enterprises. Non-technical skills play a vital role in communicating, collaborating, and influencing various stakeholders, including senior management, customers, partners, regulators, and employees. To thrive in this role, security leaders should prioritize developing the following non-technical skills:
Leadership skills: Inspiring and motivating teams, setting clear goals, delegating effectively, providing feedback and recognition, and resolving conflicts.
Communication skills: Conveying complex concepts in simple terms, persuasively explaining security initiatives' value and impact, and adapting communication styles for diverse audiences.
Business skills: Understanding organizational objectives, aligning security strategy accordingly, demonstrating ROI for security projects, and managing budgets and resources.
Strategic skills: Thinking creatively to address current and future security challenges, anticipating and mitigating risks, and leveraging trends and technologies.
Interpersonal skills: Building positive relationships, collaborating, negotiating, empathizing, and adapting to various cultures and contexts.
This is by no means an exhaustive list, but these non-technical skills are critical for security leaders' success. Being self-aware, seeking feedback and learning opportunities, and striving for continuous improvement are essential in this ever-evolving field.
Why did you join the Cybersecurity Collaborative?
Upon reflection, I realize that my answers align perfectly with the Cybersecurity Collaborative's mission. This profession demands a "whole of community" approach, and the Collaborative delivers the vital peer-to-peer collaboration, education, and guidance essential for staying at the forefront of this field. With the Collaborative's support, I am equipped to be the point at the tip of the spear in this dynamic cybersecurity profession.
What has been valuable to you with your membership in the Cybersecurity Collaborative?
The Collaborative offers a trusted community that embodies the “whole of community” approach I just mentioned. It provides peer-to-peer collaboration, knowledge sharing, and support. In addition to the online interaction, the Collaborative presents a fantastic opportunity for in-person networking with peers and thought leaders that extends beyond the confines of our workplaces, which deepens our connection with each other.