Leading Through Influence

How do you lead when you are not in charge? Increasingly, managers are finding themselves in positions where they are asked to lead without having direct control. Growing and shifting organizations often mean fewer managers with positional power. Matrixed organizations put managers in multiple leadership and followership roles. Major corporate initiatives like quality, security, diversity, and sustainability are often led by managers with little direct authority. In all of those situations, successful leaders must establish credibility, build trusted relationships, and convince others to take action.

In any gathering of security executives, the conversation often turns to the challenges of leading without direct control. Yes, security executives can implement technologies that catch spam or blacklist malicious websites. But these kind of initiatives only scratch the surface of building a secure organization. In recent interviews with Chief Information Security Officers (CISOs), executives shared hints on how they lead through influence. Here are three themes that are useful for leaders in any area:

1.    Stay positive. When trying to get organizations to change or react to a threat, it is easy to go negative. While it is important to communicate risks, there is a difference between illuminating risks and prophesying doom. A measured approach to risk will help build credibility and give others the confidence to make needed change. An endless parade of fear will eventually lead to disbelief and inaction.

2.    Think critically, putting yourself in the position of others. Whether you are leading an initiative like diversity or security, it is easy to fall into the trap of mono-thinking. To influence others, you have to understand and address the challenges faced by others and how everyone is working to achieve broader business goals. Considering alternative perspectives helps build trust. As Paul Connelly (VP and CISO of HCA Healthcare) noted in our interview, influence is about integration. Security solutions “have to work with our doctors and our nurses… they have to work from the business perspective.”

3.    Do something. Influencing is not just convincing others to act. You have to take action yourself and help others take action. Charles Lebo (VP and CISO of Kindred Healthcare) noted the ever-present balancing act between building consensus and taking action. You may not have a perfect solution, but waiting for more budget, more authority, or something else will likely lead to inaction across the organization. By demonstrating a willingness to roll up your sleeves and help others make small changes, you can influence the organization to take larger steps.

For more, click to see my interviews with Paul Connelly (VP and CISO of HCA Healthcare) and Charles Lebo (VP and CISO of Kindred Healthcare).