Mike Zachman
CSO
Zebra Technologies
JUNE 2020
There is immeasurable value in being a step ahead in a crisis.
“Cyber risks to most businesses have elevated dramatically because their threat environments have greatly worsened and their attack surfaces have greatly increased,” said Mike Zachman, CSO at Zebra Technologies. “So, over the past several years, the CISO role has moved out of the data center and into the boardroom, and that’s where the conversations need to be happening now.”
The Servant Leader
When asked to describe his leadership style, Zachman reflected, “I’ve always subscribed to the servant leader model, which is, I view my job to be helping my team achieve their objectives.”
Zachman’s approach is simple: create a vision, collaborate with others, and hold the team accountable to execute. This is true now, more than ever, while leading through a crisis. Adapting to managing a highly remote workforce has required flexibility and acceptance of more asynchronous workflows. Luckily, we’re in the digital age so the use of Skype, Webex, Teams and Zoom have made collaboration and “face-to-face” interaction a bit easier.
Gone are the days when teams need old-school managers – the workforce needs leaders, Zachman said. Increasing morale and interpersonal relationships from a distance are the new staples of leadership.
We’re also trying to encourage some levity in a very stressful time.
3 Lessons Learned from a Perpetual Student
Reflecting on lessons learned throughout this crisis, Zachman’s immediate response was, “We are all a lot more flexible than we give ourselves credit for.” It’s important to realize with schedules being “non-traditional” for the time being, leaders should be conscious of when they’re communicating with their teams.
“Our business continuity team is running nearly 24 by 7 right now,” he said. “But with some of my other groups who don’t need to be working on the weekends, I’m making a conscious effort not to reach out to them during off-hours. We’re already so hyper-connected right now. I don’t want to propagate a false need to be constantly ‘on’.”
As CSO, Zachman is also responsible for business continuity and the preparation has paid off, which is his second lesson.
Planning for the worst, but hoping for the best, is a real business strategy that should be practiced more,” he said.
Their preparation for pandemic response last year proved to be a bit prophetic. A few other types of practice exercises have also ended up happening. “I guess we should test my response to winning the lottery,” said Zachman with a smile.
As for the third lesson, Zachman is remaining humble and waiting for the next lesson learned.
The “Politics” of Leadership
Some have said that the role of a CISO or CSO is lonely. Zachman disagreed.
I can see how that statement is made; but I don’t agree with it. My experience has been, as a CISO in three different companies and as a CSO in my current company, the exact opposite. I have not found the role lonely at all, and I think it goes back to the approach that I have which is to have a vision and to collaborate.
One of the biggest mistakes that Zachman has made in his career is not believing that his job is political. Leadership is nuanced and building relationships with other executive leaders is essential when speaking about demonstrating the value of the security program, he said. “That is key. It is either a critical success factor, or it will be a critical failure factor.” The mindset of being right because you have the facts and data to prove it may help you win the battle, but it won’t help you win the war, he said.
The use of fear, uncertainty and doubt simply won’t do if the end goal is to be perceived as a true leader and business enabler. In addition, the necessity of ‘speaking multiple languages’ is imperative; the importance of being able to ‘speak geek’ to IT in one meeting, and then being able to tell a brief story to executive stakeholders in another, cannot be overstated, he said.
A Step Ahead and a Step Toward the Future
The depth, breadth and pervasiveness of this pandemic have caught most by surprise, even those that were well prepared. Zebra initiated its incident management plan in late January, stood up its response management team in February and announced its work from home directive in advance of regulatory requirements.
Considered an essential business, Zebra’s front-line employees already had multi-shift processes in place, and the drills the company previously did helped to prepare the company. That said, Zebra, like most companies, still faces curveballs and the ability to be agile and adaptive remains a priority.
While the future is yet to be seen, Zachman remains optimistic and is reevaluating Zebra’s network design. The possibility of increased, long-term remote work means enabling security that is location independent will become more important. The new working norms and the use of commercial space may change, and flexibility will be key for leaders as we adapt to the new normal.
Now, more than ever, it is important that security leaders work together to stay ahead of the cybercriminals. “This situation has reinforced in me the unique nature of the security profession. For a long time, we’ve all rallied against a common foe. We may be competitors, but we’re all willing and able to share how we’ve stopped the threats of cybercriminals and industrial espionage,” he said. “I’ve seen a tremendous surge in information sharing and support across the security profession in the last four weeks. That really feels good and reinforces that the security profession uniquely crosses companies, and that’s a great community to be a part of.”
Special thanks to Mike Zachman and Zebra Technologies.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.