Leadership coaching helps credit union build trust in new cybersecurity strategy
Snapshot
With the frequency and sophistication of cyberattacks skyrocketing, organizations are realizing that an “all hands on deck” approach is vital. In practice, this often means that senior leadership must take more direct action to drive security initiatives forward.
A member-owned, not-for-profit credit union sought to radically improve its cybersecurity risk management by redesigning its current strategy and increasing the involvement of leadership. From January to December 2023, Kalles Group assisted the credit union with mission and purpose development, strategy development, leadership coaching, and team coaching.
Challenge
Leadership and purpose gaps caused unsupported goals to fall by the wayside
Seeing a need to shift from a reactive to a proactive cybersecurity approach, the credit union’s Cybersecurity Senior Leadership Team sought to redesign their current strategy and refresh their mission and purpose. Previous strategy work had been developed on top of lofty goals without paying sufficient attention to the challenges and obstacles that would arise in pursuit of these goals.
The primary issue with these goals was that they did not form a coherent strategy, and strategy development was treated as an annual event rather than an ongoing cycle. This was compounded by the fact that the credit union lacked the vulnerability to see how the resulting challenges would require a shift in behavior and communication style. The organization needed to create action for these challenges, openly share tough-to-swallow information, and learn from mistakes.
A large part of a senior leader’s job is to help connect a strategy down to an individual contributor, allowing the individual to see themselves in it and start making a difference. In this case, there was very little involvement from the extended leadership team, and the small input they did have was not very effective. The team had a fixed mindset and led simply by directive rather than by asking questions and fostering a growth mindset.
A siloed organization with a change-averse mentality that hampered trust
The Cybersecurity Senior Leadership Team was having particular difficulty developing a shared purpose and building trust. All of the leaders were chief information security officers (CISOs) in their previous roles, hence they were accustomed to “running the show” rather than being active, supportive members of a team centered around a common goal with shared accountability. This led to a siloed leadership structure that lacked interdependence. They were a group, but not a team.
Furthermore, the credit union’s long history of operating in the same way (and being run by the same people) created an aversion to change. There was a need to focus on nurturing relationships and becoming more adaptable to different business models in order to see change as a welcome, non-threatening aspect of implementing a new strategy.
Minimal product management expertise and challenges in adopting agile practices
In particular, the cybersecurity team — none of whom came from a product management background or had agile training — needed to focus on building products and adopting agile practices. Organizational agility involves harnessing flexible practices and collaborative, responsive working environments to quickly adapt to change and eliminate significant delays in decision-making.
The team’s flexibility deficits, combined with a tendency to manage their own work independently from each other and use different methods, was getting in the way of making quick adjustments to the strategy when needed. To become more agile, the leadership would need to learn new forms of working together and start enabling greater transparency to help anyone interested understand how cybersecurity works.
Approach
Working with leadership to transition from unrealistic goals to solid strategic principles
Kalles Group helped shift the credit union’s view of strategy away from being a list of ambitious goals — which were mostly unrealistic and difficult to measure — to a set of strategic principles (or behaviors) that would allow the cybersecurity organization to effectively address key challenges and obstacles. The KG team identified the following questions to shed light on specific leadership dynamics and purpose development concerns needing to be addressed:
- “How will we talk about the strategy in terms of what it is designed to do?”
- “How will we monitor progress and determine whether the strategy is working?”
- “How will we adjust our strategic approach when we lose focus or become distracted by our day-to-day work?”
- “How will we clearly communicate the strategy in a way that includes and resonates with all members of the cybersecurity team?”
- Positive attributes of leadership. “What leadership attributes will we need to spend more time developing so that our strategy has a greater chance of success?”
- Leadership caveats. “What leadership tendencies might diminish strategic execution, communication, and flexibility? How will we build awareness of those tendencies and make adjustments if they arise?”
With these questions as a guide, Kalles Group used expertise in executive and leadership coaching, team coaching, strategy development, stakeholder analysis, negotiation, and mediation to help the credit union’s cybersecurity leadership build trust throughout the organization.
Establishing and fine-tuning strategic focus areas to facilitate team development
Kalles Group’s first step was to put together a set of strategic focus areas that took the organization’s needs into account. After deciding on a draft set of five focus areas, the KG team interviewed all members of the senior and extended leadership teams to gain feedback on two key topics:
- Challenges and obstacles that the cybersecurity team will face as part of each focus area.
- Ideas to consider and actions to take that will address those challenges and obstacles, even in a small way.
The feedback on these topics helped fine-tune the five focus areas to align more closely with stakeholder needs and help the leadership team commit to taking transformative action. This iterative approach is one of Kalles Group’s strengths, and it perfectly fit with the leadership team’s desire to practice agility.
Instilling a sense of purpose with leadership development and team coaching
To cement the importance of Kalles Group’s five strategic focus areas and inspire a sense of commitment, the cybersecurity leadership designed and presented a “challenge coin” engraved with the focus areas to each of the roughly 50 members of the cybersecurity team. Many of these team members are ex-military and are therefore familiar with the challenge coin tradition.
In an effort to maximize the team’s ability to work together going forward, Kalles Group also recommended quarterly strategy tuning sessions. During these sessions, the consultants would perform a debrief of the previous 90 days of strategy-oriented action and look ahead to determine what (if any) actions should be taken or adjustments made.
These team development efforts were complemented by intensive coaching for all individual leaders to become more aware of their own strengths and well as any areas they needed to work on (such as perfectionism and trying to be “always on”). Coaching sessions took place in both private one-on-one settings and in the form of a 10-week leadership development curriculum based on Liz Wiseman’s book “Multipliers: How the Best Leaders Make Everyone Smarter.” Key focus areas of this curriculum included:
- Learning how to ask better questions (without burying the solution that the leader is trying to force).
- Discovering and utilizing individuals’ “native genius” and believing that everyone is uniquely and naturally excellent at something that can be leveraged into something greater.
- Creating psychological safety by learning from mistakes in a way that contributes to the safety and trust felt by a team.
- Challenging people to stretch without being encumbered by assumptions regarding their capability.
This coaching, which is built upon a partnership with the Wiseman Group, is designed to be simple to understand yet highly effective in helping leaders develop greater self-awareness into their own accidental diminishing tendencies.
Results
A dramatic strengthening of trust within the cybersecurity team thanks to leadership coaching
The five focus areas outlined by Kalles Group have helped anchor the credit union’s Cybersecurity Senior Leadership Team on learning, adjusting, and leading with questions rather than answers. A greater self-awareness among the leaders, particularly with respect to examining how they personally contribute to problems, tension, and unwanted outcomes, has helped the team operate more proactively and build trust.
Most of the leaders felt that the practice in asking questions was particularly transformative. After working for months on becoming more comfortable with asking questions, they noticed differences in how they led meetings and improvements in how they tapped into the broader intelligence of their teams.
The cybersecurity leadership is now much more transparent with each other in their conversations around challenges and mistakes, and they are taking more responsibility for what they are doing towards the desired outcomes. Thanks to Kalles Group’s advice and coaching, the team is getting to know each other more, and many members are continuing to develop their leadership skills with 1:1 private leadership coaching beyond the initial curriculum.