Have you ever had a question that you wanted to know the answer to, but you just didn’t ask it? Maybe you thought, “I’ll figure this out later.”
I know I have, and most people I’ve spoken to can recount a similar tale. Typically, it resulted after speaking up about something, or asking a question and being penalised or humiliated for it.
In a blame-culture environment, which is pretty common in cybersecurity, not using your voice is a great strategy for self-protection.
You see, no one jumps out of bed and goes to work each day with an aim of being viewed as ignorant, incompetent, intrusive or negative. Rather, they’d sooner be recognised for more positive personality traits like being helpful, happy, smart and competent.
But the sad truth is this. These traits abound, and they show up daily in our cybersecurity workplaces. Here’s how you can spot them.
Don’t ask questions, is ignorance. Don’t admit weaknesses or mistakes, is incompetence. Don’t offer ideas, is intrusiveness. And, don’t criticise the status quo, is negativity.
The simple rule is this. Avoid doing any of these things unless you want to risk being viewed as ignorant, incompetant, intrusive or negative.
So, what. Who cares. Big deal. Why does this actually matter?
It matters because every time we withhold our voices, we rob ourselves and our peers from small moments of learning – from progress. And, when we don’t come up with new ideas, we rob ourselves and everyone around us from innovation.
By being so busy managing what people think of us we don’t contribute to creating a better organisation or wider community. And that means we limit ourselves to reducing risk and securing the future.
Thankfully, not everyone operates in this way. Not everyone sees a need for self-protection in their workplace. In environments of high challenge-high support (psychological safety) teams believe that they won’t be punished or humiliated for speaking up, whether they’re sharing an idea, asking a question, raising a concern or reporting a mistake.
There, effective leaders frame their work as a learning problem rather than an execution problem.
So, with this in mind, here are seven top tips that you can do, as a leader, to create a high challenge-high support (psychologically safe) environment.
Tip #1. Communicate your mission, vision and values. Ideally, you’d have these as statements, and they’d be visible around your office/s. If you’re starting a new position, it’s great bringing the team together for an introductory presentation. And, if your team is global, thanks to technology, this can easily be done.
Tip #2. Be explicit that there’s enormous uncertainly ahead and that managing this will be a challenge. As you don’t know what will happen, in order to succeed – in an environment where there’s uncertainty and interdependence – you’ll have to have everyone’s voices and brains in the game.
Tip #3. Acknowledge your fallibility and that no one’s perfect or has all of the answers. You can say things like, “I may miss something, and I need to hear from you.” This creates safety for speaking up.
Tip #4. Lead by example by modelling curiosity. Ask lots of questions, as these things create a necessity for voice. By walking your talk, you become a person others want to follow. You become known for your integrity rather than a lack of it. If you say one thing, but do another, all you'll do is erode trust. And, trust is a requirement in the modern business world.
Tip #5. Create an environment of "candor." Amy Edmondson, the Harvard professor and author behind the main study ever performed on the topic of of psychological safety and she goes into this in more detail in a wonderful example from Pixar.)
Tip #6. Create "braintrusts" or peer review groups. These groups remind me of a process I used at art college. There, after we'd completed an assignment, we gave constructive feedback on each others work. There was no malice, point scoring or alternative agenda. Everyone wanted each other to do better work and succeed.
Braintrusts operate in a similar manner. They have clear rules and guidelines that enable you to give and foster honest feedback. For example, members of these groups offer their opinions and give constructive feedback about the project, not the person. Comments come from a place of empathy and are taken as suggestions, not prescriptions. Furthermore, the person who is taking the feeback must not be defensive or take criticism personally. Instead, they need welcome it with open arms and to be ready to hear the truth.
Tip #7. Set boundaries. Ensure these are clearly communicated and that your team understands how things are to be. Then, hold them accountable if they step outside of them.
So, to wrap this up, as I said to my IN Security Tribe on World Voice Day, last week...
Your voice has never mattered as much as it does now in cybersecurity. In the workplace, it's both helpful and necessary. And, with the threat landscape as it is, we need everyone to bring their best selves to the challenges ahead. Voice enables this. Go use it.
Now I want to hear from you…
- Tell me, how you're going to use your voice. Or, if you're already doing so, the benefits it's brought to your team.
In my next blog, I’ll be examining personal branding in more detail. Until then, if you want to get started with creating a personal brand and learn how to better position yourself so you can build trust and influence within your organisation, sign up for my FREE Masterclass.
