Recently, a friend posted a wonderful piece attributed to their hero, the CISO. I disagreed and immediately felt like a party pooper. But, I had to do it.
Here’s why.
In business today, the role of a CISO is crucial. With the consistency and severity of cyber attacks and data breaches worsening, compliance becoming a minefield, organisations are turning to (and paying) CISOs for protection and guidance.
However, it’s important to note that while the CISO may be seen as a hero in the eyes of many, this mindset can be dangerous. Placing too much pressure on one individual to single-handedly protect an entire organisation can result in someone developing what’s commonly referred to as a hero complex.
And before you say, the buck has to stop with someone, hear me out.
First, What’s a Hero Complex?
Often stemming from a strong desire to be seen as exceptional, indispensable, or the sole saviour in challenging situations, this complex can manifest in various ways. Considering how it develops, here are a few things to be aware of:
-
- Need for Recognition: In environments that emphasise heroism, individuals might feel compelled to constantly seek recognition and praise for their actions, leading to a reliance on being perceived as the only solution to problems.
-
- Overextension and Burnout: Those with a hero complex may struggle to delegate tasks or seek support, resulting in overextension and potential burnout as they take on more than they can reasonably handle.
-
- Disregard for Team Effort: The hero complex can lead individuals to undervalue the contributions of others and undermine the importance of collaborative efforts in achieving success.
-
- Risk of Perfectionism: There’s a risk of developing perfectionist tendencies, as individuals with a hero complex may feel the need to consistently excel and maintain an image of infallibility.
Heroes Often Attract Drama
Steven Karpman, the creator of the Drama Triangle model, see below, outlined how the hero, along with the victim and persecutor, contributes to the cycle of interpersonal conflict and dysfunction.
His work sheds light on the underlying motivations and consequences of hero behaviour within this framework. Karpman’s analysis emphasises that the hero’s actions, while initially driven by a desire to help, can inadvertently perpetuate a sense of powerlessness and dependency among those they seek to rescue.
Furthermore, the hero’s interventions may stem from their own need for validation or a sense of purpose, leading to a complex interplay of psychological dynamics within the drama triangle. As such, understanding the role of the hero in the drama triangle provides valuable insights into the complexities of human interaction and the potential for transformative change through awareness and conscious communication.
A Securer Approach
That’s why I advocate for a different, securer approach – positioning the CISO as a guide rather than a hero. This concept is similar to that of Obi One in Star Wars, who acted as a mentor and guide to Luke Skywalker rather than doing all the work himself.
And yes, I bet you’re saying well his role wasn’t to protect an entire galaxy, but hear me out, again.
The CISO’s role is more than just protecting the company from cyber threats for the CISO has to become an enabler for the rest of the organisation. They educate and empower employees on cybersecurity best practices, implement policies and procedures, and provide guidance on identifying and mitigating potential risks.
By taking on this role as a guide, the CISO builds a stronger culture of security within the organisation. Employees become effective cyber defenders as they’re now more aware of potential threats and are better equipped with the knowledge and resources to protect themselves and their company.
Additionally, by shifting away from the idea of a hero, organisations avoid placing unrealistic expectations on their CISOs.
Here’s how they building stronger security postures and healthier environments:
-
- Promote Collaboration: Emphasise the value of teamwork and collective problem-solving to reduce the pressure on individuals to always be the hero.
-
- Recognise Contributions: Acknowledge and celebrate the efforts of all team members, highlighting the collective achievements rather than individual heroics.
-
- Encourage Self-Care: Foster a culture that prioritises self-care, work-life balance, and open discussions about mental health to prevent burnout and promote well-being.
-
- Develop Leadership Skills: Provide opportunities for individuals to cultivate leadership skills that prioritise delegation, mentorship, and empowering others.
To end…
I believe CISOs should never be positioned as a hero. By acknowledging and addressing the potential development of heroes, organisations and individuals can create a more supportive and balanced work environment that values collaboration, shared success, and individual well-being.
Now I want to hear from you…
In a culture that celebrates heroes, tell me how can we shift the narrative to honour collective efforts and collaborative achievements, fostering a more inclusive and sustainable approach to success? Drop me an email or join me on LinkedIn where we can continue this discussion and you can tell me your thoughts on this matter.
Or, reflect on a time when you felt compelled to be the hero in a situation. How might the outcome have differed if a collaborative approach was prioritised?
