Mansur Hasib > Quotes

“Knowledge in our heads is useless. Its power is unleashed only when it is shared.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“If you lead, you will not need to manage.”
― Mansur Hasib

“We can therefore define cybersecurity in the following manner: Cybersecurity is the mission-focused and risk optimized governance of information, which maximizes confidentiality, integrity, and availability using a balanced mix of people, policy, and technology, while perennially improving over time.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“However, advent of the network and the internet changed everything. Today IT is hardly about computing or writing code. Information technology today is about growing the business, marketing, relationship management, communications, recruiting, intellectual capital, and most importantly -- business differentiation. This new environment has made IT a revenue engine and a mission critical function.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Personnel will be hard to retain due to the artificially depressed salary structure. The CIO will most likely be relegated to an operational and maintenance role -- and may find this to be the only way to maintain sanity. Modern organizations should carefully avoid this very dangerous situation.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“These goals were first identified in the classic John McCumber (1991) model of information security, which was an important early conceptual model. This model identified three key tools: technology, policy and process, and training and awareness. The model was replaced in 2001 by the Maconachy,  Schou, Ragsdale, and Welch model of information assurance. This model introduced two key points.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Subsequent researchers connected such governance and leadership of cybersecurity to the development of a cybersecurity culture (Corriss, 2010; Brady, 2010; Hasib, 2013). These scholars argue that culture governs behavior more than anything else.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“In this new world, organizational leaders also need to recognize that everyone is a technology worker and every company is a technology company. Most business projects today are technology projects. Cybersecurity strategy is usually the business strategy itself. Therefore it is essential for Chief Executive Officers, boards, and other senior business leaders of organizations to understand how to lead cybersecurity. Such an understanding will help them hire the right people and set up the right organizational structure to make their businesses successful.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Another expensive mistake that organizations make is to ignore open source and free software. Such software can work as well as or even better than commercial software. The most frequent reason I hear is: You will get better support if you buy the product. This line of thinking is seriously flawed. The strength of open source software is in its openness – anyone can examine the code and point out flaws and anyone can work on improving the product. There are more Linux servers in the world today than there are Windows servers.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“You do not need to be perfect; you need to perfect your uniqueness.”
― Mansur Hasib, Bring Inner Greatness Out: Personal Brand

“Cybersecurity is the mission focused and risk optimized management of information which maximizes confidentiality, integrity, and availability using a balanced mix of people, policy and technology while perennially improving over time.”
― Mansur Hasib

“A Chief Financial Officer running technology and cybersecurity strategy in an organization is like a bus driver flying an airplane without a flying license.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“What appears to be happening is that organizations have decided to eliminate the Director of IT title and simply adopt the Chief Information Officer title so they can say they have one.  But they have not made all the required changes in authority or compensation or their recruiting methods to ensure that the person they hire is really qualified to serve in these strategic positions.  In many organizations, the Director of Networks or other similar level positions have been retitled as a Chief Information Security Officer. Some organizations have split up the roles of security and privacy and actually have a Chief Information Security Officer and a Chief Privacy Officer (CPO) creating serious confusion and conflict within the organization. They typically hire lawyers in the CPO positions and a technology person in the CISO positions. Instead of combining the salaries and hiring the right person, they have purposefully depressed the salaries of both positions and will have trouble recruiting for both positions.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Lead people instead of managing them and allow every brain in your organisation to innovate and help you succeed. Do not view your employees as expenses. Treat them like the assets they are and see how amazing they can be.”
― Mansur Hasib

“A risk management approach which focuses on the organizational mission and focuses limited resources on high priority security threats and opportunities to develop a balanced program is much better (McAdams, 2004). This approach views cybersecurity as a strategic asset and a business opportunity which gives the organization a competitive edge. Executive management is engaged in developing a program which balances technology, policy, and people controls to ensure the best business return.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Some CIOs may have a language barrier. I have frequently heard the complaint, “My president does not understand technology.” We cannot expect the CEO of an organization to understand technology. However, most CEOs have business goals they wish to achieve, and as long as we are focused on those goals and working to tie the technology and cybersecurity strategy to the mission, most CEOs will listen. The conversation must be about business goals, creating value, moving forward, competitive edge or distinction for the organization -- not about technology.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Good leaders nurture leadership in others and unleash performance at increasingly higher levels by identifying and focusing on a carefully-chosen set of core values. These values define the actions of leaders as well as their organizations. These organizations benefit from the collective brainpower of all its members instead of the brainpower of a few anointed leaders. My chosen set of leadership values are: integrity, empowerment, teamwork, customer service, continuous learning, and positive reinforcement.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“The remarks by Winkler and Somaini made me think of the safety culture I observed at a nuclear power plant early in my career. The organization was run according to key values such as safety, employee empowerment (with a questioning attitude), teamwork, customer service, excellence, and diversity. These values were consciously driven throughout the organization. All employees were empowered to question any order they believed would reduce safety. Supervisors could not penalize employees for such questioning. Everyone was encouraged to think continuously of ways to improve safety. Thus, germination of grassroots ideas from people closest to the work was part of the culture. This produced a highly safety-conscious workforce, superior team spirit, a collaborative relationship between workers and management -- and an excellent safety record.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Human problems need human solutions and a keen understanding of how humans behave. Humans are also the key to innovation and productivity in any organization. Workers of a company are its assets – not expenses. As assets they should be developed, nurtured, trained, and retained because they become more valuable over time. They also need to be utilized effectively.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Additionally, as identified by Tuckman (1965) and widely accepted by scholars who study team development and empirically validated by my own personal experience, all teams go through the following four stages: Forming – initial introductions and a honeymoon period of discovery. Storming – a period during which team members learn about each other and their various opinions, strengths and weaknesses. This period is usually accompanied by constructive conflict and arguments. This is normal and should be expected. It is vital for team members to express themselves or they will never get to the next stage. They could be vying for roles as the right people for each role is yet to be determined. Norming – after the constructive debates, team members adjust to each other and their roles which may be an outcome of the storming period. The rules of team engagement are established during this phase and the team is well on its way to the next stage of development. Performing – this is the coveted phase that every team which has successfully gone through the previous three phases get to. There is significant interdependence and trust between team members. Everyone knows who is covering for whom. Mentor/mentee relationships are well established and the team is a consistent winner.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“The following ad is also a Director of IT position dressed up as a CIO.  The position reports to the CFO creating a natural conflict between the requirements of the role to be strategic but being overruled all the time by the tactical view of the CFO. The CIO salary will also be depressed due to the lower rank and the person will not have proper access to the Provost and other VP level people who will be the CIO’s primary clients. Chances are very high the focus will be on the network infrastructure and maintenance – note the highlighting of the wired and wireless networks.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“VPs of Administration and Finance represent the interests of that business vertical. They are also strongly partial to the systems used by that business vertical. For example, within a medical university, they cannot be expected to also represent marketing; advancement; communications; business development; client relations; disease control; provost; faculty; student life; or other departments. Think about your enterprise: How can the person overseeing finance be impartial or well-informed across all your departments? Under many organizations' reporting structures, the CIO is expected to develop relationships with these other business verticals, but since they report to the CFO they are excluded from the very cabinet meetings where leaders congregate. Even when CIOs are invited, they are not considered of equal rank -- because they are not. Everyone views the CFO as the final authority for IT decisions, leading to some serious problems. In these organizations, finance drives strategy instead of strategy driving finance. IT is seen as a cost center and there is a perennial pressure to cut costs and reduce expenditures -- often at the detriment of strategy. Cybersecurity may be non-existent in these organizations. Setting appropriate salaries for CIOs and people reporting to the CIOs becomes impossible.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“A couple of years ago I had the pleasure of listening to Dr. Jamshed Irani, former CEO of Tata Steel, who turned the company around in the late 80s and early 90s by engaging the entire organization in a culture of innovation. One of the ideas that emerged during his tenure was Tata's practice of giving "Dare to Try" awards for innovative ideas that were operationally unsuccessful. Failed ideas teach us what does not work and provide us the opportunity to think critically so that the next idea has a better chance of success.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Customer service is a matter of managing expectations. Every user support professional has limited time and several problems to solve simultaneously. Everyone wants their problems solved first. But, this is impossible, so we must assess the problem's impact and negotiate a timeframe which the client can accept and a schedule we can meet.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“So are our organizations ready for gamification? The answer may lie in an organization's ability to implement a new management model called Management 2.0. Presented by Chris Grams, David Mason, Nyla Reed, and Mary Woolf in a panel at the conference, this approach clarifies for me what is troubling about the management model prevalent in many organizations today -- adherence to hierarchy, top-down and one-way communications, rewards based on position rather than contribution, and leadership based on position rather than knowledge, skill, or ability. All of these approaches were designed for a bygone era.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“We cannot build great teams without retaining great people. We all agree that it is not easy to find great people. Some turnover is healthy and normal for any organization, and we need to plan for that. However, losing great people hurts the organization significantly. It can even mean the difference between success and failure. So why is it that managers and leaders do not work hard enough to retain great people after they have worked so hard to find them? Retaining great people is far easier and cheaper than to recruit.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Leadership is the simple act of giving people the knowledge they need to succeed in getting to their goal.”
― Mansur Hasib

“As the panel elaborated on their 12 principles of Management 2.0, I realized that this new management model was powerfully grounded in social and collaborative principles that unleash the collective brainpower of an organization to drive innovation and success in an agile manner. This can be viewed as the new incarnation of the participatory style of management. Andrew Carusone's presentation, "Beyond the Water Cooler: Using Collaborative Technology to Drive Business" shared an implementation of this model at Lowe's. Carusone pointed out that workforce development today was all about developing awareness, creating engagement, and promoting commitment. In his model, management continues to have decision and approval authority, but all employees have the power to recommend, provide input, and perform their duties to the best of their abilities.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“Good teams require good leaders. Teamwork does not happen in the absence of leadership. We cannot combine a bunch of people and expect them to work together without a clear recognition of elected or appointed leadership. Multiple IT organizations cannot operate as a team unless they report to a single team leader.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization

“The only time I would not even try to retain someone is when that person brings me a competitive offer and then asks for a raise or a promotion. That is hostage taking. This person cannot be trusted and must be transitioned out as quickly as possible. Retaining the person will negatively affect the rest of the team. Integrity and trust is critical in any IT organization – it has become even more important in this new world of cybersecurity. Job hoppers are not very desirable team members.”
― Mansur Hasib, Cybersecurity Leadership: Powering the Modern Organization