The New CISO Podcast: Management Tools

On this episode of The New CISO podcast, Jeremy Sneeden, Director of Security Operations and Engineering at Allina Health, discusses the importance of management training to learn how to lead others, advocate for his team, and quantify risks.

Learning how to lead

As someone with a technical background, Jeremy had to learn many new skills for his managerial role at Allina Health. Jeremy was terrified when he began his current management role because he never saw himself as a leader, and he felt that the training he received wasn’t sufficient. He had to figure out on his own a lot of what makes a manager successful. He remembers, “I landed on a couple of people that resonate with me. Simon Sinek is one of them. I think his message of taking care of your people is how I got the manager role. I think finding a philosophy like that, that matches your style, and then embracing it is key.” 

How to ask for what you need

Often Jeremy needs to pitch higher-ups on some new tool or equipment. In order to gain approval, he recommends talking in specific dollars and cents. And there’s strength in numbers. He finds it more effective to pair up with other infrastructure groups who want the same things as he does and make a group ask for additional funds or tools for their teams.

Another important factor is the cost of risk. Jeremy says it’s imperative to  communicate how much the potential risks will cost the company, so executives can fully comprehend the breadth of the situation. For example, Jeremy suggests, you might say to executives: “Hey, this is high risk. If we have this event, here’s what it’s going to cost. Here’s what the mitigation will cost.” 

Focusing on efficiency and automation 

After three years of managing, Jeremy became a director. In charge of IT Asset Management, he sat down with his new team to examine their current tasks. If any task could be automated, they started that process. While it took time and money upfront, they saved hours — as well as millions of dollars — in the long term. In what he calls a “focus funnel”, Jeremy met with every person and talked about every task, asking “Hey, should we be doing this? Is this the right thing? If it is the right thing, is it a candidate for automation? And if it isn’t a candidate for automation, how do we do it more efficiently?”

The process took around six months. After beginning the focus funnel, Jeremy built a roadmap and talked with managers about the things that they were planning to automate and why. When talking to executives, he went in-depth explaining the finances: “It costs X million dollars to manually provision people, and it costs us this much money for people to have to log in over and over and again during the day; but if we spend a couple hundred thousand, we can save two million in waste.”

How to be a great manager and enable your team

Jeremy believes that a great manager removes obstacles for their team. He explains that the old-school, dictating management style just doesn’t work, saying, “If you can just get them in a situation where they’re working on something that they want to work on, and keep everything else out of their way, you get really good results.” 

He shares two tips for being a good team leader: 

1. Get the necessary tools that can actually do the job.
2. Eliminate the things that don’t bring value to that particular person. For example, daily huddles. Some people hate them and view them as a burden, but other people like them. Try to balance what each individual needs.

A great manager pays attention, genuinely cares, and takes care of their people. They handle tasks that go unnoticed, such as dealing with angry customers and advocating for their team members’ promotion. 

Jeremy believes that a great manager is also willing to get uncomfortable — or even scared — in order to grow and do what’s best for the team. As someone who manages other managers, Jeremy has learned when to get involved and when to back off. He explains, “I think it can be uncomfortable to be seeking other people’s feedback and interacting with people outside of my immediate sphere. As a CISO, though, I see my boss do this all the time, when he’s outside of his immediate sphere. He’s either evangelizing for security, he’s learning new things, he’s interacting with his peers so that we can work together to have better security posture.”

Advice for the CISO-in-training 

To Jeremy, being a CISO-in-training means listening to his mentors and continuing to learn and take care of his employees, saying, “Without my mentor, I’d probably still be a senior security engineer and I’d probably be relatively content, but I would not have the skills that I have now.  I enjoy my position — I like what I’m doing now. I like the ability to take care of people. We’re making good progress for the organization. It’s nice to see something grow that you had a little bit more control over, versus just doing the task.”

Overall, being a manager is a major responsibility, and even if you don’t see yourself as a leader, Jeremy has proven that anyone can be an effective leader through mentorship, the right tools, and caring about — and listening to — your people. 

To learn more, listen to the full episode or read the transcript.