Skip to content

Exabeam Delivers First Configurable Peer Benchmarking for CISO Decision-Making — Read the Release

The New CISO Podcast: Management Tools

  • Jun 22, 2022
  • Stephen Moore
  • 4 minutes to read

Table of Contents

    On this episode of The New CISO podcast, Jeremy Sneeden, Director of Security Operations and Engineering at Allina Health, discusses the importance of management training to learn how to lead others, advocate for his team, and quantify risks.

    Learning how to lead

    As someone with a technical background, Jeremy had to learn many new skills for his managerial role at Allina Health. Jeremy was terrified when he began his current management role because he never saw himself as a leader, and he felt that the training he received wasn’t sufficient. He had to figure out on his own a lot of what makes a manager successful. He remembers, “I landed on a couple of people that resonate with me. Simon Sinek is one of them. I think his message of taking care of your people is how I got the manager role. I think finding a philosophy like that, that matches your style, and then embracing it is key.” 

    How to ask for what you need

    Often Jeremy needs to pitch higher-ups on some new tool or equipment. In order to gain approval, he recommends talking in specific dollars and cents. And there’s strength in numbers. He finds it more effective to pair up with other infrastructure groups who want the same things as he does and make a group ask for additional funds or tools for their teams.

    Another important factor is the cost of risk. Jeremy says it’s imperative to  communicate how much the potential risks will cost the company, so executives can fully comprehend the breadth of the situation. For example, Jeremy suggests, you might say to executives: “Hey, this is high risk. If we have this event, here’s what it’s going to cost. Here’s what the mitigation will cost.” 

    Focusing on efficiency and automation 

    After three years of managing, Jeremy became a director. In charge of IT Asset Management, he sat down with his new team to examine their current tasks. If any task could be automated, they started that process. While it took time and money upfront, they saved hours — as well as millions of dollars — in the long term. In what he calls a “focus funnel”, Jeremy met with every person and talked about every task, asking “Hey, should we be doing this? Is this the right thing? If it is the right thing, is it a candidate for automation? And if it isn’t a candidate for automation, how do we do it more efficiently?”

    The process took around six months. After beginning the focus funnel, Jeremy built a roadmap and talked with managers about the things that they were planning to automate and why. When talking to executives, he went in-depth explaining the finances: “It costs X million dollars to manually provision people, and it costs us this much money for people to have to log in over and over and again during the day; but if we spend a couple hundred thousand, we can save two million in waste.”

    How to be a great manager and enable your team

    Jeremy believes that a great manager removes obstacles for their team. He explains that the old-school, dictating management style just doesn’t work, saying, “If you can just get them in a situation where they’re working on something that they want to work on, and keep everything else out of their way, you get really good results.” 

    He shares two tips for being a good team leader: 

    1. Get the necessary tools that can actually do the job.
    2. Eliminate the things that don’t bring value to that particular person. For example, daily huddles. Some people hate them and view them as a burden, but other people like them. Try to balance what each individual needs.

    A great manager pays attention, genuinely cares, and takes care of their people. They handle tasks that go unnoticed, such as dealing with angry customers and advocating for their team members’ promotion. 

    Jeremy believes that a great manager is also willing to get uncomfortable — or even scared — in order to grow and do what’s best for the team. As someone who manages other managers, Jeremy has learned when to get involved and when to back off. He explains, “I think it can be uncomfortable to be seeking other people’s feedback and interacting with people outside of my immediate sphere. As a CISO, though, I see my boss do this all the time, when he’s outside of his immediate sphere. He’s either evangelizing for security, he’s learning new things, he’s interacting with his peers so that we can work together to have better security posture.”

    Advice for the CISO-in-training 

    To Jeremy, being a CISO-in-training means listening to his mentors and continuing to learn and take care of his employees, saying, “Without my mentor, I’d probably still be a senior security engineer and I’d probably be relatively content, but I would not have the skills that I have now.  I enjoy my position — I like what I’m doing now. I like the ability to take care of people. We’re making good progress for the organization. It’s nice to see something grow that you had a little bit more control over, versus just doing the task.”

    Overall, being a manager is a major responsibility, and even if you don’t see yourself as a leader, Jeremy has proven that anyone can be an effective leader through mentorship, the right tools, and caring about — and listening to — your people. 

    Stephen Moore

    Stephen Moore

    Chief Security Strategist | Exabeam | Stephen Moore is a Vice President and the Chief Security Strategist at Exabeam, and the host of The New CISO podcast. Stephen has more than 20 years of experience in information security, intrusion analysis, threat intelligence, security architecture, and web infrastructure design. Before joining Exabeam, Stephen spent seven years at Anthem in various cybersecurity practitioner and senior leadership roles. He played a leading role in identifying, responding to, and remediating their data breach involving a nation-state. Stephen has deep experience working with legal, privacy, and audit staff to improve cybersecurity and demonstrate greater organizational relevance.

    More posts by Stephen Moore

    Learn More About Exabeam

    Learn about the Exabeam platform and expand your knowledge of information security with our collection of white papers, podcasts, webinars, and more.

    • Blog

      What’s New in LogRhythm SIEM October 2025

    • Blog

      What’s New with New-Scale in October 2025: Measurable, Automated, Everywhere Security Operations

    • Blog

      Catching the Quiet Threats: When Normal Isn’t Safe

    • Blog

      UEBA vs. XDR: Rethinking SIEM Augmentation in the AI Era

    • Blog

      How Exabeam Helps Organizations Adapt to Australia’s Privacy Reforms

    • White Paper

      Using MITRE ATT&CK® in Threat Hunting and Detection

    • Show More