Neurodivergence, Vulnerability, and Happiness: A Fresh Take on Cybersecurity Leadership

Being a CISO requires more than just technical expertise. It demands a deep understanding of people, their strengths, their weaknesses, and the unique ways they perceive and interact with the world. In episode 93 of The New CISO podcast, Chris Nolke, a seasoned CISO and founder of Skycrane, shares his insights on the role of neurodivergence, vulnerability, and happiness in cybersecurity leadership.

In this article:

• The journey of a lifelong learner
• Embracing neurodivergence and vulnerability
• Discover your values
• The pursuit of happiness in cybersecurity
• Stoicism: a guiding philosophy for cybersecurity leaders
• The new CISO: a business person first
• Conclusion

The journey of a lifelong learner

Chris’ career path is a testament to his curiosity and commitment to lifelong learning. After graduating with a degree in electrical engineering from the University of Alaska Fairbanks in 1994, he was quickly hired by a defense company to work on satellite communication. His career trajectory changed when he encountered TCP/IP and firewalls, which led him to the exciting world of cybersecurity. He says, “I have always struggled in positions where I get bored or I’m not learning any longer. And so I followed the most interesting path.”

Chris doesn’t consider himself an expert, despite his extensive experience. He believes that the concepts behind cybersecurity are relatively straightforward and can be understood by most people. His humility and openness to learning are traits that have undoubtedly contributed to his success in the field. Chris’ approach to leadership is also noteworthy. He believes in bringing vulnerability and candor to work, along with having conversations that are “extraordinarily human.” 

Embracing neurodivergence and vulnerability

Chris, who identifies as neurodivergent, advises leaders to build authentic relationships and discuss neurodivergence openly. He views neurodivergence as a superpower in cybersecurity, enabling individuals to perceive complex patterns of risk within an organization’s IT infrastructure. He explains, “I can see into the matrix of risk with an enormous amount of information at relatively high fidelity.” However, he also acknowledges the challenges that come with it, such as communication difficulties and potential mental health risks.

Chris emphasizes the importance of vulnerability in leadership: ”Bringing vulnerability to work is an extraordinarily good leadership trait.” He suggests that leaders should openly share their uncertainties and insecurities, and acknowledge their strengths and weaknesses. He explains that an essential leadership trait is being able to describe “where you’re uncomfortable, but also telling people, ‘This is what I’m not great at, but this is why I need others around me that are different and great at other things.’” Self awareness and humility can help leaders build a team that complements their strengths and weaknesses.

However, Chris also warns that vulnerability can lead to negative outcomes, sharing his own experiences of being candid and vulnerable in ways that didn’t work out. Despite these challenges, Chris continues to prioritize vulnerability in his leadership style.

Chris also discusses the impact of his neurodivergent trait, ADHD, on his communication style. He explains that impulsive communication is his method of connecting with others. However, he acknowledges that the impact of his words may not always align with his intentions. He says he can communicate with somebody “with an entirely friendly and virtuous intention, but they may receive it differently” or it may have the opposite of the intended effect. This disconnect between intention and impact has led to some regrets. He recalls a piece of advice from a former boss: “Hey, Chris, you’ll go a hell of a lot further if you talk a hell of a lot less.” He admits his constant awareness of risk makes him a “feedback junkie.” He is always looking for unspoken feelings or perceptions that others may have about him, viewing these as potential risks that need to be mitigated.

Discover your values

Chris underscores the importance of understanding one’s values. He refers to Brené Brown’s values exercise, which helps people define their values to guide their career decisions. For Chris, self improvement and learning are among his top values. He says, “I have always followed a path of more learning and more discovery.”

He believes that helping team members understand their own values can improve leadership and feedback. For example, if a team member values winning, a leader can frame feedback in terms of how certain behaviors or actions can help or hinder their ability to win. This approach can make feedback more meaningful and relevant to the person.

The pursuit of happiness in cybersecurity

Chris and Steve delve into the topic of happiness and its relevance to being a security professional. Chris notes that happiness and fulfillment are rarely discussed in the context of one’s career, yet they are crucial aspects of personal and professional wellbeing.

Chris views happiness as a construct, composed of joy and contentment. He defines joy as acute and fleeting, and contentment as a more enduring state of comfort and satisfaction. Balancing them both, he believes, can lead to a sense of overall happiness.

He suggests that cybersecurity professionals need to have a deliberate practice for cultivating happiness to prevent burnout. He shares his own experience of burnout and how it led him to start his company, Skycrane, which aims to bring cybersecurity to small-to-medium-sized companies that lack cybersecurity staff.

Stoicism: a guiding philosophy for cybersecurity leaders

Chris touches on Stoicism, a philosophy that encourages acceptance of things we cannot control, and the pursuit of virtue in things we can. He cites Seneca and Marcus Aurelius, two Stoic philosophers who were also practical statesmen, as sources of wisdom for cybersecurity leaders. He believes that Stoicism can provide a practical process that can help CISOs navigate their roles more effectively.

The new CISO: a business person first

When asked what being a “new CISO” means to him, Chris highlights the importance of business relevance in cybersecurity. He believes that the most valuable certification a CISO can have is an MBA because it equips them with an understanding of what a business needs on a daily basis. He suggests that a new CISO should be a business person first and a cybersecurity expert second. This perspective can help CISOs contribute more effectively to the boardroom and assist the business in being competitive and successful.

Chris differentiates between a “big-O CISO” — an officer of the company — and a “little-o CISO” — a cybersecurity leader. While the skills required for these roles are largely the same, a “big-O CISO” focuses more on leadership and managing upwards, while a “little-o CISO” is more accountable for cybersecurity-specific outcomes.

Conclusion

Chris Nolke’s insights into neurodivergence, vulnerability, happiness, and business relevance provide valuable guidance for security leaders. His experiences underscore the importance of continuous learning, self awareness, open communication, and a deliberate happiness practice in leadership. His story serves as a reminder that great minds think differently, and these differences can be a source of strength and innovation in the cybersecurity field.

The Power of Automation: Which Tools Can Help Your Security Team?

For more of Chris’ insights and experiences, listen to the full episode or read the transcript.