COMMENTARY
Years ago I attended a conference led by a well-known and brilliant scientist. The talk was well-researched, thought-provoking and entertaining. I enjoyed it immensely.

There was one comment from the speaker that stuck with me. The speaker made the point that countries with scientists on their currency tend to value science more than countries without scientists. As an example, the speaker held up an Israeli five-lira banknote that was in circulation from 1968 to 1973 with a picture of Albert Einstein on it. “Albert Einstein was not Israeli, but if you’re that smart, everyone wants you as theirs,” the speaker noted.

This statement by the keynote speaker — a world-renowned scientist — taught me a valuable lesson. In this particular case, the keynote speaker, brilliant in the field of science, failed to infer why Israel would feel a connection to Albert Einstein — something that many of you may have intuitively understood. I believe that we can learn an important lesson from this in the field of security that is sorely needed and long overdue. We must learn to recognize talent when it is right in front of us.

I think we as a security community need to ask ourselves why we don’t promote from within more. In my opinion, not promoting from within is a huge error in judgment. Many in the security community would probably agree with me. Here are five reasons why I think so:

Experience: I think most people would agree that there is no substitute for real experience. Time in the trenches is important in any field, including security. Without a background of practical experience, it is difficult for any leader to truly understand and appreciate the domain-specific challenges that security professionals struggle with.

Troubleshooting: While many people have problem-solving skills, those skills are honed through experience. Time in the security field teaches analytical people to more efficiently gather and process the information needed to make timely and accurate decisions. Without that experience, a newly appointed leader risks leading his flock astray.

To trust: Relationships in security are built on trust, perhaps even more so than in other fields. These connections are built over time and are often born from time spent together in the trenches. To put it colloquially, security is about street cred. It is simply not possible for an outsider to gain this level of trust within the field, which will negatively impact that leader’s ability to be successful.

Respect: Security professionals are known for working harder, longer, and more diligently for those they respect than for those they don’t. Maybe that shouldn’t be the case, but it’s the reality of the field. When a respected leader asks a lot of his team, the team will almost always rise to the occasion. Unfortunately, that hasn’t been my experience when the leader lacks that respect.

Passion: A true leader is passionate about what they lead. When someone has invested the majority of their career in the security field and has worked tirelessly to improve the state of security, that passion is palpable. The security team will see a leader’s passion (or lack thereof) and will respond accordingly. This has a direct impact on the performance of the security team as a whole.

There are smart people and great leaders who have grown up in different fields. In security, however, it is time to promote security leaders from within. If we do not do this, we will continue to hold ourselves back as a field and unnecessarily expose companies to greater risk.