As the threat landscape continues to grow and evolve, CISOs and security executives are having to demonstrate visionary leadership in communicating these threats along with the organization’s security posture clearly to the CEO and the Board of Directors. Indeed, adapting to the evolving threat landscape with a future-focused approach is a top priority among CISOs and security leaders in HMG Strategy’s 2023 Research Agenda.
Tom Hoffman, HMG Strategy’s Vice President of Research, recently sat down with Emily Heath, General Partner at Cyberstarts and former CISO at United Airlines and DocuSign, to explore these and other topics that are top-of-mind for security leaders. Emily is a recent HMG Strategy 2023 Global Leadership Institute Award recipient and will be speaking at HMG Strategy’s 2023 New York CISO & Technology Executive Leadership Summit on June 15 at The Harvard Club of New York.
Tom Hoffman: Emily, we’re thrilled to have you with us today. Congratulations once again on being named as a 2023 Global Leadership Institute Award winner!
Emily Heath: Thank you so much. As people go through their careers, who doesn’t love an award, but coming from HMG Strategy, it’s so meaningful. What you do each and every day to help promote innovation and technology in every major city across the United States and now globally is really incredible. It’s so very meaningful to me.
TH: Thanks, Emily. We’ve been talking a lot lately about visionary leadership. How would you characterize what visionary leadership is? What, what does it look like to you?
EH: It’s such a great question and it means a couple of different things to me. Having had the privilege of being a leader for many years as a former CSO at United Airlines and DocuSign before my new role in venture capital, I’ve experienced a lot of leaders along the way, and I’ve taken my responsibility as a leader very seriously. When you think about it, we all aspire to be visionary leaders, but what does that actually mean?
The first thing for me is you can never be a leader alone. Being a leader for me is always about the people, the people that you surround yourself with, having creative, diverse mindsets.
When you have people from different backgrounds who have different cultures that were educated and trained by different people, you truly get a very, very diverse way of thinking. And that to me is part of creative leadership that leads to visionary leadership. I don’t know how you can be visionary alone — you need people around you to help you get there. When it comes to the true visionary side of leadership, we have to start to think about how we look around the corner. We can’t solve the problems of today all the time. We have to leapfrog the problems of today and think about the problems of tomorrow and what that looks like. I think true visionary leaders are very adept at looking around corners and observing trends and absorbing from the people around them to think about not just what we’re solving for now, but what we need to solve for in the future.
TH: Well said. It’s also worth adding that visionary leadership is also about being able to explain both to your teams as well as to other members of the senior leadership team and the board what the future looks like and how we should be preparing for any variety of outcomes that could occur.
EH: Absolutely. I’ve experienced this in my own career. I sit on three boards now, but I also have presented to many boards over the years. I’ve, I’ve received the same feedback that I have given back to others which is that you need to be able to articulate that accurately, you need to be literal. Don’t try to be clever when you’re articulating things. You have to capture people with your story.
Leadership is very much about the art of storytelling because at the end of the day, leaders are people that you want to follow. And for those that can’t articulate where their vision is or where they’re going, it’s very difficult for people to want to, to get behind and follow them. So, the art of communication is key.
TH: When you think about visionary leaders that you are familiar with, who comes to mind?
EH: I’ve had the honor of working with so many incredible minds over the years. One HMG Strategy alumni who’s a dear friend of mine is Tom Peck, who is Chief Information and Digital Officer at Sysco Foods. He was my boss many years ago and gave me my first opportunity to become a CISO. Tom is an absolutely incredible thinker, a very strategic thinker that doesn’t just sit and be okay with the now. He’s always thinking about what’s around the corner and what’s in the future and how to drive business innovation. I’ve learned an awful lot from Tom over the years. He is a brilliant storyteller and therefore somebody that people want to follow.
Now that I’ve gone into venture capital, I work with someone now who I would argue to be one of the most visionary venture capitalists in the industry. Gili Ranaan is an entrepreneur himself and has built and sold companies over the years. He was at Sequoia (Capital) for many years before he started his own fund, CyberStarts. And in a matter of four or five years, out of 18 portfolio companies, having five unicorns that have grown through the Cyberstarts ranks is literally unheard of. It’s because of Gili’s visionary leadership and the way that he is able to spot talent like nobody I’ve ever seen. You can’t teach somebody that — it’s an innate skill that you either have or you don’t. And it’s just incredible to be a part of this early-stage venture funding where you get to work with some of the brightest minds in the business.
TH: Thanks, Emily. Those are great examples. We’re also talking a lot lately about AI, including how AI is playing into cybersecurity strategies. Can you share with us some of the trends that you’re seeing in terms of both offensive and defensive AI?
EH: It’s interesting because now on the venture side, a lot of people are asking if we’re investing in AI security companies, my typical response to this is ‘What would you want us to protect against?’ ChatGPT has made it very tangible for people to actually see the power of AI.
There are many organizations that are using Generative AI to their advantage. We’re having these conversations on every board I sit on about how we can leverage AI in order to further our business objectives and to further growth and revenue targets. So, there’s a very active conversation happening right now around AI from that perspective. The other side of the coin is that there’s also an equal number of conversations happening around the governance of AI. I think in many ways it’s very much like many aspects of security. It comes down to visibility first — what do we actually have that is AI-driven? Where are these models? What are they doing and how do we provide guardrails so that we know how to best govern them? You can’t have the Wild West with everybody being able to go use all of these technologies in any way they want.
At the same time, you don’t want to hinder the business. This is a very common narrative for security professionals. It’s a slightly different topic than we’re used to. What will be interesting is how we manage the intersection of security and data science and AI because they’re two very different disciplines that need to learn to work together. And I don’t believe we’ve really had that kind of relationship before. To me, it’s akin to how security works with developers. It’s going to be interesting to see how we balance both the innovation side of AI which I’m a huge proponent of, and at the same time keep the guardrails to make sure that we don’t have the Wild West.
TH: Interesting times indeed. So, as you know, Emily, we’re going through this massive turbulence both in the economy as well as the risks that organizations are facing today. What advice would you offer to CISOs both for today and looking ahead?
EH: I know this balance well, having been on that side of the table. The biggest challenge for CISOs right now is how we are balancing the day-to-day work that needs to happen in order to continue to keep our company safe whilst at the same time looking to innovate. This is what drew me into the start-up world. I’ve always been a huge proponent of leveraging the power of early-stage startups to be able to be an extension of myself and my team. If you think about it, and this is advice I would definitely give to CISOs, long gone are the days where companies need to have billions of dollars of revenue before you’ll do business with them.
Innovation doesn’t work like that. Innovation works quickly. And if you have a problem that a start-up is looking to solve, remember that start-ups are funded to solve your problem for you. When I was a CISO, I would partner with start-ups in a design partnership or an early deal of some sort because they’re hungry to solve my problem for me. And, and that’s what they’re funded for at the end of the day. So, my advice for CISOs is to look for ways, especially during these difficult times, to continue to innovate because you can’t afford not to innovate.
TH: Great advice, Emily, thanks so much for spending some time with us today on the HMG Spotlight series. And congratulations once again on your 2023 Global Leadership Institute Award.
EH: Thank you so much and it is always a pleasure. Thank you for having me.
Key Takeaways:
Visionary leaders don’t work alone. They rely on trusted colleagues with diverse backgrounds and perspectives who can help to identify and solve pressing challenges
Visionary leaders need to be adept storytellers because if they’re unable to clearly communicate their vision for the future, it will be hard to find people who will want to follow them
CISOs can stoke innovation by working with start-up companies that are hungry to help solve their problems
To learn more about the 2023 New York CISO & Technology Executive Leadership Summit on June 15 and to register for the event, click here.
