Being at the helm of Secon Cyber and developing close relationships with our clients I have come to the realisation that in today’s cyber security environment we are not doing enough by settling for incremental improvements to our clients’ security as a Value Added Reseller (VAR). I felt that in some instances we were actually doing a disservice, particularly when a client had a P1 (Priority 1) issue such as a malware outbreak or system failure, we would find ourselves being reactive to the critical situation and becoming the ‘go-between’ the technology vendor and our client, often receiving impractical advice with possible severe impact on the customer’s business operation.
Although Secon Cyber was growing and successful, I felt that we had to undergo a transformation to get and stay, on top of our clients’ security posture and take a more proactive approach, more importantly, take responsibility at a time of crisis. Hence the transformation from VAR to Advanced Managed Security Service Provider (AMSSP). The key functions that have defined my role in this transformation are:
Making the transformation meaningful. I believe in this cause and will go to extreme lengths to succeed. This requires extraordinary energy: the team must fundamentally rethink and reshape the business while continuing to run it day to day. We have created a three-year transformation plan; a story that maps our journey and helps our employees believe in the effort. When answering their big questions, primarily how the transformation will affect Secon Cyber and them, it is important that I have compelling answers and the willingness to make it personal and engage the with team openly.
Role-modeling desired mind-sets and behaviour. I have embarked on my own personal transformation journey. With over 17 years experience of running a VAR business, I have had to undertake a change in my leadership behaviour specific to the transformation objectives. This has involved reshaping the way I run my diary, spending regimented time every week with my leadership team on the transformation plan, weekly innovation and progress meetings on our managed detection and response platform and weekly management meetings to ensure that the day to day running of the business is not affected. I have also embarked on a programme to meet as many of our clients as possible, to really understand what they need and to shape the business so it is of value to them. We have taken significant action: abolishing ‘deal based commission’, the typical model used in the cyber security industry today which drives a certain type of behaviour. To this end, we have placed the entire team on an annual bonus scheme based on a balanced scorecard around business, operational, customer experience and personal development KPIs. This has helped our employees understand that rewards will not be based on short-term gain, i.e what is most profitable for Secon Cyber but instead what is going to add the most value to our clients’ whilst building long-term value in the business.
Building a strong and committed top team. Over the past 18 months, I have spent time building a new leadership team, carefully handpicking individuals from my network, who share my values, vision and beliefs. They are a valuable asset in leading this transformation. I have had to make sacrifices losing key members, who although talented, were not fully committed to the transformation. With the right team in place, we have aligned ourselves in a clear direction. We have agreed what we can achieve as a team and the behaviours we want to see.
Relentlessly pursuing impact. On any leadership and management training that I have been on, the mantra has been work on the business and not in the business. However, for the transformation to be successful, I have rolled up my sleeves and got personally involved for maximum impact. Decisions are being made quickly and I believe we are sowing the seeds of a culture of openness and determination.
As I have said in many of our team meetings, the train has left the station. I am not sure what the future will bring and whether or not the transformation will be a success, but what I do believe is we have focused ourselves on the transformation of VAR to AMSSP. If we are successful, it won’t only be a success for Secon Cyber but a success for our clients as we will proactively protect them and take ownership. Our goal is to establish virtues, defeat the injustice of attacks such as Wannacry. This is our goal and we will move towards it.