Cyber Strategies For Leaders
By tackling the ‘human’ element of security, only then can we begin to work on hardening existing processes.
I hope by reading the following article, it inspires existing and next generation leaders to join me in tackling today’s challenges for a better tomorrow.
I am looking to make a difference, leading with change, empathy, passion and excitement.
Organisations are doing so much already, if you’re one of them, this may just be a recap of everything you already know. But if you’re struggling to make ends meet, and the thought of putting in place well defined strategies for your business is too much to consider, I hope the following guidance will act as a starting point.
Existing Trends
General leadership trends show that in 2025, 69% of millennials expressed concerns about the lack of leadership skills development in their workplace.
A few years earlier, Gartner revealed shifts during 2022, when a study showed 90% of HR leaders believed that in order to thrive in the modern workplace, leaders needed to prioritise the human elements of leadership.
Advisory firm Gallup, when describing the best traits needed to succeed in any leadership position, revealed only “one in 10 people possess the talent to manage”, and “two in 10 people exhibit some characteristics of basic managerial talent”, with additional support possible through coaching and development programs.
Today, Millennials and Gen Z say that having access to skills development is important to them, with it being crucial that current employers include up-skilling opportunities or risk losing talent. Various roles outside of cyber security and technology require a degree of basic digital skills, with it becoming increasingly valuable to acquire these capabilities.
This is further evidenced by CBRE's recent survey looking into opinions of 750 Gen Z and Millennials across the UK on their workstyle preferences, identifying three-quarters (74%) of respondents expressed business department leadership aspirations.
Certain traits that stand out to me when observing the next generation of leaders include:
· Purpose-driven leadership
· Culture and respect for the business goals
· Mission alignment
· Authenticity Over Persona
Top Five Findings:
The Importance of Feedback. Building a cyber security program needs to be attractive to a new/future cohort of talent, not just about retaining the employees you already have. The program needs to be widely accepted for existing employees to get on board and new people to see the advantages. Simple techniques for feedback include surveying staff and asking questions such as what would they like to see improve in terms of training, key learnings, and ways forward. If existing training focuses too much on online elements, including video-based content delivered through webinars, and assignments; workshops delivering real-world cyber scenarios can provide Q/A opportunities in real-time, collaboration between teams, better use of time and resources, and shifts in behaviour.
Revamp Training. In terms of technical and non-technical roles in cyber security, training could be adapted to focus on outsider influences, such as personal branding, networking, community, public speaking, presentational tradecraft / delivering key message to clients, and business strategy, alongside the courses we already have that focus on technology, frameworks, risk and so on.
Culture, Respect and Responsibilities. Create new roles that suit employees if not present inside your organisation. Leaders as solution finders and idea creators need to strike the balance between steering teams towards real-world hands-on experience, and the need for employees to consistently be upskilling and educating themselves. This ties in with the culture fit point alongside onboarding passionate and excited individuals looking for longevity in their careers. As the saying goes, culture eats strategy for breakfast, respect for the business, clients, stakeholders, partners and leaders will depend on all the factors outlined above.
Togetherness and Championing All Skills. Build a cyber security program that champions all types of employees, from those who are incredibly ambitious and want to aspire to be leaders, and those who are seeking a more moderate lifestyle, but are still able and willing to put in 110% at work however would rather be suited to a role that offers flexibility.
Future Planning. Asking employees ‘where do you see yourself in 5 years’ can be the hardest, anxiety-inducing question. Instead, roadmapping employee expectations in multiple areas of their lives will help drive them towards the next 5 years. In the meantime, you as the employer will be able to create the big team picture which involves areas needing improvement/training, and types of tasks that suit everyone's needs. I think It is also important to go right to the end of an employee’s journey, including exiting the company. Although no employee thinks about leaving straight away, depending on their deepest desires and career goals, along the way they may want to align better, and therefore it won’t come as such a shock if you plan ahead and utilise talent supportively.
A few weeks ago, when I was travelling to Scotland, I spent 5 hours on the train reading about existing cyber security programs, and decided to roadmap exactly the steps I think we could and should focus on this year, leading into 2026 and beyond.
On the one side, I detailed risk management practices, including ongoing monitoring, auditing, software and tooling compliance, maturity assessments, resilience, zero-trust culture, adopting industry standards, working alongside key stakeholders in the business, understanding trends relating to emerging technology, and global economic landscape shifts.
On the other side, I began to think about people, culture, respect, and community. Building strong partnerships both internally and externally to the business (MSP’s, startups, medium size organisations, recruitment agencies and educational training institutions) allows for consistent trend analysis and up-skilling with employees.
The ‘Wheel of Life’ is a common activity provided by coaches to their clients at the beginning of their journey, enabling individuals to map out key areas such as family, friends, career, health, wellbeing, finances, travel and more. Utilising similar practices in the cyber security field and even cross-industry means we can understand employees right from the get-go, during the interview process/onboarding and then keeping in mind ambition and progression targets.
Thinking about the statistic I shared at the beginning of this article, Millennials and Gen Z employees are looking for employers to offer incentives, rewards and opportunities for up-skilling. Let’s provide enhanced training through bootcamp-style environments, workshops, days in the life/shadow sessions, inspiring stories and courses that still apply to cyber security but might not need to be tech-heavy, such as marketing, personal branding, content creation, sales (bringing the business to life online, through to brochure and presentation slide styling). One solution which I understand some organisations are actively taking part in includes hiring an advisory department to work with employees, dedicating time to road mapping different roles, careers and identifying talent.
Final Points: Aligning Current and Next Generation Leaders
I have been speaking to C-Suite leaders over the last few months, and the following key areas stood out to me.
The culture we have must include tackling ‘human risk’ by having more open conversations about security. Organisational alignment is also key, instilling core values, mission, and goals of the business onto employees.
With the rise of artificial intelligence (AI), Generative AI, Agentic AI and so forth, current and future leaders will be expected to think about business shifts in terms of prioritising workload and automation. Already trends show strengthening position in autonomous SOC capabilities, using AI to help monitor alerts, triage, and reduce false positives. At the same time, these are not tools and fixed solutions.
It is important to maintain a clear understanding of why you need to build your own Large Language Models (LLM) and open-up discussions to employee communities, involving them in developing appropriate business needs. Evolving futures – ecosystem, dark web forums, trends, GPT being sold, how threat actors are optimising emerging tech.
Finding new ways to reach wider audiences within a company and train them on cyber security best practices can prove tricky, with standard phishing simulations and automated newsletters not always the best approach to up-skilling.
Talking to Board members requires not only security knowledge but business terminology, and the ability to convey this through a humanistic approach. CISO’s of the future can expect to wear multiple hats, understanding strategy, technology and business needs. When reporting to the CEO, CFO, COO and so on, offering coaching and being on hand to deliver high-level trends when needed is already being encouraged and will continue. It is important to build strong relationships and rapport not only with clients but individuals in charge of investment, budgeting, and project sign-off.
Remember your biggest asset is not how much knowledge and experience you have, but your ability to take other people along with you on your journey, relaying the key message through storytelling. As a leader you need to be the ideas person, allowing your team to work on bringing your ideas to life, while you find solutions along the way.
Open communication across supply chains remains a pressing concern, with tooling providers enabling risk advisories to build awareness and monitoring overtime. Community approach can facilitate asking questions, understanding who the key players are in the industry, and impacts.
Accessibility of future leaders may come into question. Business branding is booming in cyber security, with many taking to social and business platform LinkedIn to share success stories and testimonials, enhancing customer and client interactions. Being able to see the owner and face behind a business really creates elements of appreciation and connection we all crave. I think it will become more apparent this year and leading into 2026 that to attract and retain not only employees but fresh clients, leaders need to shine and advocate for their workplace, building a portfolio which can include public speaking engagements, blogs, podcast appearances. I do most of these things already and have met so many likeminded leaders along the way. In cyber security, we must all come together, share stories, create space for upcoming talent and strengthen community.
See you next time!
