Not all leaders have the title of CISO. For this reason, we have changed the title of our Interview with series to Interview with a Specialist. This week we speak to Lydia Phillip, Director of Policy Governance and Resilience at Thomson Reuters.
Having made the transition from contractor to Director of Policy Governance and Resilience for Thomson Reuters, Lydia is a performance-driven, entrepreneurial, and hands-on leader with over 20 years’ experience of IS Audits & Control Assessments, Regulatory Compliance, Operational & Enterprise Risk Management, Third Party Risk and GRC.
Leadership in security is no different from leadership in any other field.
Vision: Vision is where leadership begins; without it, you don’t know where you’re going. If you don’t know where you’re going, you can’t build a strategy no matter how good you think you are.
You need to inspire people to join you and rally in the same direction. Without vision, you’ll be leading them on the road to nowhere.
Communication: Communicate, communicate, communicate, and when you think you’ve communicated, communicate some more. Leadership is about clearly setting the team direction and exercising decisiveness. However, communication only works if it is in words that your audience can relate to and understand.
Leading a team and seeing the effects of mentoring and coaching coming to fruition. I enjoy seeing professional and personal progression in people.
Being a contractor for so long gave me the full breadth of experience required to make the transition. This is partly due to the global and versatile industries I worked with.
Having said that; Going from contractor to Director was pretty much like doing Yoga when all you’ve done is lift weights- you discover muscles you didn’t know you had.
As a contractor, the mission is to deliver on your hiring manager’s vision; it’s what you signed up for. As a director, there is a total shift to setting the vision, articulating it, and relentlessly driving it to completion.
The changes in the last decade have been radical and have been spearheaded by rapid technological advancements. However, with the fantastic advancements we have made in technology, misinformation and other dangers need to be managed accordingly.
Security must be embedded into the DNA of an organisation.
Periodic online staff training only goes so far. Companies have to start as they mean to go on, keep it simple, use established industry guidelines.
How we select and hire security staff must be improved.
Technology moves so fast that by the time someone completes a four- year degree, everything has changed. We don’t need everyone to have an IT degree. Consider applicants from the arts and the creative industry. There are many transferable skills valuable to our industry.
I once interviewed for a position while I was literally boarding a plane. It was a very last minute interview and was the only available time for the interviewer.