Role of Supportive Leadership in Cyber Security
Stuart Whetstone, Head of Cyber Security Operations, Latitude Financial Services
Stuart Whetstone, Head of Cyber Security Operations, Latitude Financial Services
Stuart Whetstone, Head of Cyber Security Operations at Latitude Financial Services has over two decades of experience in cybersecurity. His career, marked by a steady progression from technical roles to leadership positions, involves building and maturing security capabilities across various industries including aviation, finance, insurance, transportation and consulting. A proven leader with a strong track record in building high-performing security teams from the ground up, he is currently focused on transforming security operations at Latitude through insourcing and capability development.
Recognizing Whetstone’s progressive leadership and dedication to building and leading successful cybersecurity teams this interview delves into the importance of capability development, maturity and effective communication documentation. He also adds valuable insights on effective leadership and team management, highlighting the need for a comprehensive overview of the cybersecurity landscape and treating team members with respect.
At a Glance:
• Constant evolution defines the cybersecurity landscape, demanding relentless adaptation.
• Effective resource allocation and talent development are critical for organizational resilience.
• Strong leadership fosters a positive work environment and empowers teams to excel.
Challenges in Cybersecurity: Evolving Threats and Resource Optimization
One of the most challenging aspects of working in cybersecurity is the constantly changing threat landscape and evolving technology. However, this also makes the field incredibly interesting. We constantly feel like the job is never done and that we must always do more. There is no standing still in cybersecurity, continuous learning and adaptation are crucial. We must understand how the threat landscape changes and how to adjust internally to counteract these changes.
Managing people on top of that adds another layer of complexity. Different personalities and capabilities, combined with limited budgets and staffing, make prioritization essential. Everyone understands the importance of security, but the challenge lies in deciding where to allocate limited resources. Prioritizing tasks and determining which problems to address first are constant challenges due to these constraints.
Leadership Philosophy: Developing Talent and Fostering a Positive Work Environment
My leadership philosophy centers on developing and preparing my analysts to achieve their career aspirations. I strive to create an environment where they can learn, grow and excel to their full potential. Ideally, this development culminates in their advancement within my team. However, I also view it as a success when analysts leave to pursue external opportunities that weren't available here, as it indicates that I've contributed to their growth.
To foster a positive and productive team, I prioritize providing interesting work, fair compensation, respectful treatment and flexibility. I believe that these factors contribute to high employee satisfaction and retention.
Leadership in Crisis: Protecting the Team and Driving Resolution
Working in security operations inevitably exposes teams to high-pressure situations. Through my career, I’ve experienced these firsthand. To prepare for such challenges, we invest heavily in documentation, process development and simulation exercises like drills and tabletop exercises. These efforts aim to ready us for the inevitable security incident.
Major incidents involve a multitude of stakeholders, including crisis management, legal, media and executive teams. Effectively managing these interactions while maintaining team focus is crucial.
When an incident occurs, clarity of roles and responsibilities is paramount. I believe in assigning individuals specific roles within the incident response structure to optimize their contributions. My leadership philosophy centers on hiring talented individuals and empowering them to excel. During incidents, my role is to shield my team from external noise and distractions, allowing them to focus on detection, containment and recovery.
Major incidents involve a multitude of stakeholders, including crisis management, legal, media and executive teams. Effectively managing these interactions while maintaining team focus is crucial. My goal is to provide necessary information to senior stakeholders while minimizing disruptions to my team's core responsibilities.
Advice to Peers: Cultivating Talent and Embracing Diversity
People are our most valuable asset. I prioritize investing time and effort in developing my team members. High-performing security professionals seek challenges, stimulating work and opportunities for growth. By fostering this environment, I contribute to both individual and team development, which in turn improves retention.
While technical expertise is crucial, I believe a diverse team with varying skill sets is essential for success. Some team members excel technically, while others possess strong communication or process-oriented abilities. Rather than viewing these differences as weaknesses, I leverage them as strengths.
When building our team, we focus more on personal attributes than technical skills. A strong team culture is paramount and we prioritize hiring individuals who align with our values. By combining diverse expertise, experience levels and perspectives, we create a well-rounded and effective cybersecurity capability.
