Leadership in Cybersecurity: An Examination of a Transformational Leader with Vision

Edwin Covert
6 min readFeb 4, 2022

--

Photo by Elvis ABA from Pexels

Leadership is key to the success of any organization, regardless of that organization’s purpose (Brownlee et al., 2019). Two types of leadership are transformational and visionary. This article will review each style and synthesize them into a single definition. From there, the article will apply this new combined definition to a recognized cybersecurity leader, Brigadier General Gregory Touhill, USAF (Ret.) The goal of this examination is to understand whether Touhill is a transformational leader with vision (TLV) by examining four facets of such a leader. Those facets are how he communicates, how he encourages experimentation, does he model his vision, and how he creates commitments from his teams.

Marrying Transformational Leadership and Visionary Leadership

What is Transformational Leadership?

Islam et al. (2021) defines a transformational leader as being one “who acts as a change agent, raises followers’ awareness by transcending their collective interests, and helps them to achieve exceptional goals” (p. 96). There are four characteristics of transformational leaders: exceptional influence; motivation that creates action, intellectual invigoration, and concern for the individual (Islam et al., 2021). Because of these characteristics, organizations recognize that transformational leadership is the most effective for instituting change (Middleton et al., 2015).

What is Visionary Leadership?

Visionary leadership is one that motivates members of the organization to contribute meaningfully towards a shared vision by showing those members what the future looks like (Luo et al., 2020). According to Luo et al. (2020), there are three elements of visionary leadership. First, visionary leaders create and enhance a personal commitment from each member toward the greater collection goal. Second, such leaders link the efforts of each member to the collective vision. Finally, visionary leaders seek to create a sense of self-efficacy in members by expressing confidence in each member’s abilities.

Combining the Two Leadership Styles

Both forms of leadership have value depending on the situation. However, a leader who has both is potentially unique in their ability to improve a business or other organization. By combining both forms of leadership, being a TLV means someone is a dynamic agent of change that positively motivates team members to contribute to an articulated and shared vision and helps them to achieve exceptional goals in the cultivation of that vision. With this updated definition, it is possible to review specific examples from Touhill’s professional life and determine if he meets this new definition.

Examining Touhill Against the TLV Definition

Currently, Touhill is the Director of the Computer Emergency Response Team (CERT) (CERT, 2022). CERT is a part of the Software Engineering Institute at Carnegie Mellon University (CMU) and is a leading federally funded research and development center (FFRDC). Touhill is also an adjunct professor at CMU’s Heinz College of Information Systems and Public Policy (Carnegie Mellon University, 2020). President Obama appointed him as the first Chief Information Security Officer (CISO) for the US government (Johnson, 2021). Other leadership positions Touhill has held include Deputy Assistant Secretary, Cybersecurity and Communications at the Department of Homeland Security and Chief Information Officer (CIO)/Command, Control, Communication, and Computer (C4) Systems for the US military’s Transportation Command. He is also an author of and volunteer in cybersecurity efforts.

With his considerable biography in cybersecurity, Touhill certainly satisfies the definition of a cybersecurity leader. However, that does not mean he is a TLV. In order to make that determination, it is worth diving deeper to understand the answers to four important questions.

How Does He Communicate His Vision?

As noted above, a TLV must possess an articulated vision that he or she articulates. Simply possessing that vision is not sufficient; a TLV must enunciate that vision in a way that makes sense. Touhill volunteered to help found the local Northern Virginia chapter of the International Information System Security Certification Consortium (ISC2) organization in 2018; ISC2 maintains the Certified Information Systems Security Professional (CISSP) certification. As the executive advisor to the chartering committee for the new chapter, Touhill communicated his vision for the new chapter through a combination of storytelling, providing examples based on deep experience, and engaging various stakeholders (chapter officers, potential members, and ISC2 corporate leadership) based on the audience (Covert & Waddell, 2022).

How Does He Encourage Experimentation?

Achieving exceptional goals is part of the TLV definition above. Because nothing is exceptional 100% of the time, failure will occur. While Khanna et al. (2016) note that learning from failing can seem counterintuitive, it is an important element of driving success. In fact, “Failure offers firms many opportunities to learn, but learning from failure is far from guaranteed” (p. 438). Touhill understands this. According to participants in the ISC2 chapter chartering process, Touhill created an environment where individuals under him recognized that failure is not the end of the process but an opportunity to re-examine what occurred and how to improve upon it while the chapter president specifically noted Touhill’s approach is to “fail fast and learn from our mistakes” (Covert & Waddell, 2022, email correspondence). This is the essence of experimentation.

How Does He Model the Vision?

Touhill co-authored a paper about improving cybersecurity leadership in 2013. Two of the many findings from the research include being able to communicate the business cases and return on investment for cybersecurity issues and pursuing continuing leadership and management professional education (Kern et al., 2013). Touhill models the vision laid out in his leadership paper. He has continued to gain education and experience over his career with two master’s degrees and a graduate certificate from the Harvard Kennedy School of Government; in addition, he has had a professional career progression in cybersecurity across the public and private sectors (Carnegie Mellon University, 2020).

How Does He Build Commitment to the Vision?

A TLV motivates team members positively to contribute toward his or her vision. This requires ensuring commitment to that vision from each member. Touhill does this by ensuring each member understands the benefits of the vision he advocates (Covert & Waddell, 2022). He brings in team members with different viewpoints to leverage experience he does not possess but still ensures all parties work towards his vision (Covert & Waddell, 2022). This is how he creates commitment from his teams.

Conclusion

Leadership is vital to an organization but in rare instances, a TLV can help an organization achieve great things. The TLV is that dynamic leader and an agent of change that positively motivates team members to contribute to an articulated and shared vision and helps them to achieve exceptional goals in the cultivation of that vision. By evaluating specific examples of Touhill’s work, one can see he communicates his vision productively (an articulated and shared vision). Touhill encourages experimentation (helps them to achieve exceptional goals) by instilling the idea that failure is sometimes a necessary outcome; he models his vision (dynamic leader and an agent of change) and creates the commitments from his team to achieve his vision (motivates team members to contribute). Therefore, Touhill satisfies the definition of a leader generally, but he is also a TLV in the cybersecurity sector.

References

Brownlee, M. T. J., Bricker, K., Schwab, K., & Dustin, D. (2019). Seven characteristics of highly effective leaders. Journal of Park and Recreation Administration, 37(1), 154. Retrieved January 27, 2022, from https://link.gale.com/apps/doc/A609836823/AONE?u=colstglobal&sid=bookmark-AONE&xid=e92e6c0e.

Carnegie Mellon University. (2020). Gregory J. Touhill. Carnegie Mellon University’s Heinz College. Retrieved January 28, 2022, from https://www.heinz.cmu.edu/faculty-research/profiles/touhill-gregory

CERT. (2022). Gregory J. Touhill. Software Engineering Institute. Retrieved January 27, 2022, from https://www.sei.cmu.edu/about/leadership/display.cfm?customel_datapageid_2623=314857

Covert, E., & Waddell, D. (2021, January 28). Interview with Daniel Waddell, Chartering President of ISC2 Northern Virginia Chapter. personal.

Islam, M. N., Furuoka, F., & Idris, A. (2021). Mapping the relationship between Transformational Leadership, trust in leadership and employee championing behavior during organizational change. Asia Pacific Management Review, 26(2), 95–102. https://doi.org/10.1016/j.apmrv.2020.09.002

Johnson, D. B. (2021, June 25). New SEI Chief chief and first ever federal CISO: Old cybersecurity models have ‘been overcome’. SC Media. Retrieved January 28, 2022, from https://www.scmagazine.com/news/security-news/network-security/new-sei-cert-chief-and-first-ever-federal-ciso-old-cybersecurity-models-have-been-overcome

Kern, S. C., Peifer, K., Touhill, G., Campbell, D., Covert, E., Hancock, G., Holden, R., Porous, A., Rudramurthy, V., Sighn, A., Sveinsdottir, R. M., Teo, J., Valencia, G., & Valiyani, S. (2013, March). Senior cyber leadership: Why a technically competent cyber workforce is not enough. Ashburn, VA; The Cyber Security Forum Initiative.

Khanna, R., Guler, I., & Nerkar, A. (2016). Fail often, fail big, and fail fast? Learning from small failures and R&D performance in the pharmaceutical industry. Academy of Management Journal, 59(2), 436–459. https://doi.org/10.5465/amj.2013.1109

Luo, Y. J., Li, Y. P., Choi, J. N., & Du, J. (2020). Visionary leadership effectiveness: Moderating roles of power distance and middle-way thinking. Social Behavior and Personality: an International Journal, 48(12), 1–12. https://doi.org/10.2224/sbp.9593

Middleton, J., Harvey, S., & Esaki, N. (2015). Transformational leadership and organizational change: How do leaders approach trauma-informed organizational change… twice? Families in Society: The Journal of Contemporary Social Services, 96(3), 155–163. https://doi.org/10.1606/1044-3894.2015.96.21

--

--

Edwin Covert

Cybersecurity, guitar, jazz, bourbon, rye, enterprise security architecture, current trophy husband. CISSP-ISSAP, CISM, CRISC, SCF, PMP at www.edwincovert.com