One of the hardest things as cybersecurity professionals we run into is really having a clear understanding of how, not only where we fit within the larger organization, but also how we fit within the cybersecurity tower itself.  We often feel a high degree of imposter syndrome because we simply do not really understand where our positions fit. We all want to be the technical expert, the “go-to” person and can quickly become overwhelmed and burnt out.  As managers and senior leaders, we are often leading teams doing work that might not have even existed when we were coming up and, in all likelihood, are not remotely qualified to do that work.

This is where knowing your role comes into play. Most of us have heard of the People-Process-Technology Principle. Everything you do in an organization has some mixture of those 3 things. What I have done is align PPT with the very basic roles.

At the top you have the Director/CISO/CIO level. Here, your focus is largely on the "people and process" You care about the tools in that you care that the tools meet the needs, but you aren't the Subject Matter Expert (SME) anymore. You are operating at the strategic level, looking at policy, developing capabilities, governance, risk and compliance requirements, shaping the direction of your part of the organization not just today, but next year, and 5 years from now. Providing guidance and direction down to the next level on how to make those goals and requirements happen. I like to think of this as the 50-mile wide and 1-mile deep section. You will know a lot about a lot, but know you are not the SME and should rightly lean on those that are to help inform you.

“You are operating at the strategic level, looking at policy, developing capabilities, governance, risk and compliance requirements, shaping the direction of your part of the organization not just today, but next year, and 5 years from now.”

At the other end, you have the Individual Contributor. This level is the technical and tactical. Where the rubber meets the road. These are your SMEs on tools and actually doing the day-to-day job. They may lead a project or team but generally are focused on actually "doing the work." They support the manager level by executing tactical level objectives. Deploying tools, doing analysis, executing tasks. Here we are really looking at 20 miles deep, but only 1 mile wide. They know their area inside and out but might not understand the 10-thousand-foot view of how it fits in the bigger picture.

Now the middle level…Managers. At this level, things are really WILD! This is where Individual Contributor's start that transition from being the technical SME into being more operational. What does that really mean? It is supporting the direction from the senior cyber and business leaders above and putting into place the process and procedures for the Individual Contributors to execute. This can vary vastly based on the org with different duties depending on your exact role. The key here is that at this level, you are starting to take on a focus of people vs "doing the things."  This level is where the policy gets translated into actionable objectives.  Here is where your depth might start shrinking, but your breadth is going to grow significantly. You are starting to see the bigger picture come into focus like those 90's 3D posters.