by Carl W. Hunt, Walter E. Natemeyer and Chuck E. Hunt
Leadership in cyberspace is hard work and leaders need every edge they can get to succeed in the Information Age. In the past five posts, we’ve presented the major components of a system for adaptive leadership and power that can synergize to produce a better likelihood of organizational success in cyberspace. Interacting and working together, these leadership components produce a greater effect for secure cyberspace operations (SCO) than any technology available to us today, as well as minimizing the threats that cyberspace offers.
Moreover, combined effectively with technology, adaptive leadership and power (ALP) offers organizations even better opportunities for success. ALP, application of good cyber intelligence and risk management, paired with increasingly good technology, will act in concert to make secure cyberspace operations feasible and profitable. 
As Raymond Kelley, New York City Police Department’s longest serving Commissioner recently pointed out “…cyber is interwoven into everything that we do, so if you’re hit by a terrorist attack or natural disaster, cyber is going to play a role in some way, shape or form…(and) if it doesn’t come from the top, chances are (cybersecurity is) not going to be adopted or certainly not going to be interwoven.”  Only leaders and adaptive leadership can make ALP-SCO happen as an integral part of secure organizational operations.
Before we wrap up this series on ALP-SCO with a review and conclusions, we want to offer a couple of contrasting example vignettes, or narratives to show the differences in operations before the pervasiveness of cyberspace and what we face as leaders in 2016 and beyond. Even today, too many leaders still apply (or misapply) industrial age leadership to information age challenges and opportunities.
Mismatch of style and process is an area of emphasis for ALP-SCO. We want to demonstrate how the major components of the ALP-SCO model converge to help avoid or at least mitigate mismatch. We want to narratively demonstrate what we hypothesize will be measurable improvements brought on by more effective and secure operations in cyberspace.
In the first narrative, we’ll describe “the good old days” of operating in the world before we started connecting everyone to each other and everything else that could be connected. This is the world of Simple and Complicated environments that we described previously, and to which earlier forms of leadership and management principles applied adequately.
The second narrative will be split across this post and the final, concluding post to cement what we mean by operating in Complex and Chaotic environments like those presented in today’s manifestations of cyberspace. We intend to show how leaders may still rely on good old fashioned leadership approaches to adjust to new challenges and situations that cyberspace introduces, but update their styles and processes through more adaptive forms of leadership and power. In other words, we want to help leaders avoid mismatching their leadership approaches to the challenges their followers and organizations face in cyberspace.
Narrative 1: SCO in Simple and Complicated Environments
Remember the days when “all employees really needed” was to make sure their firewall and antivirus software were up to date and they changed their passwords every few months or so (if indeed they used passwords)? That was a time of simple network environments. Cyberspace was a reality but few were aware of it as an operating environment.
The pioneering “IT staff” had the lion’s share of the responsibility for reliable and safe network access and they only reported to the C-Suite when they had a problem or were asked for budget input.  The operational bosses concentrated on the bottom line and taking care of customers (or the government and academic equivalents). There was nothing more important than staying competitive, establishing new markets and making more money.
Yes, those were the days, weren’t they? We upgraded our PCs and network components based on an IT budget and life cycle that was simply one, sometimes minor, line item in the organizational budget. Depending on the size of the organization’s network, it could also be a complicated environment because it was tougher on the IT department to make sure all those software updates and faster printers were implemented in a timely manner. Information flows were relatively transparent.
During those “halcyon days” of early intranetworks and simple office automation, leaders focused on the productivity gains that fax machines, teleconferences and face-to-face meetings offered; email was only a toy to share jokes around the office. Disruptions to business processes based on network outages were few or had minor effects, and the work-arounds were well tested because they were the standard prior to the rise of the early PCs and networks.
Leaders oriented to the early cyberspace environments in much the same way they did before IT became the common and pervasive operating environment of organizations. Connections were clear to see, typically manifested in org charts and telephone directories.
As we wrote in “A Walk-Through for Applying Leadership Orientation Domains,” effective leaders could visualize these connections using tools that were available to them for decades before. Causes and effects were fairly observable and the “remedies” for low follower readiness and motivation were tested by time. Risk Management techniques were similar to what they had been for many years, consisting of standardized training and operating procedures, rarely changing organizational missions, and laws and regulations that reflected still-current industrial age conditions.
Dare we say Risk Management was easy or at least straightforward before the rise of the Information Age and the massive connectivity of cyberspace?
In the early days of office automation and the beginnings of the Internet (the interconnecting roots of cyberspace), leaders were already beginning to question the wisdom of standardized industrial processes, however. Frederick Taylor (Scientific Management), Fritz Roethlisberger (Hawthorne Experiments) and the direct application of military leadership principles to civilian organizations probably sounded great when they were initially introduced to leaders and managers (perhaps based on Machiavelli or Clausewitz). 
But, as followers understood through a newly connective mass media what was happening outside their own organizations and behaved in a less “scientific” manner (e.g., predictable), things were changing. Leaders and managers also began to question the scalability of the original “scientific leadership” principles in an increasingly connected and complex world. Looking to the past for leadership inspiration wasn’t working as well as before the rise of cyberspace…a different world was descending upon all of us.
Leaders intuitively knew there were more and more mismatches of style and process. Enlightened leaders found they needed to reorient themselves to the realities of a changing, more connected operating environment.
Fortunately, this was about the time John Boyd introduced new thinking in his OODA Loop model, and leaders could begin to look at innovative ways to consider the rise of cyberspace as an organizational operating environment and orient to the challenges it presented. As we’ve seen, Boyd’s work was starting to influence leadership thinking in the connected age, but leaders needed still more. Hence, our introduction of Adaptive Leadership and Power for Secure Cyberspace Operations.
Figure 1 reviews the basic elements of Leadership Orientation Domains, Adaptive Leadership and Power characteristics and OODA from earlier discussions.
Narrative 2: SCO in Complex and Chaotic Environments
Situational Leadership, using OODA to orient to operating domains and even understanding and leveraging power and influence in cyberspace are useful concepts to be sure. But if used independently of each other mismatches and reduced leadership effects are still a danger. Failure to allow these components to synergize ensures that leaders will find it harder to orient to the challenges of the very complex and even chaotic world cyberspace imposes on the organization that must work within it.
When it comes to leaders and followers orienting to cyberspace as the predominant operating environment for business, government and academia, it’s worth heeding the words of Kevin Kelly, subject of one of our blog posts last year: “No matter how long you have been using a tool, endless upgrades make you into a newbie—the new user often seen as clueless. In this era of ‘becoming,’ everyone becomes a newbie. Worse, we will be newbies forever. That should keep us humble.” 
We’ll not only be newbies, we’ll lead like newbies to followers that look to us for inspiration and motivation. That’s a failure of leadership! Leaders and managers operating in cyberspace have to do better than being overwhelmed like newbies.
Today, we are still advised to do Risk Management similar to the ways we did it before cyberspace. In reality though, only the risk management prescription terms have changed to reflect new technologies, not new approaches to leadership.  Risk management is a leadership responsibility and it has to be articulated in terms that reflect leadership and inspire effective followership. Poor Risk Management is a failure of leadership, also.
So, let’s apply a bit of Boyd’s OODA Loop integrating our self-understanding of heritage, culture, analysis and synthesis abilities, previous experiences and new information inputs, as Boyd wrote. Let’s say that this orientation indicates that we are operating in an environment in which cause and effect are obscured by the highly interconnected nature of cyberspace.
Let’s further say that nothing in the current risk management approach for our organization is effective in dealing with attacks on our networks, and we conclude that we are indeed operating in a complex environment. As leaders, we come to realize we are mismatching leadership style to follower readiness and the organizational environment.
Half of the battle is won as we reach these conclusions: we are at least oriented to the environment we face as leaders. We now understand that simple, rules-oriented and best-practice approaches operating in such a complex environment are no longer suitable. How do we proceed? How does ALP-SCO help us?
Well, not to spoil our conclusions as we wrap up this series, we’ll use this setup to defer to next time. The next and final post in this series will address how we synergize the components of ALP-SCO to understand where we are in cyberspace, how we better operate in a more secure fashion and how we avoid mismatches of leadership style to followership readiness and organizational environment conditions.
Until next time!
Originally posted on 9-13-2016.
 We haven’t written a lot about the importance of open-source cyber intelligence, available to all, is to ALP-SCO. It is an important ingredient of agility and adaptation for secure cyberspace operations. Many of the sources of cyber intelligence for this blog post series are taken from Threat Brief, a daily recap of cyberspace and terrorism threats.
 Warren, Z., “Cybersecurity ‘Has to be Everyone’s Problem’ Says Former NYPD Police Commissioner,” LegalTech News, 8-22-2016, accessed 8-30-2016.
 Remember these early “IT staffers” were likely to be the ones who were early adopters of technology at home; they were the ones who bought the Radio Shack TRS-80 or Commodore VIC-20 computers to fool around with. These folks at least had learned enough computer lingo to tell the difference between a RS-232 serial port and a DB-25 parallel port.
 Kelly, K. The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future (Kindle). Penguin Publishing Group, 2016, Kindle Edition locations 178-180.
 Caspi, G., The H Factor – Why you should be building “human firewalls”. “Cybersecurity risk management procedures can include providing employees with a VPN to avoid the risk of them using public Wi-Fi when they work outside of the office; prohibiting the use of personal social media channels to communicate with colleagues or clients about work-related correspondence or information sharing; mandatory periodic password changes; tracking apps on devices to protect from loss or physical theft; a theft hotline procedure with remote-deletion tools in place, and more.”