By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept

How To Approach Cybersecurity Like a Leader

Nate Ginter
Posted on
July 2, 2025

Nate Ginter your friendly neighborhood security guy here, and today I'd like to help you keep from bumping into cybersecurity issues by stumbling around in the dark. There is a clearly marked light switch right in front of us that most leaders don't take advantage of for their organizations. It's called a security framework, but more about that in a minute...

As someone who has been working in the information technology sector for almost 20 years, I’m asked regularly about whatever trend is currently making the most headlines. Every time a new trend is catching heat in the news, it will generally start to appear multiple times a week in conversations with friends or clients. Questions about “cloud” or “crypto” have given way to being asked about “AI” or “quantum” computing recently. People ask about potential threats, or if I have a favorite flavor of these technologies which is totally understandable. Ultimately, folks want to know if it is safe or cost effective to adopt a new technology in their organization.

People want to know their organization is safe from cyber threats. The term “cybersecurity” conjures a nebulous range of topics as broad as the term “IT” itself. It is only natural that many leaders don’t feel as confident in their understanding of cybersecurity as they might in the realms of accounting or personnel management. This leadership expertise gap is compounded by the reality that most decision makers in an organization only interface with the concept of cybersecurity when they are being sold specific products or services. Frighteningly, the only time most organizations pay CLOSE attention to security is after a breach or technology disaster.

The best outcomes come from planning, and cybersecurity is no different. I am very fond of the phrase “what gets measured, gets managed.” You do not need to be a technology expert to understand such a simple concept. Leaders have an obligation to know HOW to approach cybersecurity for their organization. The good news is that very smart people in both the public and private sector have been working on guidance for this exact purpose over the last 3 decades.

In the security sector, a framework is a set of standards and practices your organization should take to secure itself. If you are in the medical field, you have likely already heard of HIPAA. Most folks who accept credit cards have had to deal with some level of payment card industry requirements called PCI DSS. These frameworks lay out legally binding security requirements and come with a range of penalties for non-compliance. The important part is the guidance that they offer on what practices will yield the best results for protecting data.

The National Institute of Standards and Technology (NIST) has created incredible resources for organizations of all shapes and sizes known as “Cybersecurity Framework 2.0” or NIST CSF as it’s commonly known. From how to assess your current posture, to specific long-term processes and practices, it is as close to a comprehensive guide to approaching organizational security as you are going to find. They even have a quick start guide to get you on your way written specifically for the SMB sector as us small business folks often lack the technical resources of enterprise level counterparts.

Be a secure leader. Choose a framework and follow it. Assess your progress regularly. Know you will have gaps, but it’s better to know them so you can plan to address or offset them. “What gets measured gets managed.” I’m always excited to talk to my fellow LSPetians ™, find me on LinkedIn and I’ll be happy to help get you pointed in the right direction if you have questions.

NIST CSF 2.0 Quick Start Guide:

https://www.nist.gov/publications/nist-cybersecurity-framework-20-small-business-quick-start-guide

See All Blogs
Blog Categories:
Self Growth & Leadership