Mind the Middle – Cyber Defense Magazine

In an era where digital threats can cripple a business overnight, where threat actors can use AI to customize and automate attacks at scale, and where enterprises face constant budget pressure, CISOs are asked to do more than ever before. They are accountable not only for protecting systems and data but for cultivating a culture of vigilance across the organization. Yet, amid the firewalls and frameworks, one vital element is often overlooked: the frontline IT Manager.

Many IT managers, especially those newly promoted, are thrust into leadership roles without the training they need. Yet, they are the operational backbone of any cybersecurity strategy. They manage the teams responsible for system administration, patching, endpoint protection, logging, and access control. They turn policy into practice and strategic intent into day-to-day action. When they falter, the consequences can extend far beyond system downtime.

Most IT managers aren’t trained for the combination of technical, operational and leadership pressures they’re expected to navigate. They’ve earned their roles through technical excellence but often without the management or leadership experience needed to succeed. They know how to configure group policy but not how to resolve team conflict. They can script an automation routine but struggle to delegate effectively. In a world where cybersecurity readiness increasingly demands cross-functional coordination, rapid decision-making, and trust with and across teams, we can’t afford to leave these managers behind.

That’s why, now more than ever, we must invest in the next generation of IT and security leaders.

Turning Policy into Practice

Most cybersecurity programs live or die on execution. A well-written policy is meaningless if the patching cadence isn’t enforced. A defense-in-depth program breaks down when help desk tickets for MFA resets languish for days. CISOs understand this, yet too often, they lack the visibility into the middle layers of IT – the managers who control daily workflow and priorities.

New Managers often struggle to reconcile their past as hands-on technologists with the demands of their new leadership roles. This change is more than a shift in responsibilities; it’s a redefinition of identity. For years, managers were measured by their ability to solve problems directly. Now, success depends on building teams and coaching others to resolve issues efficiently, securely, and at scale.

Every IT decision has security implications. Whether it’s provisioning access for a contractor, delaying a patch to avoid downtime, or choosing not to enforce password complexity and MFA because “it’s annoying,” these daily micro-decisions shape the organization’s risk posture. If IT managers don’t have the training to think systematically, prioritize risk, and lead effectively, they can’t help their teams do it either.

Members, Methods, and Measures

In my work with IT managers across the public and private sectors, I’ve found that effective managers succeed because they know how to guide people, shape processes, and track results. That’s the essence of the Members, Methods, and Measures framework.

Let’s start with Members. Security is social. It thrives on collaboration and trust, and it depends on well-functioning teams: system engineers who talk to developers, help desk agents who escalate what matters, and analysts who trust their instincts. But many IT teams operate in silos, hampered by poor communication, weak accountability, and eroded trust. New managers often inherit these dysfunctions, and without the proper support, they unknowingly reinforce them.

CISOs who want better operational outcomes need to look beyond technical training and invest in people leadership. Help your IT managers learn to conduct effective one-on-ones. Teach them to coach, not just correct. Encourage cross-training and build space for shared learning. You won’t turn every manager into a security expert, but you can give them all the tools to lead teams that make good decisions, collaborate effectively, and execute consistently.

Then there are Methods. These are the practices and workflows that structure how work gets done. Is work flowing as intended or is every process a patchwork of tribal knowledge and kludgey workarounds?

Many operational routines evolve by accident. They’re often shaped more by habit, legacy tools, or personnel turnover than by intention. But security depends on discipline and clarity. New managers need support to design processes that are secure from the start, and they need guidance to improve those processes continuously, not just in the aftermath of a security incident.

For CISOs, this means looking closely at how work is operationalized. Are security expectations embedded in daily routines? Are there bottlenecks or ambiguities that increase the likelihood of human error? When you empower your managers to shape secure methods and give them the autonomy to fix broken processes, you reinforce security at the foundation.

Finally, we come to Measures. In cybersecurity, we rely heavily on metrics: mean time to detect, patch velocity, incident counts, and phishing click rates. These are important indicators, but they don’t tell the whole story. What’s often missing are the measures that reflect how well our teams function: onboarding speed, workload balance, and the frequency with which team members raise security concerns without prompting. These human-centered indicators may not show up on a dashboard, but they profoundly impact long-term security outcomes.

Burnout, turnover, and misalignment lead to mistakes. And mistakes are the leading cause of data breaches. According to research from Stanford University, 88% of data breaches are caused by human error. If CISOs want to understand their true risk exposure, they need to measure not only how their tools are working but also how their teams are doing. Train and empower managers to track team health, work distribution, and process adherence. To build better resilience, help them make measures more meaningful with fewer vanity metrics and more actionable insights.

The Leadership Gap You Can’t Ignore

In many IT shops, a quiet crisis is unfolding. There’s a leadership gap that threatens execution and security alike. Brilliant technologists are being promoted into management roles with no roadmap. They’re expected to mentor others, align execution to strategy, manage vendors, respond to incidents, and keep up with the relentless pace of change. And to do it all without formal training. In fact, according to Gartner, 85% of new managers receive no formal leadership training, often stepping into management based solely on their technical performance rather than their leadership readiness.

For a lot of CISOs, their focus naturally drifts up – briefing the board, preparing strategy decks, performing architecture reviews. But some of the most important decisions are happening lower in the org chart. We need to start with the frontline. That means finding the managers doing the work, talking with them, and understanding what they need. Give them the support, structure, and coaching that helps them lead.

Because, at the end of the day, technology doesn’t run itself. The people behind the technology—patching systems, resolving incidents, making tough judgement calls—will determine whether your environment is truly secure. And the quality of those outcomes starts with the quality of their leadership.

Frontline managers turn your security strategy into reality. If we want stronger security, it starts with building stronger managers.

About the Author

Thomas E. Armstrong is an IT executive specializing in business transformation, digital innovation, and enterprise architecture. With leadership roles spanning global firms like Deloitte, IBM, and PwC, he has helped top organizations streamline operations, enhance customer experiences, and drive strategic growth. Currently the Director of Strategy and Enterprise Architecture for the State of Connecticut, Tom also teaches IT at the graduate level. He holds degrees from Georgetown, Quinnipiac, and Fairfield University, along with certifications in cloud computing, IT service management, and enterprise architecture. His book, Members, Methods, and Measures: Unlocking the Secrets of IT Leadership, is due out this fall from CRC Press. When he’s not tackling complex IT challenges, Tom enjoys life in Connecticut with his golden retriever, Doug. Tom can be reached on LinkedIn at https://www.linkedin.com/in/thomasearmstrong/