Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

What Editing Crosswords Can Teach Us About Security Leadership

When security leaders look for mistakes, they often find them before customers do.

Joshua Goldfarb, Field CISO

January 10, 2022

4 Min Read
Crossword puzzle, cup and saucer on a table top.
Source: imageBroker via Alamy Stock Photo

Recently, my wife began constructing crossword puzzles for a newspaper. As one of her puzzle editors, I've learned that solving a crossword and editing a crossword are two very different things. It may not surprise you to hear that I believe we can learn important lessons about security leadership from this.

In that spirit, here are five important lessons about security leadership that we can learn from editing crosswords.

1. Know Your Audience
When doing a crossword, we are generally focused on ourselves: whether we are enjoying the puzzle and how we can most effectively solve it. When editing a crossword, however, we must think about others — namely, the target audience who will do the crossword puzzle. What is the target audience for the puzzle? What general or common knowledge might they have? What level of difficulty is appropriate for them? These are among the many questions we need to have top of mind as we work through and edit the puzzle.

The same is true when it comes to security leadership. As an individual contributor, we have to focus on what we need to do and how we can most effectively complete our work. In a leadership position, however, we must think of others. We need to understand who the target audience is for our work and what is important to them. We need to learn how to prioritize work and focus on the limited resources we have. We need to know what matters to our team members and what we can do to make them most effective. These, among other thoughts, should be top of mind for a security leader.

2. See Through the Eyes of Others
When editing a crossword, we need to be able to view the puzzle through the eyes of others. What will the readers understand? What will they find fun? What are the right clues for them?

Security leaders face an analogous challenge. For each and every effort, initiative, and project in the security organization, there are a number of questions that the leader needs to pre-emptively ask. How will this be received by those in charge? What is going on elsewhere in the organization that will influence the way the message lands? Where are executives and other stakeholders coming from, and how will that influence the conversation?

3. Look for Mistakes
When editing a crossword, we need to be on the lookout for mistakes. We do this not to criticize, but rather to help improve the puzzle.

Similarly, a security leader always needs to be on the lookout for mistakes — not to criticize the team, the security organization, or the business, but rather to help improve the organization's overall security posture. When security leaders look for mistakes, they often find them before executives, stakeholders, customers, or partners do. That helps the organization stay ahead of potential security issues and challenges. The result is a more secure organization.

4. Think Long-Term
A good crossword editor will be on the lookout for future puzzle ideas. These suggestions can help the puzzle author and yield better puzzles down the line.

Similarly, a good security leader needs to look out for future tasks that need to be done before those tasks come down as imperatives from outside the security organization. That means constantly taking lessons learned and understanding how to apply them going forward, often several quarters in advance. It means staying focused on where the security organization needs to go strategically, even though it may be all too easy to get distracted by operational and tactical emergencies and crises that pop up day after day.

5. Learn Through Action
My wife and I both learn about the crossword as she observes me editing it and completing it. She watches many things, including how I approach the puzzle, where I initially break into it, how I navigate through it, my body language and reactions as I complete it, and many other aspects. There really is no replacement for learning through action.

Similarly, security leaders also need to learn through action. The astute security leader will ride along with people who have various roles within the security team. They will do this in order to see which processes work versus which ones need an overhaul. They will seek to understand which tools are useful and helpful as opposed to those that frustrate and work against the security team. They will also want to internalize how teams work together and whether certain team members may need a bit of an attitude adjustment for the security organization to function optimally. There is really no substitute for this experiential learning for a security leader.

As security leaders, we can learn a lot from editing a crossword. The bottom line is that security leaders who think about their teams, their security organizations, and the security postures of their respective organizations will do far better than those who think largely of themselves. It is better to give than to receive, and security leadership is no exception.

About the Author

Joshua Goldfarb

Field CISO, F5

Josh Goldfarb is currently Field CISO at F5. Previously, Josh served as VP and CTO of Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team, where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights