• Phil Venables

The Art of Influencing

A critical measure of success for most security roles is the ability to influence. I’ve often found people think influence skills are innate - you have them or you don't. But, as with most “soft skills”, they can be learnt. Here are some:

  1. Be very clear on the outcome you want. Write it down in a clear way. I love the Amazon press-release technique. If you cannot clearly state what it is you want then you’ve no chance of influencing others - except in a bad way.

  2. Understand the current situation: data, motivations, people, and environment. Do some research to find out as much as you can about the “system” you’re seeking to change. Often, what you want to do will have been tried before in various ways that you can learn from. One of the anti-patterns of influence are people new to an organization who can’t believe everyone is so dumb as to not fix something without finding out people have been working like crazy to do just that - but there’s a whole iceberg of issues under the surface.

  3. Understand the “forces” that keep a situation current. Don't be frustrated at something not changing. Instead, be amazed - in a complex world - that a situation is not already changing. Develop a better understand of the forces and counter-forces that keep it that way. Sometimes, if you want change something, the best thing is not to add more force, but rather remove a head-wind. There’s a great part of Kurt Lewin’s work in social science called Force Field Analysis that is worth reading up on.

  4. Use thinking tools to find the core of an issue - increasing the depth of your insight shows your commitment to the goal and also educates and improves those around you. They’ll remember you for that. Look for power laws (where 80% of outcome can come from 20% of work).

  5. Plan the change of mindset. To influence is to cause a change - that often needs some change of mindset or priorities. This needs planning, like a campaign with the messages and medium orchestrated across the right people, moments, venues and governance constructs. For example, if you’re going into a committee/management group with a proposal and you don’t have high confidence that all in that room are going to support you, then you’ve not done the prep and campaigning needed to get people on side. Understand the social archeology of an organization. Put yourself in the shoes of the people who will be affected by your proposal. Know who influences the decision makers, many have a trusted lieutenant, perhaps now in another part of the organization - get to them.

  6. Communicate - in person and in various internal media. Appeal to people’s motivation and objectives. Find ways such that what you want will also help provide adjacent benefits or satisfy the commercial goals of the people whose help you need. Incidentally, in my experience, even if your case for adjacent benefits is not totally compelling the other person will appreciate you trying and be more likely to help. Use behavioral science techniques in how you communicate (e.g. social proof, story telling, branding).

  7. Present the message clearly and effectively - be precise and capture people’s imagination. Be as simple as possible (but not dumbed down). Be persistent - some problems are not ready to be solved - so be ready to re-present when the time or circumstance is ready. Have a “library” of proposals ready to go when you’ve had close-calls or incidents. Refine/practice your pitches. There’s nothing so frustrating for a senior decision maker (or anyone for that matter) to see people who have obviously spent zero time refining/rehearsing.

  8. Execute on your commitments. Establish credibility that people can trust you to get things done, on time, in budget and with care and attention for being a good team member. This is a force multiplier for you to influence in the future - you’re a good bet.

Bottom line : if you want to drive change you need to influence people. There are many techniques to do this, but the best meta-technique is to reflect on what works on you and when others have failed with you - adapt accordingly.

356 views0 comments

Recent Posts

See All

The Actual Cybersecurity Workforce Challenge

We continuously hear about the millions of unfilled cybersecurity roles, although I’ve yet to see a study that actually supports that near-constant claim. From this we are driven to believe the only a

Relationship Management for the InfoSec Program

A key part of any security leader's role is relationship management. In my experience this is another one of those leadership skills that people seem to fall back on instinct a lot of the time. Howeve

Leadership, Business, Security and Risk Reading List

This is my list of favorite books across the various professional disciplines I’m interested in. I have a set of favorite books that are not professionally related but I won’t presume you are interest