Career Advice Tuesday – “Circumventing the Chain of Command”
June 8, 2010
Dear Infosec Leaders:
The time I’ve been with my company, I can absolutely state that I am very comfortable interacting with my boss. The only challenge I and several others in my department have had with him is his ability to do what he says he will do. This behavior has unfortunately spread to other areas that rely on his support and leadership and have also started to complain about his lack of leadership, support and strategic engagement.
On several occasions I have tried emphasizing to him (note that I have stressed this in the collective vs. pointing him out as the sole problem) that people are not happy with our department as a service provider to the company due to a lack of execution. He also received his leadership survey results a few months ago which made him feel very bad but he saw it through and tried to make some changes…the changes lasted for a few weeks then started to dwindle again.
Recently I felt trapped as I started to get a lot of heat from the rest of the business and decided to finally go to my boss’s boss (my second level manager) and asked him for advice and hopefully provide some advice and guidance to my boss to finally rectify these issues. My intentions were purely supportive and not vindictive in any way.
At this stage my second level manger has decided to be straight with my boss and tell him that his own department had expressed concerns about his lack of execution (which makes me nervous but understand he needs the feedback directly) which mirrors other complaints he (my boss’s boss) has received from the rest of the company. I know this is the right thing to do, but wonder if it was the best thing to do…it had to be done, otherwise my boss (who I think highly of as a person) would eventually fail which none of us want for him.
Did I do the right thing by eventually going to my second-level manager?
Look forward to any thoughts you may have for me.
“Over His Head”
Dear “Over His Head”:
We appreciate your question, but it can be interpreted to mean two different things, so allow us to address them in this manner – and rephrase the question.
1) As it relates to the effectiveness of our information security function, did I do the right thing by going over my bosses’ head?
If this is the reason for your actions then we would be inclined to confirm your actions and assert that you did do the right thing. It appears that in listening to your situation that your direct manager is a nice guy, but he an ineffective leader, and is in the process of losing his team. Going to your “second level manager”, to make them aware of the situation probably will have a positive impact on the security of your company’s information, and may provide your direct manager with the chance of saving their job. However, it appears that from what you have explained, it is recognized throughout the company that he is not capable of leading the information security organization, it is my feeling that his days may be numbered, independent of your actions.
2) Did I do the right thing by my manager, by going over his head, and speaking with my second level manager?
The answer to this question is clear, NO! I do believe that by circumventing your boss and going over his head, will have consequences for both you and your boss in the context of your current organization. As it relates to your boss, your circumvention of the “chain of command” reveals his inability to lead your organization and communicate with his team. I think that if I was your manager, I would be looking for another position.
In addition, I believe that your manager will have a difficult time in trusting you in the future. If he remains with the company in his current capacity he is most likely going to be very cautious about what he exposes you to and he may likely be very careful about the opportunities for professional development that he makes available to you. I also believe that there could be some backlash from both your team members (who may not have endorsed your actions) and potentially from your second level manager, who may question your ability to address a problem and arrive at a solution without going outside the chain of command.
Now if your concerns were on target and undeniable, then you may not have an issue, however if it is determined that they could have been resolved in the course of standard business practices, your second level manager may question both your judgement and intentions for handling the problem the way that you elected to. He may even think that he better watch himself in his actions, or you may go to your third level manager (his boss) to criticize his ability to perform his role.
I believe that in the course of our daily work we are faced with certain decisions that will impact both our personal and professional relationships. Without question, you should be lauded for the sense of responsibility that you have to protecting your company’s information, however you should also think real hard if you did everything in your power to settle the issue the correct way, as opposed to the path that you ultimately decided to pursue.
If you are comfortable with both your decisions and your motivations, then you have your answer to your question.
In closing, independent of which question you intended to ask, I believe that ultimately, in this situation one of two things have to happen – either your manager leaves the company, or if they remain, you begin to look for another position working for an information security leader that you can believe in and respect. I do not believe that your working relationship will be the same and I believe it will be difficult for either of you maximize your effectiveness in your current roles.
Hope this helps,
Mike and Lee