Leadership Is a Service Job, Not an Authority Job
Ben Wilkens came up through trucking — literal trucking, as in driving tankers down icy mountain passes — before finding his way into transportation IT and eventually cyber. That blue-collar lineage shows up in how he talks about leadership. Strip out the buzzwords and his thesis is simple: leadership is not about being in charge, it is about removing roadblocks for the people doing the work. The cyber-specific twist is that you have to do that while also pulling security out of its silo and into the actual business.
The Equifax / Uber / Norse Hydro Triptych
Ben runs three case studies in sequence and the contrast does the teaching. Equifax's 2017 breach was a leadership disaster, but the new CISO with a $1.5B budget rebuilt the program from the ground up by integrating risk management into core business strategy — by 2023 it was being cited as a model. Uber went the opposite direction in 2016: the CSO disguised a $100K ransom payment as a bug bounty, made the attackers sign an NDA, and ate a $148M FTC fine plus personal consequences when it surfaced. Norse Hydro got hit with ransomware in 2019, refused to pay, restored from backups, and ran daily public broadcasts during recovery. They took a $60-70M hit and came out with more trust from customers and employees than they started with. Same kind of incident, three different leadership choices, three wildly different outcomes.
Deposits, Withdrawals, and the Project That Almost Broke Him
The most useful section is personal. Early in his career Ben took on an integration project after an acquisition, planned it down to the inch, and watched it collapse because he was telling people what to do instead of listening. His boss asked him two questions: just because you tell somebody, does it mean they heard you? And when was the last time you made a deposit? That is Stephen Covey's relationship-balance metaphor — every act of integrity, follow-through, and kindness is a deposit, every mistake is a withdrawal. Run the balance to zero and people stop seeing your intent, they only see the mistake. Praise publicly, coach privately, and listen more than you speak.
Make Friends With the CFO
The practical close is about translation. Security in a vacuum loses every time it collides with the business. The fix is to learn how money decisions get made in your org, ask the business what the keys to the kingdom actually are (Ben's friend in pro sports learned the answer was player biometrics, not the playbook), and then talk in business terms instead of security terms. Ditches get buried after they are dug. Most of the best security work nobody will ever see. That does not mean it was not a job well done.
Who Should Watch
New or aspiring security leaders, GRC folks trying to escape the silo, and senior analysts thinking about the management track. Anyone who keeps getting frustrated that the business will not listen — Ben's argument is that the business is not the problem, the translation layer is.