On 18th September 2025, the Future CISO Connections event, organised by LSZ, took place in Hamburg. Our CISO Vicky participated in an experience roundtable, where she spoke about cybersecurity leadership and team commitment. In this guest article, she shares her insights.
This was the Future CISO Connection Event 2025 in Hamburg
In a session with executives from across Germany, we discussed how leadership in security teams is changing – especially in international remote teams that work under high pressure and must simultaneously build trust and motivation.
The topics of replaceability, planning cycles and operational vs. strategic focus in particular sparked a lively discussion. The insight: Context is key! Every company or security team needs leadership that can adapt to the respective conditions.
Why cybersecurity leadership must be rethought today
Security teams operate in an environment that is characterised by particular challenges:
- Speed & pressure: Incidents (events that threaten or compromise the confidentiality, integrity or availability of an organisation’s data or IT systems) can happen at any time.
- Invisible work: Successes often remain in the background; only what goes wrong becomes visible.
- Diversity in teams: Different generations and cultures come together – with varying expectations of leadership.
The classic command and control approach no longer works here. And for me, as CISO at Kaufland e-commerce, it is clear that we must create spaces in which people want – not just have – to take responsibility.
Four ideas for modern leadership in security teams
1. Living transparency
Transparency is the foundation for successful cybersecurity leadership. Only those who are informed can take responsibility. I always share decisions, outcomes of meetings and even impressions from conferences with my team afterwards. This openness creates trust and enables independent action. This is a key factor, especially in remote teams like ours. Diverse communication across all possible channels creates a feeling of closeness and trust.
2. Combining strengths
Leadership means seeing people as a whole. Instead of compensating for weaknesses, teams are put together in such a way that strengths complement each other. Personality models such as 16 Personalities help to consciously assign roles. This does not mean that everyone takes on everything, rather that each person handles the work that suits their individual abilities. This approach is perfectly in line with our company principle of “Raising the Talent Bar” and enables every team member to reach their full potential. This is an important factor for sustainable team commitment, which I always keep in mind in my work.
3. Handing over responsibility
My motto is: “I want to make myself replaceable”. This is not a withdrawal, but rather an aspiration to set guidelines and allow decisions to be made as often as possible within the team.
And for anyone wondering, “What does a CISO do when they make themselves replaceable?”, my answer is: “I want to make myself replaceable for the problems I already know about and understand today, so that I have time to deal with the problems of tomorrow”.
In my team, tasks are prioritised in three-week planning cycles with clear acceptance criteria, as well as dailies and check-ins. This allows us to remain operational as a security team, especially during holidays, illness or business trips. It also actively promotes independence and a sense of responsibility among my team members.
4. Small gestures with a big impact
Team commitment is not only created by grand strategies, but also by small gestures in everyday life. Something that has become commonplace in our Information Security Team: emojis are an integral part of communication. The palm tree emoji 🌴 is particularly influential: it either signals someone is on holiday – or it can mean “Make decisions as if I (the manager) were on holiday”. This makes trust and personal responsibility visible and reinforced, especially in our remote setting.
The takeaways from Hamburg are clear: Future-proof cybersecurity leadership is based on transparency, trust, a sense of responsibility and a clear focus on strengths. Small everyday signals contribute just as much to success as structural processes.
My personal conclusion: If we succeed in seeing people not just as resources, but as whole individuals, it fosters commitment – and that is precisely what we need in security teams.