Where Is My Crown? The Leadership Lessons No One Teaches You

Cybersecurity leadership has always lived at the intersection of crisis and credibility. Security executives are hired to solve problems, contain damage, and absorb pressure. What they are rarely taught is how to own the narrative around their own work, protect their capacity to do it, and build the kind of executive presence that earns a seat at the strategy table rather than only the post-incident war room.

Yinka Badmus has spent more than two decades in this work—at IBM, at Visa, at Equifax in the years immediately following its landmark breach, and now at Uber, where she leads the global risk and compliance function across teams in California, Washington, Amsterdam, and India. Across all of that, five principles have shaped how she leads, how she shows up, and how she has come to think about influence, resilience, and reputation in the field. What follows are the five.

Nobody Is Going to Crown You

The bluntest of the five comes first: no one is going to walk into a security leader’s office and hand them recognition for the breach that did not happen, the system that did not fail, or the audit that closed cleanly. In cybersecurity, visibility is something that must be built deliberately, because the nature of the wins is that they are invisible by design.

Security professionals tend to undermine themselves before anyone else gets the chance, opening conversations with disclaimers like “I’m not an expert, but…” or “you probably know more than me.” Those precursors quietly erode authority before the substantive point lands. The corrective, in this framing, is to communicate wins intentionally, articulate impact rather than activity, and trust one’s intuition as the domain expert one is.

One practical habit worth adopting is keeping a running wins log. Security work moves so rapidly that even the people driving it forget what they accomplished a week ago. Write it down. Share it upward and outward with frequency. That is not self-promotion — it is the raw material of influence, and without it the story of the function gets written by people who do not understand it.

Create Your Own Weather

This principle borrows from Simon Sinek’s Golden Circle and applies especially well to security leadership: chaos thrives wherever a leader has not clearly defined the why behind a program. In the rush of incident response, audit cycles, and board reporting, most security leaders are fluent in articulating what they are doing. But the why is what inspires confidence, drives adoption, and unlocks the authority required to move cross-functional stakeholders. When the why is clearly understood, people follow. When it is not, the leader is dragging them.

Creating one’s own weather means refusing to let the external climate—AI disruption, layoffs, geopolitical pressure, and an unrelenting threat landscape—dictate how a leader shows up. The world outside the function is going to do what it does. But within the boundaries a security leader controls, the operating tempo, the priorities, and the values are theirs to set. They are deciding what kind of room their team gets to work in.

Empathy is the multiplier here. In a room of competing agendas, seeking first to understand the other side’s concerns is often the only way through resistance. The CISO’s priorities are not the business’s priorities, and that is not a problem to be solved—it is a reality to be navigated. Almost every cross-functional impasse, in this framing, gets worked through by listening longer than feels natural.

Be a Corporate Elite Athlete

Cybersecurity is among the most chronically depleting executive disciplines in the modern enterprise. It can be measured in burnout rates, in average CISO tenure, and in the physiological toll of always-on incident readiness. This principle, often internalized later in a career than it should be, reframes recovery: it is not a luxury, and it is not a weakness. It is a strategy. Sustained performance requires resilience, and resilience requires deliberate replenishment.

“If it’s not on my calendar, it doesn’t exist.”

That is a rule worth living by—to the point of having an executive assistant schedule the breaks, because otherwise the day goes from meeting to meeting without stopping. Schedule recovery like a deliverable. Defend it like one. Identify what genuinely exhausts you and architect the week around it. For some leaders, that means declaring Mondays a no-meeting day for time to think, plan, and decide what the week is going to be, not to be pulled apart by it. Einstein played the violin and sailed because strategic thinking rarely emerges from a full inbox. The same is true in security leadership.

The underlying point is uncomfortable but unavoidable: you cannot pour from an empty cup. A leader running on fumes cannot guide an organization through the decisions that matter most. The company, the employees, the family — all of them are depending on the leader to lead, and no one leads from a place of depletion. Protecting personal capacity is not self-indulgence. It is the most fiduciary thing a security executive can do.

Start With Your Spirit

Early-career professional development often centers on fixing what is wrong—close that gap, take this training, and work on this weakness. Many security leaders spend years trying to be someone they are not, with predictable results.

Authentic leadership flows from the core of who a leader is. Amplify the strengths. Manage the weaknesses, but do not build a career around fixing them. And let values function as the operating system that runs underneath every decision.

In security, this matters most in the moments that rarely make the highlight reel—the decision to disclose more rather than less, to escalate a finding the business would rather not hear, to advocate for an unpopular control, or to handle a workforce reduction with humanity intact. When external circumstances are outside a leader’s control—and in this field, so much is—values are what remain controllable. There are leaders who have had people thank them on their way out the door of a layoff, telling them that the way it was handled mattered. That is what running on values looks like.

Play the Long Game

Warren Buffett said it as well as anyone: reputation is built in moments, not milestones. It can also be destroyed in moments and take years to rebuild, if at all. For security executives, whose professional reputation is so often defined by what does not happen rather than what does, the long game is the only game worth playing.

Three things sit underneath this principle. The first is knowing one’s North Star clearly enough that every daily decision can be measured against it. From the moment a leader opens their laptop in the morning, every meeting and every call is either moving them toward their vision or away from it. A leader who cannot name where they are going cannot evaluate where they are.

The second is a legacy mindset — asking what the team will say about its leader five years from now. Is the leader building a team that will succeed them? What lessons, what values, are being extended into the people who report to them? How are they mentoring the next generation of the field? Those questions reshape the way a leader shows up today.

The third is intentionality — planning backward from the outcome a leader wants to create rather than forward from the noise of the moment. That discipline is what separates leaders who arrive somewhere meaningful from leaders who merely arrive somewhere busy.

The Crown is Yours to Wear

Compressed into a single thesis, the argument is that technical excellence is the floor of the profession, not the ceiling. The executives who sustain influence over a full career do five things consistently — they communicate their wins, they define their why, they protect their capacity, they lead from their values, and they play for reputation rather than for the quarter.

In an industry where the average tenure in the role is measured in single-digit years and where the next breach, AI-driven threat, or regulatory shift is always one news cycle away, these principles function less as inspiration and more as infrastructure — the load-bearing habits beneath a security career built to last. Nobody is going to crown you. Put it on yourself.