Part 1 – From Problem Solving to Solution Design: Tackling Cybersecurity Leadership Issues Head On


Nobody would doubt that cybersecurity qualifies as a complex problem to be solved in this ever-increasing threat scenario. In a report from the World Economic Forum, January 2023, it is reported that Business Leaders (86%) and Cyber Leaders (93%) believe global instability is moderately or very likely to lead to a catastrophic cyber event in the next two years.

Creating solutions to this kind of problem can often prove difficult, even for seasoned leaders. Like any other complex organizational problem, cybersecurity has several stakeholders, endless variables, and a myriad of possible solutions. Designing the “right” solution starts by making sure you are addressing the “essential problem”—not just its symptoms. Then, you must walk through several checkpoints in your design journey for the best practical solution.

This can become a tricky adventure: How do you anticipate potential pitfalls, avoid known mistakes, and increase your chances of success?

My wife and co-author, Erica Campos, and I are celebrating five years since publishing our Forbes Books From Problem-Solving to Solution Design. As a former CISO (Chief Information Security Officer), designing solutions for complex problems like cybersecurity in large organizations took me along usual trails and unbeaten paths. It made me leverage others’ experiences and create my own. Time and again, proven solutions did not match stakeholder expectations, and I explored unknown routes. Then, I experimented with innovative approaches, succeeding many times and failing in many other cases. However, every time I failed, despite feeling frustrated, I stepped back, regrouped with stakeholders, understood the root causes of failure, learned from the lessons presented, retraced my steps and took alternative ways, and resumed the pursuit of a solution that would fit the bill as the best one applicable. After nailing it down with my team and stakeholders, we felt the exhilaration that often follows success, summing it up with a punch in the air, both fists high, screaming out loud: “We have got it, problem solved!” Until we had to start it over to address a new cybersecurity issue.

By putting together our book, we hoped our readers would learn from professionals who blazed the same path before them. We believed sharing our lessons would help readers become better solution designers for their complex organizational problems.

Now, I decided to share some of that experience from over 25 years working in executive roles in global corporations, especially as a cybersecurity leader who went from a front-line manager to the executive leading strategy to planning and operations as a CISO.

This introduction is the first in a series of articles where I will share my successes and failures and what I have learned from research, my peers, and clients. Hopefully, this will help you apply what I have learned from extensive formal training, tireless research, and solution-designing experience in addressing cybersecurity issues. I want to provide you with a real-world set of strategies and tactics that will empower you to become a successful cybersecurity leader who can use solution design to solve complex issues you might face in your job.

I hope this series helps you succeed in your quest for the best practical solutions and that you feel the joy I described earlier when you punch the air at the end of your solution-design journey.


This series was written for you, a public or private sector professional, or the not-for-profit area. You might face the challenge of designing the best possible solution for a complex problem in your role. Moreover, you are a cybersecurity leader whom every head turns to when things go south.

This series offers techniques, case studies, and templates to help you find a less painful way to design and implement sustainable solutions to solve some of the more complex problems your organization faces in cybersecurity today.

As you will see in the upcoming blog posts, I will cover how to inform and influence the decision-making process throughout the solution adoption lifecycle—from its ideation to crafting to convincing others to go along with it. You will also learn that successful solutions are accepted and implemented through continuously influencing, negotiating, and persuading people. Because unless your stakeholders are convinced that your solution matches their expectations, they will go back to prior patterns, face the same issues, and end up with the same lackluster results they achieved in the past.

No matter what sector you work in, this approach requires skillful managers, motivated teams, and endless hours of negotiation. Even if you have all that, you might still get nowhere repeatedly. Learning from someone who has been there before you is prudent to increase your chances of success. This can help you avoid pitfalls, take proven paths, and speed up your solution design process.

You will learn how to identify the problem’s root cause and break the issue down into smaller components, therefore developing a series of more straightforward solutions, which will add up to a broader recommended solution.

This series is not meant to encompass all existing techniques, frameworks, and methodologies. Instead, it is structured as a summarized, pragmatic, and field-proven set of checkpoints to guide you in your journey to design and implement sustainable solutions in your organization. For example, if you need to dive into a given framework—say, implementing internationally accepted internal controls—you might want to explore the COSO framework mentioned in one of the articles.

To read more about the structure of this blog series, CLICK HERE

J. Eduardo Campos, EMPA CISSP CPP (He/Him)

Board Member | Author | Executive Coach | Advisor
Talks about #ciso, #cybersecurity, #executivecoaching, #leadershipdevelopment, and #artificialintelligence