When security and systemic risk analysis are considered, effective leadership is crucial. Douglas Lemott Jr., Chief Information Security Officer (CISO) for the Analysis and Resilience Center for Systemic Risk (ARC), has built his career on being just such a leader. He’s responsible for developing and implementing secure and regulation-compliant technology solutions and infrastructure used by ARC members to address systemic risk to the critical functions that support American economic and national security. With over three decades of cybersecurity and IT experience behind him, Lemott’s results-driven leadership style has led him and his teams to consistent success.
Prior to his time at ARC, Douglas Lemott Jr. served as the VP of Security Operations and Deputy CISO at Enterprise Security and SAP National Security Services, respectively, where his work protected technology, applications, and supporting infrastructure against persistent adversarial threats. Prior to that, he served as VP of Secure Cloud Multi-Tenant Engineering, Operations, and Delivery; Director of Security and Compliance at VMware for the government, education, and healthcare sector; and led the Marine Corps Cyberspace Operations Group, which oversaw network security for a number of networks and operations centers related to the United States Marine Corps.
With thirty years of experience in cybersecurity and executive leadership, Douglas Lemott Jr. has developed a robust leadership philosophy and a keen mind for problem-solving. The consistent high level of success Lemott has achieved in his long career has demanded perseverance, continuous ongoing education, and a dedication to service that extends beyond his tenure with the United States military. In each of his leadership positions, Lemott has demonstrated a keen sense of awareness and a defined growth perspective.
We’ve been fortunate enough to have the opportunity for an in-depth interview with Douglas Lemott Jr. about his career experiences and his personal perspective on leadership, growth, and keeping ahead of the developing technology of our world.
What does a productive day look like for you as a cybersecurity leader, and how do you prioritize your time across high-stakes responsibilities?
My work priorities are organizationally dependent and focused. I learned of the Eisenhower Matrix several years ago, and I use it to guide my productivity. The matrix is divided into four quadrants: Important and Urgent (Do), Important but not Urgent (Schedule), Urgent but not Important (Delegate), Not Important, Not Urgent (Delete). The matrix helps organize my time and keep me focused on the most important tasks. As a cybersecurity professional, I must remain agile and fully recognize that the task can move from one quadrant to another. Delegation is a great way to develop subordinates and provide them an opportunity to showcase their talents, abilities, and readiness to take on more responsibilities.
How do you stay current on emerging threats, compliance frameworks, and evolving technologies in cybersecurity and risk management?
Professional development is paramount to maintaining awareness and credibility in this field. The cybersecurity landscape is constantly changing, which requires an adaptive and agile mindset. I attempt to attend as many professional conferences as possible, follow industry news and blogs, keep engaged with academic publications and journals, and engage with technology partners as appropriate. My work with Northern Virginia Technology Council’s Privacy and Cybersecurity Community of Interest provides a great venue to engage thought leaders and cybersecurity professionals on a range of topics.
When launching a new security or infrastructure initiative, what’s your first step in planning and execution?
One of my early commanders told me there are “great answers to bad questions—always make sure you are asking the right questions.” Before I begin any initiative, I ask a lot of questions. I tell everyone involved that my questioning is to gain a better understanding and not to marginalize anyone. My questions to stakeholders are intended to define goals and objectives and clearly define requirements and desired outcomes. Those goals, objectives, and requirements are then codified and agreed upon, so stakeholders are confident the parameters are well understood. Upon agreement, it is imperative to have clarity on the current (as-is) environment and future (to-be) environment with desired outcomes. That information allows me to build a comprehensive project plan. Effective communication throughout the process is paramount for a successful outcome.
Reflecting on earlier roles—whether in or outside the military—was there one job that shaped your leadership style or long-term goals?
I think my first assignment as a Communications Platoon Commander helped shape my leadership style. It was a large platoon (approximately 50 Marines) with lots of organic communications equipment to account for and maintain. The Staff Non-commissioned Officer-in-Charge (SNCOIC) was coming off recruiting duty and had been meritoriously promoted several times. I was excited for his arrival to assist with the responsibilities. Unfortunately, his physical fitness suffered while on recruiting duty, and he had to spend a lot of time getting back up to physical standards. That was one of my first leadership challenges, and although he was a senior enlisted member with a great record of performance, I had to hold him accountable to the standard. I have maintained that mindset throughout my professional career.
Who have been your most influential mentors or professional role models, and how have they shaped your approach to work and leadership?
I have had several influential mentors from my time in uniform who have remained mentors and friends as a civilian. I won’t list them, as they aren’t seeking public recognition. What I will say is that each of them serves a particular role in challenging me to exceed my perceived limitations. In my opinion, mentees should seek out mentors who don’t look like them or think like them, for that matter. A mentor should care enough about the mentee to stretch and strengthen the individual. It becomes a very personal relationship where the mentee is comfortable being vulnerable.
In your view, what personal traits or habits have contributed most to your success across both military and civilian sectors?
I watched my mother work multiple jobs (three at one point) to provide for me and my siblings. I learned from a very early age that education, hard work, and leadership were keys to success and opportunity. My mother relied heavily on me for routine maintenance issues; cutting the grass, fixing the washing machine, or plumbing issues were all within scope. I learned to first depend on myself and seek assistance when necessary. I also focused on my education from an early age and consider myself a lifelong learner. The cybersecurity landscape is constantly changing, and therefore, I must continually learn new concepts.
I had the benefit of developing my leadership skills over a span of more than two decades of service in the Marine Corps. I hold myself accountable. If there are missteps, I own it. If accolades are offered, then they go to the team. Although I had to adjust some aspects of my leadership style, the core principles remain: treat everyone with dignity and respect, hold myself accountable and set a good example, and meet people where they are and strive to get them to exceed their perceived limitations.
Eyes On Future Possibilities
The ever-evolving nature of the cybersecurity field means that Douglas Lemott Jr. always has new challenges, and thus new opportunities for learning, to look forward to. Future possibilities could range from further technological development to perhaps taking on some students as a mentor himself, but only Lemott can know where he’ll go from here. We would like to thank Douglas Lemott Jr. for sharing his insights and experience with our readers and wish him well in his future endeavors.
By: Chris Bates
