Engineer vs. Shepherd

I recently stumbled upon a thought-provoking video featuring psychologist Dr. Russell Barkley, in which he discusses the roles of a parent in a child’s life.

In the video, Barkley suggests that parents have little to do with WHO their children are. We are born with 400+ psychological traits and short of abuse, neglect, and malnutrition, there is little that parents can do to CHANGE who their kids are. Not to say they don’t impact them, but that guiding, nurturing, and creating safe environments for their children to develop and grow is all they really have control over. The personalities, abilities, and traits of children are predetermined by a unique set of genes. He goes on to say that you can not design your child. Nothing you do in your home will make them something they are not.

He describes this as a shepherd view and an engineer view. Shepherds, he says, are very powerful people. They choose the pasture to graze on, determine whether they are properly nourished, determine whether the sheep are protected from harm. “The environment is important, but it doesn’t design the sheep.”

The engineering view, however, leaves parents feeling responsible for everything. They believe they can change, mold, and design a child into the person they think they should be. And it’s simply not possible no matter how hard they try.


This concept got me thinking about leadership in technology organizations, particularly infosec. Because at our jobs leaders aren’t parents and staff aren’t children (not usually anyway!), I had to get a little creative, but the basic principles are the same.

We don’t get to create an individual contributor, but we do get to create our teams, for the most part. Sometimes we inherit them, but often times we do get to build them. And so while Berkley sees shepherding as inherently good and engineering as inherently ineffective, I think there is value in both kinds of leadership.

Though, it’s crucial to recognize when to shift between the roles of shepherd and engineer.

When should we focus on nurturing and guiding our team members, and when is it more appropriate to concentrate on building systems, introducing technology, or altering processes?

The Shepherd Leader in Infosec

A shepherd leader focuses on guiding, nurturing, and providing a safe environment for their team members to learn and grow. They create a supportive atmosphere where team members can comfortably ask questions, take risks, and share their ideas. A shepherd leader recognizes that their team’s growth is just as important as the technical successes of their projects.

This approach is my default mode. Hire excellent people. Provide them room to grow and air cover from politics. Let them execute. The shepherd acts as a relationship builder across and within the organization, making it easier for the team to get things done and be recognized for their achievements.

By fostering trust, a shepherd leader encourages collaboration, leading to more effective problem-solving and innovative solutions. They also promote a culture of continuous learning and improvement, driving adaptability.

Another important way we build teams with a shepherd view, is by putting together people with varying strengths. Intentionally diversifying skillsets. Just as parent’s are charged with choosing an environment conducive to positive growth - including coaches, teachers, resources, neighbors, peer groups, etc - leaders are charged with ensuring teams have people and resources around them to help them thrive - this includes team members with complementary strengths.

Notable examples of shepherd leadership in the infosec community include CISOs who prioritize mentoring and developing talent within their organizations, or team leads who advocate for healthy work-life balance and mental well-being among their team members.

The Engineer Leader in Infosec

An engineer leader in information security has a keen focus on designing, implementing, and optimizing security systems and processes. They boast strong technical expertise, precision, and attention to detail, ensuring their team’s work meets the highest standards in terms of quality, efficiency, and security.

Think of the engineer leader as your Swiss Army knife—useful as needed, but kept in your pocket otherwise. If your team is stuck and needs a strong leader to make decisions, implement systems, procure tools, or hire help, an engineer leader can step in and get things moving. However, it’s crucial to recognize when your involvement might be counterproductive or undermine your team’s trust.

Engineer leaders must stay current on industry trends, emerging threats, and new technologies to effectively guide their teams through cybersecurity challenges. Success in this role requires data-driven decision-making and the ability to implement innovative solutions.

You’ll find successful engineer leaders in various roles within the cybersecurity field, such as leading research teams in developing cutting-edge security tools, spearheading incident response teams to tackle sophisticated cyber threats, or overseeing the design and implementation of robust security frameworks in large organizations. By blending technical acumen with strategic vision, engineer leaders play a vital role in strengthening their organizations’ security posture.

Balancing Shepherding and Engineering

The key to effective leadership in the cybersecurity is finding the right balance between shepherding and engineering approaches. Understanding when to adopt a nurturing, guiding role and when to take on a more technical, problem-solving mindset is crucial.

Here are some strategies to help you strike the right balance between these two leadership styles:

1️⃣ Regularly assess team dynamics: Keep a close eye on your team’s needs and strengths, and adjust your leadership style accordingly. If your team requires more guidance and support, adopt a shepherd approach; if they’re stuck or need to focus on solving complex technical problems, lean into your engineering expertise.

2️⃣ Stay current on industry trends: Keep up with the latest in cybersecurity to adapt your leadership approach for addressing emerging threats and capitalizing on new opportunities. Staying informed will enable you to provide both strategic direction and technical guidance when needed.

3️⃣ Foster open communication: Cultivate a culture of open dialogue within your team, where team members feel comfortable discussing concerns, sharing ideas, and asking for help. This will help you better understand their needs and adapt your leadership style to provide appropriate support and guidance.

4️⃣ Embrace vulnerability: Be open to acknowledging your own limitations and areas for growth. Not only will this help you become a more adaptable leader, but it will also encourage your team members to embrace vulnerability and continuous learning.

By understanding when to guide and nurture your team and when to roll your sleeves up and be the engineer, you can really up-level your leadership IQ. Be vulnerable, reflect on your own leadership style. Which way do you think you lean today? What areas would you consider your strengths and what areas do you need to grow? How can you learn from your peers, staff, or leaders? Be willing to adapt as needed to become a more effective and resilient leader.

Now, go forth and continue being awesome.

Join the Newsletter

Every Friday, I'll send you the latest edition of Vulnerable U - My free newsletter with a mini blog topic, collection of the news I'm reading this week, and more!

Subscribe to get my best content. No spam, ever. Unsubscribe any time.

Engineer vs. Shepherd
Older post

Cultivating an Inclusive Infosec Community: Empowering Veterans to Foster Newcomer Success

Breaking down leadership archetypes in infosec

Newer post

Overcoming Security Obstructionism

Breaking down leadership archetypes in infosec

Engineer vs. Shepherd