Introduction

I examine modern security leadership through the lens of Niccolò Machiavelli and Robert Greene. Machiavelli often called the father of modern political philosophy from his seminal work The Prince whilst Greene is known for building upon those concepts in a contemporary context in the 48 Laws of Power. Machiavelli gives us an unvarnished interpretation of power dynamics in early modern Italy and addresses two main concepts.

1. Seeking and retaining power

2. Viewing the world for what it is, not what it should be.

Machiavelli offers little in the way of opinion and staying within the boundaries of events and experience. It’s worth understanding that Machiavelli was on the tail end of a period characterised by warfare between city states and regional powers. Power asserted through the application of violence was a valid strategy in those times. As much as I would advocate that a gladius is an appropriate tool for stakeholder management, it might be flirting with some legal repercussions that make it impractical. That being said, Machiavelli’s work has stood the test of time and has relevance to this day. What was true then, appears to be true now.

The Prince rests on a number of assumptions. It presupposes that there is an apex to the power hierarchy, and that the apex of power is an autocratic model where there is a single leader. It should be said that security leaders will exist mainly within the corporate space so this will be the focus of consideration. It carries some baggage though, namely that they will not exist at the top of the hierarchy, they will have superiors, peers, and subordinates. There isn’t a single power hierarchy to climb, so parallel options exist.

It’s easy to see how the power dynamics within, and between city states, or regional powers offer us a valid proxy for today’s corporate environment. One company can take over another, a leader can be deposed, ‘princes’ can ascend from the common man. Organisational politics are malleable to the techniques outlined by Machiavelli. Obviously, power is everywhere, and the strategies apply universally. So, for a security leader to be successful they need to appreciate the asymmetric power dynamics in play. I’ll break this into three broad areas of consideration for these purposes.

1. Self

2. Organisation

3. Others

Self

Reality and reputation

Machiavelli talks to the human condition and is not idealistic in the way he does. He talks about how the world is, not how it is supposed to be. He describes what does work and what doesn’t work. The first lesson for a security leader must be this, the paradigm from which they view the world must be one rooted in reality, not idealism. If a leader cannot see the reality due to limitations imposed by their ideals, then they will leave themselves vulnerable to those who orient around reality. Viewing the world with an idealistic lens is indistinguishable from delusion. But idealists are predictable, and that is useful to understand for a security leader.

Reputation can be described as how you are perceived by others. Perception is reality. If you control their perception, you control their reality. How a security leader is perceived by others is the critical enabler of how effective Machiavelli and Greene’s strategies are in power creation. Greene builds on the groundwork Machiavelli laid and is more explicit when articulating his laws pertaining to self-conduct. Greene articulates strategies around how to curate your interactions which build your reputation and create power. He goes as far to describe reputation as a cornerstone of power.

Greene makes an interesting point about the rejection of roles that society pushes on to a person. In an age of identity politics where virtue, connotation, and association are inherent in the labels, there is utility in assuming some of these labels in the creation of an identity. He likens the creation of a new identity to like wearing a costume, although, I’ve always preferred the term wearing a skin suit. Everyone creates an identity for public consumption to an extent. But this reveals a truth about us, that we are rarely what we think, or hope to be. We are much worse than that. Something is missed by Greene, he works in the singular, but we need to work in plural to be truly effective. Security leaders must maintain a set of identities tailored to the specific audience, for seniors, peers, and subordinates. And which skin suit a security leader will need to wear, depends on what and who the objective is. Just don’t ask about dress down Fridays . . .

The creation of identity can be aided in a modern context by virtue of the many hierarchies there are to climb. A sidestep or upward step into a different organisational hierarchy can be an opportunity for purification. All is forgiven, most is forgotten. This has the benefit of retaining external allies. A security leader will have been able to build seniority, ‘rank’ is generally transposable without carrying the baggage of what came before. This strategy is not without risk but allows a security leader to perfect their craft during their accension and limit the penalty for missteps.

Organisation

Power Hierarchies

There is an action required of a security leader to understand what is valued within an organisation. They need to gauge what associated traits would be perceived as virtue by their ‘subjects’. To paraphrase Machiavelli, it is not necessary to have these qualities, but it is necessary to seem to have them. But understanding what ‘subjects’ consider to be virtuous is not enough. The nature of social activism, special interest groups, or union presence within large organisations needs to be understood. They will have a disproportionate sway over the discourse in public spaces. Not a day goes past that isn’t some ‘day’ or ‘history month’. It’s spread through the corporate world like a plague of fleas in a cattery. But these should be conceptualised as communal ceremonies that contain affirmations of loyalty to the faith. Greene talks about borrowing from organised religion to create a following, and these groups borrow many elements.

One commonality special interest groups tend to have is that they are predicated on the victim/oppressor dynamic. Another way this might be considered is the drama triangle playing out on an industrial scale where a great many people see themselves as victims. The drama triangle framing is useful as it leads us to understand that when someone embraces victimhood, they will seek a persecutor. If they can’t find one, they will create one, or we can create one for them. The prevalence of victim mindset within organisations and the wider society has changed the paradigm through which relationships are seen, they are an asymmetric power dynamic, and therefore very Machiavellian. Furthermore, how they outwardly portray themselves is incongruent to their actions. Despite the claims of virtue, this is only true to the point of disagreement past which a social penalty must be paid. A tithe in blood to be paid by the apostate.

A security leader must understand how these groups form the organisational context and cultural background. There is utility in doing this for several reasons, the first would be to identify any threats to themselves, the canary in the coalmine. This gives greater scope to allow defensive manoeuvres against those who would seek to depose the security leader. The second is underhand, but a security leader may need to utilise the mechanisms of these groups as a weapon. These groups can be used to weaken those in stronger positions or deal with those who are a threat to their position, they can be used to do our dirty work. Another aspect to consider with the utility of these groups is the establishment of reputation. These can become a convenient vehicle to promote the values you want to be seen portraying. Greene discusses using cult like mechanisms to create a following, groups that already exists can be used, but new groups can also be created. Creation of your own interest group, perhaps based on location, department, or professional affiliation would be useful in generating an adversarial outlook within its members by defining and vilifying outgroups.

A security leader needs to understand that there is more the just the formal structure of these groups. A sub-structure exists within, and between these groups, collections of individuals who form the crucible of power. A security leader would be best served to identify these groups, sub-structures, the players within them, and the affiliations between them. But Machiavelli does provide caution if we consider utilisation of these groups of people insofar that use of mercenaries is warned against. Nevertheless, these structures are a reality of organisations and are deeply embedded so it would be remis to not consider their utility in achieving ones aims. These groups have weaponry that might exceed the arsenal at your direct disposal. This must factor into the political calculus when evaluating the effectiveness of dispatching your foes via these means. Why have a dog and bark yourself? Just be mindful that these are the yapping terriers of stupidity which are capricious in nature.

Others

In a sense, Greene’s work focuses on the egocentric, which becomes its limitation. Whilst these precepts are helpful it is also very useful to understand the nuances in others’ interactions. A security leader must be observant in a corporate environment. They need to notice, who is meeting who, who is going for coffee or lunch with others, what are their social circles, what do these people value, how much influence do they hold, is this by position or by personality. Who is holding grudges, who are these held against, what kind of agitation would they be receptive to. Only by understanding this can a security leader create a base of influence that extends beyond their own. The context is required to apply Greene’s laws, if you want to create a cult-like following, then you need to understand what the mark believes and how you leverage their weakness to create loyalty.

The subjects

Machiavelli discusses the use of mercenaries, a standing army, and auxiliaries. By creating allegiances and a loyal team a security leader can move with more impunity. They will be able to draw on the collective influence and reputation of the loyalists to reinforce their own standing. It is important that the loyalists are not subordinated to mercenaries, so this would be contract resource, MSPs, or even other teams in the organisation. Doing so would weaken the security leaders’ position by not having a reliable network to draw on in times of need.

As advantageous loyalists are, they are expendable. If a security leader has created a dependency or owes favours then they are obligated to those people. Machiavelli makes this observation and Greene goes a little further by suggesting that enemies should be used to occupy subordinate positions as they will then be obligated to the leader. Now this is on somewhat of a knife edge in a corporate environment due to the presence of parallel power hierarchies. The subordinate then may become a threat as they can manoeuvre laterally to positions where they no longer sense an obligation to the leader.

Intersecting considerations make any judgement calls about how to fill the ranks a challenging decision. This decision will need to be contextual and consider the potential options the subordinates have to move against the security leader. There is no immediately obvious path that is simplistic. When a problem requires resolution, the action has to be dispassionate and unilateral in its execution.

The nobility

A security leaders peers will inevitably be middle or senior management. Peers are generally protective of the boundaries of their domain and generally seeking power themselves in their respective disciplines, and this can be used to devastating effect. A security leader should be acutely aware that they can shift messages that will land badly to their peer group. As it happens, security issues are usually predicated on a problem security doesn’t own. And it’s only reasonable for the owner to take accountability. Enabling a scenario where you can simultaneously increase your position relative to your peers, and use their credibility to deliver bad news eroding their position over time helps to establish the security leader in the dominant position over their peer group.

But the nobility must be kept onside over a longer duration. They will have the collective power to depose the security leader. As with the subordinates, it’s not clear that Machiavelli or Greene’s approaches are entirely implementable due to lateral and upwards movement.

Conflict

It’s worth noting that asymmetric power relationship can sometimes collapse into conflict. This isn’t really dealt with by Machiavelli or Greene in any meaningful way. They discuss ways of avoiding it, or not being seen to take a side where others are in conflict, or allusions in that vein. Machiavelli says there are two ways men can fight, by law or by force, of men or of beast. To co-opt this somewhat, I’ll consider the bestial approach to be conflict with words. A security leader will find themselves in conflict frequently as what they need to say will not always be welcomed. Open conflict in public spaces is an eventuality a security leader must prepare for and have the skills to deal with.

In a pure dominance contest, decisive response is demanded. Position will need to be defended; they will come under attack. The attacks may not be rational or hold relevance to the subject of discussion, perhaps public character assassination by others. There will be an audience. There are ways to counter this. A good security leader will have information to hold over their detractors already. Their intentions should have been anticipated as there are always signals. But failing this, they must be able to debate to get the audience on side. The detractor won’t be convinced, and this will be damage limitation through attack by attaining the support of the audience. When the time comes, and it will, a security leader has to be prepared to vanquish a foe. To embrace Greene’s laws, a security leader must be bold in action, and not show weakness. Fear is the weapon they will hold over you, without that, they have nothing, without that, they are nothing.

Conclusion

We have dealt with a number of areas of discussion prompted by Machiavelli’s, and Greene’s work. But there is a significant omission. We have not made any attempt to reconcile these practices with the values, or mission of a security leader. A Machiavellian worldview is one that is cynical in nature, perhaps because we are cynical by nature. It assumes the worst and leave little space for altruism. In some sense it promotes malevolence. A security leader must understand the methods of obtaining power but has to be judicious in how those methods are applied.

In a sense Machiavelli is a manifestation of consequentialism as reflected in his writing such as “one judges by the result” or as we might say today “the ends justify the means”. Yet that leaves us with an unsatisfying conclusion in that a Machiavellian approach forces us to rely on anticipating predefined outcomes. If we fail to achieve the outcome we are greatly exposed and the axe cuts the other way. We cannot predict the future and the path to the outcome in this approach reduces optionality leaving us fragile, but not brittle, along the journey.

There is no suggestion that you cannot change the destination as Greene concludes in his last law that you must be formless, not adhere to other’s rules and laws. It suggests that a security leader need to be mailable to the situation and adopt strategies that work as circumstance changes. Machiavellian behaviours and traits are themselves a ‘form’, a way to be predicted, and therefore a weakness. Greene leaves a ‘get out’ that grants scope to rationalise this internal inconsistency, or it could be taken as a total repudiation of everything he has written and Machiavellian philosophy.