Top Leadership Lessons from TikTok’s Security Chief

A spring filled with quarantines and stay-and-home orders led many to the visual wonders and joyful distractions of TikTok. As one of the newest social media platforms became a daily staple of millions, Roland Cloutier couldn’t say no to a new career challenge. Cloutier became TikTok’s Global Chief Security Officer in April, after spending 10 years in the same role at ADP.

During a busy and challenging time, Cloutier paused long enough to share insights on his career journey and hard-won lessons in effective leadership. 
 

How did you get started in this career?

I started out in the military. I was on the physical side of combat security for aerospace defense in the Air Force. I left the military and started working with the Department of Defense in the same capacity as aerospace defense and anti-terrorism, then left that to get married and moved into federal law enforcement for a few years. 

Throughout that process, a lot of things that we were working on at the time had to do with computers. A friend of mine, who was a professor, said “You know you're more than welcome to keep coming and asking me questions about this stuff, but why don't you go back to school?” So, I went back for a couple of years for computer science and just fell in love with it. I got bit by the bug, the technical bug. And it wasn't long after that that I left federal law enforcement.
 

Who or what has inspired your career?

Protection of society just happens to be one of my passions – it’s core to who I am. I got a lot of that from my father, who was in the military. In any part of his career, he always served others, putting others before himself, so I think that was always a big inspiration for what I wanted to do and why. 

I have also had business leaders who taught me about the business of technology leadership. It's a very different cat, right? But it's important to be a business leader in what we do as security practitioners.

Don't just be a security practitioner; be a business leader.

What advice would you give someone who is interested in security leadership as a profession or is new in this role?

There are three things that I tell CISOs all the time:

1. Learn your practice – you must know what you're doing. There are a lot of people who get into this and say, “Well, I came from finance or I was an executive in IT, I can manage the security function.” No, you can't. If you don't know what you're doing, if you don't understand the premise of protection, if you do not know your tradecraft, you cannot do this job. So, before you decide to go into this, learn it! Take a class, be mentored – whatever – it doesn't matter. It's never too late to learn in life, so learn it or don't do it!
2. Leave your ego at the door and don’t be afraid to ask for help. You’re not going to know everything. I have probably reached out to six different CSOs whom I respect since I have been here [at TikTok] in the last nine weeks. I'm not embarrassed; I want to know. There are people who have been in this industry a lot longer than I have and in different market segments. Leverage that! If you can figure out who those people are or where you can get that help and guidance, the faster and better you're going to be able to accomplish your mission.
3. Create and know your moral compass. This role is a tough position. You’re the protector, the police and the response organization. Understand which things that are your absolutely ‘no goes,’ and what things you think are business decisions. How do you approach those? Ensure you are clear about those with the people around you – people in your leadership – but more importantly, that you're clear with yourself.
    

What are the most important things that CSOs should have in their tool kit?

There are three clear things: great partners, a good peer network and crisis management skills.

1. Great partners: Great partners means that you are not going to have thousands of people working for you. There's no way that you can staff an organization to one hundred percent of your requirements one hundred percent of the time. It's just not realistic or financially viable. Knowing partners in the industry who you can count on – someone from incident response or someone who can provide third party assessments for you – know who they are and know all the regions they operate in the world.  Create and manage those to make sure you're able to execute in your job even if you don't have a thousand people working for you.
2. Peer network: Whether it's Evanta or Gartner activities, or organizations that have CSO round tables or information sharing groups, regionally, nationally or locally based, it doesn't matter. Or maybe it's just the six men and women that you like to talk to on a monthly basis about what's going on from an executive perspective. Create your network and leverage that as you need to.
3. Crisis management skills: You will become the 9-1-1 for your business. Whether it's COVID-19 or a mass technical issue, your business will continue to bring in the CSO or CISO as an important decision maker, manager or leader when bad things happen.
    

What has your greatest achievement been so far?

Having the ability to create amazing leadership teams that make a difference. It has to be one of the greatest things you can do as a business leader and as a person – to ensure that an organization is prepared to deal with the things that need to be dealt with. And I've done that. I just left one of the greatest leadership teams that I've ever worked with at ADP, and my intention is to do that again at TikTok.

A great CISO once said, “I measure myself on how many CISOs I put out into the world.” I thought that was so introspective. I think I am up to 10 other people who have worked for me and my leadership teams that have gone out to do great things as Chief Information Security Officers in the world. 

For example, one person can’t do great things at 10 different organizations, but you can mentor 10 people who can do great things at their organizations, and they can mentor 10 more, and so on! Then you have 100 people changing the world together.
 

What are the top three lessons that you have learned on the job?

Oh, that's actually pretty easy.

1. Be the voice of reason. Often, we come in as the voice of enforcement, and that's where we are least effective. You must be the voice of reason, that can accomplish great things.
2. Data doesn't lie and it doesn't have any emotions. You can go in and say all the things you want about what could happen, or what should happen, but if you don't have the data, you have nothing. So, get the data and use it. It changes hearts and minds.
3. Trust in your people. You hired them, you're leading them. Give them the trust they deserve, and they will do great things.

Special thanks to Roland Cloutier and TikTok.
 

by CISOs, for CISOs

Join the conversation with peers in your local CISO community.