Douglas Lemott Jr. is a renowned figure in the cybersecurity field, currently serving as the Chief Information Security Officer (CISO) at the Analysis and Resilience Center for Systemic Risk. With over three decades of experience in cybersecurity and IT, Lemott has made significant contributions to the industry through his leadership roles. Before his current position, he served as Vice President of Security Operations and Deputy CISO at SAP National Security Services (SAP NS2) and as Director of Security and Compliance at VMware. Douglas Lemott Jr.’s journey in the field began with a 27-year tenure in the U.S. Marine Corps, where he developed and implemented secure and compliant technology solutions crucial to economic and national security. This interview provides insight into his background, career progression, and the key insights he has gained along the way.
Leadership and Decision-Making
How have your experiences in the Marine Corps influenced your leadership style in the private sector?
Leadership is at the core of being a Marine. From the beginning, leadership is taught and continuously developed throughout a Marine’s career. For me, leadership is very personal, and I follow the servant leadership model. I view leadership as a privilege, and I do not take the opportunity to lead for granted. This mindset, focusing on serving others, keeps me grounded and focused on what truly matters—the individual and their family. My leadership style in the private sector mirrors this approach. I strive to meet individuals where they are in their personal and professional lives, emphasizing their strengths while working to improve on weaknesses. As I’ve advanced in my career, I’ve come to recognize the importance of developing skills to lead through others. Having direct and meaningful contact at every level is a challenge as teams grow. Still, I find that maintaining a clear vision and over-communicating at every opportunity is a great way to navigate this challenge. I believe in learning from everyone, from entry-level employees to C-Suite executives, and I remain open-minded and receptive to others’ ideas. Facilitating my team’s success and watching members achieve their personal and professional goals is incredibly rewarding for me, and it’s a mindset I bring to every organization I am part of.
What strategies have you employed to drive innovation and efficiency in your role at SAP NS2?
In any organization I join, I strive to adopt the Marine Corps mindset of leaving it better than I found it. One of the first things I examine is whether the organization has well-defined processes, including documentation. Ad hoc processes are unlikely to be repeatable or scalable, and thus not practical or efficient. With a good understanding of operational processes, I explore ways to improve them, primarily through innovation. My approach prioritizes people, processes, and then tools. Innovation begins with the team. Given the appropriate environment, the team can innovate in ways that enhance efficiency while also allowing them to be part of the process. Once processes are well defined, operationalized, and documented, innovation can take root. The tools are the easiest part of the equation. Once you have the people and processes operating effectively, there are numerous vendors to collaborate with for developing scalable solutions.
Can you discuss how you foster strong professional relationships within your teams and with external partners?
Relationships are built on trust, and trust is earned. I strive to establish trust-based relationships with my team and external partners. Anyone I interact with should know that I am a man of integrity. For my team, I consistently demonstrate that I have their best interests at heart and aim to facilitate their success. I invest in their professional development and find opportunities for them to reach their maximum potential, often encouraging them to step outside their comfort zones. Clear communication of requirements and expectations is crucial when working with external partners. I prefer to work with partners who take the time to listen, truly comprehend the problem I am solving, and offer solutions. Vendors focused solely on selling their solutions without understanding the issue are less likely to receive my future investment of time.
What methods do you use to stay abreast of emerging trends in cybersecurity and cloud technology?
Reading is fundamental in this field, as technology changes rapidly. Staying current requires an open and inquisitive mind. I read books, blogs, and journals on emerging technologies; listen to podcasts; follow subject matter experts online; and participate in professional conferences and seminars. I consider myself a lifelong learner, continually seeking ways to educate myself and maintain relevance in this field. Cybersecurity is not a field where one can take “time off” and expect to preserve sharp skills.
Vision and Future Directions
In your view, what are the essential qualities of effective leadership, and how do you embody them?
Leadership is a critical component of my character. I spent 27 years as a Marine, where the core values of Honor, Courage, and Commitment were ingrained in me, and I strive to abide by these values daily. Effective leaders meet individuals where they are and work to draw out the best from them. Compassion and the servant leader mentality are key aspects of effective leadership. I endeavor to build trust with those I lead, understanding that trust is earned. Public praise and private critical feedback are my practices to create an environment conducive to growth. My work ethic and focus on mission accomplishment set an example for my team to emulate. I also emphasize the importance of focusing on the entire person, including their family, to ensure a positive support structure is in place, validating their needs for success.
Could you provide an example of when you mentored someone through a significant professional challenge?
A notable example is helping a young officer in my command who faced a career setback when he failed to be selected for promotion to Major, affecting his ability to continue serving on active duty. It was a significant blow to him and his family. We worked through his emotions and developed a plan together, as he was passionate about being a Marine and wasn’t ready to give up. We explored Reserve opportunities, completed the necessary paperwork, and he transitioned successfully. He thrived in the Reserves and was recently promoted to Lieutenant Colonel. I consistently emphasized that his value isn’t tied to a promotion, and he demonstrated that by thriving in a new environment.
How do you determine which tasks to delegate and which to handle personally to ensure optimal team performance?
My work priorities depend on the organization’s focus and objectives. To best serve the organization, I must maintain a strategic focus and delegate tasks that may hinder it. I use the Eisenhower Matrix to guide my productivity. The matrix divides tasks into four quadrants: Important and Urgent (Do), Important but not Urgent (Schedule), Urgent but not Important (Delegate), and Not Important, Not Urgent (Delete). This framework helps me organize my time and focus on the most crucial tasks. As a cybersecurity professional, I must remain agile and aware that tasks can shift between quadrants. Delegation also provides an opportunity for subordinates to showcase their talents and demonstrate their readiness for additional responsibilities.
What techniques do you use to motivate your team towards achieving outstanding results?
I set clear expectations and provide consistent performance feedback. High standards are established, and the necessary tools are provided to meet those standards. Regular communication ensures alignment with the organization’s strategic vision and goals. Empowering the team is key, offering opportunities outside the workplace to foster fellowship and strengthen relationships. Ultimately, they understand that accountability lies on both an individual and collective level.
How do you approach setting and achieving goals in high-stakes environments?
Goal setting is closely linked to strategic vision. I apply the same strategic framework in both personal and professional contexts, with a focus on ambitious goals that push me out of my comfort zone. I set short-term (2-3 years) and long-term (4-5 years) objectives. Starting with a desired five-year outcome, I map out a plan with targeted results. I review my long-term plans annually and my short-term plans biannually, making adjustments as necessary to stay focused and goal-oriented.
Can you share an example of how you navigated a challenging situation with a team member or stakeholder?
To navigate challenging situations, I first attempt to prevent escalation. Clear expectations and boundaries are set with my team, empowering them to make decisions without fear of public criticism. If alignment is lacking, I privately address their decisions to understand their reasoning and provide additional factors for consideration. I value honesty and straightforward communication, offering public praise and private, direct feedback.
Conclusion
Douglas Lemott Jr.’s insights into leadership, strategic goal-setting, and team empowerment underscore his commitment to advancing cybersecurity and risk management. His dedication to learning and mentorship demonstrates a forward-thinking approach that continues to inspire those around him. Douglas Lemott Jr.’s leadership and vision contribute significantly to the evolving landscape of cybersecurity.
