Introduction
This essay examines the proposition that a leader can be a manager but a manager cannot be a leader, with specific reference to security practices. The discussion draws on established distinctions between leadership and management, applying them to contexts such as information security, physical security operations and crisis response. The purpose is to evaluate whether leadership qualities necessarily transcend managerial functions, particularly in environments where risk mitigation and rapid decision-making are paramount. The essay first defines the two concepts, then analyses their application within security settings, considers examples from practice, and concludes by assessing the practical implications for security professionals.
Distinguishing Leadership from Management
Leadership and management are frequently presented as overlapping yet distinct activities. Kotter (1990) argues that management focuses on planning, budgeting, organising and controlling resources to maintain order and predictability, while leadership involves setting direction, aligning people and motivating them toward change. This distinction remains influential in security studies, where managers may ensure compliance with protocols and allocate budgets for surveillance systems, yet leaders are required to inspire teams during uncertain threats such as cyber-attacks or terrorist incidents. Bennis and Nanus (1985) similarly contend that managers tend to “do things right,” whereas leaders “do the right thing.” In security practices, doing the right thing may involve questioning established procedures when novel risks emerge, an activity that exceeds routine managerial oversight.
Leadership Qualities Required in Security Practice
Security environments often demand adaptive responses that extend beyond administrative competence. During a major data breach, for instance, a security professional must not only coordinate technical teams but also communicate effectively with stakeholders and maintain public trust. These functions require vision and emotional intelligence—traits more commonly associated with leadership. Research in organisational security highlights that teams facing high-stakes incidents perform better when guided by individuals who articulate a clear strategic purpose rather than solely enforcing procedural checklists (Holt and Bossler, 2016). Consequently, the capacity to lead becomes a prerequisite for effective security management, supporting the claim that leaders may perform managerial tasks, yet the reverse is not automatically true.
Limitations of Purely Managerial Approaches in Security
A strictly managerial orientation can prove insufficient when security threats evolve rapidly. Regulatory compliance and resource allocation, while essential, do not guarantee the foresight needed to anticipate emerging risks such as ransomware variants or insider threats. In such cases, managers who lack leadership attributes may default to rigid adherence to existing policies, potentially delaying necessary innovations. The 2017 WannaCry incident illustrated how organisations that treated security as a purely administrative function experienced more severe disruption than those where leaders promoted a culture of proactive vigilance (National Audit Office, 2017). This evidence suggests that managerial functions alone cannot encompass the full scope of responsibilities encountered in contemporary security practice.
Integration of Roles within Security Organisations
Nevertheless, the boundaries between the two roles are not always absolute. Many successful security heads combine managerial responsibilities—such as implementing access-control systems—with leadership behaviours that foster team resilience and ethical awareness. Training programmes accredited by professional bodies now emphasise both technical competence and leadership development, recognising that neither element suffices in isolation (Chartered Institute of Security Professionals, 2022). Therefore, while a leader can readily assume managerial duties, the absence of leadership capacity restricts an individual’s effectiveness when security challenges require more than procedural compliance.
Conclusion
The proposition that a leader can be a manager but a manager cannot be a leader holds substantial validity within security practices. Leadership supplies the vision and adaptability required to address dynamic threats, whereas management alone may maintain stability at the expense of necessary change. Security professionals who develop both skill sets are better positioned to protect assets and respond to crises. The implication for training and recruitment is clear: organisations must prioritise leadership development alongside technical and administrative expertise if they are to meet the complex demands of modern security environments.
References
- Bennis, W.G. and Nanus, B. (1985) Leaders: The Strategies for Taking Charge. New York: Harper & Row.
- Chartered Institute of Security Professionals (2022) Professional Development Framework. London: CSP.
- Holt, T.J. and Bossler, A.M. (2016) Cybercrime in Progress: Theory and Prevention of Technology-Enabled Offenses. Abingdon: Routledge.
- Kotter, J.P. (1990) A Force for Change: How Leadership Differs from Management. New York: Free Press.
- National Audit Office (2017) Investigation: WannaCry Cyber Attack and the NHS. London: NAO.
