Working in the IT or cybersecurity industry is a daunting challenge. You not only have to fight against cybercriminals but also take all the stakeholders on board. Not only will you have to convince the board members to get cybersecurity budget approval, but you also have to justify those spending in the annual report.

With hackers always looking for vulnerability in your cybersecurity infrastructure, you will have to be one step ahead of them. If that does not seem like a challenge to you then throw in toxic work culture and manipulative cybersecurity manager and it will be a completely different ball game. Thankfully, there are ways to work with manipulative managers and we will share it with you in this article.

In this article, you will learn about some indicators of a manipulative cybersecurity manager and how you can overcome it.

1.      Story Keeps on Changing

If your manager is constantly changing his statements based on the situation and telling a different story about what he or she told you last week, then it is a clear sign that they are manipulative. In order to make a point, they can completely change their stance and give you a different perspective than what they have been telling you for quite some time now. If you are not getting answers to your question, then it is another indicator. The best way is to document everything.

2.      Rapidly Changing Targets

Goals and targets do not change quickly. If they are, then there is something wrong. If your cybersecurity targets keep on moving, then it clearly shows the lack of focus and vision. Due to fluctuating goals, you will not be able to create a strategy and will never be able to achieve your targets. Sometimes, managers also use these distractions to justify their lack of progress.

Ask your cybersecurity managers and leaders to give you specific targets that align with the ultimate goal. Make sure that the targets are attainable and not ambitious ones. There should also be a deadline or a timeline which marks the end of the project. Without these elements, your cybersecurity efforts won’t bear any fruit.

3.      Blame Game

Everything was running smoothly until your business asset came under a cybersecurity attack. Your best dedicated servers and database comes under attack. Instead of taking responsibility for the slip-up, the cybersecurity manager started blaming team members. Despite being a top performer, your efforts are not recognized or rewarded. What’s even worse, you are chosen as a scapegoat to cover up for the mishandling on the manager’s part. At the end of it all, you are the one who suffers despite giving your best shot. There is nothing worse for an employee than this. It will surely leave a bad taste in your mouth.

4.      Truth in a Lie

Another characteristic of manipulative managers is that they tend to slip in a couple of truths in between dozens of lies so that they can not get caught and succeed in making their point. As a result, you will struggle to prove them wrong and argue with them. If that happens once in a blue moon, it can be tolerated but if it becomes a regular occurrence then you are better off looking for alternative jobs. There is nothing worse than working in a toxic workplace where managers are manipulative. Find a place that offers a healthier work environment and supportive managers.

5.      Lack of Trust

Cybersecurity managers never really trust their subordinates. This lack of trust leads to micromanagement. Even worse, these managers are quite reluctant to share information. They look at you as a threat instead of an asset. These types of managers are always looking over your shoulders and when they find suspicious activity, they will quickly penalize you. The best way to combat this is to build trust. Look at what other subordinates have done who have won the trust of the manager and replicate it. Soon, you will also come in the good books of your cybersecurity manager.

6.      Taking All the Credit

Arnold H Glassow summed it up brilliantly when he said, “A good leader takes a little more than his share of the blame and a little less than his share of the credit.” A bad cybersecurity manager does exactly the opposite. They always take credit for team achievements and put all the blame on team members when something goes wrong. This can demotivate team members as they think that no matter how hard they work; the credit will go to the manager. On the other hand, it will create a sense of fear as they will be blamed for a mistake that is made by others.

7.      Failure

With little to no accomplishment to justify your cybersecurity investments, bad managers will look for excuses to hide behind. It can be the poor performance of the team or lack of focus. On the flip side, a good cybersecurity manager works hard to ensure that they achieve milestones. This makes it easier for them to justify the cybersecurity spending. Moreover, they will present those milestone achievements in front of board members occasionally, which also gives board members some confidence that they have invested their money in the right place. C-suite executives want results and revenue and when you fail to produce that, you will have a hard time convincing the higher management.


Let’s sum it all up. If your team achieves its targets, manipulative managers tend to take all the credit and if the team misses the mark, they will shift the entire blame on team members. They might find excuses to cover up for them in competencies and lack of vision. Instead of showing faith in their team members, they tend to micromanage them which creates fear and demotivates them. If your cybersecurity manager has some of these characteristics, then you are planning to switch jobs.

How do you deal with a manipulative cybersecurity manager? Let us know in the comments section below.