The Greatest Management Principle: What Gets Rewarded Gets Done

March 3, 2025 -

The Greatest Management Principle in the World: What Gets Rewarded Gets Done

Michael LeBoeuf’s The Greatest Management Principle in the World (GMP) presents a deceptively simple yet powerful idea: “What gets rewarded gets done.” This core principle states that the behaviors and work that receive positive reinforcement are the ones employees will prioritize.

This aligns closely with a quote frequently attributed to Peter Drucker: “What gets measured gets managed.” Both perspectives highlight how incentives, tracking, and feedback loops shape behavior in organizations.

Key Takeaways from The Greatest Management Principle

  1. Rewards Drive Behavior – Employees focus on activities that lead to tangible benefits, whether it’s financial compensation, recognition, or career advancement.
  2. Measure and Reinforce the Right Outcomes – If you reward effort over results, you get effort without effectiveness. If you measure speed but ignore quality, quality suffers.
  3. Unintended Consequences of Misaligned Incentives – Many organizations unintentionally encourage the wrong behaviors by rewarding short-term gains over long-term success.
  4. Leadership is About Setting the Right Incentives – Leaders must create a system where desired behaviors naturally lead to rewards.

How Drucker’s Quote Relates

Peter Drucker’s quote, “What gets measured gets managed,” complements LeBoeuf’s principle by emphasizing the importance of tracking performance. Without measurement, there’s no accountability or structured feedback, making it difficult to align rewards with the right outcomes. However, merely measuring something doesn’t guarantee improvement—it must be paired with meaningful incentives.

Real-World Applications in Security Engineering Leadership

For security engineering leaders, applying this principle effectively can mean the difference between a secure, proactive organization and one that only reacts to incidents. Below are key ways to use LeBoeuf’s insights in cybersecurity leadership.

1. Reward Secure Coding Practices

The Problem: Developers are often incentivized to deliver features quickly, leading to security shortcuts. The Fix: Implement a reward system where secure coding is a priority. Example approaches include:

  • Recognizing developers who write secure, well-documented code.
  • Tying performance bonuses to security metrics (e.g., fewer vulnerabilities in code reviews).
  • Providing career advancement opportunities for those who invest in security skills.

2. Measure and Reward Incident Prevention, Not Just Response

The Problem: Many organizations glorify “firefighting” security teams who respond to breaches but fail to reward those preventing issues in the first place. The Fix:

  • Recognize and celebrate teams that prevent incidents (e.g., reducing misconfigurations, improving threat modeling).
  • Implement KPIs focused on proactive security, such as a decrease in high-risk vulnerabilities.

3. Align Compliance and Security with Business Goals

The Problem: Security teams often focus on meeting compliance checkboxes rather than driving real security improvements. The Fix:

  • Reward security professionals who integrate security seamlessly into business processes.
  • Measure security’s impact on uptime, reliability, and customer trust rather than just audit pass rates.

Common Questions About the GMP Principle

1. How do I ensure my team is motivated by the right rewards?

Tailor rewards to what actually matters to employees. While financial incentives work for some, others may value public recognition, career growth, or opportunities to work on innovative projects.

2. Can this principle backfire?

Yes. If you reward speed over security in software development, you’ll get fast but vulnerable code. The key is to align incentives with long-term business success.

3. How does this apply to small security teams?

Even small teams can implement this principle. Simple changes, such as celebrating secure deployments in team meetings or offering security training incentives, reinforce good behaviors.

Conclusion: Measure What Matters, Reward the Right Actions

LeBoeuf’s The Greatest Management Principle in the World provides a blueprint for effective leadership: reward the behaviors you want to see. Security leaders can apply this by measuring and incentivizing secure coding, proactive defense, and alignment with business goals. By combining this with Drucker’s emphasis on measurement, organizations can create a culture where security isn’t just enforced—it’s ingrained in how teams operate.