Q: You’ve worked with a lot of different security leaders. What are some of the ways you’ve seen security leaders make better decisions?
A: Security leaders are busy people and often don’t have the luxury to spend a lot of time reasoning through problems or issues. Many rely on their previous experiences to make decisions or advise “from the hip,” which is an insular approach. Some of our most successful leaders use other methods that bolster the likelihood of making well-rounded decisions.
Keep up to date on current or emerging trends that may impact security. Do you monitor or conduct research for new information that could impact your business or risk position? Any professional who has been in one industry or company for a long time, or who doesn’t have the benefit of much peer networking or feedback, may be in danger of developing a myopic view of their own field. Keeping up with trends and possibilities will help you see around corners and make more informed decisions.
Go beyond your internal customers’ expectations. Think beyond mitigation basics. Your customers may ask for A, B, and C, but from your unique vantage point as the corporate security and risk expert, you can also let them know about the potential risks of X, Y and Z. Move beyond conventional ideas and previous incidents to make sure that your risk management and business decisions are considering
all relevant information, and share this with business leaders so
they can make informed decisions.
Be an objective editor of your decisions. Understand that there are biases in decision making. For example, be mindful of cognitive bias—selecting solutions that confirm your existing beliefs. We all do it. But try to train yourself to go beyond your own world of beliefs. Recognize that your own assumptions and biases work against good decision making. Do you look at the big picture in all your decisions, objectively considering all sides of every issue?
Use your discovery skills to their utmost. When you perform risk and threat assessments, you research the geographical area, the political and social atmosphere, historical incidents, etc. Do you focus only on lagging indicators to see what has happened before, or do you extend your skills of discovery to look at data that could represent a leading indicator of emerging risks?
Use data and an analytical approach to help direct decisions. While intuition can be right at times, an analytical approach to problems is a more reliable method. Because of the rising complexity of risk, much of security now and moving forward will touch on data analysis – synthesizing information, recognizing patterns in unordered data, and drawing conclusions based on that analysis. Decisions made from questionable data, insufficient information, opinions or corporate history or norms can backfire. Break down complex problems into smaller parts to find solutions. Many small wins can build up to the “ah-ha” moment.
Know your sources. Are you certain you use only research-based or fact-based data to make your decisions, and do you ensure that multiple reliable sources of information corroborate one another before you use them?
At the end of the day, very few of us are experts in decision making. That’s just part of being human. But the decisions that security leaders and their teams make can have lifechanging consequences. All security leaders would do well to consider these suggestions to enable themselves to make the best choices for their organizations and the people they protect.
Answer provided by Kathleen Kotwica, PhD, EVP and Chief Knowledge Strategist for the Security Executive Council and Principal Analyst, Security Leadership Research Institute (SLRI).
Download a PDF of this page here:
