Created by the Security Executive Council
As the new Security Leader, or an existing one with new responsibilities, how do you engage the business? To be successful, seek the responsibility and authority to align security with the vision and mission of the business. Security leaders at any level should look for opportunities to be both creative and productive for the business. The following are some thoughts on how to approach this.
Get to Know the Organization's Leaders
Meet with business leaders at all levels. Focus on their business challenges (not security challenges) and aim to do this at least every 18-24 months.
- Why do this?It keeps security visible and in sync with business leaders and their operations. It shows you want to understand their business operations and needs. Face time and short conversations about their issues builds rapport.
- What is the benefit? Other business leaders will appreciate that you have gone out of your way to really understand their world and will have greater respect for you and your team. It will give you a sense of how open they are, or are not, in supporting your security plans.
Tip: Ask them to breakfast, lunch or dinner and learn about families, sports and their other interests - it'll pay dividends down the road.
Creating Your Roadmap
You are in the company primarily to do three things: make it safer, make it more secure, and make it more profitable.
- Why do this? Business leaders get the safer and more secure mission. But you need to demonstrate your enthusiasm ("marketing yourself") by learning the business and sharing how a smart security can improve profitability.
- What is the benefit? Their attention and engagement. Yes, they need to be open to your vision, but it is key that you communicate to them in business terms that they relate to. This requires your leadership in developing trusting relationships with the executive team.
Tip: Engage Audit/Finance, Business Development (e.g., mergers and acquisitions), Human Resources, Information Technology, Facilities Management, Ethics/Compliance, Health/Safety, and all business segments. Why? Because they all lead to the C-Suite!
Understand the Business and its Infrastructure
Understand how the business is run and how it measures success. Learning the scope of its operations and product lines and speed of operation can be daunting. Often security is not included in these activities. Find ways to break this barrier.
- Why do this? Creating good relationships coupled with an understanding of the businesses' operational goals helps you to align security programs and services to business needs.
- What is the benefit? Being proactive helps you to stay ahead of many other issues, such as pending union contracts, workforce reductions, and potential mergers or acquisitions.
Tip: Aim for understanding potential security issues and you will never be surprised. Then be committed to continually tweaking those improvements as you and your team move forward.
Learn the Business' Culture Before Making Early Recommendations
Learning a business' culture is essential before making substantive recommendations.
- Why do this? Knowing the business' culture regarding security is essential to avoiding mistakes of the past. What has been tried before? Is security insourced or outsourced, and what has been successful? What did not meet the business' needs? Do others in the business have ongoing security activities such as background checks, ethics, audit/financial, or other investigations perhaps even done by outside contractors? Often these security activities happening in other business units are unknown by senior management. Are the functions doing them cooperatively or do they assume this is their "territory?"
- What is the benefit? Visibility and clarity regarding who is doing what and why across the enterprise. As a senior security leader, you must become aware of activities that have a direct nexus to your security mission.
Tip: Know who is doing any type of investigation in your company. Often those doing investigations do not have the appropriate credentials, and this could result in mistakes that can cost the business resources and in some cases reputation.
Your initial assessment needs to be unbiased. Seek recognized mentors outside your function or company. Seek those that have "been there and done that" in both business and security. Recruit security team members who are lifelong learners focused on being business partners and who can relate to executives' issues as well as contract workers.
- Why do this? Avoid coming into the company with a preconceived plan or a template on how to improve security in their business. Every business is unique, and your job is to tailor security initiatives to those needs.
- What is the benefit? It opens a dialogue. Each business has its own distinctive security needs, and your job is to adapt smart security solutions to meet those needs.
Tip: Engage with your business leaders and ask to join them at executive business meetings to learn both day-to-day and longer-term business issues and plans.
No matter how much experience you have, it will pay enormous dividends to bring in someone who has "been there and done that" to offer perspective when starting on a new leadership position. Just having someone to discuss or review plans with can help make sure you get off on the right foot.