Security Leadership and Management

Running Security Like a Business

The next generation of security leaders will be challenged in ways previous generations have not. They will be asked to manage and monitor more risks and to identify and address new risks, including those created by drastic shifts in business operation and philosophy. They will have to do this more quickly, with fewer resources in many cases, and they will be expected to think and strategize at a board of director’s level. 

Last month we addressed the importance of aligning security with the business. The security leader who prioritizes alignment will have built a strong foundation from which to meet the coming challenges of risk management. However, alignment is sometimes a significant challenge. It often requires current and rising security leaders to run security like a business, which includes knowing your business and its level of readiness for your strategies; communicating with and influencing internal customers; demonstrating how and where security resources are being used; and adding value to the organization.  

First, if the security function hopes to align itself with the business’ needs and goals, the organization, the security leader and the security programs must all share the same level of “readiness.” For example, the leader may be extremely mature, with years of experience and a long list of successes at other organizations, but if the organization is not ready for visionary security leadership – or not interested in it – then the leader may have to adjust in order to meet the company’s needs. Or if the organization is prepared to shift from a compliance-focused security strategy to a proactive, growth-focused strategy, but the existing security programs are all built and measured around compliance concerns, a major shift in programs will be in order to match the readiness level of the organization.

A company’s readiness may be impacted by many factors, including budget, senior leadership and culture. To align with the readiness level of their organizations, security leaders must understand their own leadership maturity as well as the company’s risk appetite, management’s awareness level and the drivers of security programs.

Running security like a business also requires communication and influence. A research report released by the Security Executive Council last year, “The Nine Practices of the Successful Security Leader,” identified commonalities among many highly successful individuals in their Tier 1 Security Leader community. (The report is available for download at “The findings in this report show that much of success revolves around communication and receptiveness,” says Kathleen Kotwica, EVP and Chief Knowledge Strategist for the Security Executive Council. “Each of our findings reflects how security or the security leader is perceived by other business leaders, management and employees based on how the security leader presents risk and, to a great extent, him- or herself.”

In many organizations, security can also enhance alignment by helping improve the bottom line, either by reducing loss or building profit. In a business sense, risk management is not only about transferring or mitigating potentially negative risk; it is about identifying risk that may provide opportunities for growth or profit. While security has traditionally been expected to focus on mitigation, the global economic recession has caused many businesses to push all organizational functions – security included – to identify ways in which they can add value.

To align, therefore, security must extend beyond consequence protection. In order to enable this shift, security leaders will need to show a certain level of business acumen. They will need to be able to find the money by identifying opportunities in existing programs as well as potential value-adding partnerships with other functions. “The ability to promote transaction integrity – asset transfers, data, hiring, purchasing, sales and supply chain – through anomaly detection and mitigation will optimally pay for compliance programming and optimize the business,” explains Francis D’Addario, emeritus faculty for Strategic Influence and Innovation for the Security Executive Council and former vice president of Partner and Asset Protection for Starbucks Coffee. D’Addario has a solid record of business-focused security success. “Injury, loss reduction, and revenue enhancement often yield more than 250 percent ROI with capable protection investment,” he says.

The Council’s Next Generation Security Leader Development Program is offering courses on each of these topics. Next month we will touch on some of the aspects of risk that the next generation of leaders will need to be aware of to reach the height of success.   

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Marleah Blades

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.