As business changes, so does – or so should – security. The direction of business can have significant consequences for security, both internally – in terms of influence, funding and organizational structure – and externally – in new threats, new risk, new mitigation requirements.
Are you watching business trends and thinking about how they should impact security and your strategies to mitigate risk?
Though we deal with risk everyday, there is one risk that rarely makes it into our risk management plans – a change in organizational leadership. Whether the result of an internal structural shift, an external hiring decision or a merger/acquisition, a change in leadership and reporting can signal a challenging time for security.
A security manager visiting a company manufacturing floor noticed a curtain hung around a work area. He asked if proprietary work was being done behind the curtain. “No,” he was told, “that’s just how we deal with Bill.” Bill had long, loud, demonstrative conversations with God while he worked on the floor, so they’d put up the curtain to shield the other employees from his disturbing behavior.
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?