Security professionals who look to advance their careers will often present their past successes as an indicator of achievement of equivalent results with a new organization. The measurement of knowledge together with how one shows characteristics and competencies does have merit. However, it also assumes that the problems and risks faced previously will be the same in the future.
Historical knowledge and analysis are definite benefits if they are adaptable. The underlying factors that influence future security risks are far more complex. Security practitioners will need an understanding of the internal and external cognitive risks facing organizations.
The five key areas of risk facing all organizations are typically Compliance, Operational, Strategic, Financial and Reputational. Many security leaders build their programs’ efforts surrounding response in aiding their organization’s operating units in minimizing these. These areas do need to be recognized and addressed. However, as we consider the changing role of security’s support of their internal customers, the predictive analysis of human behavior driven by societal and technological factors increasingly needs to be factored into prevention and awareness efforts.
This can be viewed as cognitive security risk, the underpinnings of which are driven by the human element. To effectively address it will require a multi-disciplined approach. This includes active solicitation of cross functional cooperation and implementation of active defenses resulting from predictive analysis of intelligence.
The criticality of initiative-taking anticipation of the security risks facing an organization’s operations and people associated with the impact of cognitive beliefs, decisions, critical thinking skills and later behaviors can negatively affect an organization across all functional areas. It is a growing significant factor to the ability to continually evaluate around resiliency and insider threat program efforts.
A sampling readily seen across the globe includes:
- Disinformation campaigns that are intended to threaten the sense of security of a large number of individuals.
- Significant increases in individual willingness to communicate threats of violence publicly when there is no personal threat to their own wellbeing.
- Willingness of individuals and organizations to fabricate information and facts for financial and/or emotional gain.
- Approaching success as a zero-sum effort and engage in a “win at any cost” philosophy while treating collaboration as a weakness.
- Justifying illegal and/or erratic actions by blaming others as a psychological defense mechanism.
- Increasing number of individuals seeking out affiliations to any number of radical groups supporting and engaging in violence against any group, person, or organizations they perceive to be against their beliefs.
- Acceptance of sociopathic and narcissistic behaviors as normal, provided the individual or group supports one or more of the individual’s strongly held viewpoints.
On the surface, this may not appear to be a concern unless your organization is noticeably targeted. It is easy to wait and see if something happens and respond. However, given the large cross-section of the population who embrace these behaviors, it seems unrealistic that you would count none as part of your employee, supplier or customer population.
Given the evolution of risk, when you present your successes to a future employer, will you describe the traditional, benchmarked programs you developed to various risks? Or will you articulate how your program predicted and proactively built coalitions and relations to get out ahead of future security-related risks? Clearly the latter will be critical to alignment of your career for future success.