As the CEO of GMR Security Consulting Group, Mary Gates spearheads the group’s strategic direction, bringing to the table 25 years of experience with JPMorgan Chase & Co. and more than 40 years total. With leadership experience in investigations, physical security and enterprise risk, Gates approaches security with “a focus on protecting people and aligning our work to broader business priorities.”

“Security should make organizations stronger, not more complicated,” Gates asserts. “I believe it needs to be practical, grounded in risk mitigation, and tailored to each client’s environment. When done right, security becomes a business enabler, something that supports resilience, builds confidence, and helps organizations navigate an increasingly complex threat landscape.”

After a successful career at JP Morgan Chase & Co., where Gates rose to the title of Executive Director, Global Security & Investigations, Gates retired. At least, that’s what she thought.

“As the cultural and geopolitical landscape shifted, I started hearing from friends, former colleagues and industry peers who encouraged me to share my experience and knowledge more broadly,” she reflects. “Consulting wasn’t something I had considered, but as I reconnected with old contacts and built new relationships, I realized there was a real need for independent, focused guidance without the pressures of selling products like alarms, cameras, or security guarding personnel.”

Her experience as a security executive served her well in consultancy.

“Having spent decades in the practitioner’s seat, I knew the value of cutting through the noise to address the heart of a security challenge clearly and objectively,” Gates explains. “Being able to do that, free from sales pressures, felt both meaningful and necessary. It gave me a way to support organizations in making practical, strategic decisions while bringing my experience directly to where it could have the most impact.”

Having spent decades in the practitioner’s seat, I knew the value of cutting through the noise to address the heart of a security challenge clearly and objectively.

5 Skills That Elevate Careers in Security

When asked to highlight five skills that boosted her career, Gates chose:

• Risk management
• Crisis leadership/incident response
• Communication/influence
• Business and cross-functional alignment
• Leadership/management

“In my opinion, these five skills matter most because they directly determine whether security actually reduces risk, supports the business and works in real life, not just on paper,” Gates asserts.

1. Strategic Risk Management

Why this matters: “Focusing resources on the threats that matter most allows security to protect revenue, reputation and operations while enabling growth. When risk is approached strategically, security becomes a business enabler rather than a blocker. Without it, organizations either overspend on low-impact controls or miss high-impact risks, leaving critical vulnerabilities unaddressed.”

2. Crisis Leadership and Incident Response

Why this matters: “How a security leader responds during a crisis often defines the organization’s resilience. Strong crisis leadership ensures plans are practiced, decisions are made under pressure, and recovery is coordinated so operations resume quickly with minimal impact. Lacking this skill can turn even a moderate incident into prolonged disruption, legal exposure and reputational harm.”

3. Communication and Influence

Why this matters: “Security rarely operates in isolation. Translating complex risks into clear, business-aligned narratives is essential to gain executive support, secure budgets, and drive adoption across the organization. Even the best technical strategies fail if others don’t understand, believe in or act on them.”

4. Business and Cross-Functional Alignment

Why this matters: “Security touches IT, HR, operations, legal and more. Understanding how the organization functions allow leaders to embed controls that protect key assets while supporting productivity, compliance and customer experience. Without alignment, security risks being perceived as obstructionist, leading to workarounds and weaker protection overall.”

5. Team Leadership and People Management

Why this matters: “The strength of a security program depends on the people executing it. Hiring, developing, and guiding a capable team builds a culture of accountability and learning, maintaining strong performance as threats evolve. Poor leadership, on the other hand, creates burnout, turnover and gaps that can compromise even the best strategies.”

Demanding Yet Rewarding

“Consulting is challenging but essential work,” Gates concludes. “Clients don’t just ask, ‘What’s the risk?’ They want to know which risks will truly affect business continuity, leadership confidence, and organizational resilience, why those risks matter now, and how to plan effectively for the next six to twelve to eighteen months. Being able to answer those questions thoughtfully is what makes our work meaningful and impactful.