Last month we talked about the knowledge transfer gap that exists in the security profession. We posited that the best of the best of security practitioners don’t have the time to teach their successors how to become future-oriented, business-aligned organizational influencers, and that the business-focused training programs available for security professionals do a great job of talking business, but they fail to marry business processes with the job of risk mitigation.
So what is our industry to do? If we can’t address this gap, the practice of security can never move forward. Without the right training in place, every time a visionary security leader retires, his or her replacement has to start anew instead of building from the level of his predecessor.
Successful security executives are not going to be able to individually mentor every security and risk practitioner who wants to learn their secrets. We need a new breed of training program that can pass this knowledge along. We believe there are seven criteria this new type of training must meet.
1. It has to have the right teachers.Business professionals do an expert job of teaching business theory and practice, but a course cannot adequately address how risk mitigation should work within the business unless it offers equal instruction from individuals with personal experience in the security and risk fields. Our industry needs a program that is taught by business and security professionals, not business or security professionals.
2. It has to be developed with input from practitioners.It’s true that sometimes we don’t know what we don’t know. But many security practitioners are very clear on the type of knowledge they need and the type of training they’re not finding. An effective program will solicit input from the people on the front lines to inform the curriculum.
3. It has to cover the subjects Next Generation Leaders must master.As we explained in our last column, Next Generation Leaders are those rare individuals, working at an industry or national level, who are future oriented, who work across many domains, who are aligned with the business and who are influencers in their organizations. While input from practitioners is one important aspect of curriculum development, it’s also crucial that this new breed of program offer a curriculum that is built from a distinct and intimate understanding of the skills, characteristics and processes that help make our most successful colleagues so successful.
4. It has to begin by assessing each participant’s leadership development and needs.A course can’t teach you how to move forward if neither you nor the instructors know where you are now. In last month’s column we described seven personas into which most security leaders generally fall. An effective course curriculum will begin by asking participants to think about and try to understand where they are in their organization, in their career path and in their leadership development so that they can better understand what they need to learn.
5. It has to guarantee that it will provide actionable information. It’s great to know how to talk the business talk. Now what are you supposed to do with that? That’s the problem many existing programs have. A program that truly and effectively teaches “the business of security” will be one that gives participants tangible take-aways they can immediately begin to use in their organizations.
6. It has to allow participants to continue to connect after the coursework is over.Schoolteachers joke (some more seriously than others) that their participants always come back from summer vacation having forgotten everything they learned the year before. Once a class is over, it can be easy to go back to the grind and forget what you’ve been taught. An effective program will offer ways for participants to stay connected to the coursework after it’s over by continuing to communicate with instructors or fellow participants.
7. It has to be affordable.The tuition for business school offerings can run into the tens of thousands, and in this economy even profitable multinational companies are balking at those prices. If a new training program is going to change our industry, it has to reach a lot of people, and the only way to do that is to make the program extremely affordable.
At the Security Executive Council, we want to see our industry transformed. We want to see a program that offers everything we’ve described here, because we think this type of training could help to elevate security to an executive concern across the board.
What do you think? What kind of training do you need to become a Next Generation Leader? What subjects or skills are unaddressed in currently available security and business training programs? We want to hear from you. E-mail us at firstname.lastname@example.org.