Study: Identifying High-Performance Security Professionals Using a Competency Model
Permission to publish study on SecurityMagazine.com granted by Jerry Brennan of Security Management Resources (SMR) Group.
Tens of thousands of studies have strived to define high performance in a variety of roles, in a variety of organizations.
Partnering with Security Management Resources, we at Premier Profiling recently wanted to know what marks star performance for a chief security officer (CSO). We thus conducted our own study to determine those specific qualities—or competencies—by surveying the CSOs of several Fortune 500 firms.
Our results indicate that an outstanding CSO excels in the areas of strategic skills, organizational positioning, and personal/interpersonal skills (see the appendix). We can now use the particular competencies within these general areas to create a competency model to help organizations identify, recruit, and manage stellar security professionals.
Let’s take a look at what competencies are, in this context, and how an invaluable performance model is built using them.
Many Models, Similar Results
Over the last several decades, research has zeroed in on identifying the competencies that make up high-level performance on the job. A competency in this context is defined as “a measurable characteristic of a person that is related to success at work. It may be a behavioral skill, a technical skill, an attribute (such as intelligence), or an attitude (such as optimism)” (Lombardo & Eichinger, 2008, p. 5). A few famous examples will serve to remind us how significant it is to an organization’s success to identify and measure a role’s critical competencies.
After World War II, W. Edwards Deming was one of the first management consultants, as we would call him today, who cast a keen eye on workplace behaviors to improve individual performance, enhance quality, and lower costs. His work in the 1950s is credited with Japan’s tremendous postwar economic recovery as well as the subsequent global phenomenon called Total Quality Management (see Deming, 1986). Thirty years after Deming’s work, Tom Peters and Robert Waterman (1982) came out with In Search of Excellence, which cited such competencies as a centralized value set, a focus on the customer, and fast decision making as those describing the managers of the highly successful organizations they studied. And more recently, Jim Collins (2001) has detailed at length what distinguishes “great” organizations from merely good ones.
Interestingly enough, the results shared in these well-known works as well as those of thousands of other studies addressing the same topic—high-level performance on the job—are very much the same across functions, industries, and even continents. That is, the characteristics that define star performance are strikingly similar whether the executives are, for example, general managers, financial professionals, military officers, salespeople, or, in the case of our own recent research, security executives.
Moreover, these skills have remained constant over time; that is, the core qualities of top performance in a work role—such as learning quickly and tolerating ambiguity—have changed very little even in an era of increasing technological development. Development Dimensions Inc. (DDI), for example, has used the same 70 competencies to describe all the roles it assesses around the world. Similarly, Hay-McBer employs a model of just 20 competencies centered on emotional intelligence (Goleman, 2000), describing stellar performance in a wide variety of contexts: entrepreneurial, technical, professional, managerial, and sales, in industry, government, education, health care, and more.
Make no mistake: Each of these types of jobs do have some unique aspects, but those are mostly related to the technical knowledge necessary for that role. The behavioral and attitudinal skills it takes to do a job exceptionally well, however, are mostly consistent across roles. Perseverance, for example, means “not giving up” whether you are a chief security officer or a computer programmer. Listening means “listening” whether the role is in Chicago or Singapore. Using a couple of our famous examples again, we see that both Deming in the 1950s and Peters and Waterman in the 1980s cited customer involvement as one of the competencies marking success, in the disparate industries and locations of Sony in Tokyo (Deming) and Disney in Los Angeles (Peters and Waterman).
With the qualities of high performance turning out to be very similar across roles, industries, and locations, what becomes most important is to simply pick a sound competency model and then use it in your organization—in hiring, onboarding, promoting, and reviewing and managing your team’s work.
Survey Says: Core Competencies of a Star CSO
For Premier Profiling’s survey with the Security Management Resources in July, we employed Lominger Leadership Architecture, a model that defines 67 competencies. These competencies have been researched and validated over decades of study as the core qualities that characterize successful performance at work no matter the role, industry, or geographic location.
Defining in full all 67 competencies, we asked senior executives at 39 firms to review all 67 and then pinpoint the top 20 that they believe most precisely define exceptional performance in security and risk management. Listed here in order from most to least cited are those critical competencies (21 are included due to a tie):
- Ethics and values
- Business acumen
- Integrity and trust
- Comfort around higher management
- Strategic agility
- Written communications
- Customer focus
- Decision quality
- Dealing with ambiguity
- Organizational agility
- Building effective teams
- Managing vision and purpose
- Presentation skills
- Managerial courage
- Motivating others
- Problem solving
- Interpersonal savvy
- Political savvy
- Developing direct reports and others
A few comments are in order. First, perhaps not surprising is that two of the top three competencies relate to integrity and ethics. After all, security is by definition a highly sensitive sector that demands discretion and trustworthiness at all times, in all roles. It takes just one security breach to create a global PR nightmare for an organization today.
Also striking to us among these core security competencies is the importance of interpersonal effectiveness—at various levels, with different groups, and internally and externally: bosses, direct reports, and customers/clients. Communication skills—both written and oral—are critical in these contexts, as are strong listening skills and composure, a key factor of emotional intelligence. Time and time again, we find in our assessment work across sectors and functions that these “soft” skills are the ones that are going to make or break an executive’s career.
Finally, some perpetual hallmarks of sound management also appear prominently in this list, such as comfort with ambiguity, managerial courage, and organizational agility. Top CSOs today must operate smoothly in a fast-changing and unpredictable environment. They must also be able to both recognize a trouble spot and then make the often tough (and unpopular) decisions to resolve it, quickly and decisively.
Now What? Using the Survey Results to Build Your A Team
Knowledge is power, the saying goes—but only if you actually put that knowledge into action. Now that you know what the top competencies are for a superb security executive, what can you do?
For starters, you can evaluate the security team you have in place now to determine how they measure up against these qualities. Then you can create training and performance reviews to specifically address any areas for development.
When it comes time to bring on a new team member, fold these survey results into your hiring process. For example, craft a position description that clearly defines at least some of these top 20 competencies that you believe are most critical for your unique organization. When you’re meeting candidates, inject behavioral interview questions that will help you uncover the existence (or not) of those core competencies.
Hiring star players and developing high-level teams is tough work, but using a clearly defined competency model, like the one briefly described here, takes the guesswork out of it. Once you select a model and tweak it a bit to customize it for a specific role, you can leverage it in endless ways to help you attract and hire only the best security professionals, identify high-potential members of your team for leadership development (which leads to increased retention), and promote the most deserving executives. Consider starting the process by using our survey results to dramatically lower your risk of a bad hire, assure a smooth transition, and, ultimately, help you build your own high-performing team of security professionals.
Collins, Jim. (2001). Good to Great: Why Some Companies Make the Leap . . . and Others Don’t. New York: HarperBusiness.
Deming, W. Edwards. (1986). Out of the Crisis. Cambridge, MA: MIT Press.
Goleman, Daniel. (2000). Working with Emotional Intelligence. New York: Bantam Books.
Lombardo, Michael M., & Robert W. Eichinger. (2008). The Leadership Machine: Architecture to Develop Leaders for Any Future. Los Angeles: Lominger International.
Peters, Thomas J., and Robert H. Waterman Jr. (1982). In Search of Excellence: Lessons from America’s Best-Run Companies. New York: HarperCollins.
Appendix: Essential Competencies for Top Security Executives
Personal & Interpersonal
Building Effective Teams
Creates strong morale and sprit; shares wins and successes; fosters open dialogue; lets people finish and be responsible for their work; defines success in terms of the whole team; creates a feeling of belonging.
Communicates a compelling, inspired vision or sense of core purpose; talks beyond today about possibilities; optimistic; creates mileposts and symbols to rally support behind a visions; makes the vision shareable by everyone; can inspire and motivate entire units or organizations.
Creates a climate in which people want to do their best; can motivate many kinds of direct reports and team or project members; can assess each person’s hot button and use it to get the best out of him/her; pushes tasks and decisions down; empowers others; invites input from each person and shares ownership and visibility; makes each person feel his/her work is important; is someone people like working for and with.
Acting with Honor & Character
Ethics & Values
Adheres to an appropriate (for the setting) and effective set of core values and beliefs during both good and bad times; acts in line with those values (practices what he/she preaches); rewards the right values and disapproves of others.
Integrity & Trust
Is widely trusted; seen as a direct, truthful person; can present the unvarnished truth in an appropriate and helpful manner; keeps confidences; admits mistakes; doesn’t misrepresent him/herself for personal gain.
Being Open & Receptive
Is cool under pressure; not defensive or irritates during tough times; is considered mature, counted on to hold it together; a settling influence during crisis; not knocked off balance by the unexpected; doesn’t show frustration when diverted or blocked.
Being Organizationally Savvy
Knowledgeable about how organizations work; knows how to get things done both through formal channels and the informal network; understands the origins and reasoning behind key policies, practices, and procedures; understands the cultures of organizations.
Writes clearly and succinctly in a variety of settings and styles; can get the message across for the desired effect.
Making Complex Decisions
Creating New & Different Solutions
© 2011, 2012 Security Management Resources, Inc., and Antigua Partners, Inc. (Cage Talent and Premier Profiling).