3 Steps for Managing Scope Creep in Security Operations

While the specific day-to-day tasks for a Global Security Operations Center (GSOC) may vary from organization to organization, there are typical, core functions that are universally familiar, be it crisis management, travel security or executive protection. Responsibility for the safety, security and well-being of an organization, its assets, people and reputation has widespread institutional impact. With so many eyes on the security team, there is often a delicate balance between ensuring all needs are covered and getting pulled into every issue that arises, even if it falls outside the department’s defined area of responsibility. Security teams must remain focused, or risk giving in to scope creep and being taken off-task.

A baseline process for managing scope creep can be broken down into three steps: start with a plan, support the mission and show your value.

1. Start with a Plan

Leading a team of security professionals requires proper planning, and the more specific the better. It starts with defining a set of core values that guides the team and ensures strategic alignment. Clearly laying out areas of responsibility for the department and its role within the context of the larger organization helps evaluate what lies within and outside of the security job function. Drafting a roadmap that classifies short-, medium- and long-term goals and triages potential issues reduces the tendency to take on additional missions.

Defining this process with and communicating it to internal stakeholders is invaluable for keeping the security team on track. For example, when it comes to travel, some may view the role of security operations as taking action on every global event. However, things like a lost laptop or a fully booked hotel when travelling abroad – while disconcerting for the affected individual – may not meet the threshold of requiring a security versus administrative response on the triage scale, and need to be reassigned elsewhere. In instances like these, delineating the services security operations provides and setting clear expectations avoids misunderstandings and disappointment.

2. Support the Mission

With a plan in place, the focus shifts to identifying the types of tools best suited to supporting the security operation. As technology evolves there are myriad options available, ranging in complexity from video surveillance cameras to artificial intelligence, and it may be tempting to over-purchase and focus solely on the technology. But it is necessary to conduct a thorough evaluation of all available tools to ensure they align strategically with the needs of the department and organization. A proper tech stack works best as an enabler, utilized in support of the core functions and processes the security team has mapped out in advance.

In addition to technology, identifying the staff needs of a security department assures it functions most effectively. Simple headcount numbers are not the only factor to consider. Building a successful security operations team hinges on assembling a group of individuals based on their specific skill sets and how they can collectively best deliver on the predetermined strategy. The needs of the organization drive the composition and organization of the department. For example, graduate-level analysts play a very different role than personnel monitoring security video screens and access control alarms. Being fully and appropriately staffed and supported with technology keeps the security operations team focused on its strategic plan and avoids potential scope creep.

3. Show Your Worth

Security is not typically considered a revenue-generating function. Yet, there is a need to report on the positive return on investment (ROI) a properly run security operation provides an organization. Uncovering hard metrics indicating impact on the bottom line demonstrates the value of the security team and can help build partnerships to create value instead of presenting an area where other groups can try to pile on out-of-scope work. It sets a clear expectation of the quantitative and qualitative value that an sophisticated security organization can provide along with clear metrics to measure and report success.

ROI, along with cost avoidance and risk mitigation savings, can be difficult metrics to verify. But many security teams are increasingly reviewing outside research and partnering with internal financial departments to help the organization create scalable models for demonstrating business value. For example, identifying the cost associated with issues like weather disruptions or workplace violence and matching that up against incidents mitigated by the security team provides actual figures that can be shared broadly. Communicating this information internally builds an environment of partnership and collaboration.

Scope creep is a real risk for security operations departments. But establishing a plan and critical processes at the outset, assembling a supportive staff and tech stack, and creating and reporting metrics that prove the value of the department to the greater organization keeps the department focused on its core value – minimizing the impact of potentially damaging incidents.

Dillon Twombly manages corporate security engagements for Dataminr, a leader in real-time information discovery that transforms the public Twitter stream into actionable alerts about breaking news, real-world events, off-the-radar content and emerging trends, ahead of traditional sources.

Dillon Twombly is Senior Vice President of Corporate Sales at Dataminr, a real-time event notification and social media analytics platform. Dillon was previously Assistant Vice President for Strategy and Planning at MetLife where he helped to build a new Global Corporate Security group across 46 countries. Prior to joining MetLife he worked at a political risk boutique where he helped global multinational corporations and major financial services firms understand and mitigate political and security risks around major transactions. Prior to joining the private sector Dillon served as an Operations Officer with the Central Intelligence Agency where he completed three field tours, including Afghanistan, and focused on counterterrorism. Dillon also has worked as an Analyst at the Office of Naval Intelligence and as an Investment Banking Summer Associate at Houlihan Lokey's Aerospace and Defense Group. Dillon is a Term Member at the Council on Foreign Relations and a founding member of the Ambassador Council at the International Crisis Group. He holds a BA in History from Trinity College in Connecticut, and an MBA in Finance from the University of North Carolina and speaks Turkish.

Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Push-to-Talk over Cellular (PoC) is today’s Nextel radio network with nationwide voice, text, and video calling that can be quickly deployed with no infrastructure costs.