Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsManagementLeadership & ManagementSecurity Leadership and Management

How Would You Define Security’s Role?

By Brian Allen
SEC0119-leadership-Feat-slide1_900px
SEC0119-leadership-slide2_900px
SEC0119-leadership-Feat-slide1_900px
SEC0119-leadership-slide2_900px
January 1, 2019

This question came up during the Security 500 Conference last November, and it is still sticking with me. I don’t think you’ll find an easy or consistent answer. Often the answer to that question is “to protect people, property, information, reputation, etc.” But is that really the answer to what the role is? If that were the answer, then making all the decisions on how much to budget, what tools and resources would be needed, and how quickly they would need to be implemented to protect those assets would be security’s decision. Many conversations with my peers about security’s lack of resources would indicate to me that this isn’t the case.

 So, if we don’t have the ability to make these decisions, what then is the role of security? Let me first propose that this is fundamentally a critical question and, as a CSO, I personally struggled with this for a long time. Knowing your role is important because it brings purpose to daily activities, it develops a working philosophy, drives strategy, and it may change how we perceive our own value for career satisfaction purposes. That’s true for not just security leaders, but anyone in the industry, at any level.

Often when that question comes up, the answer is that the role is “to manage security risks.” I think this gets us a bit closer. If that’s the answer, then using general risk management practices (such as ISO’s 3100 International Standard on Risk Management) as guidance, we would be delivering proper governance structures with clearly aligned roles and responsibilities, understanding asset prioritization, aligning and capturing risks to risk registers, and fleshed out a security risk tolerance level throughout the company that would drive security reporting.

I don’t really think the question of what security’s role is a complicated one. I do think that because our industry – at every level – cannot answer this question with consistency and back it up by consistent practice, it makes it hard for our industry to advance in stature. When we are not clear in our answer or practice, we’ll continue to struggle to get a seat at the table, get promotions, obtain deserved pay raises, align with the business, or demand the respect of being strategic thinkers.

Let’s use this as food for thought. Even if you are a young professional in this industry…what is your role? What is the role of the security department? Would your colleagues and business partners have a consistent answer? It’s different than the mission statement and different than then describing the role by pointing out tasks that have been assigned to you. It is a question we should have an answer to.

Next month, I’ll take a deeper dive into how to evaluate security’s role within the enterprise, and what you can do to influence it. In the meantime, join the dialogue on this topic by commenting at SecurityMagazine.com.

 

KEYWORDS: C-suite security security career security leaders security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Brian allen portrait 3

Brian Allen is an advisor for Ernst & Young, engaging in cybersecurity strategy, governance and security function transformation. Allen has more than 20 years of strategic experience in the security field, most recently as a former Chief Security Officer for Time Warner Cable. He is a professor, author and expert on ESRM (www.esrm.info).

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0219-leadership-Feat-slide1_900px

    How to Evaluate Security's Role

    See More
  • SEC0319-Leadership-Feat-slide1_900px

    Key Risk Indicators and Communicating Security’s Role

    See More
  • SEC1218-Leadership-Feat-slide1_900px

    Conversations and Perspectives from the Security 500 Conference

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • contemporary.jpg

    Contemporary Security Management, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing