As we enter the new year, conversations within the security community often inevitably deal with issues and programs that will be of greatest concern to leadership in the coming months. The key to success as a trusted security advisor is the ability to determine whether the priorities that surface are those that have received the greatest amount of media coverage or if they have more complex security implications.
While most topics raised by leadership merit consideration and cannot be ignored, you must be able to determine appropriate response programs and how they fit into an overall security plan. Have these issues already been planned for, or is there justification for a reactive response?
Looking back, the security community often finds itself reacting to the same familiar issues, just with repackaged labeling. Rather than a focus on previous arguments surrounding management support, funding, apathy, indifference or focus on quarterly results, perhaps it is time to consider them as opportunities, rather than roadblocks.
As in sales, security practitioners must understand their buyer’s motivations and concerns to more effectively position the products they really believe leadership will want to buy into.
In addition to technical knowledge and operational skill, today’s security professional needs to invest significant time in soft skills around business acumen, influencing relationships and developing a deep understanding of the organization in which they work. If you invest time in this you will be viewed as more valuable to the organization, prove to be more effective in achieving results and have a much more rewarding career.
In previous articles, I have discussed the need to engage cross-functionally within your organization. I have suggested you volunteer and participate in teams working on topics that may not appear to have a security related nexus. All activities within organizations have risks associated with them, in that they involve people. However, a broad view of the organization from a different vantage point brings a deeper understanding of potential risks. It offers the opportunity to assess the probability of additional significant impacts to the resiliency of operation.
There is now more emphasis on resiliency programs by boards and senior leaders. This recognizes the severe impact of disruptions in all aspects of the business due to either unforeseen events whether they be natural or induced. There is also focus on failures to properly conduct due diligence and assessments of not only your supply chain, but also those layers of others whose failures can impact your success.
Some organizations lead this program effort through their corporate security organization, although that is not commonplace. However, this is a natural fit and offers opportunities for the security professional. Expanding your relationships together will offer better understanding on the overall organizational mission and structure. It will also provide you with the deep understanding of the interdependencies across all operations, as well as open insights into weakness and risks that may require additional security program attention. This is a natural entry point for you to become more involved in resiliency programs that avoid reactive responses.
Becoming a trusted advisor and a key part of the leadership team in support of your organization’s objectives will ultimately provide you with the influence and support to address any security risk program issue.