One of the many difficult tasks in security leadership is showing senior management and other business leaders exactly how, where, and how much security investments positively impact the bottom line (assuming, that is, that security’s impact is positive).
Jeff Berkin rarely makes a business and security decision these days that doesn’t somehow impact, either positively or negatively, the business.That business is CACI International, which provides enterprise IT and network services for the federal government employing 14,600 employees working in more than 120 offices in the U.S. and Europe. Berkin is Senior Vice President and Chief Security Officer, the first CSO in the company, and he also has an impressive career, first as a trial attorney and then senior executive roles within the FBI.
Security is no longer just a hot topic among security professionals. It’s crossed the boundaries into mainstream media and political debates. You can’t watch the news or read a newspaper or magazine without hearing about cyber threats, personal information breaches or risk management. But that doesn’t mean that company executives have opened their wallets to each and every security project their security staff submits – if only it were that easy.
Is a Threat Analyst a part of your team? It’s a large part of Baker Hughes, one of the world’s largest oilfield services companies, with 55,000 employees, facilities in 72 countries and operations in more than 90 countries. Brian Hogan, regional security director (Latin America) & director, strategic analysis, leads the company’s threat analysis team.
Security leaders don’t have time. The best ones find time, or make time, for critical or strategic tasks that have a long-range payoff, but they often struggle to fit more into a workday that already stretches from dawn to dark.
The next generation of security leaders will be challenged in ways previous generations have not. They will be asked to manage and monitor more risks and to identify and address new risks, including those created by drastic shifts in business operation and philosophy. They will have to do this more quickly, with fewer resources in many cases, and they will be expected to think and strategize at a board of director’s level.
Business continues to change, and if the next generation of security leaders hopes to succeed, they must be prepared to change with it, says Dick Lefler, former VP & CSO of American Express and current Chairman and Dean of Emeritus Faculty for the Security Executive Council. This will require, among other things, a much more active pursuit of alignment with the organization’s structure, goals and strategies.
Security leadership and value is being tied directly to business unit and organizational goals as the best measure of its contribution. So directly tied, that business unit leaders are paying for risk management and security as a direct service versus an allocation. Further, these internal customers view security as a consultancy, and they are routinely seeking their advice to understand and manage risks enabling them to reach their objectives. The transparency of this relationship allows the business unit to identify security’s value to achieving their goals, resulting in increased reliance, use and spending with security.