Does your organization have an active program that conducts reference checking on employees before they are hired? Ownership of the pre-employment vetting process does not often reside with the security function within the organization. Some companies outsource background checks to third party organizations to share the task. Many of these policies are impacted by legislation, and limitations can be imposed on the use of various vetting methods.
Over the last several years, it has become commonplace for the media to publish information based on electronic materials that have been removed or copied either by organizational insiders and/or external people or groups. The publication of this type of material has impacted individuals, public and private organizations and various government agencies. While it is important for a free society to have the benefits of a free press serving as one of the checks and balances to protect citizens from abusive practices, we may have reached a point where we should re-examine how this is practiced. Are our criminal and civil statues effective on these issues?
You have been with your current organization for more than 10 years leading the corporate security function, having conceived and built the program, hired staff around the world and integrated the department to being a trusted advisor to senior management. Since this is your second career, you are now reaching a point that you would like to retire and pursue other passions and personal interests. After sitting down and discussing this with your boss, you realize that he or she and the management team are concerned about the lack of a succession plan for your replacement. Their position is: While your second level staff is very good operationally, they are not under serious consideration for your role, and HR will be looking outside the company for your replacement.
At some point during your working life, you will find yourself looking for a new job. There are a wide range of circumstances that may bring you to that point, ranging from retiring from public or military service; corporate reorganizations and/or leadership changes; you’re terminated; you resign; the location at which you work is destroyed; your company collapses financially; or you just want to advance your career in a new environment. While each of these circumstances may influence how you will position yourself during the job search, there are a number of common factors that place immense stress on an already difficult process.
Afew years ago we published an article on security related certifications that were being marketed as a means to advance your career. At that time there were a relatively small number of certifications that we were seeing listed on resumes. Today, we are still routinely asked which certifications are needed for career advancement or which ones are being requested by hiring managers. Frankly, unless the role has a specific requirement that connects to one of the more technical certifications, for the most part, the hiring authorities are not demanding them.
Personal branding is a consideration that is frequently overlooked by those who are seeking a career change or wanting to improve their upward mobility within their organizations. Too often, it is misunderstood and seen as being self-aggrandizing, egotistical or even perceived as “brown nosing.” While there are ample examples of this, these reflect poorly thought out and executed strategies.
At some point during your career you will find yourself interacting with a search firm and/or a recruiter who has been assigned a project to fill a professional level security risk related role. This firm may or may not have a specialty security risk related practice and may or may not be a firm that you have ever heard of.
While legislators have passed a multitude of statutes to aid in the protection of our economic interests pertaining to data systems – non-physical assets and privacy – frequently any course of action is still determined by the concept of monetary loss and treated as if someone was stealing or damaging physical assets, or as in the case of the Stored Communications Act (SCA), creating a statue that has been described as dense and confusing to even legal scholars.
Virtually every company will have a statement of some kind extolling the senior leadership’s commitment to treating people with dignity and respect.
August 1, 2014
Another thing to consider is that cleaning crews and security officers generally have unfettered after-hours access in most companies and are doing their work when virtually no one from the company is around to oversee them.
The key to the risk-based security program is that no matter what issue you examine, every one of them affects the reputation of the enterprise in one manner or another.
Once the risk matrix has been populated, management must then prioritize the risks and determine which are the most critical to the viability, survivability and resilience of the enterprise. When that prioritization has been completed, various functions within the organization can be tasked to design the appropriate solution for the risk involved.