Kathleen Kotwica, Ph.D., is EVP and chief knowledge strategist for the Security Executive Council (SEC). She develops strategies and processes to identify, store, understand, build upon, and disseminate the Council’s Collective Knowledge™ and insights.. To learn about becoming involved, or to offer comments or questions about Next Generation Security leadership, e-mail email@example.com or visit https://www.securityexecutivecouncil.com/sm.
At the New Year we find ourselves reflecting on who we are as an industry, what we’re doing and where we hope to be. Our ongoing research of security-related issues has shed light on some remarkable changes in the security industry in the last ten years, many of which are driven by technology advances and shifts in the business environment.
As business changes, so does – or so should – security. The direction of business can have significant consequences for security, both internally – in terms of influence, funding and organizational structure – and externally – in new threats, new risk, new mitigation requirements.
Are you watching business trends and thinking about how they should impact security and your strategies to mitigate risk?
In our July column, we discussed the dangerous gap in the transfer of knowledge between visionary security leaders and the next generation of leaders who will have to take up the mantle after them. Then in August, we laid out a roadmap for a new type of training that would help to close that gap. But what topics do up-and-coming leaders need to know more about?
Security executives frequently come to us to request assistance in benchmarking their processes or performance metrics with similar companies. Usually we find that their interest is at least partially driven by a strong push from management. Business leaders recognize benchmarking as a proven business practice that can identify competitive strengths and vulnerabilities as well as opportunities for improvement. Benchmarking can inform corporate goal-setting and can play a significant role in strategic planning.
Last month we talked about the knowledge transfer gap that exists in the security profession. We posited that the best of the best of security practitioners don’t have the time to teach their successors how to become future-oriented, business-aligned organizational influencers, and that the business-focused training programs available for security professionals do a great job of talking business, but they fail to marry business processes with the job of risk mitigation.
Adding business value. Getting a seat at the table. Running security like a business. Aligning security with the organization. These are the contents of the Holy Grail of security leadership. Everybody talks about them. Everybody wants them. But most security leaders view them as the stuff of legend – great for motivation, but unattainable in reality.
Business leaders around the world are struggling to determine exactly how the global economic downturn will impact their operations and profitability. Among security leadership specifically, one oft-asked question is whether