The next generation of security leaders will be challenged in ways previous generations have not. They will be asked to manage and monitor more risks and to identify and address new risks, including those created by drastic shifts in business operation and philosophy. They will have to do this more quickly, with fewer resources in many cases, and they will be expected to think and strategize at a board of director’s level.

Business continues to change, and if the next generation of security leaders hopes to succeed, they must be prepared to change with it, says Dick Lefler, former VP & CSO of American Express and current Chairman and Dean of Emeritus Faculty for the Security Executive Council. This will require, among other things, a much more active pursuit of alignment with the organization’s structure, goals and strategies.

Performance metrics are “critically important” to business leaders, says Greg Niehaus, Professor of Finance and Insurance for the Moore School of Business, University of South Carolina. “In my view it’s very important for business functions to have metrics that tie back to the objectives of the organization – that measure the impact on value and value creation.” If a function fails to develop and effectively communicate performance metrics, says Niehaus, “their contributions to the organization will likely be not appreciated, which, in down times, could lead to cutting of responsibilities or jobs and hurting the value of the organization.”

You have to create a strategic plan knowing that there’s a high likelihood it will change. Does that mean you shouldn’t plan? Absolutely not,” says Mark Lex, Security Executive Council faculty member and former director of security for Abbott Labs. Over his career, Lex learned through hard-won experience that security strategic planning, done well, incorporates a balance of anticipation and response, detail and flexibility.