Bob Hayes is managing director of the Security Executive Council. He has more than 25 years of experience in security, including eight years as the CSO at Georgia Pacific and nine years as security operations manager at 3M.
At the New Year we find ourselves reflecting on who we are as an industry, what we’re doing and where we hope to be. Our ongoing research of security-related issues has shed light on some remarkable changes in the security industry in the last ten years, many of which are driven by technology advances and shifts in the business environment.
In our July column, we discussed the dangerous gap in the transfer of knowledge between visionary security leaders and the next generation of leaders who will have to take up the mantle after them. Then in August, we laid out a roadmap for a new type of training that would help to close that gap. But what topics do up-and-coming leaders need to know more about?
Security executives frequently come to us to request assistance in benchmarking their processes or performance metrics with similar companies. Usually we find that their interest is at least partially driven by a strong push from management. Business leaders recognize benchmarking as a proven business practice that can identify competitive strengths and vulnerabilities as well as opportunities for improvement. Benchmarking can inform corporate goal-setting and can play a significant role in strategic planning.
Last month we talked about the knowledge transfer gap that exists in the security profession. We posited that the best of the best of security practitioners don’t have the time to teach their successors how to become future-oriented, business-aligned organizational influencers, and that the business-focused training programs available for security professionals do a great job of talking business, but they fail to marry business processes with the job of risk mitigation.
Adding business value. Getting a seat at the table. Running security like a business. Aligning security with the organization. These are the contents of the Holy Grail of security leadership. Everybody talks about them. Everybody wants them. But most security leaders view them as the stuff of legend – great for motivation, but unattainable in reality.
Since the Security Executive Council launched six years ago, it and its research arm, the Security Leadership Research Institute (SLRI), have studied the shifting shape of the security profession and its drivers. Through in-depth, ongoing research, development of the Collective Knowledge™ process, and trend tracking, we have learned much about the changes that have affected security, as well as the personal and external factors that help determine leadership success.
This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight artificial intelligence, ransomware attacks, vaping and cybersecurity regulations.