Bob Hayes is managing director of the Security Executive Council. He has more than 25 years of experience in security, including eight years as the CSO at Georgia Pacific and nine years as security operations manager at 3M.
At the New Year we find ourselves reflecting on who we are as an industry, what we’re doing and where we hope to be. Our ongoing research of security-related issues has shed light on some remarkable changes in the security industry in the last ten years, many of which are driven by technology advances and shifts in the business environment.
In our July column, we discussed the dangerous gap in the transfer of knowledge between visionary security leaders and the next generation of leaders who will have to take up the mantle after them. Then in August, we laid out a roadmap for a new type of training that would help to close that gap. But what topics do up-and-coming leaders need to know more about?
Security executives frequently come to us to request assistance in benchmarking their processes or performance metrics with similar companies. Usually we find that their interest is at least partially driven by a strong push from management. Business leaders recognize benchmarking as a proven business practice that can identify competitive strengths and vulnerabilities as well as opportunities for improvement. Benchmarking can inform corporate goal-setting and can play a significant role in strategic planning.
Last month we talked about the knowledge transfer gap that exists in the security profession. We posited that the best of the best of security practitioners don’t have the time to teach their successors how to become future-oriented, business-aligned organizational influencers, and that the business-focused training programs available for security professionals do a great job of talking business, but they fail to marry business processes with the job of risk mitigation.
Adding business value. Getting a seat at the table. Running security like a business. Aligning security with the organization. These are the contents of the Holy Grail of security leadership. Everybody talks about them. Everybody wants them. But most security leaders view them as the stuff of legend – great for motivation, but unattainable in reality.
Since the Security Executive Council launched six years ago, it and its research arm, the Security Leadership Research Institute (SLRI), have studied the shifting shape of the security profession and its drivers. Through in-depth, ongoing research, development of the Collective Knowledge™ process, and trend tracking, we have learned much about the changes that have affected security, as well as the personal and external factors that help determine leadership success.
This month in Security magazine, we highlight COVID-19 and enterprise security's response. How has the pandemic changed business continuity plans, and what lessons have been learned? Also this month, we profile Chris Hallenbeck, CISO at Tanium, his view on metrics and information security. In addition, security experts discuss video analytics, how to make AI work within your cyber strategy and more.