Too often just the lingo of security can be an obstacle to getting a seat at the table. To mitigate that perception, we need to be seen instead as agents of business assurance or brand security. We should incorporate business and mission jargon and practices into our security operations and express them matter-of-factly. Use SWOT charts, cost/benefits analysis, gains versus losses explanations, tabletop exercises and return on investment as part of our thinking, preparation, conversations and presentations to “speak” the same language as those at the table.

If the security message is not communicated in this way, it may, and many times will, be spurned by non-security chain of command. For example, security terms such as “perimeter” have different meanings in IT and other parts of the business. Even “risk management” can be interpreted by others in your organization in many ways. Therefore, you may be thinking you are being clear when communicating; however, the exact opposite is occurring.

One of the first steps toward a seat at the table then begins with speaking about security in business terms to help management understand security. Doing so increases the possibility of their support.

Security, like other functional support organizations such as HR, IT, contracts, legal, etc., typically operates from a—surprise—stove piped perspective. But Security can differentiate itself from this, and the solution is to focus security staff on customer service.

One customer service step to consider, instead of aligning your team in traditional security areas like personnel security, physical security, and so forth, is to organize them into cross-functional groups that concentrate on the type of business their customers are involved in or the type of product the business is selling. Each security staff member, not their title, becomes the central point and agreements can be initiated, where each one will know what they are accountable for in terms of key performance indicators for that business or mission sector. They then are aligned with that operation that not only provides more transparency, it also allows them to focus on the needs of the customer in a much more direct and meaningful way.

The switch from a functional focus to a personal focus fits is meant to fit with the culture of the business or mission being supported, and it drives a greater level of collaboration not able to be achieved via stove piped security support. It provides a winning solution for all involved.

The Funding of Security Paradox. If an organization’s chain of command perception of security is lacking, it is usually reflected in end-of-the-line funding of and support to the security mission. This in turn impacts the security leader’s ability to influence decision-making at the corporate level, limiting the effectiveness of security and preventing senior leadership from developing an accurate understanding of his or her organization’s security function. Thus, reinforcing the negative view of security.

Other factors include differing structure and operation of security from business to business, plus past experience at other companies, and senior management end up with their own views of security that are unrealistic or erroneous in their current situation. Add to that, because the security profession overall has not done a good job relating to the businesses and missions we support, many executives continue to assume that security begins and ends with guns, gates, guards and dogs—until demonstrated otherwise.

In fact, many executives, especially CFOs/Budget Directors and Program Managers, see security as a hole in their organization’s metaphorical pocket. However, unless the organization decides to get out of the classified business/mission, security will always remain a requirement. It may not hurt to remind them once in a while of the axiom: Security may not often be a revenue creator, but it will always remain a revenue sustainer in the realm of classified business.

Similar to the Funding of Security Paradox is the Staffing of Security Paradox. You could say they are interminably intertwined since funding essentially produces the staffing.

Where we can fail as security professionals is not understanding the business and mission elements regarding what we are spending our time on supporting. Every other support function needs to demonstrate where their time and resources are going—why would security be any different?

One way to begin to resolve the funding paradox is to start engaging business/mission unit leaders directly to understand what risk issues keep them up at night and what security services they find valuable. Get on their calendars and with consistency. This is different than the usual checking-in and checking the block security management modus operandi. One-on-one meetings can result in building relationships, asking the right questions, gaining trust and influence and providing measurable outcomes (metrics) that can be used to make senior management aware of how their direct reports value security’s services. It works!

More to come…

More to come…

More to come…

More to come…

More to come…

More to come…

More to come…

More to come…

More to come…