Business Security Leadership

Session Leader: Derrick Wright

Over the past 15 years the security profession has advanced from “guards, gates and guns” to a broader business-based approach to security risk management, chiefly described as “business alignment.”

Aligning security with the business has been proven to be a valuable principle. Although many books and security conference presentations have touted it, there is still much legacy thinking that remains in the concepts presented.

It’s true that security risk management and security operations must be well-aligned with business priorities and objectives, and with the critical functions and operations of the business. However, true business alignment goes much further.

If Security were truly aligned with the business, security positions at all levels from managers to directors to VPs and CSOs would receive the same kind of leadership education that other business leaders receive!

There is a big difference between security management, which is the current focus of ESRM (Enterprise Security Risk Management), and security leadership.

As internationally renowned business guru Peter Drucker famously explained:

  • Management is about doing things right.
  • Leadership is about doing the right things.

In today’s fast-changing world, the importance of leadership at all levels of the business and across all business functions has never been more important.

Business leadership is not unknown territory. Many famous business leaders have written about their accomplishments and distilled out the successful principles that they and many other have applied.

These highly workable principles are not hard to understand or follow! Security professionals simply have not been exposed to them.

This session presents case study information from over a decade of applying these principles across a large enterprise, including principles of 360 Degree Leadership and Operational Excellence, along with the details of their application such as educating senior management, engaging non-security business stakeholders, getting traction with managers and supervisors, making self-sustaining improvements, and the various timelines involved in achieving the related organizational influence at all levels.