Business Security Leadership
Not everyone is called to be the top leader in an organization, and so we need to learn to lead from “the middle”. So says John C. Maxwell, author of The 360 Degree Leader. The idea of 360-Degree Leadership is that we should be able to “lead up”, influencing our leaders, “lead across”, influencing our peers, and “lead down”, influencing those lower down the organizational hierarchy.
When we think of leadership, the people who often come to mind are historical leaders like Mahatma Gandhi, Dr. Martin Luther King, Jr., as well as national political leaders and famous business leaders like Jack Welch, former CEO of General Electric.
However, as Maxwell points out, “99% of all leadership occurs not from the top but from the middle of an organization.” And that’s where most security leaders are.
Beyond Business Alignment
Over the past 15 years the security profession has advanced from “guards, gates and guns” to a broader business-based approach to security risk management.
Business alignment – aligning security with the business – has been proven to be a valuable principle, there have been many books and security conference presentations about it. It’s a lesson that IT learned long ago – that information technology has to align with the business functions in order to be of high value.
However, today IT has moved beyond that early position to one of enabling and advancing the business, and that’s the current focus for IT.
While IT’s level of business enablement focuses on the high-value data and workflows for each key business function, the mission of security have moved beyond the traditional “facility hardening” perspective. There is a strong business enabling factor involved in organizational resilience, which is a significant enterprise risk management focus for leading organizations. Additionally, today’s tools enable security practitioners to take a highly proactive stance regarding the most significant threats, especially insider threats – through modern workplace violence prevention and support of key elements of business culture improvement initiatives.
Security has several new major roles to play in helping organizations to become resilient, and this is addressed in several of the Day One sessions. 360 Degree Leadership is a key aspect of this powerful new focus for security. Regardless of what your leading and managing roles are, you can positively influence the organization and be a significant enabler of organizational resilience – just by how you carry out your work in your assigned areas of responsibility.
The 360-Degree Leader
You Get the 360 Degree Leader book and the Leadership Test that goes with it.
Upon registration for GSO 2025, you will be sent your own copy of the 360-Degree Leader book, which includes a unique code that you can use to take the 360-Degree leadership test prior to attending. If you already have this book, you can choose an alternate free book from the GSO Security Leadership Bookshelf.
During GSO 2025 you will also receive several tools and additional guidance regarding how to apply the 360 Degree Leader principles to achieve sustainable improvements within your security domain that can eventually serve as examples for others to follow .
Sessions will provide examples of such influence situations along with timelines and practical advice on how to pace your efforts and evaluate your progress, as built-in parts of your normal work efforts.
Why Security Has Special Advantages
Security has special advantages that most other functional areas don’t have, that make leading by example much more effective and influential than for other mid-level leaders. (IT has a few of these advantages but not as many as corporate and physical security have.)
Case study material about these factors is provided in the Day One sessions.
Security Education, Awareness and Training
Traditional security programs almost always include a security awareness training element, and there are many source of traditional scope awareness tools, posters, newsletter materials and so on.
However, such traditional security awareness training elements are just a small part of the appropriate scope which actually includes three distinct parts: security education, awareness, and training – as authors Roper, Grau and Fischer explain in their book by that name. Abbreviated S.E.A.T., the authors explain how many opportunities to further the cause of security are never taken advantage of solely because they aren’t recognized: “Security education is everything we do to enable people in our organization to carry out their roles in our security program effectively and reliably, plus everything we do to influence them to do just that.”
At GSO 2025, previous GSO attendees share how they have successfully applied the S.E.A.T. principles and have used 360-Degree Leadership approaches to do so.