The Secrets to Security Leadership

Session Leader: Ray Bernard

Over the past 20 years the security profession has advanced from “guards, gates and guns” to a broader business-based approach to security risk management. That advancement has chiefly been described as “business alignment.”

Aligning security with the business has been proven to be a valuable principle. Although many books and security conference presentations have touted it, there is still much legacy thinking that remains in the concepts presented.

It’s true that security risk management and security operations must be well-aligned with business priorities and objectives, and with the critical functions and operations of the business. However, true business alignment goes much further.

If Security were truly aligned with the business, security positions at all levels from managers to directors to VPs and CSOs would receive the same kind of leadership education that other business leaders receive! That happens in some leading companies, but is not a common practice.

There is a big difference between security management, which is the current focus of ESRM (Enterprise Security Risk Management), and security leadership.

As internationally renowned business guru Peter Drucker famously explained:

  • Management is about doing things right.
  • Leadership is about doing the right things.

But it’s not a matter of “either or” when it comes to managing and leading. Both are required. You have to manage and lead. When you achieve the right balance between leading and managing, it becomes easier to do both, and the results of having this clear dual focus are beyond previous possibilities.

For many functional area leaders, the leadership focus is mostly within their functional area. However, security leaders have a wider sphere of organizational knowledge that goes beyond security operations and traditional security risk management. Their broader knowledge provides them with unique insights and leadership opportunities that can be of tremendous value to the business.

This session provide case study stories about such leadership opportunities, and explains how the mission of security in a modern organization can have have touch points that outside of loss prevention and asset protection to include the fostering of cultural improvement, and the achievement of a level of organizational resilience that goes far beyond emergency & crisis response and business recovery.

In fact, there are so many opportunities for such leadership – regardless of your current position – that you couldn’t possibly take advantage of them all. It requires a certain amount of opportunity assessment and prioritization to determine which to pursue. These opportunities are plainly visible with just a few small changes in perspective. Then they become very obvious – and also easy to pursue.