Four Essential Qualities of Today’s Security Leader
Four Essential Qualities of Today’s Security Leader
In today’s chaotic world, security leaders have never been more crucial to the overall health of a company, and as you build out your physical security or cybersecurity organization there is more to take into account than just technical knowledge and skills. This increased level of priority is connected to the heightened and inevitable risk companies currently face in part to factors like digital transformation, advances in technology, COVID-19, civil unrest, and globalization. Across industries, leading companies are asking their security leaders to focus on areas of the company they did not think about before. Areas like intellectual property, supply chain, product development, and general board interactions are prompting Chief Security Officers, CISOs, and other security leaders to be involved beyond their traditional role in security management.
This shift in organizational needs requires a different set of strengths in some security leaders—qualities that extend beyond traditional skillsets. While foundational security experience remains crucial, the best security leaders are those with the knowledge and capability to hold the technical part of the organization accountable. But what other key attributes are today’s organizations considering when hiring or developing a security leader?
- A PREVENTION MINDSET
A strong security leader must have the so-called mitigation mentality. No, you don’t want your CSO or CISO to work against the organization’s growth and innovative goals, and great security leaders don’t want to do that. They work hard to prevent unnecessary risks.
Think of the care that’s taken to ensure facilities meet safety standards and regulations, the workplace is up to code, vulnerabilities are managed, and workers are educated on proper procedures. Safety Managers identify risk and vulnerability, and they establish processes to mitigate those risks because they know proactive work is essential to an effective safety prevention program. Accidents will still occur, but ideally, the protective measures put into place will keep the incidents to a minimum.
Your chief security leader should have the same approach; they will prioritize the policy implementation that will prevent issues, but know how to react when something goes wrong. Moreover, they are seeking out the most vulnerable industries and companies, and when others might steer away for career security and self-preservation motivations. The best CSOs/CISOs I engage with embrace security management roles that will challenge their knowledge and ability to reduce risk and prevent crisis that can destroy a brand and an organization. In our environment today, that includes just about every industry.
2) ARTFUL COMMUNICATOR
In the current business environment, an effective, balanced communication style is a must. Your security management leader should be able to condense potentially alarming information in a way that drives urgency, but not chaos. The temptation, when asking for budget or resources, is to paint a picture that makes funding the security program a do or die proposition. While communicating with the board, or within the broader organization, the security leader should be able to present business risks or gap analyses plus well-thought-out plans and potential solutions in a way that offers confidence without creating fear.
First and foremost, an effective leader should be able to spell out the complexities of their security program into simpler terms. They must know what information should be included in broader communication to the full company, as well as the messages that resonate best within different stakeholders and functions of the organization.
3) PROVIDES A COMPETITVE ADVANTAGE
Collaboration should be in the foundation of your organizations culture and it should also apply to the security function of your organization. Whether a newly hired security leader or an established security management professional they should be proactively engaged with peers from every function and business unit within a company. Privacy and data protection require cooperation among legal, engineering, data, and product teams. Third-party risk requires working closely with sales, business development, procurement, and M&A teams. These examples only scratch the surface of how deeply a security program is connected to the entire organization.
If the security leader is not closely aligned to other teams, you are at serious risk. The best, most effective security management leaders build cultures that deeply embed the security team within other functions of the business. Security should not be hiding in a dark room in the basement of your company’s facilities. They should be a competitive asset that offers cross-functional support at all levels, and your security leader should be driving that collaboration.
How do you know whether your leader is a natural collaborator? You evaluate how effectively they leverage their professional network. Do they tap into close connections and resources to test ideas, innovate, and gather feedback? Successful CSOs and CISOs are those with the active and diverse networks. They prioritize advancing security initiatives across industries, and they openly share their ideas and learnings with other experts, and although it may seem counterintuitive, even business competitors, for the overall security mission. Security leaders should be engaged in external networking and collaboration, not only for the good of the company, but also for their own professional development.
4) Passionate and Disciplined Leader
It goes without saying that passion should be a key quality in any leader on your executive team, but passion is the icing on the cake. It needs discipline to back it up. That’s where you’ll find the greatest success. The best security programs have leaders with a positive approach that can be felt throughout your organization.
When every function in your business talks about security in the same terms, you know you’ve reached a maturity level that many programs only strive for. That level of success is typically the result of a passionate leader who takes a disciplined approach to implementing an agreed upon vision. Security leaders are putting together programs that take 24-36 months to implement, requiring the ability to step back, look at and communicate the bigger picture, and set realistic milestones along the way. Those milestones should include clearly defined goals, metrics, and resources needed to achieve success, and a great security leader has the discipline to define and hold the company to their vision for the program every step of the way.
The most effective programs are led by someone who can balance the role of “security evangelist” and effective operator, and I pair passion with discipline because the two qualities need to co-exist in a leader to be effective. When they do, you see it the culture, as well as in how success is measured and recognized. Passion and discipline are essential in a risk-filled, sometimes paranoid environment, and the combination goes a long way in keeping things balanced and efficient.
Expect a Return on Investment for Developing Your Security Leaders
Security management professionals need a variety of skills and qualities beyond those detailed above and are not the only ones you should consider while recruiting or developing your security leader; leading a security program takes a wide array of technical, strategic, industry, and security related skills. The message here is, without the four key qualities outlined above, you are not maximizing your investment in a security leader and program.
Security leaders are the barrier that protect your business from a multitude of crippling risks and threats. Carefully considering these four characteristics during the recruiting process—or investing in them as you develop your existing team—is critical to the success of your security program and your entire organization. The good news is that you will see both a short and long-term payoff in this investment.
If you’re interested in learning more about Pinnacle Placements Security Search Firm or how we approach identifying security leaders at the executive level, please contact us at www.pinnacleplacements.com.