17

The Security Leader’s Unfair Advantage

A security leader—whether or not he or she has a job title containing the word “security”—has an unfair advantage in comparison to other leaders in the organization. I don’t just mean the “top” security leader, I mean anyone who is in a position to lead others with regard to the organization’s security.

Personally I don’t think it’s an unfair advantage, because a security leader’s challenge is greaterthan that of other organizational leaders. This is because the security leader has no authority over the vast majorityalmost the entiretyof the people in the organization whom the security leader is required to influence.

This is why smart organizations have a budget for security education, awareness and training. The purpose of a security education, awareness and training program is to enable and influencepeople to carry out their security roles and responsibilities. This extends upwards to senior management and the Board, as well as across to various department heads and downwards to all employees.

You can’t establish an adequate security posture for an organization without establishing such a budget and using it effectively. However, nearly every security group, department or executive with such a budget has failed to us it for one of the most cost-effective actions that can be taken, and this means they are not fully utilizing the security leader’s unfair advantage.

Leadership Equals Influence

Leadership is about influence, and a security leader has to effectively influence a great number of people both inside and outside the organization. This is a lot for one person to do, or even for a few people. (Some companies are fortunate to have more than one security leader.) What security leader could really use is a “force multiplier”.

In the military “a force multiplier refers to a factor that dramatically increases (hence “multiplies”) the effectiveness of an item or group.1

There is such a force multiplier for a security leader. It is called “leadership skills”. Because the term “leadership” is sometimes scary to security practitioners, I like to call them “influencing skills”. But regardless of what you call them, security leaders need them, because their job requires them to lead people outside of their own department.

Knowledge of how to positively influence others (and this is simpler and easier to learn than most people think) multiplies the value all of all the other knowledge that a security leader has. To look at it another way, all of a security leader’s knowledge amounts to nothing if he or she can’t influence a single person.

The Unfair Advantage

Here is why other leaders ought to be jealous of a security leader. The security leader has a leadership budget. It’s the budget for the security education, awareness and training program, whose purpose is to properly influence people about security.

A savvy senior executive will see that the security leader uses part of that budget for leadership training. While leadership training is important for any organizational leader, remember that it is especially important for those with security responsibilities, because they have to lead people over whom they have no direct authority.

I’m breaking with tradition and publishing the next issue of The Security Minute next week, because it’s about the most important leadership book a security leader can own and apply.

Best regards,
Ray Bernard

1 From Wikipedia: http://en.wikipedia.org/wiki/Force_multiplier

 

Leave a Reply

Your email address will not be published. Required fields are marked *