This past month I attended the 13th European Security Conference and Exhibits at The Hague. The program, like the New York City and Middle East Conferences, drew record attendance from across the globe. At all these events, I’ve noticed many of the education sessions emphasize the importance of not only focusing on demonstrating ROI for our programs but also on the return on perception: the value of framing security as a help, not a hindrance to the bottom line or yet another annoyance that adds friction to the daily grind.
This is a challenge more and more of us face as budgets come under closer scrutiny and demand for clearly articulated cost-savings and metrics rise. We must change the commonly held view of security as a cost-center that is both minimally funded and supported by senior management to a value-add that enables business success–whether through cost savings, productivity gains, or intellectual property protection.
For example, as we spend money on technology, we should explain the ROI: clearly present what risks we are going to mitigate and provide the metrics to back it up. We also need to keep security focused on brand protection. A well-known brand has a lot of exposure. Security professionals must be able to identify how they are going to reduce the company’s liability and loss of assets. To put it simply: you must have some sense of your value, of what you provide to the business.
This summer, the ASIS Defense Intelligence Council and the ASIS Foundation Research Committee will release a free Security Metrics Evaluation Tool that will help practitioners determine what to measure and how to convey the information in language the c-suite understands. In addition, the Foundation offers a number of education scholarships that offer security professionals worldwide the opportunity to strengthen their security and business management abilities. You can also use the newly revised Chief Security Officer Standard to benchmark your qualifications against skills required for senior leadership positions.
ASIS offers a number of resources that can help practitioners demonstrate their organizational value. You can take advantage of executive education programs led by faculty from leading business schools. Ranging from Effective Management for Security Professionals, a four-day program in Madrid, Spain, for mid-level security professionals to the Wharton/ASIS Program for Security Executives, an intensive two (non-consecutive) week program for CSOs and senior security managers, these programs ensure you are able to make a solid business case for your security program. In June, ASIS will hold a Managing your Physical Security Program: An Advanced Workshop for Managers and Practitioners classroom program that will help attendees demonstrate ROI for their security programs.
Security professionals need to involve themselves in the business side of the organization. Simply claiming to protect people and assets is an insufficient rationale for funding. We must understand how the organization works, its goals and strategy, and what drives the company. And then show how our department advances these goals.