Business Strategies for Success in the C-Suite – Seminar Recording
After a career as a police officer and an agent with the CIA, Mike Howard joined Microsoft as part of its executive protection team. Today, Howard is the company’s Chief Security Officer. Along the way, he judiciously cultivated relationships with his business counterparts globally with the goal of becoming a trusted advisor to the business. “We need to be accepted as business people first,” he says. “Our business just happens to be security.”
The story of how he moved the security operation from a control center with multiple screens, monitors, manuals, and tapes to three Global Security Operations Centers (GSOCs) in Redmond, Washington, the UK, and India, began with a crisis: the Japan Earthquake and resulting tsunami. A number of Microsoft facilities were affected, which gave Howard the opportunity to reassess the company’s security footprint. He studied the company’s 10-K SEC filings, which includes a list of risks compiled by the Board of Directors as a way to learn the business and target approaches relevant to the C-Suite.
Today, he actively cultivates relationships with the company’s executives, inviting them to tour the GSOCs. As a technology company, the executives, even those in sales and marketing, understand the complexities. He provides quarterly security briefs to executives and monthly executive intelligence summaries to “the heavy hitters,” which includes a “snapshot of what could affect the conduct of business in the next month.”
As a guide, Howard showed a graphic, “Road to Trusted Leader,” which includes four steps that take place in a security career over time: from Tactical Activities, to Subject Matter Expert, to Trusted Advisor, to Trusted Leader. Acknowledging that the trajectory is a journey, the guide also asks, “Where are you today?”
“We need to think about ourselves differently,” says Howard, with a focus on being a business leader and enabler. “It takes time to build that into your DNA,” he says, “but it’s worth it!”
Developed in 2014 by the ASIS Leadership & Management Practices Council, the ASIS “Mentoring Security Leaders” program is a career development methodology whereby ASIS members who recently entered the security industry (protégés) are matched with experienced ASIS colleagues (mentors). The goal is to help provide guidance and professional advice so protégés gain knowledge and experience in business-level requirements. An ancillary result provides a conduit for understanding the requirements for future career advancement. The program’s template includes the following four components.
Managing a Mentoring Program. The mentoring program is managed at the ASIS Chapter or Regional level. Once a Mentoring Program Leader/Coordinator is selected, local chapter Young Professional liaisons can assist with matching young professionals with mentors in their areas of interest. The leader is also responsible for recruiting program participants, screening potential mentors and protégés, providing support and monitoring of the relationships, and evaluating the programs. Specifics on how to accomplish these tasks are included in this section.
Implementation Plan. A sample announcement that can be used at a chapter meeting introduces the concept of the Mentoring Security Leaders program. It suggests kicking off the program with a Networking Event so mentors and protégés can meet face to face. Tips on dealing with protégé meetings, formal and informal, are included, along with ways mentors can earn recertification credits for participating in the program.
Program Tools and Resources. Links to the PDFs of the eleven forms and worksheets used in the mentoring program are provided. The documents can be filled out online and include the mentor and protégé applications, mentor and protégé readiness assessments, and periodic self assessments. Study questions and a tracking matrix are also included. Finally, a Certificate of Completion is provided.
Professional Resources. This section lists fourteen associations, government agencies, security management agencies, as well as professional business groups that can assist in the career development of future security leaders.
Chief Security Officer (CSO) Standard Revision: Advance Personal and Organizational Success – Seminar Recording
Michael Bouchard, Chief Security Officer, Sterling Global Operations, Inc., relates how he used the revised CSO standard to increase the visibility of his job and upgrade his position. While holding the title of Corporate Security Manager, a first line supervisor, Bouchard took the standard to his CEO and described how he was currently handling the specific job functions in the standard. At first, the discussion simply revolved around a change in title. But the analysis turned into a broader discussion on the role of security in today’s business environment: here’s what I am doing now; here’s what I could be doing; here’s what I should be doing; and benchmarking on what other CSOs accomplish. While the result led to his adopting the new title, Chief Security Officer, it also resulted in a 40 percent pay increase.
Bouchard also serves on the ASIS Commission on Standards and Guidelines and was involved in revising the 2008 CSO standard for about a year. A former law enforcement officer, Bouchard admits he learned the “security mindset” through access to industry contacts. Ultimately, he gravitated toward new security business models and strategies and embraced the concepts of enterprise risk management.
“As a business leader, I am part of the solution,” he says, not just a cost center. He equates his CSO position with the company’s CFO and CIO, all of whom focus on profit and losses, risks and margins, results and metrics. He also discusses how the standard can be used in succession planning, an important part of solidifying the leadership role of the enterprise security function.
This Standard should be reviewed in conjunction with the Seminar session. The speaker refers to specific content in the Standard and shows how its Model Position Description can be used to advance a security career. Bouchard describes how the Standard helped upper management understand the role of the Chief Security Officer and provided a template for Human Resources to shape a position description.
Sources of Information on Leadership (ASIS IRC Reference Guide)
A comprehensive review of the many books, Security Management articles, journals, ASIS Annual Seminar recorded sessions, and IRC security databases and catalog offerings pertaining to leadership has been compiled by the ASIS Information Resources Center (IRC). The PDF provides access to reports, essays, news, and opinions on leadership as an academic discipline, as a factor in organizational effectiveness, and as a path to career development.
View all published Security Spotlights Next month’s feature topic: Supply Chain Security