What Comes Next: Preparing for the Unknown
“The security industry is one of the greatest entry points for people who want to create a career—there are so many paths you could take,” says Steve Jones, global chairman and CEO of Allied Universal. However, he adds, in the face of major change across the industry, advancement is not guaranteed—it is tied to three main attributes: outstanding customer service skills, competence in the use of technology, and expertise in the field.
These transferrable skills should be showcased and expanded through formal courses, learning sessions, and work experience throughout a security professional’s career, Jones says.
GSX attendees have ample opportunities to build these attributes, from learning about the latest technology in the ASIS exhibit hall, the X-Stage, and the CyberCon Cybersecurity Arena, as well as extensive educational sessions about everything from career advancement to the latest threats and challenges to demonstrating security’s value.
Where security is concerned, every day keeping up the status quo is a day falling further behind talented and determined adversaries and risks.
According to Antoinette King, PSP, founder of Credo Cyber Consulting and one of the learning theater captains at GSX for Game Plans: What’s Next for Security, there is a need to adapt to burgeoning threats that can, for example, target the physical security industry’s increasing reliance on Internet of Things (IoT) devices.
“The only way we can do this is to expand our talent pool to include people with skills in infosec, governance and compliance, and data privacy,” King says. “We cannot rely on the traditional physical security professional, with a focus strictly on reactive solutions to physical threats, to face today’s expansive threat challenges. We need to educate them and prepare them for this new threat landscape.”
“The lines between physical and cyber security are blurred,” adds Jeff Slotnick, CPP, PSP, president of Setracon Inc., King’s co-captain in the Game Plans learning theater, and a presenter for the GSX session “The Business of Security is the Strategy of the Business.”
“Today, almost every physical security device is connected as an IoT device and frequently to the business backbone, presenting several challenges and opportunities,” he says.
Where cooperation is required, security professionals are under increased pressure to demonstrate the value of their programs and recommendations to the organization’s overall mission. This shift in focus—and its close ties to budget—has forced security professionals to evolve.
“Too often, the business of security is misunderstood by other corporate professionals and therefore undervalued,” Slotnick says. “To be successful, we must understand other aspects of the enterprise and demonstrate our value through quality management programs, key performance indicators, and metrics.”
King adds: “Budgets have been cut for security solutions in response to the unstable economy; as a result, security professionals need to be able to demonstrate multifunctional uses of security solutions for better ROI. For example, being able to show how surveillance cameras can also provide business intelligence from a marketing perspective, or health and safety perspective will improve the ROI for the system. It is no longer just about selling cameras and card readers, but about creating value in the solution.”
Jones is often working with many stakeholders beyond the security department to develop more holistic security programs and solutions today, he tells The GSX Daily. Beyond the CSO, he will often meet with the chief HR officer and procurement officer to discuss staffing and cost needs; the chief financial officer to strike the right balance on the total cost of program ownership; the chief technology or information officer to discuss the protection of sensitive data; and the executives in charge of risk, privacy, and safety to understand their motivations, concerns, and pain points.
“One way that security professionals can become more aligned with the organization as a business professional is to break down silos of communication,” King says. “They can reach out to other business departments and get to know how they operate, what their objectives are, and the role the department plays in the organization’s internal ecosystem. By extending oneself out to others before there is an incident or emergency, relationships can be forged based on trust. This will improve overall response to incidents and also foster a stronger culture of security.”
If this approach reminds you of the tenets of enterprise security risk management (ESRM), you’re on the right track.
“ESRM should be the cornerstone of every organization, large or small,” King says. “Assessing all security risks and using the organization’s business objectives as the backdrop innately creates a more holistic security posture. Engaging all department leads in the security decision process also fosters a greater culture of security. People don’t know what they don’t know. By creating an inclusive security program, getting the top-down buy-in becomes more accessible. C-suite executives gain a better understanding for the risks they face and are collectively able to make decisions on how to respond as an organization, rather than as individual parts of the whole.”
Claire Meyer is managing editor of Security Management, the parent publication of The GSX Daily. Connect with her on LinkedIn or email her at [email protected]