Skip to content

Illustration by iStock; Security Management 

Strategy Development and the Corporate Security Leader

What does it mean to be strategic, and why is it important?  The 16th century Japanese philosopher and leader Miyamoto Musashi is attributed with describing strategy as being able to see “distant things” as if they were close and to take a “distanced” view of close things.  In other words, strategy is proactively seeing the horizon and developing a plan to get to that horizon while not being consumed by managing in a reactive manner.

Musashi’s description is prescient because it captures not only the importance of having a long view of strategy, but also describes the very basic tenets of being a strategic leader.  And while many of us assume that all leaders must be good at strategy and its development, sadly leaders are often good managers but not effective strategic leaders.

It is important for security leaders to understand why having a comprehensive strategy is important for the business and the security team.  Much of this goal closely parallels the concepts of enterprise security risk management (ESRM).  For those not familiar with ESRM, it is “…the application of fundamental risk principles to manage all security risks….in a comprehensive, holistic, all-encompassing approach.”  The concepts of ESRM are, in essence, the foundation for developing effective strategies. 

Effective strategic development requires coordination and collaboration with key stakeholders and business units; otherwise, your strategy is not holistic and may not help support the overarching strategic visions of the organization.

Determining the Goal

Renowned author and leadership coach Stephen Covey encouraged his readers to “begin with the end in mind.” He stated that this phrase represents the ability to mentally envision what your eyes cannot see and to plan accordingly.  Similar to Musashi’s comments, strategic security leaders must first clearly and thoroughly understand how the organization operates, both at the macro and micro levels.

Strategy represents the confluence of ideas and action; no single business unit has the breadth of experience and information to effectively guide an organization. Security teams routinely reach across all verticals in the organization to develop and implement programs and initiatives designed to protect people, assets, products, and reputations.

For example, implementing an effective supply chain security strategy requires coordination with the manufacturing, logistics, IT, procurement, and legal teams, to name a few. Independent of each other, these teams can only provide their view of risks and risk management; collectively, they provide the necessary elements to develop a complete strategy. As a result, developing an effective strategy is a process which requires lengthy discussions with business unit leaders and key executives to understand how their roles and responsibilities support the business strategy. This in turn helps you to establish the mission and vision statement for the security team—the first step towards developing the security strategy for your business.

Developing Your Strategy

As previously mentioned, developing your strategy is a learning process—it is not a procedure. Along the way, your own views and beliefs will be challenged, creating the need to change elements of your strategy. This is a key point: strategy development is an iterative process where you will continually be evaluating and updating that strategy.  Operating a business is not a static event; neither is your strategy.

In their book, Becoming a Strategic Leader: Your Role In Your Organization’s Enduring Success, authors Richard Hughes, Katherine Beatty, and David Dinwoodie suggest that key aspects of an effective strategy include these processes:

Understand the business. Review and assess the internal and external operating environment. This includes understanding what your key assets are (inclusive of physical, human, and intellectual elements); regions in which the business operates and their unique operating environments; geopolitical and socioeconomic elements that affect business operations; the strengths and weaknesses of the business; and current capabilities of the business operating environments.

Creating a shared strategy requires you to understand the mission, vision, and values of the company. Ensure that you tie in the security team’s strategy accordingly.

What’s your competitive advantage? Discover and determine what separates your business from the competition and how to manage that risk. This is sometimes an overlooked “asset,” but it is an important aspect of the security team to identify and build into your shared risk management strategy.

Find a focus. After meeting with key stakeholders and having obtained alignment on your strategic goals, build the business case to identify where to focus your human and capital resources. 

Take action. Develop and execute your leadership strategy. This is where you develop the marketing strategy, clearly describing the financial and human resources needed to accomplish the strategy and how those resources will support the successful attainment of the overarching business strategy. This includes the development of key metrics to measure your team’s efforts in the language that other business leaders understand.

Business strategies often change due to many internal and external factors. For example, mergers, acquisitions, divestitures, and adverse market dynamics that result in downsizing are all fairly common events that would drive the need to modify, update, or even change some aspect of your team’s security strategy. Therefore, it is critical that security leaders understand the need to continually review, evaluate, and improve your security strategy. Security risks are dynamic, so challenge your strategy on a routine basis to ensure that is aligned with where the business is going.

What Makes for a Good Strategic Leader?

There are several key attributes that professionals need in order to become a good strategic leader. Chief among them is being a good collaborator and communicator, as well as having the agility and flexibility to adapt to change in a positive manner. In addition to the many aspects of good leadership, key focus areas that distinguish good strategic leaders from others include:

  • Developing a “broad view” to incorporate the complete organizational perspective. This is something that is continually learned by connecting with key decision makers in the business.
  • Being adept to achieve the right balance in managing short-term challenges with long-term goals and objectives. Strategic leaders do not allow periodic fires or small crises to distract them from the long-term strategy.
  • Strategic leaders are often good at spanning organizational silos or boundaries to influence others more effectively. Fostering partnerships with all departments in the organization helps to create diverse teams that can make decisions based on the best interests of the company overall.
  • Strategic leaders are capable of leading the formation and execution of strategic change initiatives across different parts of the organization.
  • They are effective in managing in the very volatile and ambiguous nature of the business world today. This environment—often referred to as a VUCA (volatile, uncertain, complex, and ambiguous) environment—demands that effective strategic leaders are capable of anticipating change and developing strategic initiatives to manage this environment.

Becoming an effective strategic leader is something best learned from watching other successful leaders and reaching out to your peers for advice and counsel.  In addition, the ASIS CSO Center for Leadership and Development and the mentoring program offer resources and content to help you become the best strategic leader you can be.


Rich Widup, CPP, is formerly the group head of security for Reckitt, an international fast-moving consumer goods company, and a past president/chairman of the board for ASIS International.  He is currently the president of The Widup Group, LLC, an enterprise security risk management consultancy. 

Darcy Leutzinger retired from law enforcement as an executive lieutenant in special investigations from the Warren, Michigan, police department after 27 years of service. He has worked for the last 12 years in the private sector, developing security teams, investigations, executive protection, and training programs.  Leutzinger is currently the director of security at United Wholesale Mortgage in Pontiac, Michigan.

Looking for additional resources on developing business strategies? ASIS CSO Center members can access a library of content and resources through ASIS Connects.