Skip to content
Menu
menu

Illustration by iStock; Security Management

How Influencing Culture is the Differentiator for Security Leaders

What do the terms security culture, soft skills, trust-based relationships, and empathy mean to you? What is your honest depth and breadth of understanding, embracing, and developing a security culture at all levels of the organization? How would you explain security in a way that everyone in your organization, from the CEO to frontline employees, would see its potential positive impact on the business and their work environment?

Regardless of your position in the security department, consider this scenario: your CEO walks into your office or calls via video conference and says, “I heard from another CEO friend about security cultures at work. Tell me what you think about that and how it can help our company.” You clearly remember the last all-hands town hall when the CEO spoke about effective communication—specifically speaking in a precise and concise manner to cut through the overwhelming amount of data and word salad encountered in organizations today.

Would you welcome this as a rare opportunity to enlighten the CEO with your security culture knowledge, experience, and wisdom, or would your mind start racing to think of a meaningful response? Would the CEO be impressed with your understanding of the company’s history, current challenges, strengths, and growth strategy? Would your explanation about the positive impact the security program has on employee engagement and talent retention be a new insight for the CEO?

Are these your go-to phrases: “The security department instills security culture in all employees’ DNA,” “We train the employees to protect the company and it’s part of the company culture,” or “Our workplace violence program has a highly effective threat response team and that makes us have a great security culture”? These statements might be true and well-intended, but there are often other ways to approach conversations with senior leadership that would be much more effective.

When developing and managing their programs, security leaders often focus on the science of corporate security, including:

  • Policies/procedures
  • Security technology (video, access, intrusion, artificial intelligence)
  • Intelligence
  • Risk mitigation and crisis management
  • Investigations
  • Staffing
  • Workplace violence prevention and response
  • Travel risk management
  • Insider threat programs
  • Supply chain security
  • Assessment/auditing
  • Training/awareness
  • Executive protection
  • Intellectual property rights

These 14 areas are core to today’s security program, and security leaders have become very good at mastering them. They are all very complex and comprehensive, and–this is key—they are capital driven. Business leaders will often prefer to spend capital in ways that grow the business in tangible ways, such as producing goods or services. When budget freezes or reductions are ordered by headquarters, how is your budget impacted? When across the board reductions in headcount are mandated, is your staff reduced?

If you have led with and communicated your value-driven security culture, security is in a better position to have the support of the business’s leaders that enables them to weather these conditions.

What is Security Culture?

The art of human connection that drives the success of a security culture is nonlinear and perpetual, and it can be difficult, discouraging, and frustrating. Yet it is exhilarating and invigorating when achieved. It is about focusing on the psychological, philosophical, and social aspects of influencing and changing perceptions of your security program with people at all levels—from the CEO to the third-shift employees—to agree to protect each other and provide information so you can address any security deficiencies.

Consider the change in connotation when you shift from “duty of care” to simply “care.” While the science of security can often be quantified, culture is more qualitative.

Here are eight security culture related areas that will separate innovative, growth-minded security leaders from those satisfied with only delivering the core services.

What’s Your Purpose?

We are not in the security business; we are in the business of positively affecting employee engagement, talent retention, and talent attraction. When employees feel safe (environmental health and safety), secure (physical, mental, and emotional security), and treated with respect, dignity, and fairness, they will be in position to perform optimally. In addition to consistently delivering high quality work, businesses succeed on employee innovation, commitment, and consistency. The aforementioned science of security categories are the means to accomplish this.

Learning and Understanding Your Business

Employee engagement and productivity are among the most important factors business executives consider, and the security function can directly impact them. These are the terms and concepts business executives are talking about:

  • Employee turnover, including the financial cost to cover and replace employees and the institutional knowledge lost
  • Absenteeism, work quality, discretionary effort, and presenteeism
  • Weakening of the workforce due to stress, burnout, or extra workload
  • Engagement levels, seen in factors such as innovation, commitment, or grievances
  • Employee conflict and tension
  • The impact of mental health on the workforce’s resilience

By talking about how security actions and policies affect these concepts, security leaders are speaking the language of business with business executives. They are showing they understand the challenges that business leaders have while highlighting security’s role in providing a positive, caring, supportive work environment that is highly productive.


We are not in the security business; we are in the business of positively affecting employee engagement, talent retention, and talent attraction.


Developing Security Culture

Culture in a business is a set of norms that govern behavior. This culture is shaped by shared experiences and informed by shared values. It is something that develops and evolves; it is not something that executives can simply set and forget.

Security culture is a particular subculture in an organization. A strong, positive security culture is one where employees and leaders feel safe, protect each other, freely provide security with information that can help protect themselves and other employees as well as the business, and trust security has their best interests and the best interests of the organization as priorities.

Part of trying to create such a strong, positive security culture is understanding that security culture exists as part of a wider corporate culture. Security leaders must understand this broader context if they want to influence and improve security culture.

All companies want safe and secure environments. However, the tone that leadership sets at three different levels is of vital importance to your organizational and security culture.

Corporate office. C-suite and department senior leaders set parameters of corporate culture through publicized mission and vision statements as well as code of conduct policies. However, the actual culture is determined by how these leaders act each day. When considering their attitudes toward security, does the C-suite see employees as concepts or real humans? Of course they express a caring attitude for people, but how they support the security program (budget, resources, and support for a proactive strategy) is the actual measure.

Business unit level (presidents, geo-leaders). This leadership level often works similarly to the C-suite, but it is often more empathetic to site leaders.

Site leaders (directors and managers). Though the above two groups are formative to a security culture, the frontline leaders are the closest to employees—physically, psychologically, and emotionally. This is the group that is most critical in embracing a properly designed security culture strategy.

Know Your Stakeholders, From Advocates to Naysayers

A successful security team and culture will have leaders from all three levels in their corner. The priority is to identify and understand in each of the leadership levels fall into the following groups.

Advocates and champions. This group understands and values the security program as a critical contributor to keeping employees safe and building business resiliency, which increases the likelihood that they succeed.

On the fence. These individuals have had both positive and negative experiences with security departments throughout their careers.

Naysayers. This is the group most likely to say, “Security?! I have little use for them.” These see security as a financial burden to their individual, department, and corporate business objectives. They perceive security as the corporate cops or a drain on their budgets.

What is your attitude and strategy toward all three categories, especially the naysayers? It would be natural to be closest to the advocates and to only deal with the naysayers when you have to. However, if you want to strengthen the security culture and build the influence you have in the organization, it is important to focus on the naysayers. I generally seek to connect with them, and be a good, active listener. I learn what their challenges are and think about how security could address them.

It might not happen immediately, but opening a dialog makes it easier for you to spot an opportunity for security to help them achieve their goals when it arises. Plus, they are more likely to be receptive to what you have to say.

You may not flip a naysayer directly into an advocate, but if your goal is to move them closer—and to eventually turn those on the fence into advocates as well. Turning these leaders into strong advocates over time is one of the most challenging and rewarding experiences a security professional can pursue in their careers.

Soft Skills are the Hardest Skills

Soft skills are not things you can just summon when you think the moment is right. I prefer to think about the character attributes that CSOs and security team members need to possess. The eight that have been core to my career are: fairness, innovation, vulnerability, credibility, respect, tenacity, perception, and being engaging.

In just a single interaction with a leader or employee, most of these attributes should be present, and all are equally important. Being engaging and perceptive is foundational. Some security professionals prefer being reactive, staying in their lane, and seeing employees as either rule followers or rule breakers (which fosters an “us vs. them” mentality). This often undermines larger security and risk mitigation initiatives, especially compared to when those changes are led by an innately empathic and compassionate person that the workforce knows, likes, and trusts.

Corporate Investigations

How investigations—especially interviews—are conducted critically impacts your security culture building efforts. For many individuals, investigations are the closest interaction they will have with corporate security. Investigations have two objectives: determine the complete truth to resolve the matter and protect the site’s culture.

Some traditional courses on interviewing already emphasize developing rapport, which is a good start. However, I teach building connection that goes beyond rapport and is more impactful for successful interviews and keeps paying off long after the investigation is over. Corporate interviews can be highly impactful to the interviewee’s sense of status, relationships, and fairness. Regardless of if the interviewee is a witness or person of interest—or just someone gathering evidence for you—all will remember how you treated them, and that will have a lasting effect on them and those around them. The interviewee will talk to colleagues at work about you and the process you used. Investigations have a direct impact on employee engagement.

Workplace Violence Prevention and Response

Business leaders understand the seriousness of workplace violence issues. How can you leverage a security culture philosophy to get them to prioritize the issue from important to urgent? An employee not working is not making the business profitable, and an employee injury at work can affect sitewide productivity and undermine the belief that the company wants to keep employees safe.

What is your strategy to encourage business leaders to allow more time away from work for workplace violence prevention and security awareness training and development? Can you connect the dots for leaders between training and other core business factors such as employee retention?

Mental Health

Busting your own mental health stigma barrier is the first step to being able to understand and embrace all aspects of this critical topic. You do not have to be a clinician to contribute to your company culture in a meaningful way. Could you speak at an employee event on employee assistance programs (EAPs) about how mental health can connect to workplace violence concerns? Can you speak about it from the heart without notes or a slide deck?

Most people either have a mental health condition or have a loved one or colleague with a mental health condition—this area is extremely relatable for people, and it is an effective way to connect and share applicable resources with employees, leaders, and even vendors.

Culture is Your Differentiator

Earlier this year, U.S.-based Security Executive Council published their annual security industry report, and one specific item stood out:

“For more than 20 years, security leaders have told the SEC their biggest challenge is earning the ear and confidence of senior management, and unfortunately, that continues to be the case. We find only about 15 percent of security leaders have successfully mastered this. Many struggle to secure the budget they need, the staffing they want, the buy-in for projects. They are frustrated that executives do not ask them for input or inform them of shifts in strategy. Others don’t realize they aren't on the same page as management until they find out they’re being let go.”

So, for those other 85 percent of security leaders who struggle to gain wider corporate acceptance, embracing the concepts in this article may move you to the group that has senior management confidence.

Developing and fomenting a best-in-class security culture takes years, and cultures are built one interaction at a time, over time. There are too many critical areas to discuss in a single article, certainly. Every member of your security department must be united and committed to this philosophy to succeed, and success means measurable employee engagement, talent retention, and attraction.

 

John Rodriguez is the founder of Empathic Security Cultures, LLC, based in Austin, Texas, with more than 42 years of pure corporate security experience working for major corporations including General Motors, Kimberly-Clark, Levi Strauss & Co., and Cardinal Health. He previously was the CSO for Temple-Inland in Austin, Texas. Rodriguez is a globally recognized security culture expert and works with global security departments, human resources, and leadership teams to enhance their security programs for improved employee engagement and talent retention.

 

This article is also available in Spanish here. 

© John P. Rodriguez, 2024

 

arrow_upward