5 Categories for Your Senior Security Leadership Self-Assessment

Performance evaluation often comes from the outside—annual reviews, 360-degree feedback, and results from specific projects. But an inside view can be best when determining how to boost leadership and business skills for long-term success.

When mentoring aspiring senior security executives, Jeffrey Slotnick, CPP, PSP, CEO of enterprise security risk management (ESRM) consultancy Setracon, Inc., starts with a self-assessment. He designed a proprietary scorecard with key performance indicators (KPIs) and metrics to clearly demonstrate where the individual is with his or her career because it identifies strengths, opportunities, and where mentorship can make a difference—overall making the partnership more valuable.

He asks the mentee to evaluate him or herself on five key elements, ranking sub-elements on a score of one to five, with one being “no knowledge” and five being “expert—fully knowledgeable and capable of teaching others.”

In their first meeting, Slotnick will walk the individual through the scorecard and make sure they understand each KPI before they start rating themselves.

The scorecard also helps Slotnick pair up with mentees who could make the most out of his assistance. If the individual comes back with all fives across the board, he or she is likely not being honest with themselves and is not ready for mentoring. Conversely, if someone comes back with all ones, he or she is probably not being fair to themselves.

“I’ve been very fortunate in that the folks that I have used this tool with generally come back with a good bit of twos, quite a few threes, and occasionally, a four or five,” Slotnick says. “That’s the person I’m looking for, because they’re competent, there’s room for improvement, and they understand where they’re at in their career. It assists us in making good decisions.”

I possess executive leadership skills. This section includes a number of KPIs, including verbal and written communication, strategic planning, and development and delivery of executive presentations.

“There’s a lot of people who use PowerPoint, but creating a PowerPoint and a presentation to an executive board is very different than standing up and teaching a course of instruction,” Slotnick says. “You have to be able to communicate your knowledge in one to two slides at an executive-level presentation.”

This section also includes KPIs around business acumen.

I am knowledgeable of business factors. Budgeting and finances play a big role in this element. Slotnick asks if mentees are able to find and analyze annual reports and disclosures (e.g., a 10-K or 10-Q form), determine an organization’s strategic risks, follow the organization’s competitors, and stay alert to corporate legal requirements.

Through an ESRM lens, this knowledge enables security teams to align the organization’s strategic risk with security risk. With this view, “we’re no longer solving a security problem; we’re preventing strategic risk from occurring, which is the goal of ESRM,” Slotnick says.

To improve competence in this area, Slotnick and the mentee will walk through a Form 10-K for a publicly traded company, identifying strategic risks and discussing how the security department impacts that risk.

Business awareness. This area includes some key management skills, including assessing employees’ strengths, weaknesses, goals, and needs. It also involves some additional communication KPIs around public speaking, preparing convincing position papers, and streamlined executive summaries.

“You’ve got to be able to walk and talk the language of the business,” Slotnick says. “Security professionals are very good at speaking security. But the CEO, the CIO, the CFO, the COO, the CHRO, and every other C speaks business…they don’t speak security. We’re starting out with a language barrier. As senior security professionals, as security executives, we have to be able to speak the language of business or we’re misunderstood, and we’re undervalued.”

Internet of things and information protection. This area is the closest Slotnick’s scorecard gets to technical security. The section asks participants to rate their awareness of the impacts and benefits of artificial intelligence in physical security systems, as well as information technology threats to security systems, among other KPIs.

The business of security. Here, the KPIs address the essentials of strong security management, including how general business practices relate to global security, risk assessments and analysis, and business continuity planning. But it also measures how well an individual can create strategic alliances inside and outside the organization and provide customer-centric services, even during incidents.

“Security doesn’t exist for security’s sake,” Slotnick says. “The security function exists to support the other functions of the business. Other groups that are doing their thing to make the business prosper. You have to be able to coordinate with them and collaborate with those business groups, or they don’t see your value.”

Although the scorecard is intended as a self-assessment for mid- to late-career security professionals, its lessons can extend beyond that individual. The focus on strategy, cross-functional collaboration, and business value can raise the profile of the entire security function, including up and coming professionals.

“To be successful as a senior leader, it’s all about bringing up the next generation,” Slotnick says. “It’s all about being a collaborative leader and creating an environment where you can learn, coach, and mentor the next generation. If you’re stifling that, then over time, it’s like a tree: if you don’t water it, prune it, take care of it, eventually it’s going to die and collapse under its weight.”

Claire Meyer is editor-in-chief of Security Management. Connect with her on LinkedIn or via email at [email protected].