Illustration by *Security Management;* iStock

Which Core Competencies CSOs Prioritize

By Claire Meyer

1 July 2025

Security knowledge or business savvy? Executive skills or technical expertise? Budgeting know-how or communication? It can be challenging as a rising security professional to determine where to focus upskilling and professional development efforts. If a senior security director position is the goal, the core competencies a professional must fulfill shift compared to an individual contributor in a security operations center or at a regional site level.

But what exactly are CSOs and other senior security leaders looking for in their mid-level managers and eventual successors? The future’s security directors will need to balance business priorities, strategic execution, cross-organization collaboration, and critical thinking to get ahead. Security Management connected with four members of the ASIS International CSO Center to discuss their priorities for security managers, how they help train those professionals, and what comes next.

Core Competencies to Prioritize

Core competencies are the sets of skills, knowledge, and abilities that give individuals a competitive advantage at work. They often include interpersonal skills, personal competencies, and business skills such as resource management. These skills can usually be applied across any sector or organization, and they aren’t bound to a particular profession like security.

Early career professionals are usually working on the block-and-tackle skills they need to do their basic jobs, including security proficiencies and simple business acumen such as professional communication or data analysis tasks. But once a professional has reached a mid-management position, he or she is in a good place to take on additional responsibilities and consider skill gaps that could hinder further career mobility and organizational success. This also means that mid-level managers are ready for additional investment and attention from leaders.

“Mid-tier security managers are the glue that hold security departments together,” says Jonathan Perillo, CPP, PCI, PSP, CISSP, senior manager of corporate security for Munich Re America Services Inc. “It is their eyes that security executives view the department through, and they are the voice that echoes throughout the operational levels of the department. Communications is the foundation, with leadership aptitude, self-awareness, and technical proficiency in their specific area of responsibility rounding out the core competencies.”

Frazier Thompson, CPP, deputy chief security officer for International Paper, prioritizes seven traits that demonstrate the core competencies that he looks for when filling positions:

Lifelong learning. “Security threats and technologies evolve rapidly,” Thompson says. “A commitment to continuous learning ensures the manager stays current and adaptable.”
Energetic self-starter. Security management roles may be remote or require the individual to manage tasks alone. Proactive leadership without constant oversight requires energy and initiative.
Good business partner and relationship builder. Because security works with internal stakeholders, including legal, facilities, and IT, and external partners, including law enforcement and vendors, trust and collaboration are key to success.
Influencer and communicator. “Influencing senior leadership and presenting risk assessments or security strategies effectively is critical for resource allocation and policy adoption,” Thompson says.
Multitasker and critical thinker. Security managers cross multiple domains (e.g., threat management, investigations, physical security) and must be able to prioritize and adapt under pressure.
Problem solving and data-driven decision making. “Security decisions must be justified with data and aligned with business risk tolerance. Analytical thinking supports sound, defensible strategies,” he says.
Mentor and strength of character/ethics. “As a leader, the manager sets the tone for ethical conduct and professional development within the team,” Thompson adds.

“These competencies are prioritized because the role operates in a matrixed, global environment with high stakes for employee safety, regulatory compliance, and corporate reputation,” he says. “The ability to lead with integrity, communicate across cultures, and make informed decisions is essential for success.”

But where should individuals focus their time and attention? Business skills, executive skills, and security and risk management proficiencies are all important and need to be concurrently developed. The level of development will depend on organizational needs, career goals, and personal preference, but people aspiring to become senior leaders will need all three, says Nick Weber, CPP, PCI, PSP, managing partner at critical infrastructure protection firm Archer International.

“Business skills are critical to leading a security organization that delivers value, mid-tier managers should be able to understand and articulate the value their department brings to the broader organization, even better if they possess the skills to identify opportunities to improve that value proposition,” Weber says. “They must also understand how to communicate across the broader organization to not only share their value proposition, but to identify pain points and opportunities to improve that value. They will increasingly find themselves in conversations where they are the senior security risk management professional and will be expected to provide appropriate counsel and guidance to other business leaders.”

How to Reflect Those Priorities in Hiring

When hiring or promoting in security, the skills required will differ depending on the responsibilities of the role being filled. For example, an analyst-level role or even a SOC manager will need technical expertise on systems and equipment, and must excel at the soft skill of collaboration, says Janell Ellis, director of global protective services at Diebold Nixdorf.

Managers will need to supervise, instruct, and work with a variety of other professionals at the organization, so when Ellis is interviewing candidates, she asks about how they have grown, why they want to take the next step, what soft skills they have developed, and how they will help their team do the same.

To get a clear picture of their soft skill acumen, she’ll ask open-ended questions to start a dialogue with candidates. For example, “Tell me about a time when you collaborated with someone outside of your department to achieve a business goal.” These experiences—and how candidates relay them—help Ellis identify the individual’s skills, priorities, and potential.

She’ll also look for experience in training others and triaging competing priorities—especially during periods of crisis or change—to see if the interviewee is ready to lead and adapt.

This entails a readiness to change one’s mindset, which can be essential for long-term security and business success, Thompson adds.

“The fast-paced and ever-evolving nature of security demands leaders who can pivot gracefully—not just in their strategies, but also in their mindset,” he says. “Early in my career, I learned the importance of cultivating emotional intelligence alongside technical expertise. Understanding the human aspect behind security decisions allowed me to foster stronger collaborations and gain trust across all levels of the business.

“A key lesson that profoundly shifted my approach was realizing that security isn’t just about mitigating risks; it’s about enabling opportunities,” he continues. “When I stopped looking at security as merely a reactive discipline and instead began framing it as a proactive driver of innovation, my strategies became more aligned with business goals. This perspective fundamentally transformed how I communicated value to stakeholders and positioned security as a cornerstone of success rather than as a barrier.”

Coaching and Growth

It’s a rare day when all of those soft and hard skills walk through the door in a perfect candidate. Instead, coaching and professional development assistance will be required.

“When it comes to helping early and mid-career professionals build these skills, I like to keep it practical and hands-on,” says Thompson. “For soft and leadership skills, I suggest they dive into projects that bring together people from different teams. This is a great way to learn how to manage relationships and work through the challenges of group dynamics. Open and clear communication is key, and asking for feedback often can really boost their ability to lead under pressure.”

Perillo also advocates for hands-on experience. “Involving them with projects that are above their position allows them to stretch and gives them visibility into the next layer,” he says. “Security departments are so used to compartmentalization both vertical and horizontal. However, by breaking down both of these barriers where appropriate, it allows professionals to expand their horizon by both broadening their perspective and giving context to their actions.”

Discussion sessions can prove invaluable for fostering critical thinking and business acumen. Perillo recommends hosting discussions after meetings hosted by executive leadership, such as town halls.

“Sitting with your teams and asking them exploratory questions and providing some context can be revelatory for security professionals, especially as it can often have direct impacts on their daily activities,” he says. “Some examples of these questions are: ‘Out of all of the things that the company is presently working on, why do you think that the executive chose to address this particular topic at this particular time?’ ‘Why did they present it in this fashion, and give it the particular context that they did?’ ‘How do you think this impacts our department’s offerings? Is there a change in risk or value opportunity here for us that we should explore?’”

Ellis recommends delegating senior security leadership tasks to up-and-coming managers. She brings new hires to meetings with her so they can observe and learn, and then she asks if they have any questions about what she did or how she did it in the meeting, as well as how she can help them achieve similar results. Once they feel more comfortable with the task, she starts to let them take over parts of it. This builds team resiliency and redundancy alongside professional development.

Leaders can also recommend that employees look outside the security role for guidance, Weber says.

“Some of my most valuable lessons in business came when I asked my company’s finance experts for some time to teach me,” he adds. “The best conversations there often started with some variation of ‘I don’t know very much about this, what should I know?’ and letting them get the conversation started since in many cases I didn’t even know yet what I needed to know.”

Professional development is available outside the organization, as well, and it can lend different perspectives.

“Taking the leap to enroll in a master’s degree program in organizational leadership was one of the best things I could have done for my career,” Weber says. “I was in the mid-career stage, so I had a fair amount of experience going into the program. Learning the theory behind what I had observed in my career enabled me to understand why things happened a certain way rather than merely observing those outcomes. Once I understood the why, I was able to better influence and drive outcomes.”

Claire Meyer is editor-in-chief of Security Management. Connect with her on LinkedIn or via email at [email protected].