Leadership Solutions


What You Need to Know When You are Facing a Change in Leadership

Dealing with risk is something we do every day but there is one that is probably not on any of your risk management plans -- how to handle a change in reporting whether it be due to an internal organization structure change, an external hiring decision or a merger/acquisition situation. A change in leadership can be a difficult time because of the "unknown" factors.

The new leader will have his or her own agenda, goals, and view of what security does and what security’s role should be. If this does not mesh with your view or the way things have been run in the past, some meeting of the minds will be necessary.

As with any risk one could choose to accept it; essentially ignoring the risk and dealing with the fallout as it arrives. However, a better way is to choose to mitigate the risk by preparing for it and making the transition to new management as smooth and productive as possible.

What You Need to Consider

There are three main categories a new leader will tend to generally fall into when it comes to a relationship with you and the security function:
  1. An Advocate - This is someone whose security goals align with yours and who is prepared to defend you and the security team in conflicts with other management. You can favorably tilt this option in your direction by being armed with documentation of what security does on a day-to-day basis, has accomplished to date and how successful it has been.
  2. An Associate - At some level your goals likely align with this leader but this is someone who can be best be described as a significant customer. The details of how to achieve security’s goals may differ between you and this leader but you may be faced with the old adage, "the customer is always right." In this situation you want him or her to understand the value security brings to the organization. You need to be prepared to present a convincing case to ensure the boss ends up a satisfied customer.
  3. An Assassin - This is someone who likely does not understand security’s role in, or value to the organization. This leader may have a mandate that is at odds with your understanding of risk management within the organization. This situation may require a damage control approach but in any case it necessitates preparation and a thorough understanding of your adversary and your current operating environment because you may need to defend previous actions. If you can show that existing customers of security value your services it will go a long way toward discouraging adversarial action spurred this new boss.

What You Need to Do

The first thing is to realize that a proactive approach to new management is the best recourse; views are easier to change before they become entrenched. If they have begun making statements to others about what they are going to do to "fix security" their own pride may prevent them from recanting or modifying their initial position. A preemptory strike may be required and if you are not prepared to execute on it wisely you may do yourself more harm than good.

Do some thoughtful investigation about the reasons why new management is being brought in and what their background is. This applies whether you are moving to a new position or if new management is coming to you. Ask yourself hard questions, take the view point of the new management and be brutally honest with yourself. Is this new management part of a startup of a security program, a turnaround of a failing security program, a realignment of security, or a sustaining success situation? What led the organization to this point?

Next, do some research on new management’s career history. Identify the most likely security issues / risks they have faced with previous organizations. What industry specific issues or regulations did they have to address that may have not been in this organization? Be prepared to answer questions related to these issues.

If the new leader is an internal reassignment, identify the security services they would have used. How much have you spent on their previous business group? What experiences have they had previously in dealing with security, was it helpful or problematic? Understanding how your customer’s feel about security will be important information used to know how to approach them.

How the Security Executive Council Can Help

Whether the new leader is an advocate, associate or assassin, in a non-emotional way you will need to educate them in what your department does. You will need to show the value of security and demonstrate how others, especially his or her peers, see value in security. You will need to have documented past results, which is part metrics and part running security as a business.

If you do not currently have this information you quickly need a security perspective autopsy; how do your customers feel about security? What issues have you helped them address? Who are potential friends and who are likely not to be?

This only scratches the surface. Consider getting a second opinion from those who have experience successfully navigating the minefield of organizational change. The Security Executive Council has extensive experience and tools to help gather the information in this situation. We have helped CSO’s successfully weather mergers/acquisitions and new executive management as well as assisted CSOs moving into new organizations.

When you need to know where you stand call on us to gather the information, evaluate the situation and provide you with the unbiased knowledge and advice you need to face new management and show the value your security programs bring the organization. Contact us for information on how the Security Executive Council can help you be more successful: contact@secleader.com