Becoming a Next Generation Security Leader
Created By: Bob Hayes, Managing Director and Kathleen Kotwica, Ph.D., EVP and Chief Knowledge Strategist, Security Executive Council
Even if a practitioner focuses on achieving the nine practices that are under his or her control, they may not have the same results as they did for the security leaders discussed in the report. The acumen, personality and priorities of the leader will impact how the practices are carried out and received by others in the organization. Likewise, the organization’s view of security and the maturity of the security program can either nurture or stymie some of the nine practices. If management sees nothing more in security than incident response and physical access control, for example, then making them aware of what security is and does is crucial, but extremely challenging. Again, skill and aptitude are crucial, but success also depends on being in the right place at the right time.
Security leaders who aspire to become what we like to call Next Generation Security Leaders—future-oriented professionals who work across many domains, run programs that are aligned with their businesses and are influencers in their organizations—should focus both on improving their aptitude and positioning themselves to be in the right place at the right time.
Assess to Find the Best Executive Development ResourcesEducation comes in many forms, and not all of it is good or worthwhile. To determine what type of learning opportunities to pursue, security practitioners should first candidly assess themselves and their organizations in light of research like the Nine Practices report, peer feedback, and industry benchmarks.
They can review or perform organizational risk assessments to refresh their perspective on the risks and opportunities security can or should address. They should also review the organization’s goals and evaluate whether security is helping to meet them. Then, a personal leadership assessment is in order to help the practitioner see the gaps in his or her skill sets and decide whether addressing them could help enhance security for the organization. Through this process, a security leader can best identify the educational gaps he or she most needs to address. The next step is figuring out how and where to bridge them.
Developing a mentorship with a more senior or retired security leader you respect and would want to emulate—preferably from within the same organization or industry—may be the best way to learn. Mentorship is more than shadowing or meeting for lunch now and again. It’s a long-term relationship that entails sharing detailed knowledge and experience. Mentors can also enhance networking for their mentees.
The biggest problem with mentorship is a dearth of mentors. Truly innovative, visionary, business-focused security leaders are rare, and where they exist, it’s unlikely they have the time to do much mentoring.
Again, a series of candid assessments should help point you towards education that would be relevant and helpful in your situation. Security-specific or industry-specific seminars offered by trade associations may be good sources for learning on certain security-specific topics. Business schools and industry-supported business programs may be more helpful for general business administration.
However, the Security Executive Council has found that while industry business programs help security leaders understand business practices and speak the business language, they fail to marry business processes with the job of risk mitigation. The Council is building a knowledge transfer program that addresses these concerns by including input from business professors, security industry veterans, and current practitioners—many of whom exemplify the nine practices we’ve identified. We have pinpointed 11 things that senior security leaders want to see in their staff and used these to guide the curriculum.
Once you’ve begun building your aptitude, it’s necessary for you to find an organization in which you’ll be able to use it to the utmost.
Finding a Job that Enables Next Generation LeadershipPutting oneself in the right place at the right time is a matter of effective career management. If Next Generation Security Leadership is your goal, every step of your career management strategy should be engineered to advance your journey toward it. This includes recognizing the organizational factors that play a role in achieving Next Generation-level success and building the job search, interview process, and decision making around those factors.
Some of the commonalities found in our research for The Nine Practices of the Successful Security Leader may indicate how an organization or a security program can enable its security leader to excel. Consider what the following practices say about a prospective new employer and its existing security program.
In his book From One Winning Career to the Next, J. David Quilter outlines a number of considerations for security leaders who are plotting out their next career steps. Many of the checklists and questions he provides to career seekers can help a prospective Next Generation Security Leader determine whether an organization is a fit for the practices above, as well as other factors of success.
Here are a few of the questions he recommends the job seeker think about during the interview process:
Quilter recommends that security leaders learn as much as possible about those to whom they will report through searches of publicly available information and other resources. They should speak with employees not in the presence of their interviewers and attempt to see how the company treats employees and security issues on a day-to-day basis.
Next Generation Security Leadership is a long-range goal for most. Developing the knowledge and skill sets it requires while carefully managing career moves—these are complex and challenging tasks, but they are worth the effort, and their results are worth the wait.
For more information on this topic see Security Leadership: Next Generation Security Leader
Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.
Copyright Security Executive Council. Last Updated: July 31, 2018
You can download a PDF of this resource below.