Created by Security Executive Council staff with insight from Dick Lefler, former vice president and CSO of American Express and current chairman and dean of Emeritus Faculty for the Security Executive Council
Emerging issue awareness is perhaps the most difficult to define and the most difficult to obtain of all the knowledge areas the next-generation security leader must master. It isn’t taught at universities or learned by mentoring, it means something different in every company and industry, and upper management is looking for it now more than ever.
The term emerging issue awareness doesn’t appear in lists of job qualifications or requirements, but it is often there, hidden in other language. Where a job calls for a “strategic thinker,” someone “able to anticipate,” who is adept at “planning for current and future needs” and “meeting the needs of a changing business environment”—there it calls for the elements of emerging issue awareness.
Being aware of emerging issues affecting the security of the company means making sure your senior management is never caught by surprise. It means keeping tabs on happenings and changes within the company; its industry; the security industry; business in general; technology; crime; local, national and global politics and threats; and any other arena that could impact the organization.
This may sound like a lot to expect of the security executive, but to successfully provide security in today’s business and economic environment, this skill set is a necessity. Threats can come at an organization from any angle or direction, and lack of preparation for them may cause extremely damaging financial, reputational and safety issues.
Dick Lefler, former CSO of American Express and faculty emeritus of the Security Executive Council, pinpoints several historical examples that illustrate the wide range of emerging threats the next-generation security leader must prepare for. On one hand, he points to the affects of 9/11 and Hurricane Katrina on companies that maintained current, tested business continuity and crisis response plans and those that did not. In this case, the CSO who kept up with the best practices of the security industry and the potential impacts of terrorism or natural disasters was able to provide his or her company a higher level of business protection and safety.
On the other hand, he highlights a single, seemingly minor technology evolution: the development and improvement of the color copier. When this device improved to the point that reproductions were indistinguishable from the originals at first glance, it changed counterfeiting from a sophisticated crime that could only be perpetrated with specialized equipment, to something that could be done by anyone with a quick trip to Kinkos. “In this case,” says Lefler, “the CSO’s familiarity with technology trends is what allows him or her to prepare countermeasures to meet an emerging threat.”
The security leader’s emerging issue awareness should encompass not only external concerns, but also changes within the corporation. If the business is getting ready to outsource, offshore, change packaging, embark on joint ventures, mergers or acquisitions, or even if there’s a drop in sales, the security leader has to be aware of these potential changes. Then he or she must determine what those changes will mean to security and how best to respond.
Challenges to Emerging Issue Awareness
Ten years ago, if we wanted information on the happenings in a certain area, company or industry, we often had to scrounge to find it. Now we’re buried in it. The Internet presents an overwhelming amount of information to the security leader searching for issues that may impact his or her company.
Maintaining constant watch over such a wide variety of potential risks and threats in a constant flood of data is a challenge that can be overcome through discipline and organization, as we’ll discuss below. But recognizing within that sea of information which issues constitute emerging risks is a matter of experience combined with aptitude. Emerging issue awareness cannot be learned through academic programs, books, or other sources of training. It requires the security leader to train him or herself over time to quickly identify significant issues as they develop.
Tips for Staying Aware
There are myriad sources of information you can monitor to keep watch for issues that may impact your company. Industry associations, corporate public relations and investor relations departments, magazines, television stations and newspapers, government organizations, and research groups all offer services that help keep you up to date on the events that matter to them, in the form of e-newsletters, RSS feeds, news services, blogs, and Web sites.
The security leader’s first challenge is to choose the right sources. Knowing your business and your security program, as well as your industry and the regions in which your company operates, will be crucial to choosing well. Sometimes this also requires creative thinking. Lefler explains that sometimes the best way to forecast and prepare for threat trends is to keep an eye on other industries that don’t seem to have much to do with your own.
For instance, he says, if you’re in pharmaceuticals and you anticipate problems with counterfeiting, you can learn something by watching how luxury goods manufacturers deal with their counterfeiting problems, then picking out the elements of their solutions that would be useful in your context. Similarly, if your company puts you in charge of protecting 2 million acres of timber and you find you have a timber theft problem, you can look to unmanned aircraft technology developed by the military for defense purposes to help you patrol the company’s property. “Part of the CSO’s job,” says Lefler, “is to understand how to bring cost-effective solutions to emerging threats by looking at what’s going on in other sectors and converting that to your own thinking.”
Once you’ve chosen relevant sources of information and subscribed to their services, the next challenge is sorting through all the e-mails, feeds, sites, and mailings to find the news that’s meaningful for you and then to identify patterns and interpret the trends you see. It’s important to remember that each source has a different slant on the news they provide.
If you want to avoid buckling under the weight of all this information, you must develop good habits and practice constant self discipline. Here are some tips for handling the information overload.
- Scan everything. Learn to glance through magazine, e-news and newspaper headlines and to get the gist of the story without stopping to read every word. Speed reading courses can bring real value.
- Consolidate. Avoid single-source documents or mailings; focus instead on news scanners, which pick out headlines based on criteria you set and only send you information that might be useful to you.
- Organize. Keep a separate e-mail folder for group mailings so that these items don’t clog up your regular inbox. But set aside time every morning to scan through the folder and clear it out. Don’t let it pile up.
- Ask for help. If you don’t think you can do all this sorting and organizing by yourself, appoint a staff member to help you cull through the information. Another option is to partner with an analyst group that searches news based on your criteria and notifies you about items that are actionable or critical.
- Network. In your profession and across sectors, be prepared to be a fast follower on new ideas and solutions.
