How to Quickly Show Stakeholders the State of the Security Program
The SEC pilots the Security Success Foundation Assessment™ with Three Security Leaders
In 2020 the SEC developed the Security Success Foundation Assessment. It’s based on research called the Security Success Universe. The foundational elements comprise one of the Universe’s 13 categories. The process begins with a short interview and culminates in a radar chart (see Figure 1) that visually represents where you are as well as where you need or would like to be.
Figure 1: Example Security Success Foundation Assessment™ radar chart.
Here’s how three security executives in three very different situations used the Security Success Foundation Assessment in their organizations to achieve positive internal and organizational results.
Bruce Robinson joined Excelerate Energy as Head of Global Security in January 2020. He’d worked extensively in the past with the Board and the C-suite as a government consultant on security issues, so he felt confident in his ability to grow the function quickly and influence senior executives when he came on board.
But business can throw great curveballs in an ordinary year, and 2020 was extraordinary. Within weeks of Robinson’s start at the company, he faced the first major incident, and the threats seemed to pile on from there: natural disasters, political and diplomatic turbulence, and of course COVID-19.
Executives soon recognized the need for new security programs that needed to be implemented quickly. There was no honeymoon period – the time he had hoped to use for assessing existing policies and creating relationships with internal partners had to be spent adapting the program to new imperatives, and then adapting again.
Robinson found himself in constant reaction mode. But he knew he could not just start building new programs in this new position without making sure he understood the foundations upon which he would be building.
Results. After completing the Security Success Foundation Assessment, Robinson was able to provide corporate executives with a measurable and visually informative representation of the security function’s state and progress.
He uses the chart to initiate tough discussions with the C suite, and he also uses it himself, to re-center when he’s tempted to rush program implementation and to make sure his strategy is in line with organizational goals. The assessment has given him new confidence to approach the function bullishly and to continue to build the program and meet the needs of the company as a business enabler.
Jody Woenker approached the assessment from a different trajectory. Now Senior Director of Global Security and Chief Security Officer for Elanco Animal Health, he was hired as the company’s security leader in 2019, one year after Elanco separated from Eli Lilly & Company.
Elanco was in the process of transitioning from Lilly’s mature, traditional security approach to a new function for a new type of company. The newly independent company was building a fit-for-purpose model. Within two years of its founding, Elanco acquired Bayer Animal Health, a company 80% Elanco’s size, and also started the design of a new global headquarters. All this together was a substantial undertaking.
When Woenker joined the company, Elanco management had a different vision for the structure of its security function. He came on board as an army of one, and he immediately got to work building understanding and alignment. In the last two years he’s worked with senior executives to expand the capability and deliver increased value to the organization.
Results. Woenker has used his assessment results to advance this corporate security alignment process and as a tool in budget planning and resource allocation. The radar chart has provided a simple way to measure and to effectively and efficiently communicate with the executive team. It also helps to answer the questions “What does a good security program look like?” “What does a great security program look like?” “What is the minimum?” and “Where are we on that scale?”
He also uses the assessment with his own team. He had a team member go through the assessment process after he did, and then they sat down to compare notes. This helped them to see how aligned they were and gave them an opportunity to discuss divergences and create a more cohesive security function.
When Brian Crane took the Security Success Foundation Assessment, he had been Director of Security Operations for Cheniere Energy for a long time. He had already gone through the bumps and challenges of a new position and a new function, and he had worked consistently and successfully to align the security program with the company’s goals, to ensure that the company recognized the value security could bring, and to create a reputation as a business enabler.
Now, all security personnel report to the C- and VP level, the function is adequately staffed and well resourced, and the enterprise comes to Security to ask for input and advice on security and even non-security matters.
Results. Crane’s primary goal in completing the assessment was to validate his program’s competency and value. The results are presented in a visually robust format that allows him to open dialog with the C suite, soliciting feedback and driving communication. He also uses the results internally as a recurrent benchmarking practice.
As these three cases make clear, the Security Success Foundation Assessment has proven its value in a range of programs, from brand new, to transitioning, to established and mature. As more security leaders take the assessment, the SEC hopes to allow participants to compare their foundational state with an average taken across the security industry.
Next StepsInterested in what this assessment would look like for you? Contact us at email@example.com to set up a meeting where we can take you through it at no cost.
For more resources on this topic see Demonstrating Value: Communicating Value
Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.
Copyright Security Executive Council. Last Updated: April 27, 2021
You can download a PDF of this page below: