Security Executives Defined by Their Value, Not by Their Title
Words are real things. When conveyed through the written word or articulated in a speech, they have the power to direct and shape individual behavior and markets.
With this mind, I would like to discuss what it means to be a professional. I believe we can agree that it infers a ranking conferred by education, skill, or training. Markets show their maturity by the establishment of formal standards that are then used to judge the competency of an individual or product. If they pass the test, they often get a certification that can be aligned with their personal or product brand.
The largest security association in the world is ASIS International. They are an established Standards Developing Organization. That unique role and its associated processes create the context for incubating and formalizing standards and guidelines that drive behavior in the risk, resilience, and security industry.
In our latest conversation, we asked a member of the ASIS committee that has been reviewing, amending, and, he would argue, enhancing the Chief Security Officer Standard originally published in 2004. It will now be called “Senior Security Executive”.
Our conversation takes us back to a time when Physical Security was associated with gates, guns, and guards. And Cyber Security was an IT Management function. Security was not often viewed as a member of the executive team. Largely, the leaders in the security industry did not have a voice because they did not know the language of business. Thus, people were advocating for a job description for a corporate role. Chief Security Officer (CSO), as a title, became the focus.
This conversation centers around the value of a title vs. a role. The new standard will be debated among the original committee and their advocates and many who have benefited from these early adopters. But this new standard has the opportunity to reframe the role in terms of the business.
If the role is reframed and articulated to the business correctly, it will act as a touchstone for reframing security from a solely defensive role into one that acts as a pivotal advisor to the business and its leaders as they navigate risk and opportunity. The framework is expressed through a published guideline: Enterprise Security Risk Management (ESRM). It describes the enterprise security risk management (ESRM) approach and explains how it can enhance a security program while aligning security resources with organizational strategy to manage risk. Utilizing ESRM security professionals work with asset owners to identify and prioritize assets and risks in order to mitigate those risks and create a holistic security program that supports the organization’s mission.
The gentlemen we spoke with, Michael Gips, Principal of Global Insights in Professional Security has been a top influencer in the industry for over 20 years and is recognized as such by his peers.
Listen to this walk through the history of a profession seeking influence in the vision, mission, and execution of the business. The opportunity is enormous. And it is now.
Enjoy the conversation.