Posted on Fri, May 14, 2010
As the economy begins to rebound and businesses are beginning to loosen the purse strings again, now is an important time to begin preparing for the inevitable shift in focus from cutting cost to improving performance. As the focus of your company’s C-suite (think CEO, CFO, CSO) begins to shift, will you be prepared to champion your ideas for security improvements and acquire the budget and resources you need to prosper?
If you’re feeling apprehensive about requesting budget from your boss, you’re not alone. Many security managers have difficulty communicating their ideas to their bosses. But by following a few simple suggestions, you can improve your communication with your boss and help him (or her) understand how implementing your ideas will provide value to the business as a whole.
Find Out What the CEO is Worried About
You can be assured that whatever worries the CEO of your company also worries your boss. The executive management team of your company needs to remain focused on the largest issues facing the organization and their focus often shifts from one crisis to another. Frequently the topics that are considered their ‘Top 10’ in one year may no long be so the next. If you really want your boss to understand and relate to your request, you have to frame it in reference to what is important to him. Take the time to find out what challenges the CEO and the rest of the C-suite are currently focusing on and how your idea will help the organization solve those challenges.
Focus on the Bottom Line
Your boss thinks in terms of numbers, metrics, and the bottom line. If you want him to pay attention to what you are saying, you need to frame your argument in terms he can measure. Prove to your boss that you know why the business is in business and show him how your idea will improve the bottom line.
While showing a direct increase in revenue or reduction in cost is ideal, it is often difficult to quantify the value of improving security. When you can’t clearly quantify the benefits of your idea, focusing on the cost of not implementing your suggestion may help you get your point across. Remember that incidents such as workplace violence, safety violations or emergency management slip-ups can have a hugely negative impact on the value of your business’ brand as well as stock prices. Additionally, your customers’ perception about your security can greatly impact the customer experience, both positively and negatively. Poor security may erode the confidence your customers have in your business and lead them to turn to a competitor.
Talk Your Boss’s Language
Chances are likely that you boss isn’t a ‘security person.’ If you’re advocating your idea to the C-Suite, make sure you use language they understand. Don’t use security jargon they may not be familiar with or see as important. Instead, talk their language. Focus on their needs and goals and how your solution can help achieve them. Don’t try to tell them why they need to implement your idea, instead tell them why implementing your idea will further their goals or meet their needs.
Know the Numbers
Metrics are hugely important to C-level executives. Your executive management team is constantly focused on a set of numbers or key performance indicators that tell them how the organization is doing. Make sure you find out what key performance indicators your boss uses to make decisions and communicate how your idea will improve those numbers. Know what the numbers mean, what they represent and what levels indicate that performance is good or improving. If your boss uses employee turnover as a key performance indicator, tell him how your idea for a new safety program or parking lot security improvements can reduce employee turnover by increasing employee confidence and project how much the number might improve.
Don’t Take No for an Answer
Your boss didn’t get to where he is by ignoring the people around him. If you feel that your boss isn’t listening to you, or might not fully understand your idea, then tell him so. Ask him what exactly he doesn’t understand or objects to and seek to overcome those difficulties. If your boss doesn’t understand your idea, try to communicate it in another way. If your boss objects to your idea, find out why and overcome that objection by making improvements to your idea or communicating its value in a way that makes sense to him. Either way, don’t give up on your idea just because it didn’t succeed on the first try.
Now that the economy is improving and budgets aren’t squeezed so tightly, you probably have lots of ideas for improving security at your organization. As things improve and C-suite executives look toward the future, now is the perfect time to show your boss how your ideas could benefit the business. But you’ll only succeed if you’re not afraid to talk to you boss and advocate for your own ideas.
Now that you know a few ways to improve communication with your boss and get your ideas turned into action, think about what difficulties you have had in communicating with your boss in the past. Do you think these strategies will help you overcome those difficulties? Let us know in the comments below.
Posted on Thu, May 06, 2010
At the ASG Security Summit & Expo in March 2010, we introduced you to the concept of increasing your own value and the value of the security industry as a whole through the Great Conversation. At the Summit, we brought together hundreds of security leaders from around the Pacific Northwest to engage in a conversation focused on physical security that included end users, security directors, manufacturers, security consultants and integrators. The participants were able to learn about some of the major trends in the industry and their input helped influence some of the security industry's top thought leaders.
For over a year now, ASG has been creating this kind of communication on a smaller scale between the security leaders of some of the Puget Sound’s top organizations. We did this using industry focused Round Tables. We began the ASG Security Round Tables in order to bring together individuals with similar needs and experiences to create an environment where members can gain new knowledge and experience from one another. Recently we made the decision to make a few improvements to these groups.
In response to the requests from our Summit participants to continuing the Great Conversation all year round, ASG has decided to reform our Security Round Tables as the new Great Conversation Forums. The purpose of the Great Conversation Forums remains to bring together security leaders within common industries and facilitate communication that will allow members to learn from one another and leverage the power of their peers. We listened to what we heard at the Summit and decided to make a few improvements that will make the Great Conversation Forums more valuable both to members and non-members alike. These changes include:
- Removing our brand from the group. While we are very proud of the groups and our work to get them off the ground, we feel that having our name attached leads to the perception that ASG wishes to influence the group in a particular direction. We want members to know that the group is not about an integrator. It is about bringing value to the members through communication and conversation, regardless of who they use to integrate their individual security solutions.
- Creating a new online platform. This online platform will host news, meeting minutes and other conversations and will allow members and non-members to interact outside of the quarterly meetings and benefit from the group discussions even if they were not able to attend.
- Involving more industry through leaders. By using the relationships built by the ASG Security Summit & Expo, we hope to engage security thought leaders to interact directly with the forum members. Our goal is to allow the Forums to develop their own conversations, but leverage industry leaders in order to get the answers to their questions and gain advice from some of the best minds in the security industry.
- Building a larger community. While we began in the healthcare and education industries, we are committed to expanding the Great Conversation Forums to include many more industries in many other locations and even a series of User Groups focused around specific technology platforms or solutions.
We hope that the members of our original Round Tables will continue to participate in the Great Conversation Forums and will be seeking new members to join the existing and new groups. If you are interested in leveraging the power of your peers in the existing Healthcare or Education Forums, or if you would like to see the creation of a Forum for your industry, contact us at info@aronsonsecurity.com or post your thoughts in the comments section below.
Posted on Mon, Apr 19, 2010
By Eric David Scott
As any security executive who has been involved in the design and construction of a new facility knows, effective physical security design for a new facility requires the consideration of a multitude of human, physical, geographical, spatial, and logistical factors. In fact, these factors are so varied, numerous, and prone to change that it is nearly impossible for most architects and designers to keep up with them as well as focus on their trade. In situations like this, best-in-class architects and designers get help by consulting security specialists for the development and production of the security design.
I'd like to share a few best practices that best-in-class architectural firms implement in order to assist their clients in taking advantage of the full potential of their architectural design and provide enhanced security to the organization.
- Utilize a large number (often ten to fifteen) of collaborating consultants on various specialties in the overall building design (security, mechanical, electrical, etc.) to ensure design efforts are coordinated between disciplines.
- Employ a security consultant who possesses a broad background in more than just security. This security consultant should possess knowledge of architectural design as well as the subsystems where security intersects with the rest of the facility.
- Engage the security consultant during the programming phase, where research and decision-making is done, in order to ensure that security is factored into the scope of work to be designed.
- Consult a security expert along with the client's security stakeholders during schematic design phase which occurs in the first 10% of the design development. This early participation ensures that security is fully compatible with the larger facility design rather than forced into the design as an afterthought.
Obviously the most important aspect of these best practices is to engage security in the design process early on, not simply at the end. Consulting, programming, and planning are large parts of architectural design, and security should not be neglected in these crucial stages.
A perfect example of these best-in-class architects is NBBJ. NBBJ is an international architecture and design firm that consistently conforms to best practices when it comes to security design. I have long been impressed with the way they handle security in the architectural design process and ASG invited one of their Architects to speak at our recent ASG Security Summit & Expo in order to discuss how security stakeholders can become engaged during the early stages of the architectural design process to improve security’s value to the organization.
Now that you know what some of the best architectural design firms are doing to improve security for their clients, what have your experiences been when dealing with the architectural process? Are you seeing consistent challenges in influencing the design phase, or do you see it as an unnecessary complication? Please, share your challenges and successes in the comments below so we can further this conversation.
Posted on Fri, Apr 09, 2010
Many security stakeholders are aware of Enterprise Risk Management (ERM) which analyzes and seeks to mitigate the risks that an organization faces such as financial, strategic, and accidental risk. Unfortunately, ERM traditionally neglects risks associated with security. Enterprise Security Risk Management (ESRM) is a methodology that exists to ensure that these risks are properly considered by an organization.
In October 2009, ASIS International, a membership group of the senior-most security executives from the world’s largest organizations, conducted a survey of its CSO Roundtable and international members. This survey focused on ESRM and what risks were most challenging, where organizational support for ESRM initiatives came from, which business elements were included, who has the ultimate responsibility for risk, and what security’s role is in these initiatives. ASIS International also conducted an interview with 11 senior security executives from some of the world’s largest and most well-respected companies who have first-hand experience in creating and executing ESRM initiatives.
Recently, ASIS International released the results of the survey and interviews in their whitepaper Enterprise Security Risk Management: How Great Risks Lead to Great Deeds. This whitepaper is a great read for any individual who is interested in learning more about ESRM and how such programs impact an organization. But more importantly, the survey results indicate that a number of organizations are either currently enacting ESRM initiatives or have an ERM structure that includes security (according to the survey, nearly 60% of the respondents indicated that security was a part of their organization’s risk management efforts from the outset). The survey also indicates that an increasing number of security departments are focusing on or involved in issues that are typically non-security risks (nearly half of all respondents said they are involved in researching, prioritizing, mitigating, or evaluating non-security risks).
Of course, ASG has been advocating a holistic approach to security for some time now, so it’s no surprise to us that more and more of the world’s top organizations are learning that security can be run so as to create value to the organization, not just function as a costly expense. But I begin to wonder, how many of our readers know what their role in this ESRM structure is? Perhaps your organization applies a different term to this structure. Or maybe (similar to one of the interviewees) your organization organically developed a holistic view of risk across the organization without a formal process. But as holistic risk management becomes a greater priority to executive level management, do you know where you fit in your organization’s ESRM vision?
Posted on Mon, Jan 25, 2010
By Ron Worman, The Sage Group
Our first keynote for the ASG Summit on March 9 is Francis D'Addario. I have been able to have quite a few conversations with Francis over the last few months and have found him articulate and eclectic. Not many security executives and thought leaders can blend philosophy, politics and risk into a sensible conversation.
Our conversation focused on how all the disparate elements of the security ‘ecosystem' could enter into a ‘Great Conversation', and, if so, what would they say security should look like to all of us in 2020. ‘Should' is an important word. It implies that the essential vision is necessary and clear enough to be understood by all. It implies urgency. It implies action.
"The Great Conversation" said D'Addario, "and perhaps many related conversations to follow will offer a strategic course correction. Our people, process and technology mitigation successes to date remain embedded in silos, largely unshared, and divorced from an integrated strategic roadmap that requires measured incremental improvement."
At best, D'Addario believes this represents a vast opportunity to architect a new vision for security, one that takes into account all the voices. At worst, it represents a persistent inability to address natural and man-made breeches that address the security of our citizens, private enterprise and public institutions.
"We know from history, that once stakeholders no longer trust the public and private institutions to care for them rapid disintegration occurs", said D'Addario. "If we are to ring-in true all-hazards risk resilience by 2020 our ability to persuasively integrate trans-sector people, process, and technology protections must begin in earnest. No less than a comprehensive course covering the wide range of physical and logical consequences of all-hazards risk will do."
Francis will propose the architecture for a ‘Great Conversation'; 7 Pillars or nodes by which the vision can be created:
1. Business relationship with Government
2. Government's Relationship with Business
3. Government's Relationship with the Citizens
4. Citizen's Accountability to the New Security Reality
5. Business's relationship with its market ecosystem and supply chain
6. Business's relationship with its employees
7. Technology Architecture that supports the above
"We require a risk-based and people-centric strategy", said D'Addario. "We need a common lexicon. We need resilience in policy, processes and in our infrastructure. But more than ever we need the willingness of private enterprise leaders and public policy leaders to join with their employees and citizens in a ‘Great Conversation'. And we need a structure to that conversation so, over time, we reach our goal. We must create a ‘trusted fabric' that all stakeholders can trust to lead them."
I asked Francis what he would like to see from the attendees and what this ‘conversation platform' that ASG has helped create, could do to help.
"Ideally, we need to hear observations, questions, concerns and ideas around these issues", said D'Addario. "We will address one or two with our panel at the end of the Summit and relevantly continue the conversation with our various key notes and technology leaders thereafter on this blog. Our ability to share both failure and success of our endeavors within a trusted community going forward will be consequential to our stakeholder communities."
Any conversation starts with a question. So we both agreed to end the interview with a few questions for all of you to ponder and possibly comment on:
1. What should 2020 look like to meet your needs?
2. How will you ensure that your next generation of leadership is on the roadmap?
3. What are you working on today that will help contribute to the roadmap?
4. How would you like to enter the conversation?
- Through a blog like this?
- Through industry forums that meet regularly through:
- Online broadcasts or webinars?
- Face to face within a trusted sources facility?
- Through a newsletter?
- Other?
- All of the Above
Posted on Mon, Jan 11, 2010
Question:
How do you eat an elephant?
Answer: One bite at a time..
A 2020 Roadmap that engages an entire market ecosystem, Security, toward a deployment model that makes that roadmap possible is a big elephant. But that is exactly what we will be initiating this year.
In this conversation, we will be introducing you to the thought leaders and industry influencers that are helping to shape how security is defined and deployed over the next decade. From our State Government Executives, to our technology leaders, to our practitioners and more: this is a ‘conversation' or blog, that will enable you to participate by asking questions, agreeing or disagreeing, and, most importantly, help us shape the conversation as we move toward the March 9, 2010 ASG Summit and Expo, and forward after the Summit.
This year, up to 300 security executives and professionals will have the opportunity to be on-hand at the Bell Harbor Conference Center in Seattle, WA and thousands more around the world via the web to hear key note speakers such as:
- Francis D'Addario, author, ex-CSO of Starbucks, executive faculty member of the Security Executive Council and a 2020 thought leader
- Ed Bacco, executive security leader for Amazon.com and a proponent of Security Optimization
- Rob McKenna, the Attorney General of the State of Washington
- And a Panel of thought leaders at the end of the Summit that will summarize the Summit and pre-Summit Blog findings engaging the participants in a call to action through 2010.
We will be interviewing each one in this summit conversation.
As you know, there will also be ‘conversations' going on inside the case study breakout sessions as well as with the technology leaders exhibiting on the floor. We will be attempting to capture as much of it as we can so that we can move our industry forward intentionally. With that in mind, we will be initiating interviews with all of them, the executives of public and private organizations who will share the good, bad and the ugly around their implementations, the key technology sponsors who will share their roadmaps and, of course, you.
We need a roadmap as well as a vehicle each one of us can use to get to our destination. At the end of the day, a trusted fabric must emerge to face the challenges and opportunities of this time. We hope to assist you all in that effort.
Our next conversation posting will be with Francis D'Addario this year's opening speaker at the ASG Summit. If you have any questions for him after reading his biography or after reading his book, please feel free to post them here. We look forward to your voice being heard.