ASG's Security Solutions Blog

Gut Check: How Does Security Feel at Your Company?

By Lorna Koppel, CISO Kohler Co. & Keynote Speaker at The 2011 ASG Security Summit

The human capacity for processing large amounts of information and drawing conclusions is primal and amazing to say the least.  However, we can’t always get a logical grasp of what our instinct or our subconscious is telling us based on all the input sources that hit us.  Our gut often times is the determining factor that gives us the clues that help us realize the logic behind the impression.  

 

Comfortable, Chaotic, or Entrepreneurial?
When you consider your security function – regardless of your role – staff, leader, executive – how do you feel?  What is your gut telling you?  Are you comfortable?  Dig a bit deeper- is it perhaps really complacency?  Do you feel you are always fighting fires or whack-a-mole on issues?  Is your gut tied up in knots thinking about what might be coming next that you don’t expect?  Or do you feel a combination of nervousness but excitement – kind of like that entrepreneur looking at what he has created?

These clues are a good indicator of how others might view the security program and also what might be headed your way.

Comfortable or on Auto Pilot?
If you are feeling very relaxed and comfortable, you may have lost engagement in making sure you are addressing the right risks in the right priority for the business.  Have you lost touch & are simply on autopilot?  If so, you should check in, because I bet the business has changed and you haven’t kept up.  The next step for departments like this often isn’t pretty.  Have you defined your department’s mission and the core elements of your company/organization that you need to protect?  Do you have a strategic plan to protect this core and clear processes on how to provide value?  Do you measure how successful you are and does the business agree with your ratings?

Chaotic or Trying to Hard?
Do you often think of yourself as a firefighter and go home completely exhausted every day?  You might want to think about how long can you and your security colleagues survive at this pace.  There are some who love being the hero – always solving the crisis of the day.  There is a measure of validation in this. And you can look good – but only for a while.  Businesses often get tired of the crisis of the day and needing a hero to solve every one.  Plus people get burned out and leave or disengage.   Those who are in this situation can do well to take an initial 30-60 minutes one day and list all the issues that you deal with regularly and look for commonalities.  Shut the door, turn off the ringer, and ignore email.  List the impact of these issues and what it costs (ballpark) to address these ($, life, frustration).  Just get as far as you can in 30-60 minutes.  Getting every nit down is not the key.  What is important is just sitting down and taking time to think.  

Now if your energy is flowing and the ideas have started flowing, go ahead and take the next step.  Look for some common predecessors that if you did one or two things early in the cycle, it would dramatically change the end state from being chaos to being measured and responsive.  Pick one or two of these ideas to bounce off your colleagues, leadership, and friends.  Get their feedback.  Often you’ll find that a small “tweak” of a process can reap bigger rewards later – like that butterfly effect of subtle changes in the initial stages can yield vastly different results in the end.  Start with easy stuff, get ideas, make some changes, even small ones, and watch for progress.  Repeat this cycle and you will be amazed at how your work environment starts to change.  People get hope and get excited.  Their opinions and ideas get heard and they actually see them being used.  They see the light at the end of the tunnel that life might get more manageable.  The best advice I ever had was to take time to think every day.  That time is gold and allows you to relax so you can start seeing patterns and letting the ideas come forward so you can start moving out of chaos and into predictability.

Entrepreneurial and Moving Forward
Do you feel like a business professional and an entrepreneur that gets to partner with the current and future state of your organization?  If so, this is great.  You get to work on initiatives early on and can bake in the right risk mitigation strategies.   You can avoid using emotional drama or crisis to get support for your projects and policies.  You know the right things to do, you have a plan, and you can focus on execution.  You have controlled costs.  You know what the right success metrics are and can tell when things begin to stray off-target.  You are tied to the business so you can change in lock-step with it.  Your colleagues are excited to come to work and find out what the latest business initiative is that they can partner on.  Your gut is happy.  You feel comfortable, but it is with peace of mind of having a good program that is planned that also can handle the unexpected.  

Whatever your “gut” is telling you…listen to it and take a step in the right direction to “check-in” on your organization’s security function.