32Security Strategy: From Requirements to Reality
Learning and perfecting strategic thinking practices individually and as a group are important
leadership skills for any organization. Taking those skills to the next level of breakthrough is cru-
cial to survival in the increasingly competitive and ever faster moving business world. Security has
traditionally been a reactive fi eld across the board. While tactical plans may abound, historically
speaking security has been incident driven.  is situation has to change: If they are to be taken
seriously, security groups must get out of the hair-on-fi re, the-sky-is-falling reactive mind-set and
grow adept at strategic thinking and at planning and communicating those plans in the language
of business.
Going Slow to Go Faster, or Don’t Just Do Something, Sit
There (Honing Organizational Strategic Planning Skills)
Like any skill set, the ability to conduct strategic planning seldom just happens. Developing stra-
tegic planning skills takes time, practice, and continuous learning.  e more leadership respon-
sibility one has, the more these skills should be developed. It is our belief that strategic thinking
skills are developed as part of organizational relationships, not just as an individual skill set.
According to Peter Senge and his colleagues in e Fifth Discipline Fieldbook, strategic, creative,
and conceptual thinking is developed through a practice of inquiry that engages the learner.  at
means that periods of action require periods of refl ection to assimilate the lessons learned at both
the individual and the collective levels. Yet, how many of us as individuals, much less as organiza-
tions, have actually built individual or organizational capacity for re ection into our daily activ-
ity? In most organizations, taking time to refl ect is seen as a huge luxury at best and as a sign of
incompetence or nonproductivity at worst. Other then the obligatory end-of-the-year summary of
accomplishments and congratulations, little organizational time is spent collectively refl ecting on
and inquiring about how we go about our work together and what have we learned in the process.
Create space for learning!
Think Ahead, Act Now
What you cannot do is simply react to conditions, continue to do the same thing the competition
is doing, remain static, or stay tactically focused. Leadership requires laser focus on execution in
the present, while guiding todays activities with a continual eye toward the future and remem-
bering the lessons of yesterday. As a leader, you model the ability to act responsibly today, while
focused on the future.  e moment you have in front of you right now lays the foundation for
tomorrow’s change.
Strategic Business Principles and Workplace Politics
As anyone who has worked for any length of time in any human enterprise knows, one aspect that
makes strategic planning interesting is the trump card of offi ce politics. When an organization is
engaged in offi ce politics, often the results can be arti ce, gaming, resistance, counterproductive
activities, insecurity, blame, rebellion, and more, resulting in a toxic organization that fails to get
the participation, information, and creativity that strategic planning requires to be successful.  e
truth remains that offi ce politics are part of all work environments.  e question is how to navi-
gate them as an organization practices the fi ne art of strategic planning, forming vision, mission,
strategic initiatives, plans, measures, and the like.
TAF-K11348-10-0301-C002.indd 32TAF-K11348-10-0301-C002.indd 32 8/18/10 9:54:48 PM8/18/10 9:54:48 PM
Getting to the Big Picture33
As Damian D.Skipper Pitts, former U.S. Marine, now business professional and uni-
versity instructor, discusses in his excellent book, Building Great Teams: Charting the Path of
Organizational Politics, politically savvy leaders understand the “why” and “how” of shaping great
teams.  ey make decisions for the benefi t of the future.  ey understand the “culture” in the sys-
tem which the team must infl uence.  ey also know how to use the Six Political Signs of Business
Leadership:
1. A clear “vision” of issues
2. An understanding of the “value” drivers within the team
3. “Behavioralin uence of leadership on the future picture
4. “Strategy” modeling (enterprise decision making)
5. Strategic “execution” (governance)
6. “Duplication of protocol” (learnable-teachable methods for future engagements)
Pitts’s background gives him keen insights into building great teams. He underlines one of
the problems we have seen repeatedly in our organizational consulting work. Organizational lead-
ers fail to achieve their goals not because they lack organizational talent but because they are
naïve as to the basic complexities of team dynamics. In his very readable book, Pitts outlines the
strategy execution smart leaders use, what type of team they need to function in their speci c
organizational environment, the key skills to look for and those to avoid, and how to coax top
performances from team members. His metaphor of choice is “great teams know how to success-
fully engage the battlefi eld.
Offi ce politics has many faces and tactics, and is a real part of work life. Patience, honesty,
and authentic behavior go a long way toward managing offi ce politics. Staying fl exible, listening
well, identifying issues and problems rather than attacking people are methods that also help work
through offi ce politics.  e key is to minimize the eff ect of offi ce politics on your own behavior
and maximize your own infl uence.
Looking for Niches, Voids, Under-Your-Nose Advantages
A prime example of finding a niche (this one was right under security’s nose) is being aware
of the enabling function security can play in the ever-changing requirements of the global
marketplace. Current business drivers demand cross-functional, cooperative, integrated,
collaborative design and delivery of products and services in the marketplace. Security strat-
egy resides at the nexus of potential organizational moves into the marketplace because of
the increasing use of information technologies. With the right strategies in place, a security
group can be strategic for the entire enterprise in avoiding risks from mounting regulations
and increasing threats to information. As design groups move into new market spaces, includ-
ing security in the strategic planning sessions can help innovation advance more quickly and
with less risk.
Overcoming Negative Perceptions of Security
Let’s face it: Other groups in the organization have perceptions about security that inhibit your
working relationship and strategic planning eff orts. Sometimes those perceptions may be well
TAF-K11348-10-0301-C002.indd 33TAF-K11348-10-0301-C002.indd 33 8/18/10 9:54:48 PM8/18/10 9:54:48 PM
34Security Strategy: From Requirements to Reality
earned by past behavior; other times it may be because much of what security does is not fully under-
stood. Here are just a few of the negative perceptions that you may have to work to overcome:
Security is not a business enabler; it is a business hobbler or disabler.
Security has black and white solutions to everything.
Security personnel are arrogant and bossy.
Security doesn’t understand business.
Security is a roadblock and/or a stop sign.
Security is guns, gates, and guards.
IT security is rude and hard to understand.
Security personnel are reluctant to embrace change.
Security is infl exible.
e key to building successful relationships for a security organization is to avoid getting defen-
sive and learn to manage negative perceptions in a way that is productive for the organization.
If these are regular comments about your security group, what are you doing to change those
perceptions? Is your security group moving toward professional excellence while providing ser-
vices and governance with grace and humility? Do you work to develop relationships with your
organizational counterparts and to understand how you can provide better security solutions, not
more problems? Have you learned the language of your consumer/customer groups and how to
communicate security concerns in terms they can understand?
Averse to Outsourcing
Outsourcing is a business requirement. Sometimes strategically outsourcing certain functions may be
risky, but often, after an initial resistance from the security group, not only is outsourcing a commod-
ity security service possible, it often allows better security. Outsourcing is part of the landscape in the
service industry. You must be able to analyze your organizations value-creating activities and unique
contributions to the enterprise with meaningful metrics. When you do, sometimes the best answer is
still outsourcing. Remember to factor in contract management; your group will still be responsible for
contract management as well as Service Level Agreement (SLA) compliance (i.e., ensuring the quality
of the delivery of services from the subcontractor). If you cant provide security services for better value
than your consumers demand, you will have a diffi cult time answering the outsourcing question.
Reluctant to Change Quickly
According to Peter Gregory, a consultant with the Hart Gregory Group, the primary job of an organi-
zational chief security offi cer (CSO) is to be a change agent in the way people work, both in terms of
policies and procedures and culture. Gregory states, “ at person needs to be savvy enough to enact
eff ective change that improves security, without alienating end users or management. It wont work if
people dont respect the CSO.”  e primary focus of the emerging role of CSOs is to create organi-
zational change that enables secure business processes in a dynamic technological environment.  e
best security is a culture of security; to achieve it, the CSO’s focus has to be one of change agent.
Stovepiped Organization Out of Touch with Business Realities
Organizations that operate without the benefi t of other parts of the organizations perspective are
at a distinct disadvantage.  ere is much to be gained by putting business leaders, legal counsel,
TAF-K11348-10-0301-C002.indd 34TAF-K11348-10-0301-C002.indd 34 8/18/10 9:54:48 PM8/18/10 9:54:48 PM
Getting to the Big Picture35
and security leadership in the same room to work through a strategic approach to their organiza-
tion. Clearly understanding each other’s perspectives will help an organization move forward.
Much of the strategic integration software available in the various methodologies discussed
in later chapters is about getting information to where it is needed to make better business deci-
sions and to move it out of the organizational stovepipes where it now resides. While software and
Web applications are part of the answer, so are the human connections we need to develop and
maintain the key organizational relationships. Without these connections it’s nearly impossible to
assure the security of the modern extended enterprises we work in today.
Always Looking for the Next Magic Technology Bullet
While it is important to have a segment of security constantly scanning technology for new pos-
sible applications, too often the promises of the new technology turn into premature or ill-fated
implementations. People will always remain the most vulnerable aspect of security, despite the next
best technology coming down the pike. While IT security can be particularly vulnerable to negative
organizational perceptions of technology, physical security is not immune. We have both personally
witnessed overexuberance by security personnel over technologies ranging from software analyt-
ics packages to forensic techniques, information technology systems, video analytics, new badge
technology, weapons (e.g., taser technology), and more. Although understanding new technology
and being trained in new security systems is part of the job, no new technology solves all prob-
lems. Often, managing perceptions about how the new technologies will be used is as important
as the proposed benefi ts of technology adoption; if the public, employees, or executive leadership
perceives the solution as encroaching on peoples safety, privacy, or freedom, the best return on
investment (ROI) in the world wont justify its adoption.
Promises, Promises You Can’t Keep
It is an immutable law in business that words are words, explanations are explanations,
promises are promises but only performance is reality.
Harold Geneen
When promises are made and not kept, trust is eroded. Unfortunately, corporate troubles and
scandals around the globe have damaged the public’s trust. Trust levels are at record lows for gov-
ernment, clergy, management, corporations, banks and more. Lack of trust hurts brands and busi-
ness. Consistency and credibility are required to set and maintain others’ expectations of security.
Security, of all service functions, requires credibility in order to be an eff ective enterprise partner.
Integrity is an integral part of security services both for the data it is responsible for and the people
who deliver security services. Make it your business to walk with integrity in all relationships,
internal and external. Demand it of yourself and the people who work for you.
Developing Strategic Thinking Skills
Begin challenging your own assumptions. Your assumptions are your windows on the
world. Scrub them off every once in awhile, or the light wont come in.
Alan Alda
TAF-K11348-10-0301-C002.indd 35TAF-K11348-10-0301-C002.indd 35 8/18/10 9:54:48 PM8/18/10 9:54:48 PM
36Security Strategy: From Requirements to Reality
Developing strategic thinking skills helps security managers better meet challenges in an unpre-
dictable future. Learning to think strategically often requires managers to think in new ways,
especially those managers who have recently been promoted from frontline leadership ranks,
where operational tactics and handling of the crisis of the day have become second nature.
Strategic thinking requires something diff erent. By taking the time and e ort to learn strategic
thinking skills, you can better serve your customers, employees, organization, community, and
family as you think not only about what to do today, but what to do in the future to better serve
their needs.
Strategic planning skills are more than just learning about the tools and methods of strategic
planning such as SWOT (Strengths, Weaknesses, Opportunities, and  reats) analysis, environ-
mental scans, value chains, and other available tools. Strategic planning also requires leaders who
have strong business acumen, industry awareness, and broad business knowledge, a sense of best
practices in the fi eld, emerging trends, customer expertise, and more. In short, a security leader
now needs an MBA-style skill set to survive and thrive. Our own observations on recent CSO
promotions bear this out.
So how does one begin to develop strategic thinking skills as an individual? Many of us have
lived in a world where our lives and careers have been formed by reactions to other events, and
often they are events that just happen, not something planned. Strategic thinking is not the prov-
ince of an ivory tower, the educated, or the highest tier of an organization. Strategic thinking skills
are critical for everyone.  ey can be developed in a variety of ways; following are a few simple
methods you can use.
Create Time for Thinking
is may sound trivial, but in our experience, lack of time for thinking is often a major obstacle
for leaders, especially those who have come from tactical, action-oriented environments. Learning
to set aside time both individually and corporately to think and plan is critical for developing
strategic thinking skills. You can begin in small ways, by learning to include time for strategic
thinking and planning as one of the resources required in other types of planning you already
do. For instance, career planning, vacation planning, and home building or remodeling are all
personal examples of strategic planning in action. Many managers already serve in community
organizations—ranging from churches to Scouts to Little League—that need planning. Helping
plan yearly schedules, personnel, and facilities requirements are all part of strategic planning.
As mentioned earlier in this chapter, delegation is an important method for freeing up time
in your work environment for strategic thinking and planning. In our work with organizational
leadership, time to think can be the single hardest piece to carve out of a demanding work sched-
ule, and yet it can also be the most productive. Some choose an early morning workout as the time
for their thinking; others use transit time in cars, planes, and the like. Make time as important a
resource as money when it comes to developing your strategic thinking.
Scan
Strategic planning requires strategic data from multiple sources, including, industrial, governmen-
tal, occupational, global, and technological sources. It’s important to build in multiple sources
of big-picture information and new ideas to stimulate your own thinking about the work and
world you inhabit. You will be doing the same job fi ve years from now except for the books you
read and the people you meet. Becoming and staying a continuous learner is a requirement for
TAF-K11348-10-0301-C002.indd 36TAF-K11348-10-0301-C002.indd 36 8/18/10 9:54:48 PM8/18/10 9:54:48 PM
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset