Professional Skills, Experience, Qualifications & Knowledge: Security / Risk
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
In order for a security manager to be successful, they must possess the following skills, knowledge, and abilities in….?
What comes next?
What exactly are the criteria for a modern security manager or security risk management professional?
Do you map these strengths and weaknesses, or do you use a comparable model for recruitment, promotion or development?
These remain valid questions for those that work in security roles or the industry, but also those within executive leadership roles, management, culture and capability or finance.
Because no security/risk individual is directly identical to another, nor are the contexts and requirements for specific skills, criteria or qualifications from one environment to another.
In short, all security risk management strategies and plans must include consideration and evaluation of the ‘protector’, security representative or individual(s) charged with the task(s).?
Practitioners (Leger, 2012), researchers (Fenelly, 2012) and professionals (Kitteringham, 2021) have suggested or referenced a 25-point scale, for the contemporary security manager.
But how exactly do you ‘score’ or compare said skills, prioritisation or preferences??
Personally, I usually contract an objective data model for capture and comparison. That is, dependent upon the role, task, context or organisation, I’ll build out the framework ‘most’ appropriate for the requirement.
This ‘fit-for-purpose’ model may be for hiring, promotion or career development, but it needs to be built using similar specifications.
Moreover, it needs to be relatively objective, transparent and universally accessible. In other words, it is not some biased, random, secret ‘reading of the tea leaves’, used to persecute, includes or exclude individuals or cohorts, agreed upon by many and accessible to those the need to. In some instances, it may even be accessed or utilised by the individual for career, qualifications or remuneration purposes.
The point is, it is evidence-based, context informed and reviewable.
Most importantly, the model, matrix or criteria are consistent with professional standards and requirements. If not, don’t pretend you’re hiring professionals, experts or highly qualified individuals…because you’ve made up the criteria and you’re not actually measuring anything, with the result just another highly subjective, anecdotal or opaque process that remains the default model and process across all roles, functions and appointments with ‘security’ and ‘risk’ in the title(s).
For those opposed or doubtful of such assertions, try the same model as that of an accountant, doctor, lawyer or engineer, and watch how there are routinely concealed, obfuscated and purely fanciful practices and preferences, by comparison, when seeking, hiring, promoting or retaining ‘security’ or ‘risk’ related roles.?
From the ‘model’, you should be able to visualise dominant factors, themes, requirements and preferences.
These may be concealed bias, legitimate academic credentials or pure, made-up categorisations.?
Returning to the 25-point scale, it might look something like this:
领英推荐
With an alternate candidate or preferential skill set looking something like this:
I’ve used this model for tenders, recruitment, audits, security risk assessments, remuneration/rewards, strategic planning and personnel development.
Those involved in the process are typically empowered and informed in decisions, investments and choices, but the lack of universal practices such as this remains a significant shortfall of domestic and international security as a bonafide profession globally. Moreover, this simple exercise and practice lay bare personal, organisational, cultural and security/risk biases and heuristics. Because you can see the preferential weighting and representation of key skills, knowledge and ability, which either validates your objective and professional approach or shines an embarrassing light on the silly things you think are ‘security’ or ‘risk’ related requirements or the subjective, random ‘things’ you value or prioritised in a candidate, process or practice. Which is why or where I first developed this model, when investigating, reviewing or analysing where things, processes or people ‘went wrong’.
Before jumping into threats, vulnerabilities, controls, widgets, reports or opinions, I’d developed a comparative scaffolding of the ‘talent’ involved. If it didn’t exist, I had my first ‘red flag’. If there was resistance to evaluating or objective measurement of individual skills and experience, I had my second red flag. And if there was no traceable, visible, objective and professionally aligned process or system for the identification, elevation or remuneration of ‘security/risk’ personnel….I had my third and most informative red flag.
Because the whole system was a pure, made up, fabrication that lacked rigour, references, assurance and validity, which invariably was (and remains) the primary reason for faults, failures, errors, inefficiencies or harm.?
Criteria may vary and the specifics of the model may be modified for specific requirements, roles and contexts, but the premise remains constant. If you don’t have a system or criteria for comparing apples with oranges… you never really know what animal, mineral or vegetable you’re consuming until something goes wrong. Sometimes catastrophically.
What model or process do you use?
How often do you review, update or critique your assumptions, the model(s) or the current ‘threat environment’??
Risk, Security, Safety, Resilience & Management Sciences
References:
Fennelly, L. (2012). Handbook of Loss Prevention and Crime Prevention, 5th edition, Elsevier
Leger, K. (2012). The Security Professional, Terrorism, Bioterrorism, and the next level, in Fennelly, L.(ed) Handbook of Loss Prevention and Crime Prevention, 5th edition, Elsevier, pp.494-508
Kitteringham, G. (2021). The Science and Art of Security Risk Assessment, ASIS International, p.45
#security #securityriskmanagement #securitymanagement #securityrisks #enterprisesecurity #cybersecurity #physicalsecurity #informationsecurity #digitalsecurity #securityoperations #enterprisesecurityriskmanagement #securityassessment #intelligence #threatlintelligence #risk #riskmanagement #risk #risks #enterpriserisk #enterprisesecurityriskmanagement #intelligence #threatlintelligence #riskmanagement #riskanalysis #riskassessment #riskmanagementframework #operationalriskmanagement #projectriskmanagement #projectrisk #operationalresilience #resilience #operationalrisk #riskintelligence #governance #crisis #crisismanagement #complexity #chaos #crisisleadership #crisisplan #crisismanagementplan #stress #governance #decisionmaking #riskmanagement #riskinformed #securitymanagement #securityriskmanagement #resilience #humanfactors #emergency #disaster #emergencyresponse #travelsecurity #travelsafety #travel #businesstravel #tourism #travelrisks #travelriskmanagement