The Risks of Non-Security Leadership Micro Managing Physical Security Departments

I've been hearing increasing concerns from industry peers about a growing trend: physical security programs are being absorbed by real estate, facilities, or workplace services teams. While this approach can work for some organizations, it often succeeds only when security leaders are empowered to drive strategies and initiatives aligned with industry best practices.

Unfortunately, many security professionals have shared stories of the opposite scenario—where non-security leaders, lacking the necessary expertise, make critical decisions that increase the organization's risk.

Physical security is far more than just security guards standing post. It encompasses various disciplines such as investigations, workplace violence/threat management, risk & resiliency, executive protection, GSOCs, event security, etc.

When non-security leaders assume they understand the complexities of physical security without consulting experts, it often leads to dangerous oversights.

The Pitfalls of Cost-Cutting and Mismanagement

I've heard countless complaints from peers about decisions driven by budget concerns rather than risk management. Examples include:

1. Reducing Security Coverage: Decisions to slash security guarding and other critical security programs without considering the implications, leaving critical vulnerabilities exposed.
2. Lowest Bidder Mentality: Opting for the cheapest option in service contracts, which often results in poorly trained personnel ill-equipped to handle high-stakes situations.
3. Ignoring Core Functions: Overlooking the need for robust investigations, threat management protocols, or GSOC capabilities, leaving organizations unprepared for internal or external threats.

These cost-cutting measures might save money in the short term, but they often come at the expense of the organization's safety, reputation, and ability to respond effectively to incidents.

Protecting Yourself in a Challenging Environment

If you're a security leader caught in this kind of environment, it's essential to protect yourself while continuing to advocate for best practices. Here are a few steps to consider:

1. Document Risks and Recommendations: Maintain detailed records of the risks you've identified and the solutions you've proposed. This documentation will be crucial if an incident occurs due to inadequate measures.
2. Use Data to Advocate: Use metrics, benchmarks, and case studies to illustrate the value of comprehensive security programs and show how underinvestment in specific areas can lead to increased liability.
3. Educate Where Possible: Help non-security leaders understand the broader scope of physical security. Share insights into how areas like threat management contribute to the organization's overall safety and resilience.
4. Know When to Walk Away: If your expertise continues to be unvalued, consider seeking opportunities with organizations that recognize the critical role of physical security and value your leadership.

This issue highlights a broader challenge in our industry: physical security is often viewed as a cost center rather than a strategic function. While departments like IT and HR are rarely led by individuals without domain expertise, physical security too often falls under leaders who lack the necessary background. This not only frustrates security professionals but also exposes organizations to unnecessary risks.

Organizations must understand that physical security goes far beyond guarding services. It's about creating a holistic program that protects people, assets, and reputation. When non-security leaders make uninformed decisions, they compromise the organization's ability to effectively manage threats, conduct investigations, and respond to incidents.