Security Associations and Professional Success

Security Associations and Professional Success

(an extract from Burrill Green's December 2018 Newsletter - contact becky.burrill@burrillgreen to be placed on the Newsletter distribution list)

(professional and heart-felt concerns from David Burrill)

Following my military career in intelligence and security, I have, to date spent over 25 years pursuing a private sector career in corporate security, including the reverse side of the coin – business security intelligence. Throughout my time in business, beginning in 1992, I have fought hard to bury the traditional view of corporate security as being a resting place for ex-police and former military officers taking up second careers in business without any real interest in commerce but with a contented focus on handsomely topping up their pension incomes en route to earning additional pensions. The generic term used in business for these people was and, sadly too often still is, the ‘Corporate Cop’. Make no mistake, this was and is a derogatory observation.

Let me be clear, the situation now is better, considerably better than It was when I started out in business. It is better because the Corporate Cop problem was recognised and increasingly, with the support of many security associations around the world, security managers have become more conscientious and committed, have grown their business security skill standards and have provided a more effective service. Sadly, increasing effectiveness has been insufficient to allay others, outside of the security profession, from continuing to label security managers as simply not being business people, not fully integrated in the business, somehow sitting outside waiting to be called upon to deliver a solid service. Frankly, what I have just described still remains too much the current situation, despite the progress I have indicated, where exceptions are rare.

What follows is deliberately and unapologetically provocative in the hope that it will have beneficial impact. It may appear to some to be a diatribe. Certainly, I feel some frustration but it is a frustration harnessed and used as a spur to offer help where it is needed.

I am now going to turn my focus to the most senior security executives. Back in 2006, when I retired from a CSO position in a leading multi-national company, I was asked by The Foreign Policy Centre, a UK-based, independent, progressive foreign affairs think tank, to give a presentation on the future of business security. Amongst several predictions that I made, was that I expected it to be not uncommon to find CSOs with a permanent seat at the C-Suite/ExCom table by 2020. I genuinely believed that. Given the lack of progress in the intervening years, I would, if asked to predict again, plump for a much later date, may be 2035! 

Why so pessimistic? For a start, I think that too many CSOs and their security leadership teams still lack the drive, courage, business acumen and confidence to make the sort of breakthroughs that other professional core business support functional leaders have managed over shorter time frames, for example, from HR, Legal, Communications/Public Affairs and IT, who, much more often than not, do have a permanent seat at the C-Suite/ExCom table. Exploring the reasons for business security leaders not breaking through traditionally set barriers must be delayed for another occasion. But, let me lodge an appetiser for a later newsletter: you may well be labeled, even if not to your face, as a General, a Cop, James Bond etc. and your dominant personal behaviour characteristics may well unintentionally reinforce the label; why not put effort in to projecting a softer side with emphasis on tolerance, gentleness, sensitivity, open-mindedness, optimism, active listening, enthusiasm, selflessness and approachability?

At this stage, let me point out that I have assumed that the intelligent readership that our newsletter attracts completely understands the importance of a seat at the table. That it offers the opportunity to influence the most important leadership bodies, to benefit business as a whole with intrinsic value systems and capabilities, and to provide better opportunities for every aspect of business security, better prospects for everyone involved in delivering a security service and better prospects for those who would like to follow careers broader than security. Need I say more to attract your continuing attention? 

My focus for this newsletter is not on helping CSOs to build strategies for a seat at the table. We, at Burrill Green, do plenty of that for CSOs of client companies and their security leadership teams. The focus is on organisations, the existence of which is predicated on advancing the professional well-being of their membership and building greater recognition for the security profession; security associations. In respect of ‘seat at the table’ strategies, or more accurately lack of them, I regard them as culprit organisations which have rarely been blamed as much as is warranted.For those who may now be inclined to accuse me of being a heretic, let me first compliment professional security associations, whether global, regional or national, for some of their successes – note I am not going to name them individually.

Security associations deserve to take credit for their part in improving the skill sets of their members. Continuing professional development is a fundamental for any professional association. Many useful training programmes have been conceived and conducted and, useful certifications created and awarded. I do believe that there has been some enhancement of trade skills, less so in respect of leadership skills. That is good, a platform of functional capability has been largely created. As with a qualified plumber, electrician, etc., we can expect and assume that a functional job will be conducted properly and efficiently. This is excellent. There will always be room for improvement but praise where praise is due. That said, whatever the perceived status of any single association, I do not consider that there is even one association which does not carry its share of blame for what I shall describe next. 

Whilst continuing professional development is a fundamental, so too is the projection (vision, marketing, communications) of the profession to reach new heights for its membership and its credibility, to lead on professional innovation, and to influence business at C-Suite/ExCom and Board level. Security associations have failed in this regard.

One key element for achieving success in the challenges faced is being able to develop and use networked coalitions of other (non-security) professional associations and their leadership, to establish the credibility, beyond technical security skill sets, that says “this person is our equal, this person has business value beyond their title, this person’s contribution to the overall business strategy and objectives is a not to be missed value-add.” It is hard enough for a CSO to break out of their perceived and often actual role/ zone to achieve success within and for their organisations, but what have the security associations done to help? Precious little.

I accuse security associations of not wanting to lead, fearing to lead the charge for CSOs to get a seat at top tables. They have remained in their own comfort zones. Yes, as I have mentioned above, there has been success, for example in skill set development and aspects of knowledge sharing, but it has always been in subject matters for which there is confidence in tackling challenges within prescribed comfort zones. Some associations exist for or have special sub groups for CSOs and other senior security executives. These seek to benefit CSOs and their companies and do – but again, largely within comfort zones, defined or unconscious. They may articulate aspirations for the greater recognition and value potential ofcorporate security leaders but, again, this is usually in the context of applied corporate security efficiency, not in broad business engagement and leadership where the potential for a seat at the most influential tables exists.

Where is there evidence of security associations seeking out and working with non-security networked coalitions, embedding themselves in business development beyond the ‘silo’ of security? In truth, and to use another analogy, there has been a little dipping of toes in the water. Where it has happened, it has been with paltry conviction and swift withdrawal from what quickly can manifest itself as a discomfort zone.The concept of networked coalitions is not foreign to security associations but the applied imagination has been restricted to networked coalitions of entities falling under a broad security umbrella. There are partner security relationships/forums working in national, regional and global contexts and these are to be welcomed. They tend to bring together security associations, security industry trade bodies and the security departments of some universities and public sector security agencies.

Rest assured this is good. It is generally productive and it is necessary, but within which zone is it all working? The comfort zone of course. Academia, an essential partner in the pursuit of knowledge, understanding and intellectual challenge and theses for any walk of life, also seems to be encumbered in the context of security. Networked security coalitions do embrace some university security departments, though the outcome appears to be a proliferation of security degrees - baccalaureate and masters; nothing broader. The impact beyond, say to MBA programmes, seems to have been minimal. Could it be that the security academicians too feel safer within their own comfort zone? Let us see some academic bravery. Professors cast off your protective cloaks!

If CSOs are ever to routinely have a seat at the table where the really impactful business decisions are discussed, agreed and put into action, the path to success will be greatly enhanced when security associations and networked security coalitions start to focus a major part of their strategic planning and implementation in engaging and influencing associations, organisations and networked coalitions which represent other functions and the top levels of business leadership. 

CSOs have to prove that they are business leader as much as they are

leaders of security technicians. CSOs have to show that they have the personal characteristics and leadership qualities that are needed in, and therefore irresistibly drawn into, business senior leadership teams. There is no place in a C-Suite/ExCom for a CSO who only opens his/her mouth when there is a solid security issue or an obvious security implication. The leadership of security associations should understand, identify and ensure their organisations respond to the breakthrough challenges facing CSOs, and innovate constructive strategies. Security associations have something to prove in this regard. If they fail “to boldly go …” then their leadership should make way for those who dare “to boldly go...”. If the leadership of associations can learn, prioritise, take courage and develop tightly focused breakthrough strategies with firm timelines, then I see hope of bringing forward the time when it will not be uncommon to see CSOs with a seat at the table, and when the security profession locally, regionally and internationally will benefit beyond its wildest dreams.

I and my colleagues in Burrill Green stand ready to help those leaders of security associations who are prepared to put ‘their heads above the parapet’.