In today’s down-sized, right-sized and outsourced business operations, I understand as the security director that true business acumen is very important to success as a security leader. How can I make the security department better known to the rest of the organization?
Business acumen is an essential element for not only the security leader but for everyone on the security team to continually learn about. One of the first things effective security leaders focus on is ensuring every member of the team has a detailed understanding of both the business’ operating goals and plans and is constantly developing personal business relationships throughout the company.
Successful security professionals know their role is just as much about knowing the business as it is about having cutting-edge security skills. If there is a lack of knowledge about what a business does or what goes on throughout the business, then the value and effectiveness of security has been limited. Learning the business is a constant challenge because businesses today are always changing, growing, and moving into new product lines, markets and environments.
All this is nice to say, but how do you do it?
Focus has to be on building business relationships with your leaders. If there’s a choice between attending a security meeting or a business meeting always attend the business meeting; not necessarily to participate, but to listen, to learn about what goes on and why. Being present includes coffee breaks, lunches, dinners, and team building activities. Why is this so important? Guess what - if they don’t know you - they don’t trust you! Think about it; good relationships build trust. If this is not what your group is doing then your “security program” will remain on the shelf. Avoid being viewed as the corporate-cop by building proactive business relationships that leverage your security skills.
There is nothing more exciting than having the privilege of systemically changing the security environment at a company; I know I helped do it at four Fortune 500 companies. If you remember anything remember this: It’s not about security -- it's about business!
Answer provided by J. David Quilter, Security Executive Council Emeritus Faculty member.