The Role of a Chief Security Officer – Perspectives from Fortune 200 Leaders
Leading the security operations for an entire organization involves a certain level of flexibility — one that isn’t fully realized until you’re in the shoes of a Chief Security Officer (CSO). While this position takes on a variety of titles depending on the organization, all can agree with how much the role has evolved over the past few decades and the growing impact it has on the larger organization.
Historically, the title was used inside the information technology function to designate the person responsible for IT security. But now, it’s far more encompassing. Not only does it cover IT security and cybersecurity, but also physical security. This is why you see an overwhelming agreement among both physical security (95% agree, including 45% who agree strongly) and IT professionals (95% agree, including 55% who agree strongly) that cybersecurity and physical security must be integrated, otherwise cyber and physical threats will be missed.
A Shift in Responsibility
The last year and a half has reinforced the unpredictability of office routines and protocols, as leaders have turned to managing everything from protests related to civil unrest to health and safety standards. “Now we are constantly working to address new situations, new issues and serving as the internal group that knows how to respond to fast moving, unclear events,” shares the Director of Global Security at a leading pharmaceutical company.
On top of the uncertainty, security teams are being stretched to provide support to areas of the company that they previously had limited interaction with. “The destabilization caused by COVID-19, social justice and continued geopolitical security events have resulted in our team working closely with our business colleagues to support employees, protect our facilities and ensure we can serve customers,” emphasizes the Director of Global Security.
The level of support felt by employees and customers is arguably the most defining aspect of an organization’s success. It hinges on the security team having clear lines of communication between different departments — ensuring they’re reading from the same view.
Health and safety responsibility will undoubtedly become the new norm for security leaders. Keith White, SVP of Security for Salesforce, shares, “Duty of care has always been there but has morphed into this whole new world [to encompass health and safety] that we have to have appreciation for.”
Embracing that the role has grown to involve so much more than “guards, gates, and alarms” is critical to the future success of any security organization.
Recruiting the right people
The next generation of security leaders has a different background from decades past, which relied heavily on law enforcement and intelligence agencies. New opportunities to help with these challenges are the need for security leaders to fully embrace younger, dynamic team members who come from less traditional backgrounds.
“We need to be ready to hire and more importantly develop a broad cross section of diverse people to compliment those who come from traditional law enforcement and intelligence agencies to create a team which can address current and new security threats we face,” shares a Director of Global Security at a leading pharmaceutical company. He notes that this is the “secret sauce” to the future of a more effective security structure.
Additionally, the level of professionalism and respect that the role receives has grown tremendously. The security role has shifted from a cost center to an integral aspect of the business strategy. Keith White shares, “I’ve seen this evolution where the security director has risen to the SVP role where they have a voice in the strategic direction of the company and overall business.”
Know what matters to your organization
Knowing the unique aspects to your organization — from frequency of social media threats to the intricacies of vendor partnerships — is essential to delivering the best model of security and safety for employees and facilities.
“Being a CSO means you need to continuously ‘learn’ your organization. It’s not enough to just possess the subject matter knowledge, experience and problem solving skills. You need to accurately interpret the wide ranging variety of internal and external risks and threats, and develop the strategic vision and plan for your organization and team to address them on a real time basis,” shares a Chief Security Officer of a Fortune 100 financial services company.
The first building block of any effective security program is to understand the threat, and not create a program because it’s what others are doing. Understanding the threat should be the “center of gravity” for your security program, as Fred Burton, Executive Director of the Ontic Center of Protective Intelligence, believes.
From here, designing security strategies to deal with identified threats is the next step to anticipating more signals and staying ahead of unwanted activity.
Download the Ontic 2021 Mid-Year Outlook State of Protective Intelligence Report to learn how physical security and IT leaders from U.S. enterprise companies are thinking about the challenges and opportunities unfolding in today’s security industry.