RiskUKSeptember2017

More documents

Recommendations

Info

Breaking The Silo: Advancing Careers in the Security Business Sector Given that there are so many different specialisms within the profession of security management, it’s easy to find ourselves in too tight a ‘niche’ which then requires us to educate our clients before they can hire us. This is nothing if not an unsustainable business model. What, then, is the answer to the problem? Richard Diston calls for the silo walls of the Security Department to be torn down in favour of security becoming part of the wider business culture Over the last few years, there has been a rapid expansion in the market for higher level security management training programmes and accreditations, positively reflecting the desire in the sector for recognition as a profession. This is unquestionably a great leap forward, although the end result has arguably been the creation of a traditional security management workforce that’s more highly qualified than the market can either support or understand, in turn leading to the potential for limited opportunities, frustration and, in some cases, the loss of talent from the sector. There are hundreds of applicants for each senior security management vacancy, with little to distinguish one from another. This situation has led to some heated debates in online forums and on various social media platforms about whether qualifications or experience are most desirable for those seeking career advancement in the sector. An impasse appears to have been reached. Whether a security practitioner is highly qualified, highly experienced or both, suitable senior-level security management opportunities are somewhat difficult to find. Several years ago, much was made of the trend in organisations for appointing Chief Security Officers (CSOs). However, there’s no clear path to attaining such a senior post. Further, there’s little clarity on whether many of the posts that were created went to traditional security practitioners or were bestowed upon existing Board-level professionals such as those with a background in finance or IT. Certainly, the CSO roles that are advertised often require a high level of technical competence that most traditional security practitioners simply don’t possess, creating an almost insurmountable barrier to general entry. There’s an undeniable lack of senior security management positions available to traditional security practitioners, many of whom have committed to higher education or accreditation and are now finding themselves ‘over-qualified’ at best and sidelined as ‘academics’ at worst. This results in even fewer employment opportunities, the response to which is often despondency and a feeling – for certain practitioners, at least – that the sector has ‘led us up the garden path’ with its talk of rewarding careers and a professional status. For some, it seems that after attaining a highlevel qualification or accreditation in security management, the only option is the ‘feast or famine’ existence of self-employment as a security consultant. Stalling professionalisation There’s a risk that the lack of obvious senior opportunities in security management may even stall the professionalisation process for the sector. Younger practitioners who engage in industry networking online cannot avoid seeing their seniors struggling to find work, and this may well undermine attempts to engage them in the aforementioned process. Without clear direction for career planning alongside some public ‘cautionary tales’ about committing to a security career on social media, the next generation of security managers may disengage with the idea of a career in security. It can be suggested that ‘career planning’ isn’t something that security practitioners have ever really been able to do effectively. Many practitioners move from opportunity to opportunity, which works well until those opportunities begin to dry up. The security industry is undergoing a significant period of change, the pace of which is so fast that it has become difficult to keep up with what it means to be a security practitioner. With no widely agreed lexicon, the term 58 www.risk-uk.com
Training and Career Development ‘security manager’ might refer to a traditional physical security role, an information security systems role or perhaps even a job in software development. With the concept of security diversifying in response to an ever-broadening threat landscape, this confusion can be a further challenge for traditional security practitioners when it comes to career planning. The question is: ‘What can we do about this?’ Part of the wider problem might be that security still exists within a number of different silos. At the organisational level, whether fuelled by pessimism or paranoia, we’ve built walls around our departments to keep our ‘security stuff’ secret without realising that what we really need to be doing is sharing it. Whether we’re helping staff in other departments to spot fraud, detect suspicious behaviour, be more aware online or respond more confidently to conflict, we’re empowering the organisation to be more secure on a ‘one person at a time’ basis. Such activity may help to raise our profile organisationally and could even trigger conversations that might reveal hidden risks or opportunities for the business, not to mention illuminate new career pathways for ourselves as practitioners. Weak at building bridges Beyond the organisational silo, the sector seems to exist in a professional one. The sector is weak when it comes to building bridges with other professions, both in terms of sharing expertise and opening further career pathways. Security people tend to network with other security people, which may say somewhat more about our ‘comfort zone’ than it does any deliberate attempt to avoid other professions. An alternative to this might be to seek speaking slots at events for other sectors, or writing security-related articles that are relevant for trade journals outside of the security domain. Security is a ‘people problem’ and, as such, we have insights that other professions may duly appreciate. The final silo is the one that we build ourselves. If we only see ourselves as ‘traditional security people’ then this is all that others will see us as, and their lack of understanding of the importance and scale of what it is we do will mean that they only call upon us when they think there’s a problem (at which point it’s often too late). Certainly, security practitioners have been undertaking Health and Safety accreditations for a number of years to enhance their employability, but this is perhaps an obvious step. Another potential consideration is the apparent shortfall of cyber security “Whether a security practitioner is highly qualified, highly experienced or both, suitable senior-level security management opportunities are somewhat difficult to find” professionals, with some reports suggesting the number is going to be as high as 1.8 million globally in the next five years. Considering the shift in the asset base from physical to information, this demand is foreseeable. We as traditional security practitioners need to overcome our fear of technology to take advantage of this situation. If we accept three principles – that security is a ‘people problem’, that technology only allows people to commit old crimes in new ways and that (using the CISSP certification programme as an example) nearly half of the knowledge required to work in cyber security is within our existing knowledge base – then there’s a chance to forge a different career pathway. There are also other avenues to consider. A highly competent security practitioner might add value in a range of corporate roles including FM (for physical security), HR (for people-based risks), logistics (supply chain risks) and many others. Some of these departments even have a direct career trajectory into the C-Suite (including that coveted CSO role). That being so, requalifying to move departments might provide security practitioners with longer term advantages. If we accept that security is a business enabler, we can begin to see which other areas of the organisation we can enable through sharing our knowledge and experience. Doing so will require us to broaden our horizons and open our minds. The best way to do that might be to leave the Security Department behind us forever and seek work in other teams. Banish outdated thinking Ultimately, it could be argued that we need to break our ‘death grip’ on the concept of security as a ‘department’. Such thinking is undeniably outdated. For security to be truly effective it must be part of the wider organisational culture and is therefore not a department, but instead a shared responsibility. Perhaps security should be an element in a wider management skills set instead of being a discipline on its own, similar in nature to project management accreditations? While all of this is very much open to debate, what is not is that, if we continue to do what we’ve always done, we will always derive the same end results (or perhaps worse, given the ever-changing nature of today’s world). Richard Diston MSc MSyI: Director of Ark-Services 59 www.risk-uk.com
Page 1 and 2:
September 2017 www.risk-uk.com Secu
Page 3 and 4:
September 2017 Contents 42 Meet The
Page 5 and 6:
Editorial Comment More zones, more
Page 7 and 8: News Update “Employees pose great
Page 9 and 10: News Analysis: British Standard 859
Page 11 and 12: They see a well secured airport. Yo
Page 13 and 14: News Special: Cortech Open Innovati
Page 15 and 16: Opinion: ISO 22316 Security and Org
Page 17 and 18: Opinion: Apprenticeships in the Sec
Page 19 and 20: BSIA Briefing With an estimated eig
Page 21 and 22: “ MY PASSION IS PERFECTION IN EVE
Page 23 and 24: Enterprise Security Risk Management
Page 25 and 26: Bribery, Fraud and Corruption: Risk
Page 27 and 28: Crisis Management: Leadership in Pr
Page 29 and 30: www.coie.uk.com Cortech Open Innova
Page 31 and 32: Lone Worker Security and Safety wor
Page 33 and 34: The Changing Face of Security Servi
Page 35 and 36: Multi award winning security servic
Page 41 and 42: Tel: 08707 508070 Fax: 08707 508066
Page 43 and 44: Meet The Security Company: Doyle Se
Page 45 and 46: Fire Safety Planning: Emergency Eva
Page 47 and 48: National Association for Healthcare
Page 49 and 50: The Security Institute’s View and
Page 51 and 52: In the Spotlight: ASIS Internationa
Page 53 and 54: FIA Technical Briefing: Gaseous Fix
Page 55 and 56: Security Services: Best Practice Ca
Page 57: Cyber Security: Risk Management in
Page 61 and 62: Risk in Action Cambridgeshire Fire
Page 63 and 64: Technology in Focus SPC Connect’s
Page 65 and 66: Appointments Magnus Ahlqvist The Bo
Page 67 and 68: thepaper Business News for Security
Page 69 and 70: CCTV CCTV Rapid Deployment Digital
Page 71 and 72: SECURITY ANTI-CLIMB SOLUTIONS & SEC
show all

RiskUKSeptember2017

Create successful ePaper yourself

Delete template?

Save as template?