When it comes to building out a corporate security function/department, the board needs to fully understand the role that corporate security plays to make the right decisions way before the hiring process for there to be any real chance of establishing a successful security programme, writes James Sarner, pictured.
I realised early on during my security leadership journey that there is so much more for organisations to comprehend, consider and decide on prior to making what they often believe is the first step – hiring a Head of Security/CSO [chief security officer]; that is, the ‘Security Lead’.
My point starts with the fact that you can always find a great SME and get him or her on board for the right salary, but if that person doesn’t have the right leadership support/backing required and isn’t given a suitable budget or can’t obtain one, then realistically how much of an impact will that person make?
Before hiring as part of a knee-jerk reaction following an incident or because there’s a sudden realisation of the combined value of your company’s assets, there needs to be a good understanding of what assets need protecting and what kind of holistic/converged strategy is required to properly protect them, including having a rough idea of the associated long-term costs involved.
If at this point, a decision has been made to hire a security lead (to build and execute), then the next critical step is to decide where this person is best placed to sit within the org as this could make a great deal of difference to the level of influence and impact the security function will have on your business. This is another thought process altogether, of course.
Once you’ve worked all of this out, then and only then, should you start hiring. But even at this point, you need to think about the right pool of talent to choose from, which possess not only subject matter expertise, but all-round leadership qualities and a good degree of business acumen.
Bottom line –
The set up of (what should be) a highly strategic function from conception, should not be overlooked, as in reality, these decisions may just be the make or break of the impact and success of your security programme. Like with any investment, when its well thought through, it can get you great results!
About the writer
James Sarner (MBA, CPP, RISC) is Managing Director of JMS Risk Solutions. Visit https://www.jmsrisksolutions.com.
