For many physical security professionals, career progression is often framed through a familiar visual: the organogram—the hierarchy chart shaped like a pyramid, writes Stephen Ackroyd, pictured, the new chair of ASIS UK, the UK chapter of the US-based international security management association ASIS.
It shows levels of development and ends with one ultimate destination: Head of Security (HoS). That final tier is often perceived as the pinnacle, the summit of one’s journey. For countless professionals, reaching HoS represents late nights, hard-earned qualifications, unanswered emails, crisis management, and navigating office politics. It is worn like a badge of honour—proof of tenacity, resilience, and commitment. But what if that pyramid is outdated? What if it reflects not ambition, but limitation? What if it is simply a legacy structure—built on the aspirations of past postholders—rather than a true map of what is possible?
In any modern profession, development is not linear; it is adaptive, iterative, and strategic. Think of it like a game: each level prepares you for the next, but only if you collect the right tools, develop the right skills, and build the capacity to anticipate what lies ahead. In security, each stage brings new threats, higher complexities, and new responsibilities. Yet, if we stop our progression at HoS, we close ourselves off to the strategic level—where real decisions are made, budgets are set, and risk is owned.
The issue is not that the wider security industry lacks a vision for its future—it is that it is still fixated on the wrong end goal. Our “pyramid of promotion” is too short. It stops at Head of Security when it should be pointing toward the Board of Directors (BoD), where security is not just a department—but a strategic enabler, a risk owner, and a value driver.
Look at any board of directors across sectors—construction, retail, banking, biotech, manufacturing. Their expertise typically spans finance, strategy, governance, operations, technology, and stakeholder management. These are essential competencies, yes—but what is often missing? Deep and strategic security expertise. Who better to lead risk-informed decision-making than the very professionals who have spent their careers understanding threat, vulnerability, resilience, security economics, compliance, and crisis leadership?
Yet how many Heads of Security are developed, mentored, or supported with the idea that they could one day sit on a board?
We prepare security leaders to manage operations, but not to shape strategy.
We equip them for crisis response but not for investor dialogue.
We coach them on risk mitigation, but not on risk appetite.
We teach them to protect assets, but not to defend shareholder value.
If the true destination is BoD or Non-Executive Director (NED), then our development pathways must reflect that. Our HoS job descriptions should not just include tactical responsibilities like site protection, incident reporting, or compliance oversight. They should include foundational strategic competencies: understanding governance frameworks, interpreting financial statements, stakeholder engagement, corporate risk ownership, and exposure to investor-level decision-making.
Ask yourself: Does your company’s Head of Security attend the Annual General Meeting (AGM)? Are they prepared to answer shareholder questions—about geopolitical risk, supply chain resilience, digital-physical convergence, or crisis preparedness? Can they articulate how security contributes to value protection and value creation? “Due to security, I can’t answer that” is rarely an acceptable answer at board level. The board expects insight, contextual understanding, and clear guidance—supported by credible, publicly accessible intelligence where appropriate, as the risk owners in business.
The convergence challenge
We are also operating in a world where the lines between physical and digital (cyber) security have blurred. Threat actors don’t distinguish between domains—so why do our professional pathways? The hybridised security professional—fluent in cyber, physical, continuity, privacy, resilience, regulatory compliance, and corporate governance—is the future. But are our development models preparing them for board visibility?
Security associations and professional bodies already serve as valuable hubs for knowledge, influence, and professional recognition. But are we fully utilising these networks to mentor, endorse, and prepare our professionals for NED and board-level roles? Are we actively developing the strategic competencies, governance understanding, and executive presence required at the top table? Or are we waiting until it’s too late—realising that leadership potential has been confined by operational conditioning?
There is a well-known paradox: You can’t be appointed to a board without board experience—but you can’t get board experience unless you’re appointed. So where do we start? We start by constructing the environment for security leaders to develop strategic board-capable competencies long before they reach HoS level. What if the pyramid were not a triangle, but part of a spiral? A wheel that continues to turn—where knowledge builds, influence expands, and security becomes more than a function? What if security professionals didn’t just manage threats—but shaped the organisation’s future?
So, what must change?
- Job designs must evolve: Expand the HoS role to include strategic leadership potential, not just operational excellence.
- Mentorship must elevate thinkers, not just managers: Pair emerging leaders with directors, not just senior security practitioners.
- AGM and investor exposure should be part of leadership training.
- Security associations must actively prepare professionals for BoD and NED readiness—not just certifications.
- Boards must recognise the strategic value of security as both risk protector and enabler of business growth.
Reaching Head of Security should not be the end of the journey. It should be a transition—a gateway to influence, leadership, and stewardship at the highest level. The industry does not need more gatekeepers of security. It needs strategists, narrators of risk, and ultimately—security leaders who belong at the boardroom table.
Rethink the pyramid—you may be standing on a summit built from someone else’s expectations.
