Dr Mike Blyth, DBA CSyP is Chief Resilience Officer at the consultancy Sigma7. He was a speaker at the Security Institute’s 25th anniversary conference in London, as featured in the December edition of Professional Security Magazine. Here he writes about the route to, and beyond, the role of the Chief Security Officer (CSO).
Most security practitioners do not start their careers in the commercial sector and the transition from an initial career into security often lacks structure, consistency, and appropriate levels of support. Once established, the process of gaining technical and experiential knowledge or vocational and academic qualifications frequently lacks a clear, well-trodden, and communicated pathway. As a result, there is an urgent need for structured and supported career transitioning, a universally agreed Competency Framework to guide vocational and academic learning pathways, and a well-resourced body of knowledge to shape consistent security standards and practices.
Research undertaken in 2025 on “The route to, and beyond, the role of the Chief Security Officer” (CSO) leverages a mixed methods survey of 58 senior security professionals, a forum session and poll of 24 American Society of Industrial Security (ASIS) CSO forum members, and a survey of 32 CSOs. Exploiting the lessons learned of those who have already walked the practitioner pathway can help both entry level practitioners as well as those aspiring to the rank of CSO to better identify and engage mechanisms to accelerate or broaden professional growth.
Evolving beyond traditional security
As the sector rapidly adapts to combat both new risks and evolving employer expectations the importance placed on traditional security is changing, with a growing need to incorporate broader resilience, business continuity, and crisis management responsibilities. While competence in traditional security remains important, research illustrates the need to broaden the security practitioner’s remit, showing that:
- 9pc of those surveyed focus all their time on physical security.
- 43pc spend 80pc of their time on physical security and 20pc on broader resilience.
- 26pc spend 40pc of their time on broader resilience activities.
- 12pc spend 20pc of their time on physical security with the rest focused on resilience.
As responsibilities shift, security professionals increasingly see their role evolve into a wider risk management remit, with 80pc of participants seeing their future in the field of resilience rather than traditional security. Such a significant refocusing of responsibilities suggests the need to revisit the title of ‘Chief Security Officer’ and potentially replace it with the designation of ‘Chief Resilience Officer’. This evolution of responsibilities also affects the importance placed on new areas of knowledge, with research illustrating the need for practitioners to broaden their range of competencies to include the fields of business, finance, law, technology, communications, and compliance.
Primary career knowledge and experience
Given that most professionals start as something else, it is important for practitioners (and their employers) to be able to recognize what first career knowledge, experience, and qualifications are transferable… and then to appropriately leverage these it. Research found that 57pc of participants felt that the knowledge and experience gained from their initial career offered strong to exceptional value to their current role, 38pc felt it offered some value, while 5pc felt it offered limited value. Understanding what can be immediately leveraged – or what might be useful with adjustment – will benefit both the practitioner as well as the organization they serve.
Transitioning between careers can also be challenging, undermining opportunities for timely employment and appropriate hierarchal or technical placement. Avoidable barriers to entry can also dilute enthusiasm for those wanting to join the sector. Less than 21pc of participants felt the structuring and support provided for transitioning was adequate, 69pc felt it lacked appropriate definition, structure, or appropriate resources, while only 10%pc found the mechanisms for career transitioning were effective. This illustrates a clear gap in recruitment and onboarding mechanisms which feeds the sector with the next generation(s) of competent, qualified, energized, and well positioned practitioners.
Defining what is important and establishing new knowledge
The absence of formal and communicated expectations presents an upskilling challenge at both the point of entry as well as for continued career advancement. The growing demand for out-of-sector competence is problematic as aspiring leaders seek to become grounded in unfamiliar areas whose surface level value may not be immediately obvious. Of the ASIS research participants, 19pc felt that the technical and experiential requirements for security professionals were well defined, 31pc felt they were adequately defined, and 50pc felt that the requirements were poorly defined or entirely absent.
Where developing knowledge and experience is reliant on learning through real-world crises this can place both individuals and their organization at significant risk. As a result, there is often a need to manufacture opportunities for knowledge and experience development and testing through a combination of repetitive learning by doing, structured programs of academic or vocational instruction and exercising, or crisis-simulations which contextualize knowledge and stress test its application. Opportunities to develop new knowledge and experience can be gained through government sponsored programs, commercially available courses of instruction, or through forums and associations. Ideally, learning must be credible, 3rd party audited, provide learning credits or formal qualifications, and should be standards-aligned.
Value of vocational and academic qualifications
Where professionals operate in a governance-heavy or compliance-driven sector the role of certified qualifications becomes especially important. Where academic or vocational qualifications are role-mandated then specific degrees or courses of instruction play a critical role for both those entering or advancing in the sector. Research suggests that the focus of study is not necessarily as important as demonstrating the desire and ability to learn, with 12pc of participants positing that qualifications must be directly tied to security, compared to 53pc who felt that studies in a related field would be useful. Interestingly, 35pc of participants felt that the field was not relevant, or that it might actually be advantageous to explore new fields of study. The level and nature of learning was also ranked by importance.
Barriers for learning
Barriers for learning were also explored, with 97pc of participants stating that bandwidth constraints made learning difficult to impossible, 77pc felt that employer support was a barrier, 84pc felt that money was a limiter, and 44pc felt that access to learning resources was a challenge.
Looking forward
The sector is complex, dynamic, and struggles with ambiguous and changing expectations. The absence of a Competency Framework aligned to universally agreed role specifications and international standards, coupled with significant gaps in research, makes professionalizing security or advancing in the sector challenging. Those entering the sector often find establishing a foothold difficult, while those who have reached the pinnacle of security can feel there is nowhere left to go. Mapping both current and future competence requirements which address both traditional security and broader resilience responsibilities can help map a pathway from entry level positions through to attaining the post of either the Chief Security Officer or Chief Resilience Officer. Exploring both in and out-of-sector vocational and academic qualifications, leveraging forums, and engaging mentors and training opportunities can help practitioners to accelerate their professional journey. Effectively communicating the relevance of security and the barriers for entry and advancement to employers also better positions leaders within their organization, as well as help them evidence the need for time, funding, and support.
Further reading, about the author
Access the research findings and free online training: https://go.s7risk.com/cso-resources. Discuss ideas on how to accelerate professional growth: [email protected]. Dr Mike Blyth’s doctorate through the University of Portsmouth was on organisational resilience. A former Royal Marines Commando Major, he’s made his own route in private and corporate security.
Photo by Mark Rowe: rail operator’s revenue protection manager, on a platform.
