Step Up Your Profile

Dec 1, 2006 12:00 PM, By Michael Fickes

C-level business leaders are demanding that security departments pull their weight and contribute business value to their companies. But most security directors are failing to get with the program, as they continue to tinker with core security activities such as access control, guard staffs or services.

Support for this warning comes from a recent report by New York City-based The Conference Board, a business research group best known for calculating the leading economic indicators and the consumer confidence index (see sidebar, page 14).

“Security directors appear to be politically isolated within their companies,” says Thomas Cavanagh, senior research associate in Global Corporate Citizenship for The Conference Board and the author of the report, sponsored by the Department of Homeland Security. “They face a challenging search for allies when they need to gain support from upper management for new security initiatives.”

“It is a bit disappointing that security remains a function that is mired in operations in the eyes of senior executives,” says Cavanagh. “But if security executives could successfully relate security initiatives to the competitive posture of the firm — for example, enhancing the appeal of the brand — they might be able to bolster the case for such initiatives as part of a long-range strategy, giving them more prominence in the thinking of the board and the firm's senior management,” he says.

In other words, integrating or aligning security functions in ways that promote long-term company strategies has entered the job description of a security director in today's business environment.

“No, that's not true,” says Robert Hayes, CSO and managing director of the CSO Executive Council, a professional association of senior security executives. “Security directors have always had all of these responsibilities. Company officials have for years been demanding that security departments help add value to their companies by giving more thought to the strategic needs of the business.”

But only a handful of security directors have figured out what this request really means, Hayes says. It does not require graduate schooling. But it does require that security directors think creatively about business vulnerabilities and risks that go beyond core security practices.

Security professionals look at the world differently than business executives. When a CEO asks a security professional to think more about the business, he or she is not asking for ways to make it more difficult to get into the facility. Instead, the CEO wants the security executive to apply his or her unique security point of view to business issues — to find the risks, propose programs that reduce the risks and build value for the company. Just like a marketing director who alerts the CEO to demographic trends, a security professional is likely to encounter government programs such as the federal government's Customs-Trade Partnership Against Terrorism (C-TPAT) before other company executives.

The program grants C-TPAT shipping status based on a list of requirements that include implementing security standards related to shipping products into the country. U.S. Customs has a high level of trust in companies with C-TPAT status, and rewards the trust with expedited treatment when moving goods through customs.

A security director who spotted C-TPAT when it first came out and got his company certified contributed value to the company by helping to cut shipping costs and times and by improving the company's competitive position. Then again, a security director who hears about such a program from the company CEO will probably get another lecture on the importance of adding value to the company. Security opportunities that improve a company's prospects change and evolve.

“Today's global trade makes an elaborate business mosaic, within which there are many vulnerabilities,” says Richard Lefler, a CSO Executive Council Emeritus faculty member and the former CSO with American Express. “Maybe you have dealt with your company's direct risks, but what about the strategic partners that are manufacturing or carrying your goods?”

A security director might suggest that contracts with third party manufacturers of products susceptible to counterfeiting should include the right for unannounced plant audits to ensure against the development of gray markets, Lefler says. For example, security directors from fashion retail product design firms will often check suspect markets around the world for knockoff products. Lefler also suggests studying techniques used by security directors in other industries and considering how they might apply to yours.

Today, Craig McQuate is a principal with The McQuate Group in North Andover, Mass. His background includes a decade as security director with Genuity Inc., a software application vendor based in Woburn, Mass. While at Genuity, McQuate was asked to recommend a drug testing policy. He recommended against it.

Want to use this article? Click here for options!
© 2009 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue