Traditionally, security leaders are tasked with protecting physical and digital assets and reduce risk utilizing preventive safeguards within the organization. In 2020, however, security leaders saw their roles change significantly and were forced to update emergency preparedness plans, undertake risk assessments and oversee health-related concerns and procedures in reaction to the COVID-19 outbreak, social and civil unrest, the election and more. This year, security departments have significantly broadened their scope to understand new needs and risks facing their enterprises, as well as how to adapt to a highly reactive environment.
To get some insight on the changing role of security, Security magazine held a roundtable discussion on this very broad subject with our Editorial Advisory Board, comprised of eight industry and thought-leaders. Here are some excerpts from that discussion. To see much more of the roundtable, visit www.securitymagazine.com/videos.
Steven Antoine
Chief Security Officer for Yum! Brands Inc.:
We’re a restaurant company. Since its inception, we’ve focused on loss prevention. However, the concept of enterprise risk management is relatively new compared to the history of the business itself, and the value proposition has changed. It has moved from traditional loss prevention concepts such as cameras, guards and the slippage, to providing measures that are proactive, preventative, forward leaning, and focused on duty of care. In today’s age, security has evolved into managing pandemic response, risk and resilience. Security is being integrated into business conversations at the highest of levels, connected to every part and brand of the business. The evolution is so significant that we don’t call it security – we call it risk and resilience. Overall, it’s a process of reshaping and reframing how we contribute to the bottom line of the organization.
Kristine Raad
Director of Global Security for Owens Corning:
Security is transforming, and the key attribute that security professionals need now is business acumen. Enterprise security is required to think and develop solutions that serve across multiple functions, and not just within siloes. The goal of those solutions should be designed for business activity to build and demonstrate value for all security investments the company makes. Security leaders need to be agile thinkers, as well as anticipate how security goals and objectives can create value for various areas.
There has also been a shift into data-driven decisionmaking, and using data to not rely on the status quo. Enterprise security leaders are becoming more sophisticated practitioners of how to actually convert data into business intelligence and to identify the top priorities.
Karl Perman
Management consultant specializing in risk management, cyber and physical security and regulatory compliance across critical infrastructures:
People have that preconceived notion when they hear security: gates, guns and guards. I remember the days in the basement, where security used to be located. Over 20 years, we have evolved into enterprise risk management and have started to get a seat at the table. Although many people think it is a new concept, enterprise risk and resilience is not new. It has always been about an intersection of business continuity, continuity of operations, security, assets, people, and the technology, or whatever you make, are all protected. It’s about resilience, especially with COVID-19. I tell people all the time, “I’m a business person first, and I’m a security practitioner second.” My job is to better accomplish business objectives through effective security solutions. That is what security should be about: a business enabler, not a business disabler.
Kirsten Provence, L.C.B.
Senior Manager, Supply Chain Security & Organizational Executive Strategy & Business Operations for The Boeing Company’s Security & Fire Protection (S&FP) organization:
The role of security and of security analysts has evolved. Historically, it has been a tactical responsibility, but now security is a significant contributor to the organization. It’s becoming more evident there’s a career path into this industry, quickly helping it become a more attractive field for people to join.
Over the years, the importance of having an internal integrated network has also grown. It is not just a siloed security organization anymore, we have a seat at the table, including supply chain partners, manufacturing partners, or other internal business partners. Now, it’s also important that external business partners and service providers of any security systems are invited to the table to be able to integrate a network based on design structure and on an “all-hazards approach,” allowing security leaders to pick and choose which business continuity plan to execute when they need it.
Jim Sawyer, CPP, CHPA
Director of Security Services for Seattle Children’s Hospital:
The modern security profession is integrated into every fabric of an organization. One of the foundations of the standards for modern security is emphasizing the science of prevention, and specifically of de-escalation to protect all assets.
Right now, about 70 million guns were sold during the month prior to the election. To say that the U.S. is an armed camp is an understatement. This has further added to the challenges we face every day in every security sector. In healthcare, it’s important that we now integrate security and the concept of safety, prevention and de-escalation into the very fabric of every partner to the organization, to help ensure a therapeutic and safe work and healing environment.
Guy M. Grace
Chairman of the Advisory Committee for Partner Alliance for Safer Schools:
In the K-12 sector, we have evolved in implementing technology, emergency preparedness and mental health in our safety and security plans. We’ve had to learn and implement the technology side into threat assessments, as well as consider how we deal with the people we protect, including where they gather. It is centered around people feeling safe in their environment. That’s our role; we have to be ready for all hazards and manage negative behaviors of people to enhance our workplace. We have evolved in technology and emergency preparedness in the last 30 years, but we have a long way to go in understanding behavior and mental health in K through 12, and in all security sectors. When I think about my career and the many things we have had to mitigate, it has required a willingness to evolve, to be humble all the time, and be willing to learn from others.
Jeffrey D. Hauk, MSA, CPP, PEM, CAS, CPTED, SHRM-CP
Director, Public Safety and Police Authority Services at Memorial Healthcare, Owosso, Mich.:
Along with the challenges of our risk landscape, the security industry is in the midst of a huge technological revolution. The volatility of emerging and morphing threats, from both a domestic and global perspective, presents us with some formidable risks that will require new and innovative security solutions and countermeasures to properly address, contain and mitigate. Traditional security functions, roles and responsibilities are converging around data-enabled solutions and technological capabilities. The next generation of security leaders will be required to adapt to the digital constructs across all their business processes and programs.
The next generation of security professionals will require more unique skillsets, tools and knowledge than has been required in the past. Leadership, advanced business degrees and technical degrees in computer science, cybersecurity and artificial intelligence (AI) will be foundational.
Dean C. Alexander, J.D., LL.M.
Director, Homeland Security Research Program and Professor, Homeland Security at the School of Law Enforcement and Justice Administration, Western Illinois University:
Security threats have certainly evolved. The threat from domestic terror and extremist groups has significantly increased over the years. Nation-state threat actors, such as North Korea, Russia, China, are more than ever targeting government agencies or public and private companies, to gain access to valuable data or intelligence or with a goal to disseminate disinformation and misinformation. Lone wolf terrorism is also emerging as one of the most deadly and frequent threats. Some of the highest number of deaths, in many cases are perpetrated by the lone wolf. Recent incidents in Norway, New Zealand or Las Vegas, have demonstrated that the danger of a lone actor is growing.
People are embracing extremist ideologies, which has added to the risks that enterprise security faces. Now, we have an increased susceptibility of customers and employees to be influenced by misinformation and disinformation.