The biggest skill set gaps in the security industry are business acumen, strategic capabilities and an entrepreneurial mindset, according to Kathy Lavinder, owner of Security & Investigative Placement Consultants and a well-known recruiter in the security industry. By business acumen, we are talking about demonstrating security’s value in key financial terms. When we say strategic capabilities, we are referring to the ability to communicate clearly how security contributes to the business mission and serves the company’s clients. Finally, the entrepreneurial mindset means driving creativity, innovation and accountability.
Improve Business Acumen
Rodnie Williams, president of the security consulting business Northarrow Group based in Minneapolis, recently told me he seeks to be a business leader with a security expertise rather than being a security expert with a business mindset, a small but important differentiation. If you seek to be a business executive first, then you are in a great position to understand any business. I first heard Rodnie speak at an industry event in January 2011, and during his keynote speech, he recommended reading What the CEO Wants You to Know by Ram Charan.
In this book, Charan explains a company’s financials from the perspective of a Fortune 500 company and a street vendor. He reviews the key financial metrics – cash generation, return on assets (ROA), velocity, margin and growth (market share) – that apply to any company and directs the reader to understand these financial metrics in order learn how the company makes money, which is the first requirement for enhancing business capabilities. Security executives have the greatest opportunity to influence ROA and velocity, if you are in supply chain security.
Another skill that you can develop to increase your business acumen is learning to read a balance sheet. Kathy Lavinder underscored the importance of this point recently. Security is about protecting assets, and a balance sheet summarizes the value of a company’s assets, liability and shareholder equity. The basic balance sheet equation is:
Assets = Liabilities + Shareholder Equity
If security is in the business of protecting assets, then our efforts to do so increase the value of the assets on the left-hand side of the equation. Indeed, this can be a differentiating factor in the company’s treatment of its assets compared to that of its competitors. I acknowledge the challenge of security still being viewed as a cost center among corporate executives, but with enough time and focus, we can begin to reframe it as an opportunity to increase value. With that said, successful change can happen only with an enhanced ability to frame security in business terms.
Once you have developed your business acumen, how do you pass it on to your team? Well, your first action is to set up quarterly meetings to discuss the company’s financial performance, and using the financial metrics in Charan’s book, discuss the financials for the quarter and the trends for the year.
Some questions to get the dialogue going are:
- Are the company’s revenues increasing or decreasing?
- What is the return on assets?
- How efficiently are these assets being used (velocity)?
- Is the market share increasing or decreasing?
- How has the profit margin shifted from one quarter to the next?
Invite the team to offer opportunities for the security team to enhance the company’s performance. Doing so, you will be building their strategic and entrepreneurial capabilities, too. Indeed, you may not get any viable suggestions, but you have engaged your team to think about their day-to-day roles in a new frame with a business mindset. They are also learning through experience, which is the best kind to have for long-term retention.
Use case studies to hone your team’s business acumen. In Security and the CFO: Show Me the Money, published in the February 2011 issue of Security, CSOs share how they discuss the business of security, and their experience can be used to challenge your team:
- How much does fraud cost your company each year? What is the cost of the security programs designed to reduce losses resulting from fraud?
- How much does theft cost the company? What is the cost of the security programs that prevent and detect theft?
- What are the company’s liability exposure and the loss of assets as the result of a disaster? How much do the safety and business resiliency programs cost the company each year?
- What is the potential impact on the stock price in a crisis based on the public perception of its preparedness and resiliency?
Another way you can teach business skills to your team is to put in place a boot camp of learning opportunities to educate your team about the business for which the security is being provided. If it is not explicitly part of the team’s performance requirements, opportunities and the creativity necessary to demonstrate value will be limited. What distinguishes boot camp from other training programs is that it teaches employees about the business, from revenue generation to expenses to accounts receivable.
The ASIS Women in Security group holds regular Ask-a-Mentor sessions for small groups of security professionals; during these forums, the attendees are invited to ask any question that is on their mind. Make these sessions part of your boot camp. You can use this same model for your security staff with invitations to revenue generators to be “mentors.” Invite the mentors to discuss his/her line of business, its drivers and its financial performance.
By working on your business acumen, you are investing time and effort that will have a significant compounding impact on the ROI of your time. Knowing the value of the assets you protect and understanding how your security services can affect the efficiency of how the assets are being used positions you to intelligently discuss with upper management and your team the ROI of your security programs. At the same time, deepening your comprehension of the company’s financials and their drivers enables you to enhance your strategic capabilities by identifying how security contributes to the business mission and serves the company’s clients.
Hone Strategic Capabilities
Another way to develop your strategic outlook is to attune your mission to that of the company’s. According to Seven Ways to Maximize Value to the Corporation in the July 2010 issue of Securitymagazine, one of the first activities the Security Executive Council advises is to analyze each security program under a strategic lens to ensure:
- The benefits outweigh the cost.
- Expenses are managed and measured by program.
- The case for relevancy is clear.
- Programs are reviewed for enhancements regularly.
- Partnerships with other risk management are outlined.
After completing these points on your own, pose them to your team and foster a discussion. Then, challenge all team member to draft their own mission statement explaining how their day-to-day roles contribute to the company’s clients. Going through this detailed exercise will enable your security team to communicate concisely their contribution to the business goals.
Develop “Securpreneurial” Mindsets
A 2010 IBM study of 1,500 CEOs indicated that the most important contributor in succeeding in the marketplace today is creativity, which can mean different things in many contexts. For our purposes, we are talking about creativity as a securpreneurial mindset. Intellectual curiosity is the first step. Be curious about understanding how senior executives think about the team’s contribution to the business, how each member of your team approaches solving challenges, and what motivates each individual. Ask a lot of questions. If you are parent, do you recall when your child at the age of 3 or 4 would ask, “Why?” about everything? Take that same approach to understanding your team, the perspectives of senior executives and the company’s clients. This will enable you to at a minimum build better relationships with key stakeholders and identify commercial opportunities.
The next challenge is to pass it on to your team, and this is where my services as part of CSO Leadership Training can help. Build an army of securpreneurs. With innovation and creativity driving our new “knowledge-based” economy, human capital and retention of staff are critical. With that said, old management models don’t truly encourage the kind of securpreneurial thinking needed for success. Here are some steps to take:
- Create an incentive that rewards the employee and helps align his or her personal and professional goals with the company’s.
Manage performance by quarterly outlining business objectives.
- Support the development of staff by encouraging stretch projects that help individuals on your team to build their capabilities and that help you demonstrate value to senior management.
An easy way to record progress to the quarterly goals is to have each team member outline:
- What action was taken?
- What was the result of the action? How did it save money, increase efficiency and/or enhance effectiveness?
- What was the impact of the action? How does the action and result mitigate risk, increase protection or enhance value to the company?
Honing business acumen skills, strategic capabilities and securpreneurial abilities for you and your team require time spent away from day-to-day activities. Investing the time on each area mutually reinforces the others, compounding the benefits. Expending effort on the long-term view in these three areas also fosters team building, knowledge sharing and relationship building, all of which enhance professional development, staff retention and team engagement. Who would not want to work for a security leader invested in producing results and building capabilities in their staff they can use anywhere?