In the fourth installment of this series, Tim Wenzel, CPP, Co-Founder and President of The Kindness Games, explains how Relevant Perception is essential for security leaders.
I coined the “Relevant Perception” phrase in 2015 as I began to build programs which managed security risks that were less easily defined, increasingly greyโฆ meaning the value proposition is less obvious to the business.
As a security leader I would often remind teams that โperception is reality.โ The context was often the business not seeing the value of security efforts or disagreeing on the success criteria.
This exercise plays out universally in the private security industry. Security can be implemented in a tactically sound manner, achieving its goals, yet somehow falling short of the organizationโs goals.
The misalignment of perception is a causational issue for many downstream issues.
At The Table, perception plays into the politics of organizational direction and the appetite for disruption and change.
Having a solid business case, message, metrics, and a coalition of stakeholders in support is crucial. But all this means nothing if you canโt achieve relevant perception.
When conducting a threat and vulnerability assessment, security professionals understand the value of seeing the asset to be protected from the threat actorโs perspective. Often, we plan our security strategy based on how we might attack an asset.
I often ask myself, do we inadvertently approach the business in the same manner, making them feel threatened or at least a little suspicious?
โNever let a crisis go to wasteโฆโ Have you heard this mantra? Have you said it yourself? Does this seem to be the only time you can successfully โsellโ the next security initiative?
You might be creating an opportunistic reputation for yourselfโฆ
A plumber knows how a city works. Water supply, distribution, drainage, collection, recycle, resupply.
The mechanics of it are not much different than your neighborhood, but the scale consequences are far greater.
Also, the city doesnโt exist to support the water and waste cycle, the cycle is necessary to support the city.
Somehow, we in security are under the impression that just because we have reached a certain level of expertise in operational security planning, we are ready to manage the city.
We polish our resume with great experience, yet when we get to The Table, we sound like a security supervisor or an executive protection agent or an intelligence analystโฆ most of us will never be taught how the city functions and how security should support it.
We are perceived as plumbers.
I recently sat down with a client. To kick off the conversation I asked, โWhat has the General Counsel been talking about?โ
The next 5 minutes of topics was a roadmap to exactly what was important to the strategic growth of their company at this very moment.
The next question to answer, what is securityโs role within these very important topics and initiatives?
The problem: If you ask the GC or the CFO or the COO, they wonโt know either, because they have most likely never had a strategic, business minded security leader at their disposal.
Your next step? Get a really good book on Enterprise Risk Management, maybe even a mentor to help you wrap your head around business risk.
While you make your way through a very unfortunate dry read, you will begin to see familiar principles in play. You will begin to see securityโs role within legal risk, financial risk, operational risk, etc.
Simply stated, risk is the language of business.
Learn to hear it mentioned in conversation and ask for the opportunity to observe these various teams working through these issues.
Get invited to the meetings and be quiet for a while. Take notes and once you begin to understand the landscape, ask questions.
As an executive level consultant, I insist on meetings that donโt make sense to the organizations who hire me.
Often it takes three to four requests before the audience is granted.
In my mind there are two ways to approach these conversations, asking about their biggest risks, concerns, and problems or asking them to describe a process that you know security should have a role in.
Listen carefully, ask questions and figure out at which points security is engaged currently and where opportunities exist.
The goal: Get the business to tell a story about themselves so you can help them see security within their story.
Ask them to help you understand what their success criteria is and what difficulties or pain points they often experience.
Donโt let them recite a laundry list of issues and not have anything insightful to offer.
Donโt put an immense amount of pressure on yourself to โsolveโ their issues in one conversation. Overselling ourselves can also create an uneasy perception.
Offer ideas on how you might collaborate, consult or assist. A great place to start is identifying points within their routine where it might be beneficial to reach out for advice or assistance.
Over time, you can carve out placeholders in their routines where you might assist.
Your stakeholders will often be surprised as they begin to see securityโs role within their portfolio.
Last year, I wrote about the Professional Prophet. This is the goal of the series of conversations you will host over time.
When something happens that you have been telling your organization about, they will remember and call you to The Table.
What is your role in this situation? Our base reaction is to be the hero. To have the solution. Youโre not wrong. You should have been preparing for this situation. You should know:
At The Table, ask these questions.
With this context outlined, make the case for how you can manage this security risk at this moment. Outline the stakeholders you think youโll need to work alongside to measure success and to iterate – improving your solution in real-time to ensure the most appropriate impact and success criteria for the organization.
Set milestones when you will reconvene to reassess and adjust.
Donโt fall into the trap of asking for a bag of money to solve their problem. Donโt try to implement a new massive security program for this particular event.
Make sure you set a goal of slowing down and designing back to the most appropriate level of normalcy.
This is the most effective roadmap to Relevant Perception. Security finds their role within regular business operations and the business finds the security risk within their portfolios.
Over time, security will become ingrained within the organizational structure in a transparent fashion, as a business partner.
Find the full A Seat at the Table series here. Keep an eye out for the next installment, coming soon!
