The Insecurity in Security part 6: Managing business pain

The insecurity in security - part 6

Share this content

Facebook
Twitter
LinkedIn

Tim Wenzel, CPP, Co-Founder and President of The Kindness Games, explores how to handle and reduce pain in the context of organizational security.

The view of pain

Have you or someone you cared about had an experience with a bad doctor?

It’s difficult to define what a “bad doctor” is. It’s very subjective.

This definition is based on someone’s experience, yet people who have these experiences talk about them all the time and these stories resonate with almost everyone, because they center around failures and pain which has adversely affected their health…

Pain and bad health at the hands of another is the most basic fear of humanity.

These stories permeate communities until sometimes, entire hospitals, though they win awards, are considered bad…

This is experience of the security industry as well. Let’s deal with it. 

We began this conversation in articles 3 and 4 of this series discussing the dynamics of frustration and a lack of process, both hallmarks of our industry.

In article 5 we confronted our lack of ability to withstand being questioned and ultimately a fear of engaging in uncomfortable conversations.

This article seeks to put a bow on the previous three. This is what we should be doing and communicating with the organizations we serve.

Tim’s defining characteristics of bad doctors

  1. Misdiagnosis. They diagnose and treat the problem. The patient stays the same or gets worse and a second opinion contradicts the original diagnosis
  2. Chasing symptoms. There is no diagnosis available, just the treatment of symptoms. Some symptoms improve only to uncover other symptoms
  3. Patient does not tolerate treatment. Treatments are too miserable or the patient is not compliant with the treatment plan leading to a stalled and ultimately failed treatment plan
  4. Dishonesty. The doctor continues to provide false hope and does not admit to being wrong, continuously doubling down on the next course of treatment… or the next diagnosis… or the next root cause of the pain/symptoms

How do we steer clear of being defined as bad doctors or hospitals?

Articles 3 and 4 set the foundation of learning lessons and understanding the business and corporate eco-system you operate within.

The proper formation of risk management, governance and program management practices paired with a consistent approach can be use to measure data which can be analyzed in a repeatable fashion.

As you learn lessons and begin to see trends over time, context will appear across all your major programs serving the business.

Transparency is our friend. Begin setting meetings with your closest stakeholders, the business units you do the most work for.

Start small. I prefer one on one for coffee or lunch.

Explain that you’ve been evaluating the metrics and lessons from your various security operations and you’d like to align them with their experience.

Specifically, you want to know about Failure and Pain.

  1. Has the security organization, operation, team, personnel, etc. failed them in anyway? If so, dive into details. Ask for a Post Incident Debrief with relevant personnel from the business unit
  2. Has the security organization caused the business unit to fail in anyway? We should be in the business of enabling business, not disabling it.
  3. Could they describe any friction or pain between their business and security? Festering wounds often start as blisters or small sores
  4. What non-security related business pain are they experiencing? These could be obstacles, issues with customers, the company, etc.

By engaging in this series of conversations, taking the feedback to your management team and brainstorming how any issues might be resolved, you’re comparing quality data to the experience of your patient to see how well you are obtaining the results you’ve intended.

Over time, you will revisit these conversations with new approaches to try, ways to optimize for experience…

You may begin meeting with multiple stakeholders who received similar services but are experiencing them differently to understand why, share lessons – and promote transparency.

By bringing the business closer to our operations and allowing them to learn about us through a quality assurance process focused on enriching their experience, we will find and document much more common ground.

Business units will make more concessions on their expectations as we show more progress.

The patients who complain the loudest and damage the reputation of medical providers or entire organizations feel abandoned in their pain by people who were supposed to help.

You may not be able to make all the discomfort go away, but if you’re walking your customer’s path and working alongside them, then you’re both trying to achieve the same outcome and experience becomes more successful for everyone.

Read the previous article in Tim’ series here and find the full series here. Keep an eye out for the next installment, coming out soon!

Newsletter
Receive the latest breaking news straight to your inbox