Throughout the day to day operations of a business or organization, it can be easy for different departments to work independently; however, when it comes to developing an effective security strategy, working cooperatively is indispensable. Whether it is collaborating with other departments or with outside organizations, building and maintaining partnerships is mission critical.
“It’s impossible to do everything yourself,” says Jay Gruber, Associate Vice-President for Public Safety and Chief Public Safety Officer at Georgetown University.
Gruber remembers a bit of advice from a supervisor during his time at the FBI, who said “the command post is no place to exchange business cards.” Gruber expands upon that by saying being able to reach out to someone you have an established relationships with can be a big help for security professionals in times of crisis.
“Already having these established relationships are huge,” Gruber continues. “If you don't have established partnerships, then in times when there's not a crisis, you're not getting the information that you need, and in times of crisis you're not able to seek support in areas where you don't have expertise.”
Strong partnerships between security and business operations plays a critical role in mitigating risks and ensuring a secure environment.
“In every business, what we are securing and why we are securing it needs to be a commonly understood theme across the organization,” says Matthew Horace, Chief Security Officer at Pretium & Progress Residential. “This is essential for two key reasons: First, this allows us to ensure the safety of our organizations’ own people, which is always going to be a priority. Secondly, aligning on the ‘why’ of our collective risk mitigation efforts informs our organization’s overall risk mitigation strategy, which is what all of our security decisions ladder up to on a day-to-day basis, and allows for quick decision-making in time-sensitive situations.”
Curating collaboration
No matter the industry, a responsibility of enterprise security leaders is fostering communication and collaboration between security teams and various units within an organization. This relationship building could be key to a strong and effective security strategy.
Horace says it falls on security leaders to be proactive in setting up the foundations for success.
“This means integrating staff, resources, projects, cadence and tempo at every level, and for every eventuality,” Horace says. “For me, it all starts with one-on-one bidirectional feedback. I meet with people across the business on a regular basis to share ideas, listen, and to learn what is expected from security. At Progress Residential a regular cadence of 1:1's is germane to our business principals and culture, in my current I have a regular cadence of 1:1's with stakeholders at all levels to achieve this goal."
Gruber says leaders should be proactive and don’t wait until somebody reaches out to them.
“You can't wait until there's a crisis,” Gruber says. “You need to have already reached out to these people ahead of time — do that handshaking tour, set up appointments. If they're outside of your organization then invite them to lunch. If they're inside of your organization, meet for coffee, send an email every once in a while. It's important that that you take the initiative to keep those relationships fresh, you can't count on others to do that. It's more work on your part, but in the end, it pays huge dividends.”
Shared vision
Measuring the effectiveness of partnerships between security and business operations is paramount in achieving shared objectives. Such collaborations are vital for maintaining a robust and resilient organization. Assessing the impact of these partnerships allows a security leader to gauge their organization’s ability to mitigate risks, protect assets and ensure continuity of operations.
“Security can’t succeed if the business fails and vice versa,” says Horace. “That’s why an integration mindset is essential, treating security as an extension of the business. Security leaders must work to gain that level of buy-in from their colleagues and business leaders.
Horace continues saying that practically, consistent, bi-directional, multi-level feedback between security and business operations is essential. At Progress Residential I have a straight line relationship with our Senior Vice President of Operations which I use every day to ensure alignment regarding strategy and tactics.
“What gets measured gets accomplished, and what gets measured gets improved; you must find ways to quantify and keep track of your progress, whether via dashboards, scorecards or surveys,” he adds. “These are effective accountability tools that also provide good feedback as to what is working broadly, and what needs to change.”
Maintaining effective partnerships applies to more than just business organizations. Gruber says universities are extraordinarily collaborative consensus building environments, where relationships really mean a lot.
“You measure the effectiveness based on what you were able to do to increase security in any way, whether it was cutting branches down to get the camera a better view on things, or getting additional security into a building, or getting a new technology to support existing projects,” Gruber says. “I measure the effectiveness by the relationships that I have, and how that relationship supports both of us. It's a win-win. So if I find that the relationship is working well, and other person finds the relationship is working well, then we both get to our shared objectives.”
Buy-in from the top down
Having buy-in from the top down in an organization is also a key part of cultivating an effective security strategy.
“Without buy-in, you're not going to get the money to do what you need to do, security does not make money,” Gruber says.
Gruber says keeping the decision makers regularly appraised of the work the security teams are doing, and not just when buy-in is needed, lays a foundation of respect.
“Then when you do need that buy-in, you've already set this really good foundation that you're a strong leader, you have a good organization, you get things done, and they'll take you seriously,” Gruber says.
Horace agrees saying security practitioners would always prefer to be strategically proactive rather than reactive in their security strategies.
“Most of us have been in situations where we were told ‘no’ to a strategy that involved upfront costs, only to be called into immediate action as a reaction to a condition,” he says.
Horace says, one strategy he’s utilized to successfully influence up is to gain the buy-in from a diverse group of stakeholders who understand and support the vision and apply gentle consistent and respectful pressure until the needed buy-in is achieved. One person making recommendation is one thing, 10 stakeholders asking for the same thing is much more impactful.
“Security executives understand how important ‘influencing up’ becomes as we move from hire to evaluation to recommendations to asking for funding for our visions. As we foster integration with business operations stakeholders and gain buy-in for our vision and recommendations, the reality is that someone has to pay for that vision and those recommendations.”
Collaborative partnerships between security teams and other units within an organization are the pillars for overall organizational success. By fostering effective communication and working together, these relationships can fortify resilience in an ever-evolving threat landscape.