The Future CSO
Skills development is a vital component of any professional’s career and the skillset required of security professionals is expected to the broader every year. To kick off 2019, we asked chief security officers, as well as the consultants, trainers and suppliers they work with, to share their views on what those skills are (or should be). Respondents are allied with a variety of industries, from communications to municipal government to hospitality, as well as leading associations that are also setting the bar high for security education. The responses are, not surprisingly, diverse. Education, soft skills, cyber and physical security interaction, credentials and designations, communication skills, business skills, professionalism and ethics — are all components that describe great leaders in security.
James Armstrong, Vice-president, Chief Security Officer, Shaw Communications; Security Director of the Year 2017
The threat that cyber-attacks pose to businesses of all sizes has never been greater, and as we move into 2019, it’s increasingly important for security leaders and professionals to ensure they have a strong familiarity with cyber security.
Data breaches, malware and ransomware attacks are now just as prevalent as physical threats. This increase in cyber-crime requires that security leaders become holistic subject matter experts on all aspects of security. This means having a firm understanding of all facets of the business they support to better identify risks and develop effective, targeted security programs to protect their organizations.
It is also important for security leaders to educate and empower their employee base such that they can exercise strong security principles in their day-to-day work. Doing this requires that security leaders work hand-in-hand with the internal business leaders and departments they are supporting to develop programs to change employee behaviour for the better. These programs should provide real-life examples to help employees always understand what’s at stake for the business and teach employees to report threats and risks, and engage in safe security practices.
Ken Hoggart, President, Universal Training Solutions
Technology is developing at a rapid pace and being implemented just as quickly. There has been a major shift in loss prevention from shoplifting, to cyber and online fraud. Similar to other areas of society, criminals find it easier to avoid face-to-face interaction and find a way to hide behind keyboards and commit crimes. Can we embrace the technology and operators necessary to follow and deter the newer forms of crime? It goes way beyond learning new access control systems. Now security professionals need to be aware of new facial recognition software, cyber investigations, drones, smart systems and fully integrated buildings. With that said, there are many individuals in the public that we still need to interact with face-to-face, for a variety of reasons. We are seeing an increase in substance abuse and various mental health conditions in society that require our interaction. Our face-to-face interaction skills are also an extremely valuable asset when interviewing a variety of people, whether we are assessing job candidates or conducting interviews for investigative purposes. Can we balance the old and new? I like to believe that we can.
As leaders, it is important to develop the necessary skills to embrace new technology and welcome people who understand and can operate such technology. Leaders should impart the knowledge and skills of human interaction by mentoring people for career development and succession planning. As old as communication is, and mostly looked at as a legacy skill set, it is likely still the most important skill to utilize, train, and pass on.
Brine Hamilton, Healthcare Security Specialist, GardaWorld; IAHSS Ontario Chapter Chair, Board of Directors
Most professionals have experienced the pressure to increase efficiency — faced with growing expectations but met with declining resources available to them. CSOs will need a broad understanding of multiple disciplines to keep pace with these expectations as well as support operations or divisions with direct and indirect overlap of security operations. As technology continues to evolve, the CSO will need an understanding of these new technologies to implement them into their programs and protect the organization. The CSO will also require a strong business acumen to address responsibilities while relating to and collaborating with other C-level executives.
Results are an obvious requirement for a CSO, however an underappreciated yet related element of the CSO’s responsibilities is retention. Without some level of retention, sustainable results are negatively impacted, as is succession planning. Due to the importance of personnel management, the CSO will require a high level of emotional intelligence and strong soft skills. CSOs must also be astute to the innerworkings of their organization in order to navigate the potential challenges of working with multiple groups.
Sherri Ireland, Director, Security Exclusive; Vice-chair, Toronto chapter, ASIS International; Instructor, PSI program, Fleming College
While the basics of security haven’t changed, the complex environment introduced by new technologies (e.g. drones, artificial intelligence) and hosting security systems through IP-based communications requires every security professional to stay up-to-date with technology and evolving cyber security information. Physical and cyber security are interwoven — CSOs and CIOs must speak the same language. Subsequently, continuing education has become fundamental to security professionals.
Protection, Security and Investigation graduates learn the basics of security, then apply these skills in a practical environment, usually through placement programs. Graduates are equipped with the ability to obtain a security officer licence, and professional designations like the CHSO Certified Healthcare Security Officer as well as first aid and CPR certificates. Seneca College has recently introduced an Honours Bachelor of Crime and Intelligence Analysis degree. A college diploma has become the minimum benchmark with the degree program — a new bar will be set for folks entering the industry. No longer will years on the job ensure promotability.
Professional designations recognized globally are becoming the new benchmark. ASIS International designations are becoming a requirement for more senior roles. Other professional designations beneficial to the physical security realm are CSPM (Certified Security Project Manager), PMP (Project Management Professional), CISSP (Certified Information Systems Security Professional) as well as IAHSS security health-care designations.
The complexity of the security landscape is a moving target. Security professionals must continue to invest in themselves and be willing to adapt and learn.
Janice Holmes, Security, Health and Safety Manager, Friday Harbour Resorts
Security skills can be developed, however, core values, professionalism, ethics and integrity are what make you a leader in the private security industry. Employers want to work with people who have a strong work ethic. Ethical behaviour is doing the right thing when no one else is watching, and ultimately, what you believe to be morally true! This leads to overall professionalism and integrity. Integrity should permeate every aspect of your job. All security professionals need to develop a personal code of ethics that governs the way they work and act; this is above and beyond the Private Investigator Security Guard Act code of conduct. This personal code should filter through your day-to-day work, from how you deal with customers to the way you treat your co-workers and supervisors. It’s pivotal in maintaining integrity and ethics when it comes time to making decisions.
Training and an organization’s core values help security professionals follow their own code of ethics and that’s what makes them professionals in the industry. A quote that I have always followed during my career is, “Great leaders don’t set out to be a leader, they set out to make a difference. It’s never about the role, it’s about the goal.” I believe when you live by that, you remember that we’re all a part of the same team. To me, a leader is someone who coordinates the day to day, but it is the team who executes it and pulls it all together. Without core values, professionalism, ethics and integrity, you are never going to stand out as a leading edge professional. Remember to be loyal, dedicated and strive to raise the bar of excellence as everyone will gain from your attitude and your professionalism.
Patrick Ogilvie, Security Advisor, Security Assessment Unit, Ontario Provincial Police
The evolving and advancing skillsets of future CSOs must not just include, but focus on being business enablers. It does not matter if a CSO works in the private or public sector, the requirement to best protect organizational assets must align with the enterprise’s responsibilities that are profit and market driven and/or in the public’s best interest of safety and financial integrity.
Being a business enabler will include all enterprise security risk management (ESRM) elements, plus the pivotal contribution to the business goals, which will include revenue generation, cost reductions and continued efficiencies.
What could be the largest obstacle is aligning those who have both a direct and primary responsibility for asset protection (i.e. CSO staff) and those with indirect responsibilities. It is vital to learn, foster and promote the cultural necessity to be risk adverse, where everyone is responsible for the prosperous, safe and secure functions of the organization.
A CSO who can drive an enterprise’s strategic vision through their tactical and operational abilities will be a valued, trusted and relied upon asset for any organization, for a long, long time.
Silvia Fraser, Head of Security, City of Mississauga, Ont.; Security Director of the Year, Community Leader Award 2018
Security departments have evolved to become their own individual business units, with their own budgets and corporate identity. The role of the CSO has also had to evolve based on the growth of security organizations and the need for an enterprise approach that can cross traditional domains and encompass all security aspects of an organization.
Relying on security-related skill, knowledge and experience alone does not satisfy the maturity of the CSO role. The fundamentals of security management remain the building block regardless of whether it is physical security, cyber security or both. However I also believe that while security skills and knowledge might have got you there, they certainly will not keep you there.
What I found most useful for me, and I see this as the future mantra for CSOs, is: leadership, vision and strategy, together with business administration and development, with a focus on building partnerships and collaboration. There is a mix of skills, knowledge and experience that is very valuable to draw from in any of these areas that can then be complemented by specific knowledge and experience in other areas such as: real estate, property management, government, IT, and ultimately any other area that may be of interest or touches the organization or business you are in. This proves to be so important as we support the business areas within our own organizations.
In other words, if there are no assets (the business), there is nothing to protect. In many cases, the CSO is not the custodian of these assets; the CSO is primarily a service provider to the other business areas, therefore understanding them, collaborating and creating partnerships becomes very important.
Mark Folmer, Vice-president, security industry, Tracktik; Senior regional vice-president, Region 6 (Canada), ASIS International
CSOs are going to need to speak the language of business and secure a spot within an organization. Increasingly, security operations are expected to show a return to the company and even demonstrate a profit. To produce the kind of well-oiled machine that can meet these business demands, the future CSO needs to know business skills and as a result, how to establish KPIs that increase their ROI.
To meet business objectives, the CSO will need access to tools that capture data and the ability to harness that data, allowing them to put into action the kind of efficiencies that will produce a profitable security operation. The CSO can expect more from all of their service providers and partners that will generate data to justify an organization’s investment in their operations.
CSOs will also need to be actively surfing trends in the security industry. If a game-changing technology or model is being adopted in the business, the CSO needs to be familiar with it going into their next meeting. From there, they must be able to take a trend that suits their operation and distil it into something specific and localized. A nimble operation that can adapt to change is future proof.
This story was featured in the Winter 2019 edition of Canadian Security.