Raising security awareness: what does security have to shout about? And how does it do that?
Chair: Martin Gill
Michael Cummings – President at Cummings Security Consulting, LLC (US)
Roy Cooper – Organiser of Security TWENTY Regional road shows and Managing Director at Professional Security Magazine (UK)
Erik de Vries CPP PSP – Owner at DutchRisk BV (Netherlands)
Mike Cummings emphasises the point that the key to communicating good security is for security professionals to fully understand the business they work for (the key to adding value), which has particular significance because as a consultant Mike has often noted a disconnect between the work of security and organisational strategic goals and Mission. There is no excuse because there are a lot of resources available, many provided by security associations. Another angle is to promote collaboration, to bring people to the table. The security world does not have a spokesperson and that is a gap, but it means the security profession needs to speak up about its successes and be committed to doing so. These are routes to challenging the perception that security can be treated as a commodity.
Roy Cooper points to the tendency of the security world to understate its achievements as a major barrier to effective awareness generation. He only partly accepts the criticism that the security press is to blame, noting that organisations don’t make it easy to identify good news; often it has to be teased out of them. There is often more attention on failures, it can be easier to identify them, and he cites the recent attention on security failures during the Manchester bombings as an example. There is no doubt that the security world has much to celebrate and points to the OSPAs as an illustration. Conferences provide an opportunity, engaging speakers from outside the sector, but they are not easy to find. Another option is to engage the national press. He calls on the security sector to have the political will to be different.
Erik De Vries highlights the importance of a positive security culture; that is the key to generating engagement, and it is largely about soft skills, and it can be driven from the centre across domains. The key is to create awareness at the top of organisation and to filter awareness from there. A limit is that security managers are often not good salespeople, and especially weak in selling their own successes. He gives an example of a CEO invited to talk at a security conference, started by showing some aspirins and said that this is what security brings me, headaches. Security enables business and it needs to highlight this.
The discussion in this webinar reminds us that being effective, and showing one is effective are distinctly different entities, and the former is no guarantee of the latter. The security world has made great strides in improving itself, and while there is still plenty to do it remains true that a major gap is the tendency for security people to understand their success, and for others, not least the press, to focus on what goes wrong. There is no short cut here, it requires the security sector as a whole to rise to the challenge.
17th November 2020