Brian Sims
Editor |
Home> | Security | >Cyber Crime | >Industrial security - October 2018 |
Industrial security - October 2018
16 September 2018
For many people the role of the chief security officer or director of security is seen as a pinnacle within the security profession, but what is it, how do you get there and do you really want to? Mike Hurst provides the answers.
ONE DEFINITION is that the chief security office (CSO) is the employee responsible for the physical security of a company, including its communication and business systems, protecting, people, assets, infrastructure and technology. The role of the chief information security office (CISO) has many similarities and in some cases can be combined, but for the purposes of this article, I am focussing on the CSO.
We probably also need to consider some of the areas that a CSO could be responsibility for. These include but are not necessarily limited to:
Physical Security |
Anti-Counterfeit |
Executive Protection |
Insider Threat |
Compliance |
Intellectual Property Protection |
Security Awareness |
Duty of Care |
Lone Worker |
Cyber / Information Security |
Counter Terrorism |
Loss Prevention |
Brand Protection |
Risk Management |
Investigations |
Supply Chain / Logistics |
Security Services |
Travel Risk |
Many, if not all, large organisations will split these roles, so you may have a director of investigations or director of loss prevention each of who may report into a CSO or into another C-Suite position and often they are quite independent of each other.
So, how can CSOs possibly know about all these areas? Well, they do not have to. They will almost certainly have a high level of expertise in one of more of these, but as with many senior positions, it is often a question of having the skills and experience to identify areas of concern or where action is needed and then taking advice from or delegating tasks to people who have the specific skills.
You need to be know what you know but also know what you do not know. A security department in an enterprise is there to help facilitate the running of that enterprise, in the same way that HR, legal, marketing departments do and the person running that department needs to be a good manager and a goad leader. There is in fact a case that says the CSO need not have security experience. I know of several global CSOs who come from no security backgrounds such as audit, compliance, legal or have moved in senior security positions straight from non-security related, military or Police roles.
The reporting structure is also very varied. There will be some examples of a CSO sitting on the main board of an organisation but more often they will report in via a range of possible routes, although, it is hoped or recommended that the security function is at a high level within an organisation.
Possible Reporting Lines
Chief Executive Officer |
Chief Operating Officer |
Chief Risk Officer |
Chief Information Officer |
Chief Information Security Manager |
Human Resources |
Chief Financial Officer |
Head of Legal |
Head of Property / FM |
There is research to support the belief, rightly or wrongly, that security professionals often lack the business management skills needed at the very top level of an organisation.
Qualifications
So what qualifications should a CSO have? As you would expect, the requirement is for a mix of skills, experience and qualifications, but it would not be unreasonable to see these professionals holding a Master’s level degree in the same way that the CFO or Head of Procurement may well do. Also, some formal security qualification or certification such as the ASIS CPP® or for a CISO the CISSP from (ISC)2. Specialist courses in Risk, Counter Terrorism, Management or even Finance are also not unusual. A background in the military or law enforcement is common, but not essential.
You would probably expect a senior security professional to have a trusted network of peers. Sometimes these are informal, but there are a number of membership organisation that a CSO may be part of. Three that spring to mind are:
- International Security Management Association https://isma.com
- Risk and Security Management Forum (RSMF) http://rsmf.co.uk/
- The ASIS International CSO Center www.asisonline.org/membership/cso-center/
The Security Institute (predominately UK) and ASIS International (UK and global) both welcome members at all levels.
The correct career path is a tricky one as there is not really a clear career path in the same way that there in for other professions. I would encourage people to get qualified / certified, join associations, build a personal trusted network or peers and mentors, be aware of industry trends and developments that may lead to opportunities and think carefully about career moves.
Just remember that the security profession is a wide a diverse one and there are many opportunities to forge an interesting, fulfilling and rewarding career.
Mike Hurst CPP® is Vice Chairman of the UK Chapter of ASIS International and a member of its European Advisory Council and Leadership and Management Practices Council. For more information, visit www.asis.org.uk
- LFB calls for sprinklers in high-rise homes and schools
- Amthal connects with CSL Group in bid to support smarter security operations
- Sixty high-rise buildings fail fire risk tests
- “National security must not suffer for the sake of short-term technological development” urges Defence Committee
- OPSS takes enforcement action over dangerous e-bike battery
- Restaurant duo sentenced over inadequate fire safety measures
- Accidental house fires at three year low in Dundee
- GAI-TRONICS unveils temperature sensing feature for today’s access control regimes
- Mayor welcomes fire boats on Thames as part of Brigade “transformation”
- 2020 ASFP Passive Fire Protection Industry Awards winners unveiled