Don't answer the title question yet.
This week Steve Pennington and I had the opportunity to attend a two-day discussion called The Great Conversation in Chantilly, VA which was bound together with The Security Executive Council’s Next Generation Security Leader Program. This is an end user centric event held annually in Seattle that has migrated to the east coast after about a decade of success out west. Needless to say, we were curious what this was all about. Frankly we were just a bit skeptical.
What The Great Conversation did for me is a bit transformational. Not just with regard to my perception of the security business, but to my appreciation for perspective in many parts of my life.
When I used to think about "high level security discussions", I thought about what general systems would best serve the client sitting right in front of me. I didn't think of brand, but rather functionality. What I was missing was a deeper understanding of who I was talking to, who that person reported to, and what the atmosphere of the corporation or entity was toward security initiatives. I rarely thought about anything beyond the physical security of the walls of the buildings or gates of the campus.
I'll share an interesting figure I heard during one of the presentations this week. We were presented with a pie chart of typical "security concerns" that one particular company had compiled when the Chief Security Officer checked in with the various stakeholders at his company. Interestingly what I got out of the pie chart is that physical security represented only about 6-7% of the pie when it came to security concerns! This may be common knowledge for some reading, but I bet for others this is eye opening.
We live in a world where various stakeholders have a wide array of concerns about security from their perspectives. There's cyber, continuity of business, geopolitical implications, epidemics, employee travel, brand, shrinkage, and a whole lot more to consider depending on the type of company or entity.
So with that said, I'd like to re-ask the question that I posed in the title of this piece: Are you having a tech talk or strategy discussion? Is it time to reflect on who your trusted advisors are? Do you even have one? If you do have one or more, do they TRULY understand your situation at a higher level or are they just technology advisors focused on widget functionality? What is their appreciation for your position within your company or entity?
It's pretty awesome to come back from an event and feel like those actors in the Claritin commercials where you witness the actor suddenly see the world with clearer eyes with a simple medication.
I jotted down about 15 topics to share with you over the coming few weeks. I hope you'll take a few minutes to read them and share your thoughts on the topics. Oh, and if you're a security professional interested in developing your peer community to share best practices, give me a call so we can get you connected to this phenomenal group.