august 2023
Special Report
By Madeline Lauver, Editor in Chief
As the role of enterprise security shifts, how can the industry expand the security candidate pool to meet the evolving needs of the profession?
Expanding the Security Candidate Pool
filadendron / E+ via Getty Images
The corporate security profession today represents a marked departure from the traditional “guns, guards and gates” perceptions of the past.
“Security is viewed more now as a sophisticated discipline than in the past — it’s more than putting guards in front of the building. In terms of enterprise security risk management (ESRM), there’s a broader understanding of what security is now,” says Rico Falsone, corporate security executive, Adjunct Professor at the Georgetown University School of Continuing Studies, and Senior Attorney in the cybersecurity practice area at the law firm Bradly Arant Boult Cummings, LLP.
With a changing industry, security teams are facing challenges in hiring the diverse talent needed to solve evolving challenges and mitigate new and future security threats.
“Over the last 25 years, organizations have been looking over soft skills and business acumen and requiring a deeper understanding of business from their security leaders,” says Jerry Brennan, Co-Founder and Chief Executive of the Security Management Resources (SMR) Group, a leading security executive search firm. “Clearly, there’s still a need at all levels to have operational security people, but we’ve also seen the level of reporting and business-minded strategy interaction improve with organizations.”
The role of the enterprise security function has expanded to encompass business enablement, and modern security leaders have influence over enterprise risk extending past the traditional purview of a security department.
Marlene Baur, Vice President, Senior Security Manager at Citi. Image courtesy of Baur
Jerry Brennan, Co-Founder and Chief Executive of the Security Management Resources (SMR) Group. Image courtesy of Brennan
Lauren Bean Buitta, Founder and CEO at Girl Security. Image courtesy of Buitta
Rico Falsone, corporate security executive, Adjunct Professor at the Georgetown University School of Continuing Studies, and Senior Attorney in the cybersecurity practice area at the law firm Bradly Arant Boult Cummings, LLP. Image courtesy of Falsone
“Security leaders today sit in staff meetings and strategy meetings. They give presentations not only to the leadership team, but also the board of directors, which could include external directors for public companies,” says Brennan.
Businesses have shifted to rely heavily on intelligence and counterintelligence provided by security teams, Brennan says, expanding the influence of security from a primarily safety-focused department to one that enables risk-based decision-making. As security and risk-related functions converge across organizations, the role of enterprise security has expanded. Even if security teams aren’t directly leading environmental, social and governance (ESG) or supply chain efforts, they have influence in those areas of the business and more. The security profession is expanding to become a proactive business partner, says Brennan.
“The one key measure is that when executives call you and want your opinion on an issue that isn’t directly security-related, when there’s not a problem — that’s an indication that you’re considered a business partner and a valued asset to the organization,” Brennan says.
The Security Candidate the Industry Needs
How then, as the role of enterprise security shifts, can the industry expand the security candidate pool to meet the evolving needs of the profession? Prioritizing soft skills and business acumen can help enterprise security departments build adaptable, diverse teams.
“Security is always changing. As the challenges we face change, we need a diverse candidate pool to look at situations from different angles,” says Marlene Baur, Vice President, Senior Security Manager at Citi. By leveraging a wide range of experiences and perspectives, security teams can rise to meet the challenge of today’s risk- and business-focused enterprise security mandate.
Lauren Bean Buitta, Founder and CEO at the nonprofit Girl Security, has conducted research alongside her team into what employers need the modern security workforce to look like. “One of the biggest trends that we’ve gathered through our research with employers is an overall sense that the workforce is lacking a certain skillset, and the challenge right now is for employers to be very intentional about how they define precisely what that skillset is,” says Buitta. “It isn’t just a technical skillset. It’s skills like being able to learn on the job, being agile in the workforce, and being able to move from one project to the next.”
Rather than prioritizing candidates from a specific career path, organizations can determine which soft skills will benefit their team and security’s role as a business partner.
“When organizations assess anybody that they’re going to hire, aside from what I call ‘tactical and operational experience,’ you look for the personality characteristics and those soft skills that HR has been measuring forever — critical thinking, innate curiosity, communication skills, the openness to engage, and adaptability,” Brennan says.
To be a successful, business-aligned security leader, “you have to be able to look at physical security risks as a whole and present to your senior executive the best way to manage them using the resources you have. That requires analytical skills and communication skills,” says Falsone.
Strategies to Attract and Develop Security Talent
Defining the talent needs of the security profession is a critical first step toward hiring and retaining the next generation of security professionals. Past determining how the security field has changed and what skills it requires to meet current needs, organizations and security leaders need to create functional pathways for new, diverse talent to enter the profession.
“Sixty-five percent or more of people in corporate security have worked in government, and 7% to 9% of the corporate security profession are women. Our diversity numbers for minorities are pretty much as abysmal as that,” says Brennan.
With the goal of diversifying the backgrounds of those in the security profession and filling the security skills gap with qualified talent, there are a number of career pathways and initiatives organizations can implement.
Security is always changing. As the challenges we face change, we need a diverse candidate pool to look at that from different angles.”
— Marlene Baur, Vice President, Senior Security Manager at Citi.
Mentorship
Baur credits her success in the security field to the mentorship experiences she’s had throughout university and her early career.
“I think mentoring is such an amazing way to expand the security workforce,” Baur says. “When I wasn’t sure where I wanted to be in the security area, my mentors were the ones that really shaped my vision and goals.”
Baur’s first mentor put her in touch with someone at every U.S. federal agency and had her tour each one to find out if government security was the path she wanted to take. Another mentor, she says, taught her to be herself in the workplace and embrace her own identity and personality as an asset, rather than trying to assimilate. Her most recent mentor guided her through the business world, creating opportunities for Baur to brief organizational leadership “so they could see my potential.”
Baur herself serves as a mentor for Girl Security and is a member of the Overseas Security Advisory Council (OSAC) Women in Security mentoring subcommittee. She says more security leaders should take the time to mentor and increase the security talent pool.
“Most people don’t know what we do. When I say I’m a security manager, everyone assumes I work at a mall,” she notes. “If we mentor some of those people and show them what the industry is really like, then they’ll see the value of the profession for themselves and their careers.”
Higher Education
Another pathway into the security field is higher education. Falsone, a corporate security leader and Adjunct Professor at Georgetown University, says that higher education can help mold risk-minded security leaders.
“Education allows security professionals to develop specialized areas in the security field. For instance, at Georgetown, I teach in the applied intelligence program and the cybersecurity risk management program, and if you focus on specific disciplines, you can add to your experience,” he says.
Emphasizing experiential and hands-on learning is one aspect of a successful higher education program focusing on security.
“In everything I do and the schools do, there is a strong emphasis on the application. Tabletop exercises, case studies, and similar experiences really sharpen the risk management and analytical skills of our students,” Falsone says.
Networking
In addition to the knowledge, risk frameworks and experience higher education can provide, Falsone also notes the networking opportunities of higher education as beneficial to a security career.
“One of the other benefits of high education is that students get opportunities for networking and collaboration, job opportunities — there is a really strong networking component to it,” he says.
Networking efforts can benefit security careers outside of the realm of higher education, as well. At Citi, Baur participates in the Citi Security and Investigative Services (CSIS) Women’s Council, which aims to expand the security workforce and increase diversity on their own team.
The CSIS Women’s Council hosts social hours within the company, allowing women on the remote security team a chance to get to know one another personally and improve retention, and they invite speakers to address and share career advice with the group.
Internships & Workforce Training
Another pathway to engage and retain new talent into the security field involves security internships.
“I think attracting and retaining go hand-in-hand,” says Baur. “As an industry, we need to create more opportunities for the incoming workforce so people with a general interest in security can understand what we do. I think if the industry offered more security internships, we could develop a workforce that’s excited and passionate about what we do.”
Girl Security, the nonprofit organization Buitta founded, has researched the future of the workforce and worked with employers to determine what experiences and skills security job candidates need. The organization, which strives to create pathways for women into security, hosts mentorship opportunities and a workforce training program, which, among other initiatives, upskills young women and girls with a focus on soft skills that will benefit the security field.
“The security workforce needs an enduring skillset that can transcend changes in the market, changes in the economy, and changes arising from things like the intervention of artificial intelligence. Over the last couple of years, we’ve spent a lot of time both just studying the data on the future of the workforce, but also engaging with employers,” says Buitta.
There are many other pathways into a security career that extend past networking, higher education, mentorship and internships — professional certifications, for example, can play an important role in upskilling security talent. All of these pathways and more can help expand the security talent pool to meet the needs of the evolving security field.
august 2023 / SECURITYMAGAZINE.COM