Learn some simple strategies to transition the image of your security team from a cost center, to a value add.

Enterprise Security: Positioning Your Team as a Value Add, Not a Cost Center

We are all too familiar with reading articles that focus on the hundreds of thousands or millions of dollars that companies spend to protect their CEOs. This fits neatly into the stereotype of the corporate security department: a cost center that drains money from the company’s bottom line. Now is the time to take a step back and consider approaches that can help to re-brand the image of your corporate security and resilience departments.

This article will share four direct strategies that can help you and your security team transition from being seen as a “cost center” to becoming a value-add to your business’s bottom line.

1. Understand the “why” behind your business.

Perhaps you pursued corporate security work because it felt natural for you. Maybe you never really wanted to be a business leader and prefer to stay in the “security” lane. The issue with this approach is, an enterprise security program that is generic in nature with little regard for core goals and strategies of the business will struggle to add tangible value to the business. By engaging in purposeful conversation with the other leaders within your organization and asking them about the “why” behind their strategies and goals, an organic understanding of the business will occur. By listening closely to your colleagues, the security approach and the avenues for added value will become clear.

Let’s consider an example. Imagine you are the Chief Security Officer (CSO) at Starbucks and you know that the company has 30,000 stores and hundreds of thousands of partners. It is easy to get distracted by the numbers. However, by pausing and looking at Starbucks as a business, and being curious about the “why,” we start to see more complex and meaningful opportunities for the security leader. Look no further than the Starbucks’ About Us page to identify a few substantial areas of focus for any leader at the company:

“We make sure everything we do honors that connection – from our commitment to the highest quality coffee in the world, to the way we engage with our customers and communities….”

This direct statement provides a security leader with a few obvious areas of consideration that can help contribute to the company’s core mission and values. For example, the “highest quality coffee in the world” can come from remote and challenging locations, like the Kawa Kabuya Reserve Roast from the Democratic Republic of Congo. Just by learning about this one roast, one quickly realizes how crucial it is to have a robust approach to supply chain security, travel safety and business continuity, in order to help the company maintain reliable access to these specific coffee beans. By simply scratching the surface of the “why” behind the company, security leaders can immediately start to inform the “what” of the corporate security and resilience program. Suddenly, the focus of those programs is aligned directly with the company’s bottom line.

2. Stop saying “no,” and start explaining “how.”

Many corporate security leaders hail from previous careers in the Military or law enforcement. These are career paths that are rules-oriented, and there is a comfort zone with the role of being the “rule-enforcer.” You write an access control policy, you put resources toward protecting a facility, and you intervene when someone breaks the rules. It’s easy, and perhaps it comes naturally, to get into this cycle of yes vs. no, approved or not approved. The issue is, sometimes your company gains no benefit from being locked into binary options. When your organization wants to be bold or try new things, they may need you to move on from “yes” or “no,” and graduate to telling them “how.”

Let’s jump into an example. Imagine for a moment you are the CSO at a fictitious startup clothing company based in the United States, called Spiffy. You are brought on to help build out a security program as the company is starting to open retail locations and expand its manufacturing programs. The Spiffy CEO calls you and says, “We are looking at alternative markets for sourcing cotton and clothing manufacturing, due to high costs of doing this work in the United States.” You naturally ask the CEO where she is looking around the globe. She explains that Brazil and Pakistan are among their top choices as they are major cotton producers. What is your gut reaction? Did you secretly want to instantly say “no” to either Brazil or Pakistan due to security concerns?

In this case, the CEO is not asking for a yes or no response. This conversation represents an opportunity for the CSO to ask questions in order to deeply understand what the business operations could look like in each country. You then take all this information, conduct a risk assessment tailored to your organization’s profile, and return to the CEO with a valuable product.

Instead of telling the CEO what is safe or unsafe, you are able to provide a detailed view of the risks in each country, strategies to mitigate risk to a tolerable level for the company, and all-in budget forecasts for those mitigation strategies. The CSO that is able to articulate “how” to achieve daring business goals in challenging locations is infinitely more valuable than the CSO who says if a country is “safe enough” or “too dangerous.”

3. Remember that security is part of the “sale.”

You may read the word “sale” and say to yourself, “Nah, I’m not a sales guy.” And that may be true in a transactional sense. However, one of the greatest ways to ensure your security and resilience program is actually adding value to your organization is to look for ways that your program can “sell” your company’s product or even your company’s image.

The first “sale” happens at every company’s front gate and front lobby. Similar to a recruiter being the first brand ambassador to job applicants, a front-line security professional is the first representative of your brand. Imagine a major client meeting at your corporate headquarters. The security officer at your front gate greeting your client is setting the tone for the client experience based on the level of customer service that she delivers, even during the briefest of encounters. If every single person on the corporate security team, from the tactical to the strategic, views themselves as brand ambassadors, they become part of the customer experience.

Let’s look at security’s role within sales from another angle. At first glance, the nexus between corporate security and the actual product that your company sells may not be obvious. Have you ever spoken with your business development or marketing teams and asked them how they describe the company to clients?

Imagine for a moment that you are the CSO for a data center company. As clients shop around for data center providers, they may take into account a variety of considerations that may influence which provider they choose, ranging from geographical location, to cost, to size. As you start to listen to your business development colleagues, it is likely that they tell you that most clients also ask about physical security measures in place at the data center. Clients are entrusting a data center company to protect the technological backbones of their companies, and naturally, they want assurances that the data center company is both secure and resilient. Once this realization occurs, the security and resilience program become part of the sales pitch.

4. When you look good, the company looks good.

Think back to seeing videos of Steve Jobs on a stage representing Apple and connecting the person with the brand. However, to leave all of this brand enhancement to the CEO represents a missed opportunity. Have you ever thought of a topic that you wanted to write about, speak about at a conference, or discuss on a podcast? Every time you pursue those opportunities and your name is in a magazine, or announced on stage at an event, it is good branding for you and your company.

Let’s imagine one more scenario. The CSO for the fictitious clothing brand, Spiffy has been invited to present at The Great Conversation in Security in 2022. The CSO wants to offer a presentation to his peers on risk analysis and reporting strategies in emerging markets. Suddenly, the CSO is standing on a stage in front of hundreds of his peers, and the first slide says, “John Smith, Chief Security Officer, Spiffy Clothing Company.” The CSO continues with the presentation and does an amazing job. Audience members approach afterward, asking for his contact information.

Not only did this help the CSO’s reputation within the corporate security community, but suddenly, two things happened for Spiffy Clothing Company. First, the brand was pushed out to a new audience for free. Second, the audience made a psychological connection between a CSO who was smart, informed and forward-thinking, and the brand called Spiffy. If Spiffy’s executives are at this caliber, this company must be onto something. When your activities enhance your personal brand, your company’s brand wins at the same time.

Not all security and resilience leaders jump into the private sector because of their natural interest or ability in sales or business development. However, for the leaders that want to be part of the ever-changing cultural identify shift that is occurring within the corporate security community, now is the time to invest your energy in understanding your value proposition for your company.

Luckily, nothing in this article actually costs you, your security department, or your organization any money. By simply taking the time to ask more questions, listen to your colleagues and clients, and seek ways for your programs to help enhance your company’s core mission, you will naturally become exponentially more valuable to the overall enterprise.