Years ago, I asked a question of my company: Who do we learn from? Naturally, they told me their clients and their company peers. But what we discovered as we began to dig into this question is that our company belonged to an interconnected community that includes:
Business Professionals: From airports and hospitals to police departments and city managers, they all have business models that are being impacted by risk — not just security risks; but environmental, socio-economic, socio-political and competitive risks. We realized that these business models are the fundamental drivers and investors in security’s unique competencies and perspective; so, we want to engage the executive suite in understanding the drivers, constraints and capitalization requirements of the business before we provide input into the risk and security response.
Government Agencies: Many of the emerging technology and process trends begin with government agencies sponsoring innovation. Staying close to these trends provides us insight into the private industry timing and response. Government is also the constraining vehicle for private enterprise — that is, it attempts to regulate, monitor and control. This can be good or bad, but either way, staying current on the regulatory and compliance trends making their way through our political system enables us to begin to form policy, risk and compliance approaches, and to determine their impact well in advance.
Think Tanks (Analysts): They provide objective perspective on trends, from technology and market sectors to the changing/adapting processes.
Business Process Model Consultants: Typically outside or tangential to the security industry, they provide us models and systems to learn from. For example, we took many proven practices from this knowledge sector to frame our Security Process Optimization (service mark) practice. By deploying this through our Professional Services group, we are identifying inefficiencies costing precious budget dollars for our clients, and redeploying the savings for innovation to drive organizational value.
Business Continuity Consultants: Businesses must be adaptable and resilient, and it must be true for every line of business inside the organization, including security. Uncovering best practices, tools and knowledge agents is critical to success.
Risk Management Consultants: Risk is part of business continuity assessment, but it also has a precise focus. We acknowledge this and work to understand their approach and impact on the organization’s mission through security.
Security Integrators: Although we are a security integration and consulting company, we strive to partner with others for the good of the client. We look for similar attention to detail by assessing whether they have a methodology with prescribed steps and measurements, formal professional and certified disciplines, and targeted market expertise. We may include them in a highly leveraged project or even team with them by leveraging expertise we do not have. Collaboration and teamwork is a way to grow the entire industry.
Media: Picking the right communication vehicles to trust is critical. You must have a way to aggregate, categorize, analyze and leverage the information. We are using an integrated research and communication platform to do this. Since we are doing that for ourselves, we have taken best practices from that approach to help our clients do the same with their internal and external business and risk intelligence.
But for all that effort, we were missing a catalytic model to bring the entire network of influencers together; thus, we began to list the wants and needs of ourselves and others in the security community. We needed to:
• understand and identify how peers worked together;
• understand our peer’s perspective;