In July, we acknowledged the challenges we found that security leaders were facing in navigating change within the industry:
• Static or declining budgets
• Lack of program standardization due to a variety of influences
• No common operating picture due to lack of technology standards and budget
• Lack of strategic value articulation at the top levels of the organization
We also pointed out that each one of these challenges reinforce each other. Without value articulation, budgets can be difficult. Without a common operating picture that captures information at its source and aggregates it so that analytics can be deployed over time, metrics are difficult. Without metrics, meaningful and comprehensive value cannot be quantified. Program standardization helps reinforce budget optimization and fiscal discipline, not to mention data capture and aggregation.
The bottom line: If you want to cut costs and increase value, something has to change. And that change impacts multiple people, processes and technology platforms within the organization.
More than ever, executives realize that one of the core competencies needed in their leaders is the ability to create a change culture. A change culture is self-correcting. The stakeholders (employees) are taught and empowered to recognize elements of their roles or processes that are inefficient or diluting value. Managers are provided tools by which they can receive input and measure the degree of criticality of the data. To do this, they are taught to organize teams to process the input. Author John Kotter calls these teams "guiding coalitions." They help identify the sense of urgency as well as test, articulate and manage the process of change. There are many thought leaders, books, and consulting organizations focused on this.
For example, in the Security Executive Council’s Next Generation Security Leader (NGSL) program, the faculty is composed of CSO’s who are currently going through or have gone through the change process for transforming their role from a purely preventative function to a recognized leader in helping to create a highly resilient and adaptable organization; an organization that optimizes their people, process and technology while driving innovative programs that create organizational value.
Dave Komendat, the CSO of The Boeing Company, is a frequent guest speaker at the NGSL forums. He tells a story of leading change by asking his people to be vigilant in looking for areas of collaboration and optimization that support the mission of the company. In doing this, his people are also asked to create supporting metrics that launch a sense of urgency to support a change, as well as measure the impact of a new/existing process or tool. (Example: technology solution).
As I sit in on presentations by technology vendors - who are beginning to see the market opportunity around budget/cost optimization, IT provisioning consolidation, information consolidation, identity consolidation, etc. - and then speak with security leaders, I realize that the biggest obstacle to their end goals is not technology, but cross functional leaders managing change.
The advice from the NGSL faculty seems to align with best practices around change. For example, let’s look at Kotter’s 8-Step Process for Leading Change:
Step 1) Establishing a sense of urgency: Help others see the need for change and they will be convinced of the importance of acting immediately.
Step 2) Creating the guiding coalition: Assemble a group with enough power to lead the change effort, and encourage the group to work as a team.
Step 3) Developing a Change Vision: Create a vision to help direct the change effort, and develop strategies for achieving that vision.
Step 4) Communicating the Vision for Buy-in: Make sure as many as possible understand and accept the vision and the strategy.
Step 5) Empowering Broad-based Action: Remove obstacles to change, change systems or structures that seriously undermine the vision, and encourage risk-taking and nontraditional ideas, activities, and actions.
Step 6) Generating Short-term Wins: Plan for achievements that can easily be made visible, follow-through with those achievements and recognize and reward employees who were involved.
Step 7) Never Letting Up: Use increased credibility to change systems, structures, and policies that don't fit the vision, also hire, promote, and develop employees who can implement the vision, and finally reinvigorate the process with new projects, themes, and change agents.
Step 8) Incorporating Changes into the Culture: Articulate the connections between the new behaviors and organizational success, and develop the means to ensure leadership development and succession.
Operationalizing and institutionalizing this type of process takes commitment and training from the executive suite to middle management to the security guard, but the payoff is exponential; financially, competitively, and, when it comes to the security function, organizational strength and resilience.
The next NGSL program is scheduled to take place on Monday, Sept. 23 prior to the ASIS 2013 conference. It is the premier leadership forum for managing and navigating change in the security industry. Today, I am not aware of any consultants or integrators who are staffed to help train or manage a change effort in the security industry. The NGSL program is timely and needed.
