How to Thrive Under Pressure as a Solo Security Director
Key Highlights
-
Use structured models like SWOT, the Eisenhower Matrix and VSEM to balance strategy and daily operations.
-
Communicate in business language, not security jargon, to build trust and influence across departments.
-
Focus on enabling the business through collaboration, transparency and clear priorities.
Being a “department of one” doesn’t mean going it alone. During his GSX 2025 session “An Army of One: Thriving as a (Solo) Director of Safety & Security,” security strategist Ken Carrasco shared a set of structured models and leadership habits to help professionals strengthen their impact when managing safety and security operations singlehandedly.
Carrasco began with a personal story illustrating how fear of judgment once limited his confidence when engaging executives. His takeaway: security leaders must shed hesitation and embrace vulnerability to communicate more effectively. “You must overcome that fear,” he said, “otherwise everything that follows doesn’t matter.”
Start with clarity and structure
Carrasco emphasized the value of assessment frameworks during the first 90 days in a new role. His approach begins by categorizing all observations into three domains — people, process and technology — before applying a traditional SWOT analysis to separate internal and external factors.
He then measures operational maturity against a four-step ladder: ignorance, negligence, compliance and operational excellence. The exercise, he said, helps identify the biggest gaps and opportunities early.
“I use this framework, especially when I'm unfamiliar with the vertical that I'm working in,” he said. “The idea is to begin to figure out what needs to be addressed first.”
Prioritize what matters most
Time management and resource prioritization, Carrasco explained, require discipline and self-awareness. Using the Eisenhower Matrix popularized by Stephen Covey, he urged attendees to spend the majority of their time in Quadrant 2: important but not urgent work that advances long-term goals.
“Time management tools aren’t for doing more in the same amount of time,” he said. “They’re for ensuring you do the most important things first.”
His daily strategy framework blends prevention, early intervention and response, allowing leaders to balance proactive and reactive duties. For security practitioners, this translates to combining skills and drills, data-informed decisions and accountability across teams.
Align with the bigger picture
To sustain progress, Carrasco advocated for the VSEM model — Vision, Strategy, Execution and Metrics — introduced in “The Collaboration Imperative” by former Cisco Systems executive Ron Ricci. The model creates a shared vocabulary between security and business leadership by linking corporate vision to measurable objectives. He noted that ambiguity is “the enemy of alignment, collaboration, and influence.” Eliminating it requires clear metrics, defined responsibilities, and transparent communication.
Carrasco compared security strategy to designing a maze, guiding people safely to their goals rather than blocking their way. “Your job isn’t to hinder the business by enforcing policy,” he said. “It’s to enable business to happen.”
Communicate, collaborate and build trust
Carrasco closed with practical communication advice for security leaders operating in business environments that may not fully understand their discipline. He recommended adopting corporate language instead of security jargon, distinguishing collaboration from teamwork and practicing transparency to build trust. Collaboration, he explained, is about aligning outcomes between groups with different interests, requiring empathy and diplomacy.
Ultimately, Carrasco reminded attendees that models are tools, not ends in themselves. The key, he said, is to use them consistently and connect with peers.
“Everything works — just not for everybody, and not all the time,” he said. “Your greatest resource will be your network of other security professionals and mentors.”
About the Author
Rodney Bosch
Editor-in-Chief/SecurityInfoWatch.com
Rodney Bosch is the Editor-in-Chief of SecurityInfoWatch.com. He has covered the security industry since 2006 for multiple major security publications. Reach him at [email protected].