What makes a good Security Manager?
What makes a good Security Manager in the current climate? What are the aspects that influence how security is delivered where you work? Here, we highlight some of the key elements needed for good security management.
We face many challenges in the modern security environment. Some examples across the threat landscape include societal aspects, political unrest, financial impacts, abundance and impact of social media, localised crime, and the need for constant awareness of extremist threat and terrorism. This does not even start to include the minutiae of specific contract threats, day-to-day operations, client needs and expectations, occupier operations and risk appetites etc. We know that this can be extremely frustrating!
With all these considerations, delivering comprehensive security is no easy task; it may look like it to the uneducated: “what’s so hard about security, you stand on a door?” etc. etc. We’ve all heard the comments. To effectively deliver security as a manager is without doubt a plate-spinning exercise; however, as I have outlined in previous articles, chasing problems just leads to frustration and increased stress levels.
Therefore, focusing and prioritising is essential. Pick your battles, know what and when to let go and accept, what you cannot change, this must be in your management approach. I caveat this with ensuring that you have made the client or relevant individuals aware of these concerns, preferably in writing! Remember with security, we are there to manage the risks of the contract; we do not necessarily own these risks.
So, the below are key elements I feel need to be a priority in good security management. I’m not going to teach you how to manage, we all have our own styles and approaches – there is a plethora of studies, books, articles, and courses available on this.
Knowledge and understanding:
A strong understanding of security practices, industry standards, and emerging technologies is essential for a security manager. You need to stay updated with the latest security trends and developments to make informed decisions and implement effective security measures. It is essential that you understand the contract and the environment in which you operate. This will allow you to identify the skills sets in your team and deploy them appropriately – granted, easier with larger teams, than smaller ones, but you will have a variety of strengths and weaknesses to utilise.
Deploying these appropriately has to be considered. This awareness will develop your ability to respond to threats and risks that you may face, and will be a huge benefit to your management of the contract. Day-to-day churn can create tunnel vision and the bigger picture can be missed. While the core operational aspects need to be managed, these will not typically take up the majority of your day (yes, I speak from experience!). Knowing and being aware of the risks and threats in the wider areas will assist in better security planning, the ability to update and discuss with clients and colleagues, and to allocate resources. So, take the time to step out of the weeds and review beyond your immediate perimeter and contract boundaries.
Evidence your security delivery:
Sometimes, reporting by omission is vital to outline where service delivery has been focused; this will demonstrate where some things may not have been completed. The need to meet client needs on service expectations is becoming more and more expansive; at times it greatly dilutes the security service. However, the difficult meetings when things have gone wrong and justifying what we were doing will need valid evidence. This ties into the previous points of knowledge and understanding. For example, if there are areas of service expectations that are likely to impact deployment because of additional needs, then make sure the potential problems in doing this are documented. Again, the risks we may work with can be exacerbated due to the financial capacity of the contract, or budgetary restraints (and at present we are all feeling the costs of doing business). Make sure your threat matrix, security plan, risk assessments, etc. have these points in a place where they can be reviewed regularly – KPI, SLA monthly meetings, etc. This allows for the appropriate risk and threats to be addressed and kept on the radar. Your monthly meetings should be a regular opportunity to ensure the security strategy and objectives are being met and discussed.
Although this seems like an obvious statement, as a manager the contract responsibility sits with you. It’s a far wider- reaching responsibility, ultimately where the buck stops if it goes wrong. Knowing that, holding the position of manager, lead officer, supervisor etc. has repercussions. Those in these positions will quickly learn what understanding what could happen if there are incidents, especially serious incidents, (Manchester Arena and the soon-to-be Protect Legislation), and that those in charge need to understand you will be held accountable to justify their decisions, processes, and actions. It’s important you don’t let the day-to-day distract you from this element of security management.
Adaptability and flexibility has to be a key skill. Security managers/leaders often face evolving security threats and changing circumstances. Being adaptable and flexible allows those in charge to adjust their strategies and approaches to effectively address new challenges. Day-to-day operations, staff logistics, last-minute changes, train strikes, sickness, etc., all these change how the deployment is applied and where the management focus is directed. Remember though, any serious incident won’t happen when you are fully crewed with your best officers and no additional responsibilities.
Things happen outside our ideal circumstances, and you cannot offer up day-to-day operations as an excuse for not responding as appropriate. I refer back to the evidence and reporting section.
Communication, risk management and analytical skills:
Effective communication is crucial for a security manager. They must be able to clearly articulate security policies, procedures, and instructions to their team members, as well as communicate with other stakeholders as required. Understanding the importance of communications in response to risk and crisis is vital. Risk management expertise and the need to understand risk assessment and management principles is vital. There are many examples, for example, such as the National Decision making Model (NDM), to allow for considered responses. These models can be scaled to meet all incidents.
These go in tandem with analytical and problem-solving skills, possessing strong analytical skills to assess complex security situations, analyse information and make informed decisions. Be adept at problem solving, identifying vulnerabilities, and developing effective solutions; this means the ability to identify potential security risks, develop strategies to mitigate them, and implement appropriate controls and measures is a key element. These aspects do impact the day-to-day issues but are an absolute essential in the wider awareness of risk and threats.
Collaboration and relationship building:
Security managers need to build positive working relationships with colleagues, stakeholders, and external partners. Collaboration and teamwork are essential for effective security management across different departments and functions. We can no longer rely on working in silos as has been the practice for far to long. Over the last few years, initiatives like the CSC and Police and Security Partnerships (PAS) have driven this approach to collaboration to new levels, but it’s still not where it needs to be.
As a manager can you honestly say that you have sought out the neighbouring security teams, managers, identified and met with the police, CTSA, CTPO, DOCO, BID, Servator teams etc., and have a regular stream of information and updates about local issues? These partnerships are vital. As a manager, make sure your contacts web is effective and current.
Security is a dynamic field, and a good security manager understands the importance of ongoing learning. Ensuring that you have solid collaborations means that you can share best practice, learn from the latest industry developments, attend relevant forums, training programmes etc. and encourage your team members to enhance their skills and knowledge. I have found that the links to good industry contacts assist greatly in personal development; you cannot know everything, or attend every course or meeting, but you can share these to benefit those in your immediate sphere.
Overall, a good security manager possesses a combination of leadership, technical expertise, communication skills, and a commitment to continuous improvement. They should be able to create a secure environment and protect the organisation’s assets while fostering collaboration and maintaining positive relationships with stakeholders.
Jon Felix BSc (Hons), MDIP, MBCI, MSyl, M.ISRM
Risk and Threat Advisor, CIS Security
For more articles on security management, see our Security Management category.