Thursday, September 30, 2010

Principled Security Leadership

Here is the paper many of you helped me with this summer..

Photo courtesy Photos8.com

Principled Security Leadership

A Nagging Question

A serious concern has nagged the security professional in me since the fall of 2001. This concern has fueled much personal introspection and non-academic study since. This concern has informed much of my Human Development program since my beginning course. My concern is this: Have security professionals– through action, passivity, or silence – made use of fear to further their programs, especially in the years since the terror attacks of September 11, 2001 and the subsequent anthrax murders? When I express the question to fellow students, faculty, and persons outside the security profession the idea had traction. They immediately agreed that someone has been encouraging them to be fearful of their security, and they resented it.

As I formulated my approach to this question my research took several forms. I reached out via email to security and business professionals I know and respect. I solicited feedback from several online forums in which I participate at LinkedIn. Finally, I looked to the online databases to find papers in the academic literature on the topic of principled security leadership and its opposites. I read a variety of current books on leadership though, as we will see, almost all of them were oriented toward general business or military leadership.

The responses I received varied. Some were predictable, a few were disappointing, and the best of them were challenging.

A Three Part Process

Peers

I sent a mass email to my extended business connections informing them that I was reviewing the literature for examples of principled security leadership. By “principled” I told my peers I was looking for security professionals who lead in positive, proactive ways to make good business happen, rather than those who respond to security issues in an acquisitive, reactive, or fear-based manner. I told my fellow professionals I hoped to discern the elements of an effective, positive, and progressive model and eventually demonstrate the benefits of such an approach to our peers. Once I identified a group of such leaders and develop a sense of how their philosophies guide their practice I told my connections I hoped to interview several exemplars. To that end I asked for the names of progressive leadership professionals operating in the physical or logical security space that I should consider. Finally, I asked if there were any articles, papers, or other publications about security leadership practices that they had found useful. If they had any to recommend, I asked if them to share the citations.

The response of my peers was supportive. I received many recommendations for respected security professionals with whom I should speak. One questioned my use of the term “progressive” since most of the security practitioners he knew regarded themselves as conservatives (Thibodaux, C., personal communication, 2010). I assured him I used the term in a non-political sense and that I was seeking professionals who were innovative and willing to lead in non-traditional ways. Some professionals of my acquaintance said they wished me luck but that I should not expect to find business leaders who regard security as much more than an expensive necessary evil and that we will never be seriously considered a direct contributor to a business’s success.

There was little or no feedback with regard to the literature.

Forums

Then I posted a similar, if somewhat edgier, question to several different online forums at the LinkedIn professional networking site. The forums I chose – ASIS, ASIS Certified Protection Professional, Security Management Resources, Security Metrics, Private Security Professionals, CSO Roundtable, and National Loss Prevention – are actively attended by persons from a variety of security disciplines, several of whom I know and respect personally. The question I put to these security professionals was whether a positive, proactive leadership approach that centers on business success more productive than pursuing regulatory compliance or giving in to fear mongering? Again, I solicited advice as to citations, publications, and references.

Response on the forums was marked by a great deal of enthusiasm for my line of inquiry (Robinson, 2010). Many references were recommended (du Plooy, 2010), but I quickly found that they were going to focus on general business leadership theory and practice, frequently at a very high level (Richmond, 2010). Despite these helpful recommendations no citations in the academic literature offered, a harbinger of things to come. Still there were no references offered that dealt specifically with leadership of private security organizations.

The literature or the lack of it

Using search terms such as “ethical,” “progressive,” “principled,” “security,” “leadership,” and “fear” I sifted the on-line databases looking for academic papers on security leadership. My mind boggles that this sort of research used to be accomplished without computers! At first I limited my search to resources created since 2000, but dropped that restriction as citations trickled in. Alas, all the light speed electronics at my disposal took only milliseconds to return very few results.

Security and Security Management offered articles on supervision, management, and leadership, but these are trade journals. Mostly these articles described the application of progressive management practices to the security profession. These new practices are refreshing in a trade traditionally organized along hierarchical lines and accustomed to a top down communication style, but overall there was nothing to suggest that security leadership constituted a discrete talent.

Security Journal had a couple papers peripherally related to my line of inquiry. The issue of risk perception and assessment by security managers and how they communicate effectively to their superiors was given an effective treatment by Baron and Zwanenberg (1999). Likewise the issue of the funding cycle, and the means by which expenditures are justified, was examined by Manunta (2000).

The Security Executive Council, recommended to me by security industry notable Jerry Brennan (2010) is an online repository of security articles. Some are created by the Council for the sole use of its paid membership, some for retail sale. Other articles written for security related trade magazines are archived at their web site. Many of these articles focus on leadership issues but generally apply conventional business techniques (Hayes and Fickes, 2007).

Lora Setter, program director for the Masters in Public Administration at Saint Mary’s University of Minnesota, complained there is a lack of peer-reviewed literature on leadership in law enforcement organizations as well. She reports that her capstone students find many trade magazine articles but very little from the academy (Personal communication, August 12, 2010).

Findings

Principled Leadership

With regard to asking for examples of principled leadership some chafed at an implicit accusation. Everyone seemed to regard themselves as principled and not inclined to work for someone who is not. Many gave excellent examples of the virtues of effective leaders.

The leadership of subordinate team members was addressed by several forum respondents. Many with prior military or law enforcement experience addressed security leadership issues from a traditional hierarchical command, “mission first” perspective (J. Hanebury, personal communication, July, 2010). Most of the responses were from professionals committed to a compassionate (Green, 2010), progressive (Greggo, 2010), and democratic style (Polensky, 2010). I would like to think the path we prefer is the best one, but no one could data in support of the idea that a positive approach is more effective in the private sector. Does regulatory compliance still get more traction? Is it easier to react to fear than to work proactively with an appreciation of dynamic risk? There are great leaders who are fine people to work for, but are they judged successful by their executives for their contribution to the enterprise's financial success or for their leadership style?

There is no end of writing on business leadership. Historical leaders have been revitalized and repurposed as exemplars to corporate executives. Sir Ernest Shackleton, who led the Imperial Trans-Antarctic Expedition safely home despite disaster, demonstrated some surprisingly progressive values, perhaps because of his experiences under the heavy hand of other explorers who led as they had in the military – as rigid, tradition-bound, authoritarians (Morrell and Capparell, 2002).

Of course there are plenty of writers dealing with leadership in the military, from an inexperienced George Washington (Anderson, 2000, pp. 50-65) at the incident that started the French and Indian War, to Civil War leader General Grant (Kaltman, 1998), to unassuming WWII heroes (Palmisano, 2008), to young Marine officers in the most recent Iraq war (Ficke, 2008).

The security industry trade journals offer many familiar suggestions for applying both age old common sense and the latest thinking around leadership, compliance, and ethics. Learn to follow if you hope to lead (Chaleff, 2003). Communicate your vision (Dalton, 1998). Lead by example (Heck, 1993). Motivate with a positive, participatory policy (Kennish, 1994). Lead with ethics (Simonson, 1992). Attract and retain the attention of your executives in effective and responsible ways (Lukaszewski, 2009) (Ulsch, 2000). As useful as this guidance is, familiar, if not identical, advice can be found in the books dealing with general business leadership (Palus and Horth, 2002) (Watkins, 2003) (Palmisano, 2008) (Baldoni, 2009).

Compliance

The other category of leadership is administering a program that seeks to meet regulatory requirements. Compliance was regarded as the easiest to achieve according to several respondents. Responding to a specific regulatory framework makes for measurable results. So between a negative motivation, successfully meeting goals set by regulators, or engaging in principled leadership to help the company deal with dynamic risk, I am wondering which is - or is regarded by our executives as - the most effective method.

Several correspondents repeated the idea that, while it was desirable to find a way to directly connect the efforts of the security organization to a contribution to the bottom line financial results, such opportunities were few and far between (Agcaoili, 2010). The importance of meeting expected financial targets or contributing in quantifiable ways to the success of the enterprise might be inferred from the excellent responses I received but it was rarely at the top of the list of leadership priorities. This does not surprise me. I both extolled and witnessed a sort “warrior spirit” among security practitioners over the years. There is a sense that protection of persons trumps the profit motive. A more sophisticated business approach recognizes that injury, harm, or loss damages profits and must be avoided for both ethical and financial reasons.

Years ago a mentor suggested that while corporate security cannot be a profit center perhaps it will some day be seen a "profit enhancement center." This had shaped my ideas around effectively applied security making otherwise marginal business practical. But when meeting financial targets, making direct contributions to the bottom line, comes into play are positive, popular, principled leaders still highly regarded by their executives? Even the business literature was silent.

Fear Mongering

Perhaps the term "fear mongering" is too loaded a term for use in a friendly discussion.

My use of the term offended several writers. Such a question implied an ethical failure on the part of a leader. Yet beyond attempting to motivate subordinates through fear, I pressed in clarification, are there situations when security directors deliberately feed the fears of executives (or the clients of those involved in sales or consulting), peers, and employees to accomplish their goals when "managing up?” Did any of us oversell 9/11?

More than being offended many people expressed the opinion that using fear to forward an agenda was a short lived strategy that would backfire on a manager who tried it (Glantz, 2010). Others thought it did not happen very often. It is interesting the ways in which responses to my initial question vary depending on which group I asked. It was suggested that the term "fear mongering" is too strong, even a pejorative. The responses rejecting my use of the term were among the most detailed and were very useful to me.

I agreed that recognition and communication of threats to business success – especially issues affecting employee safety – is not fear mongering. Done proactively and with a positive mindset, finding way to secure the pursuit of marginal business in iffy markets is an excellent opportunity for us to demonstrate our value to the enterprise.

Conversations, emails, and responses on the LinkedIn groups helped me refine my query. I agreed most of us have experienced the joys of leading high performance teams using positive methods, yet I was left looking for data demonstrating any difference in the effectiveness of various styles used when "leading up" to guide our executives or senior clients.

Flaws in My Premise?

A couple very interesting responses came from persons who had also conducted graduate level work. Several said my question was far too broad for a Master’s thesis. I agreed that more focus was called for.

I was accused of posing a false dichotomy (Taylor, 2010). As I examined the question, especially as put to the forums, I became concerned my original question might have constituted a false trilemma – offering as choices principled and positive leadership, a program that seeks merely to comply with regulations, and operations run by those who leverage fear in the boardroom or in the general employee population.

I was warned that “the greatest challenge will be in working your personal bias out of the equation” (M. Smolecki, personal communication, July 1, 2010). Do the questions betray a cynicism arising from disappointments I have encountered personally? If so, then part of my ethical challenge is drawn from what I usually regard as strength. Over the past 30 years I have worked at every security position in the private sector, from line officer to corporate leadership. I have supported government and industry from the perspective of the security consultant. Most recently I have worked in providing vended security services, which has included sales and P&L pressures for which corporate security and even consulting did not prepare me. While they all have the word security in the title the jobs – and especially their business models – are really very different. I have seen the security profession from many angles, some of which did not play to my strengths. If I am angry about any of my experiences I must be careful to identify this threat to my objectivity and professionalism.

Have I addressed my question – and its implicit blame – to the correct sector? My attribution of fear mongering may be misplaced, or at least overstated, when directed at corporate security leadership. A closer look at the organizations that seem to be fomenting fear leads a person to identify government agencies (Schneier, 2003) (Ranum, 2004) or the news media (De Becker 2002) (Adams, 2010) as more egregious perpetrators than most security professionals. The vended security services sector is certainly guilty of leveraging the fears of its clients in its marketing materials (Lipman, 2009). There are still some security managers who make dire pronouncements in an attempt to influence the public (Lombardi, 2009). While some of fellow forum correspondents were familiar with security managers playing the fear card they thought it was not common in the corporate setting, and that it was done primarily when “managing up” (Saptarshi, 2010).

Though repudiated on several levels, the question nags a little. When we received increased budgets or new business in the aftermath of 9/11 were we benefiting from fear in the boardroom? If so, was our failure the result of relying on an inappropriate tool or some other sort a weakness in our leadership?

A New Three Part Process

Constructing a New Premise

This has been a wonderfully frustrating exercise. The core idea for my independent study has been turned on its head by comments, suggestions, and questions. My initial idea was to examine the literature surrounding principled security leadership. My questions seem now both too broad and somewhat shallow. I have been forced to reexamine my personal assumptions.

Finer focus

I am agreed with my correspondents that my original question is far too broad. If I hope to make some contribution to the literature and my craft I must clarify and focus my attention. If my position paper is to be written on the topic of security I must come up with a concise idea, a lens through which to focus on one particular aspect of my trade. With that in mind, when I look at my original question very closely it dissolves. All businesses will look for a positive, proactive leadership approach that aligns itself with the success of the enterprise (Libhart, 2010). All businesses will attach appropriate importance to the pursuit of regulatory compliance (Martinson, personal communication, August 2010). No business will knowingly or for long tolerate leaders who resort to fear mongering (Greggo, 2010).

Security Leadership?

Perhaps the real question is hidden in the subtext of my concerns. Is there such a thing as security leadership per se (Stephens, 2010)? Some of my peers, such as Carol Martinson, suggest security professionals are simply, and at their best, business leaders who specialize in the discipline of security, asset protection, and risk management, but that good leadership is good leadership (personal communication, 2010) (Lee, 2007).

The one area where security leadership may be different than other leadership opportunities in business is the perception that our special talent is to protect the company from physical harm at the hands of others, that we have a special understanding of such persons, and that we serve as a gateway to the criminal justice system. These talents are the stuff of TV crime dramas, movies, and novels, and people find them fascinating. I have seen this card played in ugly ways, and I have seen it applied with great compassion and sensitivity.

Does our role in dealing with emergencies make us a little more like the military or public safety organizations? The police run to the source of the gunfire. Firefighters run into burning buildings. Paramedics deliberately approach scenes of great pain and possible contagion to render aid. When they arrive there is frequently security officer there to open the door, guide them to scene, and tell them what is happening. What other business discipline might call for the ultimate sacrifice (Offer, 2010)? Does this aspect of our mission call for a specific sort of leadership, or simply the application of leadership methods applied by military, police, and emergency services professions?

In part I feel I am no closer to the answers to my several questions than when I started. Perhaps I have simply found several dead ends and can close out some unfruitful avenues of inquiry. I have identified weaknesses in my argument that will strengthen my approach to a more thoughtful and carefully focused question. But part of me wonders if we do not already know the answers to my three-part inquiry.

There are leaders who are fun to work for and who accomplish great things by abiding by common (Baldoni, 2009), clever (Cameron and Green, 2008), and progressive (Palus and Horth, 2002) principles. There a leaders who know how achieve results and earn the respect of their executives, peers, and team mates doing it (Goleman, 2000) (Watkins, 2003). There are ways to identify and prioritize dangerous, or even deadly, business risk (Jackson and Frelinger, 2007) and mitigate its effects (Hertig, McGough, and Smith, 2008). These days we can worry a little less about fear mongers – whether in government, the media, or the security manager’s office next door. There are vocal, high profile gadflies who will call their bluff (Mueller and Stewart, 2010) (Phillips, 2007). There are even those, in our post-Enron world, who challenge security leaders to expect excellence from their executives (Fine and Horowitz, 2010) (Dion, 2008).

There is some light. Tim Prenzler, Professor of Criminology at Griffith University in Australia (2007) calls on the security profession to engage in research of “the human side of security.” The industry might pursue more professionalism in the security field rather than laying more technology. Perhaps if there is no such thing as security leadership it is because its practitioners have not taken the time to stake out our turf, to identify why what we do is different from the other business disciplines, and how we can make what we do better. Now that is a compelling challenge and very interesting potential topic.

References

Adams, J. (2010) What kills you matters – not the numbers. Retrieved from The Social Affairs Unit web site: http://www.socialaffairsunit.org.uk/blog/archives/000512.php

Agcaoili, P. (2010, June 22) Message posted to http://www.linkedin.com/groupItem?view=&gid=515&type=member&item=22872269&goback=%2Egmp_515

Anderson, F. (2000) Crucible of war: the seven years war and the fate of empire in British North America 1754-1766. New York: Vintage Books.

Baldoni, J. (2009) Lead by example: 50 ways great leaders inspire results. New York: American Management Association.

Baron, V. and Zwanenberg, N. (1999) Cues, needs, and decisions: a ‘lens’ model of security operations. Security Journal. 12, 41–55; doi:10.1057/palgrave.sj.8340029

Brennan, J. (2010, June 23) Message posted to http://www.linkedin.com/groupItem?view=&gid=2277983&type=member&item=22872077&goback=%2Egmp_2277983

Cameron: E. and Green, M. (2008) Making sense of leadership: exploring the five key roles used by effective leaders. London: Kogan Page Limited.

Chaleff, I. (2003) The courage to follow. Security Management. 47(9), 26-32.

Dalton, D. (1998) Visions of leadership. Security Management. 42(6), 29-30.

De Becker, G. (2002) Fear less: real truth about risk, safety, and security in a time of terrorism. Boston: Little, Brown and Company.

Dion, M. (2008) Ethical leadership and crime prevention in the organizational setting. Journal of Financial Crime. 15(3), 308-319. DOI 10.1108/13590790810882892

Du Plooy, J. (2010, June 23) Message posted to http://www.linkedin.com/groupItem?view=&gid=55552&type=member&item=22872157&goback=%2Egmp_55552

Feeny, J. (2010, June 23) Message posted to http://www.linkedin.com/groupItem?view=&gid=55552&type=member&item=22872157&goback=%2Egmp_55552

Fick, N. (2005) One bullet away: the making of a marine officer. New York: Houghton Mifflin Company.

Fine, S. and Horowitz, I. (2010) Managing big egos. Security Management. April 2010.

Glantz, K. (2010, June 26) Message posted to http://www.linkedin.com/groupItem?view=&gid=50289&type=member&item=22870206&qid=2fc9834d-0f67-4ced-8910-fab3f49b0e5b&goback=%2Egmp_50289

Goleman, D. (2000) Leadership that gets results. Harvard Business Review. March-April 2000.

Green, D. (2010, June 29) Message posted to http://www.linkedin.com/groupItem?view=&gid=2277983&type=member&item=22872077&goback=%2Egmp_2277983

Greggo, A. (2010, June 23) Message posted to http://www.linkedin.com/groupItem?view=&gid=50289&type=member&item=22870206&qid=2fc9834d-0f67-4ced-8910-fab3f49b0e5b&goback=%2Egmp_50289

Hayes, B. and Fickes, M. (2007) Tomorrow’s security leaders today. Retrieved from securitysolutions.com web site: http://securitysolutions.com/mag/security_tomorrows_security_leader/

Heck, G. (1993) Managing by example. Security Management. 37(6), 47-48.

Hertig, C, McGough, M., and Smith, S. (2008) Leadership for security professionals. Security Supervision and Management: Theory and Practice of Asset Protection (3rd Ed.). Sandi Davies and Christopher Hertig (Eds.). Burlington, MA: Butterworth-Heinemann.

Jackson, B. and Frelinger, D. (2007) Emerging threats and security planning: how should we decide what hypothetical threats to worry about? Occasional Paper, RAND Homeland Security. Santa Monica, CA: RAND Corporation.

Kaltman, A. (1998) Cigars, whiskey, & winning: leadership lessons from General Ulysses S. Grant. Paramus, NJ: Prentice Hall Press.

Kennish, J. (1994) Motivating with a positive, participatory policy. Security Management. 38(8), 22-23.

Lee, J. (2007) From banking to bakeries: managing asset protection at Supervalu. Retrieved from Loss Prevention Magazine web site: http://www.losspreventionmagazine.com/archives_view.html?id=1735

Libhart, L. (2010, June 24) Message posted to http://www.linkedin.com/groupItem?view=&gid=50289&type=member&item=22870206&qid=2fc9834d-0f67-4ced-8910-fab3f49b0e5b&goback=%2Egmp_50289

Lipman, I. (2009) The time for urgency is now. Security Management. October 2009.

Lombardi, L. (2009) Who’s guarding beaver stadium? Retrieved from centredail.com web site: http://www.centredaily.com/2009/10/06/v-print/1548830/whos-guarding-beaver-stadium.html

Lukaszewski, J. (2009) Getting the boss’s ear. Security Management, 53(5) pp. 111-112.

Manunta, G. (2000) The management of security: how robust is the justification process? Security Journal. 13(1), 33-43.

Morrell, M. and Capparell, S. (2002) Shackleton’s way: leadership lessons from the great antarctic explorer. New York: Penguin Books.

Mueller, J. (2004) A false sense of insecurity. Regulation. 27(3), 42-46.

Mueller, J. and Stewart, M. (2010) Hardly existential: thinking rationally about terrorism. Retrieved from Foreign Affairs web site: http://www.foreignaffairs.com/articles/66186/john-mueller-and-mark-g-stewart/hardly-existential

Offer, V. (2010, June 26) Message posted to http://www.linkedin.com/groupItem?view=&gid=55552&type=member&item=22872157&goback=%2Egmp_55552

Oyler, J. (2010, June 21) Message posted to http://www.linkedin.com/groupItem?view=&gid=515&type=member&item=22872269&goback=%2Egmp_515

Palmisano, D. (2008) On leadership: essential principles for success. New York: Skyhorse Publishing.

Palus, C. and Horth, D. (2002) The leader's edge: six creative competencies for navigating complex challenges. San Francisco: Jossey-Bass.

Phillips, Z. (2007) Security theater. Government Executive. August 2007.

Polensky, T. (2010, June 21) Message posted to http://www.linkedin.com/groupItem?view=&gid=1065207&type=member&item=22872352&goback=%2Egmp_1065207

Prenzler, T. (2007) The human side of security. Security Journal. 20, 35-39. doi:10.1057/palgrave.sj.8350043

Ranum, M (2004) The myth of homeland security. Indianapolis, IN: Wiley Publishing Inc.

Richmond, T. (2010, June 20) Message posted to http://www.linkedin.com/groupItem?view=&gid=515&type=member&item=22872269&goback=%2Egmp_515

Robinson, P. (2010, June 21) Message posted to http://www.linkedin.com/groupItem?view=&gid=38907&type=member&item=22872350&qid=007c9ca5-f6a6-4fdc-a186-6ce8f11de787

Saptarshi, M. (2010, July 7) Message posted to http://www.linkedin.com/groupItem?view=&gid=55552&type=member&item=22872157&goback=%2Egmp_55552

Schneier, B. (2003) Beyond fear: thinking sensibly about security in an uncertain world. New York: Copernicus Books.

Ulsch, M. (2000) Getting executive attention. Security Management, 44(1) pp. 32-33

Watkins, M. (2003) The first 90 days: critical success strategies for new leaders at all levels. Boston: Harvard Business School Press.

Williams, C. (2010, June 29) Message posted to http://www.linkedin.com/groupItem?view=&gid=55552&type=member&item=22872157&goback=%2Egmp_55552 

No comments:

Post a Comment