Sunday, July 31, 2011

Warrior Poets in Service to Philosopher Kings: Modeling Security Leadership

Peer comments are most welcome!

Warrior Poets in Service to Philosopher Kings: Modeling Security Leadership

The general educational goals for my graduate program at Saint Mary’s University of Minnesota are to discern and nurture skills and techniques required for effective leadership, team building, and teaching; refine an awareness of my gifts, skills, and limitations in my discipline and other areas; and apply critical thinking and personal courage when addressing issues of culture, religion, ethics, decision-making, and personal freedom.

The goal of this, my last, independent study in my program was to prepare a paper describing a model for principled leadership in modern security organizations. The means applied are to integrate my Human Development program learning, my professional experience, and interviews of well-regarded professionals in the field; assemble a model for leadership in modern security organizations; and test the model with my professional peers.


Not all days are good ones. I entered the Human Development program at Saint Mary’s University of Minnesota at a low ebb. In 2008, in the wake of personal tragedies and buffeted by professional disappointments, I wrote:

“I’ve been a warrior, sleuth, assassin, architect, teacher, friend, poet, foot soldier, lieutenant, harried executive, preventer, enabler, frustration, and inspiration. But the fates determine that companies and careers follow an arc, and some peak early. The last good fight a distant memory, I stand guard over the house-of-cards castles of bickering lords besotted by greed. Wearied by age, fatigue, and heartache, there is little to do but see that the men are fed, the horses groomed, and that the hounds – which have not hunted for far too long – are scratched behind the ears by someone who knows their plight. I fear I will never be more than a would-be warrior-poet to should-be philosopher-kings.” (Brady, 2010)

The Human Development program gave me the flexibility to study ethics, leadership, decision-making, team-building, and the nature of strongly held belief. I have used Saint Mary’s as a laboratory where I re-evaluated my perspective on my craft and reinvented my approach to my trade. To focus my efforts I chose a question which has haunted me for years, whether or not security professionals – either through deliberate action or negligent inaction – leverage fear to further their programs, especially since the terror attacks of September 11, 2001.

Security leadership is a specialized discipline occupying a unique niche in the business world. Leaders in our field must be developed using agreed upon principles, yet the trade lacks a well developed body of academic literature. Thus we borrow many of our developmental tools from other sectors. The security profession borrows predominantly from general business leadership research, as well it should. The security profession applies leadership lessons from military and law enforcement leadership traditions and history, as might be expected. There are, however, specific issues that make security unlike other business disciplines. The unrestrained growth of security technology and its impact on society cannot be effectively measured, accurately understood, efficiently applied, or appropriately regulated without leaders who are willing to examine the need for such tools with a critical eye. At Saint Mary’s I have encountered new methods to create more effective leaders and have found ways to apply them to the security trade.

The security industry needs professionals who are committed to advancing the interests of his or her enterprise rather than simply reacting to fear, acting as private police, or closing the sale. The security professional should make a contribution as an employee, a content professional, and a team member. He or she has a responsibility to act ethically when dealing with the public, employees, and executives. Executives deserve to know their security director is not blowing smoke, is keeping his or her eyes on the prize, and is on the right track. It is critical that the entire organization understands the principles which form the foundation of the security program.

Three themes have become central to my study of this craft. They are the concept of servant leadership, the art of team building, and application of critical thinking to security issues.

Be a Servant Leader

Serve your staff.

My organization chart is upside down. The box with my name in it is at the bottom. Above it are the names of my supervisors and shift leaders. Above their names are those of our security officers. It reminds me of my commitment to servant leadership. (Bodner, 2006) It makes my team members regard me with quizzical expressions. It has served as a conversation starter for chats with peer leaders in the organization. It is a simple yet demanding graphical representation of a powerful idea.

The concept of servant leadership has changed my personal, professional, and civic life forever. Thanks to Richard Leider (2006) I understand that I am responsible for helping my team members succeed. I support my supervisors, they support our staff, and our staff supports the thousands of the client’s employees we serve. I have a responsibility to prepare my officers to become supervisors and my supervisors to become managers. Any good parent will understand the concept. We support our families’ needs, hopes, and aspirations; they do not exist to support us.

There are other strengths to the servant leadership model. A commitment to serving our teams makes it easy to incorporate the power of diversity into our organizations. (Bolden, Gosling, Marturano, & Dennison, 2003) If we are in a service mindset, seeing to the success of women and minorities, Americans and new immigrants, team members with GEDs and those working on their PhDs, makes good sense. The servant leader finds it natural to engage in mentoring relationships, whether casual or structured.

Serve yourself.

In reinventing ourselves we make the hero’s journey, leave the familiar, seeking the prize, suffering hardship, and returning transformed. (Campbell, 1973) If we are going to break the molds, strike out on new paths, and create new opportunities there is another important individual to serve. Care for yourself. Self care contributes to the success of the team. It is not a selfish act. (Palmer, 2000) Do the work it takes to become and remain centered and whole. See to your health, both physical and emotional. Make time for daily reflection. Keep a journal. Start doing more of what you like and less of what you do not. (Csikszentmihalhyi, 1996) Businesses frequently spend much effort correcting our weaknesses. Perhaps increasing our opportunities to play to our strengths would be more productive. It would certainly be more enjoyable. (Lennick & Kiel, 2008)

Do not use just your head; use your heart and your gut. There are resources that will allow you to tap the benefits of left mode and right mode styles of attention; avail yourself of them. Get away from your desk. Move! Kinesthetic attention can take the form of sophisticated serious play or simple management by walking around. Creative leadership requires intuition and personal passion as much as mission statements, key performance indicators, policies, and procedures. There is great power if we can bring avocation and vocation – the personal and the professional – together. (Palus & Horth, 2002)

Serve the business.

In business I find the servant leader has a much easier time controlling his or her ego and is less affected by those of others. It is easier to focus on what we are trying to accomplish when we are not so busy defending our turf and protecting our ego. (Drury, 2004) It is easy to explain why we are committed to making sure the right things happen, strive to prevent negative events, engage everyone necessary to pursue regulatory compliance, and do what it takes to enable and support profitability.

The matrix management model, in which we are obliged to lead through inclusion, communication, and influence instead of hierarchal authority and the power of position, seems easier to navigate when I apply servant leadership ideals. When we have an entire matrix of relationships to work with we can find spots here and there across the organization where effective thinking about the role of security can be applied to the benefit of enterprise. (Bartlett, C. & Ghoshal, S. 1990) In turn, enterprise risk management, arguably the most highly developed security model currently in use, lends itself to both matrix management and servant leadership. In an enterprise risk management model we cast a broad net, involve a wide variety of stakeholders, and create synergies as we address a constellation of issues to protect persons, property, and business interests. (ASIS International CSO Roundtable, 2010).

Some of us are individual contributors, operating primarily at a technical level. Many of us are managers, usually operating at a political level. If we walk the talk, act in alignment with our core values, model integrity, become self-authorizing, and pursue our vision, we can become a transformational leader on behalf of our team, even the rest of the enterprise. (Quinn, 1996)

Serve your community.

Embrace the principle that you have an obligation to give back to the community that raised you and the profession that has developed you. Leaders have the ability to serve outside of specific job responsibilities. I serve my profession as a member of professional associations and by calling out less than critical thinking in conversation, at meetings, on forums, and on my blog. By making the time to engage in correspondence, networking, and debate on various social media tools we influence peer professionals we may never meet face to face. I have the pleasure of serving as an instructor at Saint Mary’s University of Minnesota in the Bachelor’s Degree completion program in Security Management. My program director models servant leadership in her support of my fellow instructors and me as we strive to promote the success of the students in our program. In the course of my Human Development program I have expanded my sense of responsibility to include our society at large. I have recently begun serving my community as an ESL and GED tutor.

Tom Peters (2010) tells us “Leaders don’t create followers, they create more leaders.” By modeling servant leadership as an element of a positive and progressive leadership style we show our teams, our peers, and our executives the sort of leadership professionals they too can become.

Build Strong Teams

There is a small handwritten plaque on my desk that reads, “Help create leaders worth following.” On the back it says, “Leading by example, use my experience, good will, integrity, and compassion to help new leaders create themselves.” As I discussed above, servant leaders make it their personal responsibility to develop their staff, the teams they serve on, and the company that employs them. There are basic developmental ideas that will be familiar to everyone. There are others that may take a little getting used to.

You will create a team dynamic whether you deliberately apply yourself to doing so or not. While competent security officers can be a critical element of a balanced security program they are sometimes misused – if not abused. Security staff should not be expected to perform a task that is done better – more effectively, or cheaper – more efficiently, by security barriers or electronics. Do not ask a man or woman to do a machine’s job. No guard is a match for a truck intent on ramming through a gate, but a ram-resistant barrier can be arranged to stop almost any wheeled vehicle. While guards were the original fire detection method, these days incipient fire detection systems can respond to stimuli humans simply cannot detect. The machines are there to expand the human’s reach, not the other way around.

Select a diverse team.

A lot of team building is pretty straightforward. Recruit broadly. Hire carefully. Pick the right people for each job; we do no one a favor by shoehorning an unqualified person into a position at which he or she will not be successful. Train them well. Integrate new members quickly into the existing team. Let them know they are only a radio call away from help. Reward questions. Keep everyone in the loop. Give them the tools they need to be successful. (Serrat, 2010) Technology has made this easier than ever, but all it takes is a chat or a phone call.

Seek out diversity. Cultivate it. Diversity is strength to leverage, not a problem to manage. (Prieto, & Phipps, 2009) Create a diverse team; variety is the spice of life and it generates great ideas to boot. I have had the pleasures, and the pains that arise from collaborating with all four generations currently in the workforce, those who won the Second World War , my fellow “Boomers,” “Generation X,” and the “Millennials.” Are there generational issues? Sure, and there are the rewards that come from drawing out the best from each group. Similarly, wise leaders in 21st century America enjoy the advantages that accrue to hiring employees who represent every continent on the globe. By opening yourself to diversity you will add entry-level employees to your team who have worldwide experience. You and your organization may also enjoy the collateral benefit of having persons on staff who speak languages other than English.

Develop thoroughly.

Tell your team there are no silver bullets, no miracle cures, and no one right answer to every security issue. Meet them where they are. Teach your staff to deploy a variety of detection and protection methods. The prehistoric human guarding the entrance to his clan's cave probably had fire to illuminate the area, piles of thorn bushes to provide additional physical barriers, a dog with much keener senses than his owner, and a handful of spears or a pile of rocks. When something or someone approached in the dark of night the human used his tools to assess the threat and responded appropriately from behind the safety of physical barriers. These days, competent security officers bring human curiosity, suspicion, and judgment to the scene and use the hardware and systems we provide them as force multipliers to accomplish the tasks we set out for them.

Encourage creativity in problem detection and problem solving. Look at opportunities from as many perspectives as you can find. Cultivate your curiosity and interest; encourage your team to do the same. Creativity occurs at the edge of our comfort zones. The further you get from your comfort zone the more ideas you will encounter. Surprise your people. Let them surprise you. (Csikszentmihalhyi, 1996)

Push decision-making as close to the work as possible. The principled leader will model the virtues of being inclusive and the value of deliberately seeking out divergent perspectives when problem-solving. Ask for your teams' advice; they know more about their task than you or the client. Involve them in problem identification exercises and - with proper support - let them design and implement the solution. Teach them the principles of continuous process improvement, reverse brainstorming, and how to ask the powerful questions. Introduce turbulence. Encourage loyal skepticism. (Palus & Horth, 2002) Teach them the truth of General George Patton’s dictum “If everyone is thinking alike then someone isn’t thinking.” Then let the team take the credit. As Lao Tsu recommended, let them be the ones who say “We did it!”

Care for your team under all conditions. Our officers need general and specific instructions to follow in the event of natural disaster. They are an integral part of the client's all hazards response capability. Ongoing training and drill are mandatory if our teams are to develop and maintain a sharp edge. Our responsibilities shift as we move from emergency response into disaster recovery and then to business continuity operations. In the event of community-wide disaster we may have officers whose families require their help even more than the client does. This was an issue for members of my teams after the Loma Prieta California earthquake in 1989 and in the aftermath of Hurricane Katrina in 2005. As managers we have a responsibility to get our people home to their families just as soon as the client is seen to, shift relief is arranged, and an emergency staffing plan is in place. In extreme cases, we may need to care for our officers until they are able to set out for home.

Develop and mentor staff and peers. Prepare your staff for their next job, whether or not it is on your team, at your account, or with your employer. Some of this development will take the form of structured learning. Reading, research, and study are the key. Model a love of life-long learning. There is no quick fix, no one book will do. There is a certification in the security profession called the ASIS International Certified Protection Professional, CPP for short (ASIS International, 2011). While there are others, it is the gold standard of board certifications in the security trade. The prerequisites are fairly strict, but I have long counseled aspiring security professionals to work their way through the CPP reading list, regardless of the time it will take to become eligible to sit for the exam. Another book has informed my practice for more than twenty years. It is the Oscar Newman classic, Creating Defensible Space (1972). The very idea that security professionals can shape the nature of our community – for good or ill – endows our trade with great power and imposes upon it great responsibility. Expose your team to new ideas, divergent thought, and tangential perspectives. There is no telling which idea will take root.

Patience, waiting without complaining, is a gift you can give to your leaders, your team, and yourself. People are not machines and should not be expected to respond like one. Change takes time. Creating new habits requires many repetitions. (Flaherty, 2005) Let your people grow by trying and failing and learning and retrying. In the course of your career you failed, were allowed to survive, and you learned from it; offer the same opportunity to every member of your team.

Celebrate success and correct failure.

Demand excellence, and reward it. Celebrate the team’s successes. Own the team’s mistakes. If one of your team takes heat for doing the job right, back his or her play, all the way to the boardroom if necessary. Develop a variety of recognition methods and learn which one is most appreciated by each member of your team; not everyone wants money, or a plaque, or to be praised in public – some may like all three. Insist that everyone pull their weight. Accepting mediocrity devalues and dishonors the contribution made by the hardworking members of the team. When a team member does not work out, move them along as quickly and humanely as possible. The rest of the team will appreciate your recognizing that a player was not cutting it.

Correct yourself. A wise vice president used to ask me two questions every couple of months, “What do you need more of from me? What do you need less of from me?” He did not always appreciate my answers but he never stopped asking.

Select good people. Cultivate diversity. Care for your team. Walk your talk. When your team knows you are personally invested in their long-term success they will move mountains for you, your employer, and your client.

Engage in Appropriate Influence

I have had the pleasure to know some excellent security managers over the years. I have met some bad ones too. There are great security ideas, and some pretty poor ones. There are fresh, productive ways to think about the contribution security can make to the bottom line, and some tired, traditional perspectives on the security trade that can derail a security program. Just as there are government organizations which rely on our personal, public, and professional fears to advance their agendas, some security professionals have made their careers deftly reacting to these fears instead of helping leaders decide if we should be afraid in the first place. Many in my trade, especially in the security hardware and services sector, are not averse to harnessing the tremendous power of “fear, uncertainty, and doubt” – “FUD” – in the service of meeting their service objectives. There are security professionals who are prone to believe the worst even in the face of statistics to the contrary. There are security professionals who resist requests of their business leaders to make a business case for their security programs.

Do not be an alarmist.

Do not scare people; not deliberately, not accidentally. Thanks to world events people are already scared; thanks to sensational news reporting people tend to remain scared (de Becker, 2002). When people are scared they frequently act without thinking. Our families, communities, and employers look to those in security profession for confidence in the face of troubling disorder.

The vulnerability of buildings to car bombs has been demonstrated time and again, at the Beirut barracks and embassies bombings in 1983, in the 1995 Oklahoma City bombing, at Khobar Towers in 1996, and the embassy attacks in Kenya and Tanzania in 1998. Then as now, principled security practitioners informed their clients that the best defense against explosives is standoff distance, the more the better. Regrettably there is little room to provide standoff in urban city centers. In the days following 9/11 many of us in the physical security trade were told to "do something...anything" to show employees and other constituents the client was serious about terror. In came the Jersey Walls, up went the bollards, and out came the M4 carbines. Then our civic leaders – perhaps more accurately, those persons in positions of authority – began to close the streets as though they might create green zones in the hearts of our great cities (Németh, 2010).

Much of the responses – and a large share of the over-reactions – to 9/11 were implemented by federal, state, and local governments, and then reinforced by the news media, but there are security businesses who seek to leverage fear and create a sense of urgency (Guardsmark, 2011). This tendency grew more prominent when the anthrax murders occurred in late 2001. Fear, anxiety, and urgency have sold a lot of hardware and services this past decade, which we purchased with money that might have been put to better balanced, more effective use elsewhere.

Alarmist language is used to sell security services, products, and programs. It may be the fault of the marketing team, but if we let the copy out the door we share responsibility for the message and its effects. I think it is both unethical and counterproductive. Not everyone agrees with me. I have peers who regard anything that moves their security program forward as a tool to be employed. (Brady, 2011d) This can come back to bite us. Successful executives do not rise to power because they are risk averse. If we manage to frighten a CEO he or she becomes an altogether unattractive leader. When we fail to scare them they regard us with well-earned disdain.

I recently had an email exchange with the writer of several magazine articles which extolled the virtues of safe rooms for executives at work (Brady, 2011b) and at home (Brady, 2011c), and for students at school (Brady, 2011d). The writer is the founder of a company that builds safe rooms. I expressed concern that the lurid examples chosen to strengthen his case frequently were not the sorts of crimes where a safe room would have helped. Many readers, potential clients, and even some security professionals, will trust the writer of such articles and not look any further into the background of the cases mentioned. Thus, I regard the inclusion of poor yet dreadful examples as alarmist.

The perception of security, or the lack thereof, is frequently mistaken for reality. The best of all worlds occurs when people feel secure and we can demonstrate their perception is reasonable. When we can demonstrate that persons are reasonably secure but they still feel unsafe we security practitioners have missed something – either a subtle concern or an opportunity to educate our clientele. When people feel secure but are not, we have misbehaved or failed to understand the challenge. Security sage, Bruce Schneier, coined the term “Security Theater” to describe measures implemented to create the perception that something is being done about a security concern, when in fact the display offers little or no real benefit. (Schneier, 2003) In some cases the theatrics are even counter-productive, causing actual security to decline. At the very least security theater costs money that might be spent to greater effect elsewhere.

As a citizen, neighbor, husband, and parent there are days when I regret that there is no shortage of security needs in our society. There is plenty of work to be done and I submit that most of it can be accomplished without resorting to alarmism and fear mongering. Working to create informed consumers who correctly take confidence in our responses and preparations is more rewarding than stoking the fires of fear.

Think critically.

There are others in our ranks who give in to the all too human tendency to agree with people who say things that reinforce views they already hold (Nickerson, 1998). The inverse of this perceptual filter is that we also tend to disregard and minimize ideas with which we disagree or which create cognitive dissonance (Carroll, 2011). I strive to remain aware of this risk in myself and call it out when I see it in others. Understanding the nature of strongly held belief is a study unto itself. In the mean time a partial preventative is to deliberately expose oneself to viewpoints that contradict our own. Listen to Rush Limbaugh sometime, or watch a Michael Moore documentary. It can be painful, but it may help you avoid believing that yours is the only good opinion on contentious matters.

On a recent thread at an online security forum there was a discussion of the specter of ever increasing workplace violence – especially active shooters engaging in workplace mass murder. The debate centered on whether or not arming security officers was likely to be an effective remedy (Nixon, 2010). At first I tried to explain that the workplace violence rate is at the lowest it has been since records were first collected in the early 1990s. I encountered strong resistance to these statistics (Bureau of Labor Statistics, 2011). Then I encountered strong resistance when making the point that vulnerability is not the same thing as a threat, and that threats do not in and of themselves constitute risks. Without education, and then insisting on precision in our language, we run the risk of conflating and confusing the terms vulnerability, threat, and risk (Johnston, 2010). Using the terms inconsistently in turn confuses our audience.

I thought there might be some detectable demographic differences between security professionals who hold strong opinions regarding the role of armed security personnel and armed citizens in reducing homicides at work, in houses of worship, or at school. I assembled a simple survey and invited a variety of my correspondents and peers to participate. Frankly, I expected the results would reinforce some of my presuppositions. They did not. (Brady, 2011a) What is more, the greatest surprise arose from the answers to two factual questions.

When asked the number of workplace violence murders committed each year in the U.S. 57% of respondents underestimated. Only one in ten (6%) professionals correctly answered the question. Nearly a third (32%) over-estimated the number! 15% of respondents admitted they did not know the answer. When asked the percentage of workplace violence murders in the U.S. committed by co-workers, former co-workers, clients, family, or friends of the victim 10% of respondents underestimated. Only one in 12 (8.0%) security practitioners correctly answered the question. Most significantly, four out of five (83%) private security professionals overestimated the percentage of workplace violence murders in the U.S. committed by co-workers, former co-workers, clients, family, or friends of the victim (Brady, 2011a).

Others who study the psychology of risk have explained this. We tend to overestimate the risk of encountering exotic hazards such as airplane disasters, and downplay the frequency of more mundane hazards such as car crashes (Schneier, 2003). Of the demographic traits collected none seemed to correlate with those in error or the few who got the right answers.

As I mentioned above, this was a crude instrument and I am no sort of statistician. The survey represents very small, self-selected sample. The opinions expressed were just that, opinions. But two fact-based questions were asked. The idea that self-selected security professionals with very strong opinions about the risk of workplace violence were unable to accurately describe the magnitude or nature of lethal workplace violence is striking. This may be the result of lack of access to, or awareness of, the available statistics. Or it may be the consequence of the very human tendency to get it wrong when we conflate our feelings about risk with actually thinking about the real numbers.

In subsequent comments some discussion group members persisted in ignoring information that challenged what seemed to be an article of faith, "There is no time to waste as we saw in the Columbine and Virginia Tech slayings. Waiting for police response did no good to the countless victims." Why do professionals who claim to have studied the incident in detail forget there was an armed school resource officer at Columbine that day? (Nixon, 2010) Cognitive dissonance is a powerful thing; we must all be careful of it. Without deliberately forcing ourselves to consider information at conflict with our presuppositions and worldviews we risk making important decisions while wearing blinders of our own making.

Influence the success of the enterprise

What are you trying to accomplish? As a young security supervisor I was once told by a fiery, entrepreneurial boss “Your job is make sure nothing happens!” That advice, coming from a man whose security philosophy was neatly summed up in one sentence, “You can’t have enough off-duty cops with shotguns!” did not sit well with me. In time, as I grew to understand my positive role in the business world, I realized that the other half of the security process was to “help make sure the right things do happen.”

Some self-described “old school” practitioners eschew data, statistics, and supporting details when applying security. They know what works and what does not. I have heard some say, “I can’t tell you what security is, but I’ll let you know when you’re getting it.” They prefer to assume a position of authority as high in the hierarchy as possible and then be left alone to catch bad guys, make cases, and reduce financial losses. They tend to be hand-picked men who come and go with the executive they report to. Some of them regard those of us who assemble a business case for a security program as either hobbled or feeble. (Townsend, 2011)

Failure to apply data-driven decision-making is not new. Back in the 1990s I attended a lecture by whichever federal drug czar was on that throne at the time. During the question and answers period he was asked why, since treatment was about as effective as enforcement, his administration did not pursue a two-pronged approach to reduce demand for illegal drugs while continuing to attack the supply? While he agreed that treatment was about as effective as his empire's war on drugs he said reducing demand was not his responsibility. He encouraged organizations interested in the treatment side of the equation to find their own funding. His surprising candor held the key. Is there any incentive for the myriad agencies waging the war on drugs to actually win? What would they do if they could declare victory?

Servant leadership can play a role in businesses seeking out new opportunities or choosing to remain in challenging markets. If we perceive our job as simply making sure that nothing bad happens we might just encourage our executives to move out of troubled neighborhoods where providing effective security is more challenging. If, on the other hand, we believe that our responsibilities include helping make sure the right things happen we might size our executives’ tolerance for some risk as we seek security solutions that allow the firm to remain in a difficult market.

An example came up in an online forum recently when a peer professional asked advice about providing security enhancements to a bank operating in a crime-ridden part of her city (Townsend, 2011). This particular bank had no plans to leave, but many choose not to operate in high crime areas. When banks close their doors they miss out on potential profits and the already under-served community would have one less customer-friendly alternative to pawn shops, pay day loans, and expensive check cashing services. The servant security leader might find a way to help a bank operate profitably, while providing a safe work environment and delivering important financial services to a community.

Can we invert these negatives impacts and imagine using progressive leadership techniques to deliver positive results? I think so. Less exotic examples can tell an important story too. Annual turnover in the guarding industry runs as high as 300% (Lynem, 2002), yet some guarding companies, such as the one I work for, have only a 30% annual turnover. There is real cash value in creating a work environment in which employees choose to stay with the company. Recruiting, training, and equipment expenses drop. Creating cohesive teams improves the employment experience and increases client satisfaction. Statistics such as these are welcome news in most boardrooms these days.

Moral intelligence has been described as the application of the universal human principles of integrity, responsibility, compassion, and forgiveness to your values, goals, and actions. Moral intelligence, our ability to be better people, makes us better leaders. It is also a competitive advantage that is difficult for the competition to duplicate. On the other hand, failure to act in accord with our values can do great harm to us, our teams, and our business. Strive to operate in alignment with who you are. Tell the truth. Keep your promises. Care for your team. Forgive their mistakes and your own. By modeling these behaviors your team will demonstrate them to others. If you do not share the morals and values of your company you should find another place to work. (Lennick & Kiel, 2008)

Many security leaders seek to align the security program with the interest of the business. We are tired of our discipline being seen as a cost center. These days the perception of effective security and risk management should be able to help some businesses differentiate themselves from the competition. Security professionals will always be on the lookout for ways to further the security interests of the organization in a cost-effective manner, but it would be much more rewarding to partner with the business units to actually enable growth and enhance profits. (Williams, 2011)


Security leadership professionals should be careful thinkers, discerning consumers of information, respected content experts, and – most of all – effective business partners. Principled leadership calls us to promote the security process through the pursuit of the business interest, organizational ethics, professional knowledge, and personal confidence. To do so, we can adopt a positive and progressive servant leadership style, pursue a life-long study of the art of team building, and engage in critical thinking when making important decisions that affect the emotional and physical well-being of those we protect.

The temptation to leverage fear, uncertainty, and doubt is a hazard every security professional – not just the boys from the old school – must be careful to avoid. Gratefully, slopping at that trough in the decade after 9/11 seems to have mostly run its course. Is being a business manager first and security leader second more work? Perhaps, as some of us have much to learn about that approach, but it can be more rewarding in the long run. Is leading by influence, having to address many cells in a matrix management model more work? Absolutely; welcome to the 21st century business world. We must find ways to forward the business interests of our employer or client, especially to enable new business. The days of security managers saying "I can't tell what security is, but I'll let you know when you're getting it" deserves to go the way of the dinosaurs.

An employee-centered, community-oriented, business-forward approach to security leadership is not always expected in the boardroom, and I regret that security professionals do not get as many chances to deliver that message as we ought to. (Carroll, 1991) This is partly the fault of our trade's old school approach of dispensing fear, uncertainty, and doubt to justify the traditional "make sure nothing bad happens" model. But a larger fraction of the challenge lies between the ears of executives at the C-level who live on the "What have you done for me this quarter?" hamster wheel commitment to ever increasing earnings per share.

Whether our leaders, or those of our clients, choose to recognize wider responsibilities is up to them, but the choice of whom we serve is ours. (Shleiffer, 2004) While those security practitioners who served in the police and military swore oaths to defend and uphold our constitution as they honored us with their service, we in the private sector are not bound by any oath. We are not mercenaries – selling our sword to the highest bidder – unless we choose to be. Perhaps we are a little like the feudal rōnin – masterless samurai seeking the time and place where we can do the most good while abiding by our ethical principles.  Morally principled servant leadership can be terrifying and rewarding at the same time. You will need to go beyond the comfort of being the content expert. You will need to stretch past the talents that made you a good supervisor, an effective manager, or a successful consultant. Hone your skills. Develop your practice. Be attached to your organization by choice rather than fear. (Quinn, 1996) Be mindful of the power you wield, but serve your team, your organization, your profession, and your community from the heart as well as the head.

“Early morning
I pick up my Sword and Brush
To practice my skills” (Sekiguchi, 2009)


ASIS International CSO Roundtable. (2010). Enterprise security risk management: How great risks lead to great deeds. The CSO Roundtable of ASIS International: Alexandria, VA. Retrieved from

ASIS International. (2011). Certified Protection Professional. ASIS International. Retrieved from

Bartlett, C. & Ghoshal, S. (1990). Matrix management: Not a structure, a frame of mind. Harvard Business Review, July-August, 1990. Retrieved from

Bodner, S. (2006). Servant leadership: The complexity of a simple idea. Pyramid ODI. Retrieved from

Bolden, R., Gosling, J., Marturano, A. & Dennison, P. (2003). A review of leadership theory and competency frameworks. Centre for Leadership Studies, University of Exeter. Retrieved from

Brady, M. (2010). Would-be warrior-poet to should-be philosopher-kings. Eclectic Breakfast. June 3, 2010. Retrieved from

Brady, M. (2011a). Private security attitudes about the role of weapons in preventing workplace violence II. Eclectic Breakfast. Retrieved from

Brady, M. (2011b). The bunker mentality. Eclectic Breakfast. July 1, 2011. Retrieved from

Brady, M. (2011c). Again, with the bunkers. Eclectic Breakfast. July 23, 2011. Retrieved from

Brady. M. (2011d). Yet another pillbox. Eclectic Breakfast. August 1, 2011. Retrieved from

Bureau of Labor Statistics (2011). Occupational homicides by selected characteristics, 1997-2009. United States Department of Labor, Bureau of Labor Statistics. Retrieved from

Campbell, J. (1973). The hero with a thousand faces. Bollingen: Princeton, NJ.

Carroll, A. (1991). The pyramid of corporate social responsibility: Toward the moral management of organizational stakeholders. Business Horizons, 34(4), 39-48. Retrieved from

Carroll, R. (2011). Cognitive dissonance. The Skeptic’s Dictionary. Retrieved from

Csikszentmihalhyi, M. (1996). Creativity: Flow and the psychology of discovery and invention. Harper Perennial: New York.

de Becker, G. (2002). Fear less: Real truth about risk, safety, and security in a time of terrorism. Little, Brown and Company: New York.

Drury, S. (2004). Employee perceptions of servant leadership: Comparisons by level and with job satisfaction and organizational commitment. Retrieved from

Fitzgerald, M. (2003). All over the map: Security org charts. CSOonline. Retrieved from

Flaherty, J. (2005). Coaching: Evoking excellence in others, 2nd Ed. Elsevier: Burlington, MA.

Guardsmark (2011). The time for urgency is now. Security Management. July 2011.

Johnston. R. (2010). Being vulnerable to the threat of confusing threats with vulnerabilities. Journal of Physical Security 4(2), 30‐34. Retrieved from

Kahan, D. (2008). Cultural cognition as a conception of the cultural theory of risk. Handbook of Risk Theory. S. Roeser, (Ed.), Springer Publishing: New York. Retrieved from

Leider, R. (2006). The leader in midlife, in F. Hesselbein & M. Goldsmith, Jossey-Bass (Eds.), The Leader of the Future 2; Visions, Strategies, and Practices for the New Era. A Wiley Imprint: New York.

Lennick, D. & Kiel, F. (2008). Moral intelligence: Enhancing business performance & leadership success. Wharton School Publishing: Upper Saddle River, NJ.

Lynem, J. (2002). Guards call for higher wages, more training: Industry faces annual staff turnover rate of up to 300%. Retrieved from

Németh, J. (2010). Security in public space: an empirical assessment of three US cities. Environment and Planning A 2010, volume 42, pages 2487-2507 doi:10.1068/a4353 Retrieved from

Newman, O. (1996). Creating defensible space. U.S. Department of Housing and Urban Development Office of Policy Development and Research: Washington, DC. Retrieved from

Nickerson, R. (1998). Confirmation bias: A ubiquitous phenomenon in many guises, Review of General Psychology, 1998, Vol. 2, No. 2, 175-220. Retrieved from

Nixon, B. (2010). What are your thoughts about organizations employing armed security guards as an added measure of security to respond to active shooter workplace violence situations? Security Source Online. Retrieved from

Parker, P. (1999). Let your life speak; listening for the voice of vacation. Jossey-Bass: San Francisco.

Peters, T. (2010). Leadership is confusing as hell. European Institute for Leadership. Retrieved from

Prieto, L. & Phipps, S. (2009). An exploration of leadership thought and an introduction to proactive leadership in the context of managing change and diversity. The Journal of Human Resource and Adult Learning, Vol. 5, Num. 1, June 2009. Retrieved from

Quinn, R. (1996). Deep change: Discovering the leader within. Jossey-Bass: San Francisco.

Schneier, B. (2003). Beyond fear: Thinking sensibly about security in an uncertain world. Copernicus Books: New York.

Sekiguchi, K. (2009) Haiku number 1. Kenji Shodokai - Kenji Sekiguchi’s Japanese Calligraphy. June 29, 2009. Retrieved from

Serrat, O. (2010). Engaging staff in the workplace. Knowledge Management Center, Regional and Sustainable Development Department, Asian Development Bank. Retrieved from

Shleiffer, A. (2004) Does Competition Destroy Ethical Behavior? AEA Papers and Proceedings, Vol. 94, No. 2, 414-418. Retrieved from

Townsend, B. (2011). What are your recommendations for securing a small bank branch located in a dangerous, robbery prone area? Relocating is not an option at this point. Security Source Online. Retrieved from

Williams, R. (2011). What your CEO needs you to know: Creating value, efficiencies, and return on investment. Presented at the Secure360 conference, May 10, 2011.

Photo credit Sam Magraby

Many, many, many thanks to my sister Kathy, and my friends Lisa and Landon, for pointing out a wealth of typos!  If you're saying, "What typos?" the credit is theirs; if you find any errors the responsibility is mine alone.  Thanks also to Jim, David, and Julie, the supportive souls who encouraged me to shape this paper to more closely represent my vision.  As of 14 August 2011 this is a revised version which incorporates much of the feedback I have received from readers (especially Mike Dailey, a LinkedIn peer). Thank you all!

Saturday, July 30, 2011

The face of evil... not always as ugly as we expect.

Over the past week I've been contemplating the criminal outrage Anders Breivik perpetrated against his own Norway.  Along with unwanted recollections of 9/11, it has dragged the Oklahoma City Bombing, Columbine, and Virginia Tech back into active memory.  Some described his brutal attacks as "Norway's 9/11," not because Islamic extremists were involved, but because 77 deaths in a country of 5 million is a higher casualty rate than the 3000 in 285 million suffered in 2001.  

If the aftermaths of 9/11 and Britain's 7/7 are instructive, then encouraging greater public awareness instead of fomenting nation-wide fear or tolerating reflexive over-reactions on the part of one's government protectors will be critical to a successful response to this tragedy.  More effective intelligence gathering, investigation, and information sharing will likely be more productive than massive expenditures attempting to harden public spaces and other soft targets.  Like American police after Columbine the police in Norway will have to adopt the concept of immediately going after active shooters rather than waiting for heavy weapons teams to arrive.

Breivik was the Black Swan who has proven that horrible crimes are indeed possible even in Norway.  He may be 1 in 5 millions or a once in several generations occurrence there but they will never again be able to say "it can't happen here."  Like the perpetrators of 9/11, Columbine, and Virginia Tech, Breivik took full advantage of the "rules of the game" with deliberate skill and has forever changed the "playing field" for an entire nation.

Could We Have Done Otherwise?

Haven't knocked this stuff around since my undergrad days...

Just what do people have in mind when they say we have free will?

Sure feels like we do, but we may have no choice about feeling that way.

Saturday, July 23, 2011

Again, With the Bunkers...

I get really uncomfortable when fellow security professionals engage in fear-mongering...

The author of Residential Safe Rooms Are No Longer a Luxury for the Rich & Famous - by The Security Sensei, demonstrates that some of my professional peers are still prone to rely on hyperbole, lurid examples, and misapplied statistics to drive what may become a poorly-balanced, fear-based response.  The Security Sensei is certainly not alone in this practice, but he frequently posts links to his advertorials on several groups in which I participate so he has repeatedly attracted my attention.  This sort of writing represents an unfortunate tendency seen in various segments of the security industry which appeals primarily to FUD - Fear, Uncertainty, and Doubt; an approach we have seen far too much of, especially these past ten years.  

As with last year’s advertorial Security Lies Beneath: The Case for Corporate Safe Rooms, I have few questions, comments, and concerns regarding his current marketing piece.

“Few things are as frightening and potentially gruesome as a home invasion. Though the FBI and local law enforcement typically do not track this specific crime,” 

Yet, his firm's website claims “1 of every 5 homes will experience a break-in or violent home invasion.”  Where did he get this statistic?  At what rate do these crimes occur? Are even "1 of every 5 homes" the target of theft, breaking and entering, or burglary annually?  Or are we talking about each decade?  Over the term of a 30 year mortgage?  The lifetime of the owners?  A century?  Or since records have been kept?  The rate does matter.  Even then, the “or” in the claim is very important.  I’ll wager many, if not most, thefts from residences are committed when no one is at home.  And many, if not most, of the rest do not involve violence against the occupants.

"news headlines tell a very different story: from wealthy suburbs to middle class neighborhoods, from the legendary Gold Coast to the nation's heartland, home invasions are now, sadly, part of our existence."

Of course news headlines tell a different story.  Our mass media leads with stories which are, by their very nature, uncommon, unusual, and unsettling.  Lurid headlines and hastily written news articles are notoriously poor sources of information with which to determine the frequency or precise nature of crime.

"For home invaders have no regard for human life; injuring or murdering a family is simply a means to an evil end: stealing valuables and cash."

I don’t have any statistics at hand either, and I don't propose to minimize the impact of home invasion robberies, but over the years I do recall reading more than a few news reports of home invasions during which the residents were subdued or restrained but otherwise not harmed during the remainder of the robbery.  I've read other reports that suggest criminals are frequently the target of home invasions perpetrated by rivals and turncoats.  It seems that many times the bad guys are only there for the money or the drugs.

"The very nature of a home invasion - a phenomenon that transcends race, class, education and geography - reminds us that no one is immune from this crime. All of which explains the added necessity of constructing a Safe/Space™, a fortified environment that acts as a protective refuge in the event of a home invasion or other threat.

Today, safe rooms are often an integral part of new home construction. In other instances, a converted walk-in closet or bathroom can easily be transformed into protective environment. Safe rooms constructed by professionals can transform an existing space into a homeowner's ultimate sanctum. Best of all, the space retains its natural look-and-feel while safeguarding the lives of the family and pets.

Some of the features of these unique safe rooms:
include: security door(s) with impact resistant vault like door pins; walls, floors and ceilings reinforced with proprietary ballistic panels and wire mesh materials; surveillance equipment and LCD keypads wired to the alarm system, which aids both family members and the police in pinpointing an intruder's location in the home; power outlets, cell phone chargers, as well as first-aid kits, emergency lighting, water, packaged food, and possibly, self-defense tools."

A safe room certainly can be an element of a balanced personal security program.  I have recommended them to some clients in certain circumstances.  Properly located and constructed of appropriate materials a safe room may also protect against severe weather

"And, while films and television programs continue to mythologize safe rooms as an indulgence for the super rich or eccentric, actual events tell a different story: safe rooms are becoming an integral part of middle glass (sic) residences worldwide."

Perhaps he wishes it were so, but I'd like to see any statistics that support this claim.

"All though seldom broadcast on the news- safe rooms are increasingly the key factor between life and death. In fact, safe rooms for homeowners are the result of a country faced with economic turmoil and increased violence -- a situation where criminals will stop at nothing to achieve their heinous goals."

Again, I'd appreciate seeing any statistics that support this claim.

"In this life or death situation, the only proven barrier against an attacker is a safe room."

This will come as a huge surprise to those security professionals who apply the principle of defense in depth.  Most of us regard a safe room as “The Alamo” – a refuge from which the householder makes his or her last stand, holding out until the police or other security forces arrive.

"Throughout this process, one principle is sacred: a safe room is a haven, a place where individuals, families or friends can hunker-down away from harm during the nail-biting period between the alarm sounding and the police arriving on scene.

And in this day and age when a standard room is easily retrofitted for as little as $10.000.00 dollars, the lack of a safe room is, according to The Security Sensei™ - potentially a huge blunder: the assault or murder of a child or parent would forever emotionally scar a family, expose friends to unbearable shock and leave a community devastated and in constant worry.  Simply said, no homeowner is truly safe without protective barrier to stop or slow down violent intruders."

Again, while a safe room may play a role in a personal protection plan, defense in depth begins at the street, draws upon CPTED principles, involves the perimeter, the grounds, landscaping, illumination, surveillance – natural and artificial, effective physical barriers, maybe dedicated security staff, intrusion detection, protection dogs, weapons – nonlethal or lethal – as appropriate, reliable communications, duress alarms, and perhaps a room in which to safely hide.

"A safe room is an investment in the long-term value of a home, something that gives extra peace of mind to buyers. Also, a safe room only adds to the worth of a property since there is no aesthetic drawback in fortifying an existing room. The Security Sensei states 'For some of my clients, a safe room is as inseparable as plumbing or electricity, necessities that we must never be overlooked'

Also,  Take, for instance, this story (but one of hundreds of similar tales across the US) about a prominent Connecticut doctor attacked in the midst of a home invasion that left his two children dead, his wife strangled and his home engulfed in flames:. "Our precious family members have been the victims of horrible, senseless, violent assaults. We are understandably shocked and overwhelmed with sadness as we attempt to gather to support one another," said a statement from the family of Dr. William Petit, Jr., the lone survivor of this terrible event."

The Petit case is certainly an example of a brutal and senseless crime, but popular media reports say the murderers entered the house through an unlocked cellar door.  Unless the entire Petit family had been ensconced inside a Safe/Space™ with its door closed and locked when the murderous thugs entered the home then it hard to see how it might have helped.  What if the Petit family had locked and dead-bolted the cellar door?  What if every unused door on the Petit premises was secure with GSE's other product, the OnGARD™ door brace?  What if there had been an alarm system monitoring the perimeter?  What if the Petits had kept a protection dog to look after their household?  What if Mr. and Mrs. Petit had used lawfully possessed firearms or other weapons to repel this vicious attack?  What if the Petit girls had been taught self-defense techniques or had pepper spray close at hand?  What if Mrs. Petit had been provided a duress phrase to use the moment she arrived at her husband’s bank instead of struggling to communicate her dire situation as she was leaving?

"This tragedy underscores the importance of having a safe room, something constructed, tested and certified by professionals who have the proven track record to address this matter. This latter point - the necessity of only working with experienced professionals - deserves more attention, because a lot of unsavory characters mislead homeowners and construct safe rooms that fail to offer adequate protection. And yet, these so-called 'safe rooms' are wildly expensive and largely ineffective. 

One thing for certain is safe rooms are no longer a luxury for the affluent, but are now an affordable means of protecting millions of homeowners nationwide. For without a safe room to protect families from America`s increased violence, the criminals win. Period."

Violence in America is not on the increase; quite the contrary.  The 2010 FBI UCR report says "Preliminary figures indicate that, as a whole, law enforcement agencies throughout the Nation reported a decrease of 5.5 percent in the number of violent crimes brought to their attention in 2010 when compared to figures reported for 2009."

Is the only solution for millions of homeowners to buy his company's products and design services for as little as $10.000 each – to the exclusion of less expensive, simpler, more balanced, and more effective protective measures?  Ten billion dollars worth of safe rooms is certainly going to be good for someone, the question is who?

"A safe room - the propriety (sic) kind designed by The Security Sensei™ who understands the enormity of this issue - can help shield against outside threats. As a haven from the unexpected and unforeseen, a safe room is one of the wisest investments homeowners can make."

Hyperbole, lurid example, misapplied statistics, the sowing of fear, the cultivation of uncertainty, and the reaping of doubt may be effective business practices in some circles but they are a poor example of security professionalism.  We can do better.  Our clients deserve better.  Our society needs better.