Saturday, May 12, 2012

Mindsets and Toolkits

Thinking Positively About Security...


After walking the Secure360 trade show floor and listening to the talks I moderated on Day One of the conference I went home and rewrote my presentation keeping in mind that my audience was not going to be physical security professionals, but those working in logical security, audit, compliance, and business continuity.  My talk became became a sort of autobiographical, editorial essay.  

NOTE: These are the text and images used to frame my presentation.  For the whole story you had to be there.

IN ADDITION TO...
  • Logical security
  • Information protection
  • Audit
  • Compliance

THERE IS ALSO...
  • Physical security

WHY SO SERIOUS?

Physical security managers have personal, professional, and institutional biases that affect the way we see the world, evaluate hazards, and communicate risk.

We’re frequently more conservative, more hierarchical, and more risk averse that the executives who rely on us to guide their business decisions.

Often we’re so focused on making sure bad things don’t happen we forget we are also responsible for making sure the right things do.

THE UNEXAMINED LIFE

Let’s examine the means by which we can approach the security process with a sense of corporate responsibility, critical thinking, and resist using fear as a lever. 

Let’s look behind the headlines for important clues for how our mindset is reflected in the way we approach the services we offer and look at skills we can add to our personal, professional, and institutional tool kit that make us more effective business partners.

WE COME FROM DIFFERENT PLACES


Many physical security practitioners come to the private sector from law enforcement
  • Public law enforcement is about maintaining public order and investigating crime

And we increasingly come from the military
  • The military is about protecting national interests and projecting power
While many of us have always worked in the private sector
  • Business is about the bottom line
Images http:/commons.wikimedia.org/

WITH ENOUGH SHOTGUNS


“You can’t have enough off duty cops with shotguns.”

“Your job is to make sure nothing bad happens!”

“I can’t tell you what security is, but I’ll let you know when you’re getting it.”

“When all you have is a hammer all your problems look like nails.” – Abraham Mazlow

Image http://www.remington.com/products/firearms/shotguns/model-870/model-870-express-tactical.aspx 

MORE USEFUL PHILOSOPHIES


Our job is not only to make sure nothing bad happens, but to make certain the right things do happen.


Security is a people business: We work with people, to protect people, from other people. 

ISSUES FOR PHYSICAL SECURITY
 
  • We are late adopters
  • It can be difficult to demonstrate the effectiveness of our programs
  • We treat risk wrong
  • We tend to take the side of power
  • We protect the status quo
  • We are prone to lead with emotion, especially fear and anger
  • We struggle to align our programs with the business
 CHALLENGES AND OPPORTUNITIES
  • Cognitive perception of risk
  • Cognitive dissonance
  • Confirmation bias
  • Using fear as a lever
  • Creative problem solving
  • Enterprise risk management
  • Servant leadership
TOPICS WE DISAGREE ON 
  • Social roles
  • Workplace violence
  • Role of private security in Homeland Security and the Global War on Terror
  • Surveillance
  • Prosecuting criminal suspects
  • Use of force
  • Profiling
  • Concealed carry and shall issue laws
CULTURAL COGNITION OF RISK

AKA “Conservative White Male Effect”

“The ‘cultural cognition of risk’ refers to the tendency of individuals to form risk perceptions that are congenial to their values.” – Kahan


Image http://www.thedailybeast.com/articles/2012/05/02/did-may-day-save-occupy-wall-street.html

It looks like so…


Photo http://www.culturalcognition.net/  

Which means we disagree like so...


Photo http://www.culturalcognition.net/  

COGNITIVE DISSONANCE
  

It is psychologically uncomfortable to hold contradictory cognitions. This dissonance, being unpleasant, motivates a person to change his cognition, attitude, or behavior, by
  • acquiring new information or beliefs that will increase the existing consonance and thus cause the total dissonance to be reduced; or,
  • changing one or more of the beliefs, opinions, or behaviors involved in the dissonance;
  • forgetting or reducing the importance of those cognitions that are in a dissonant relationship
We tend to deal with beliefs that conflict with the evidence by the more familiar concepts of rationalization, self-deception, irrational faith, confirmation bias, and overestimation of one's intelligence and abilities.

Image http://en.wikipedia.org/wiki/The_Fox_and_the_Grapes 

CONFIRMATION BIAS


  • We are rationalizing animals
  • We prefer evidence that supports what we already believe
  • It’s why we do double blind studies and submit to peer review
  • External attempts to change our beliefs frequently result in reinforcement of the belief
Image http://sacemaquarterly.com/methodology/why-does-medical-research-sometimes-get-it-so-wrong.html

SELLING THROUGH FEAR


  • “The time for urgency is now!”
  • “Do something!”
  • “Workplace violence is an epidemic!”
Image from http://usopenborders.com/ 

“TWO FATALITIES A DAY”


HOMICIDE VS SUICIDE


TYPE II, III, AND IV


CLIENTS, CO-WORKERS, AND INTIMATES


WORKPLACE HOMICIDE RATES


Image from http://www.bls.gov/iif/oshwc/cfoi/cfch0009.pdf
 
WORKPLACE ASSAULTS


Image http://bjs.ojp.usdoj.gov/content/pub/pdf/wv09.pdf

SERVANT LEADERSHIP


  • Serve yourself
  • Serve your team
  • Serve your company
  • Serve your profession
  • Serve your community
  • “Leaders don’t create followers, they create more leaders.” – Tom Peters
  • Ask “What do you need more of from me? What do you need less of from me?”
Image http://jamesstrock.com/services/21st-century-leadership1/servant-leadership

 CREATIVE PROBLEM SOLVING


  • Encourage creativity in problem detection and problem solving
  • Cultivate your curiosity and interest
  • Surprise your people
  • “Creativity occurs at the edge of our comfort zones” - Mihaly Csikszentmihalyi
  • Don’t forget to apply your solution, measure it, and adjust iT
Image http://en.wikipedia.org/wiki/Mihaly_Csikszentmihalyi 

ENTERPRISE RISK MANAGEMENT

Convergence of physical and logical security has not happened
  • And maybe it shouldn’t 
  • Physical and logical security may not overlap enough
Assembles a variety of risk management disciplines under a single leadership executive
Physical and logical security, safety, environmental, emergency management, disaster recovery, business continuity, compliance, audit, risk, and maybe even legal

Manage risks to the business interest
  • Not fighting crime for the public good
  • Not waging a global war on terror
Learn to accept dynamic risk

WHERE DO WE GO FROM HERE?


  • Cultivate our emotional intelligence
  • Care for our teams
  • Engage in appropriate influence
  • Resist the urge to stage “Security Theater”
  • Do not scare people – not deliberately, not accidentally
  • Further the business interest
REFERENCES

ASIS International CSO Roundtable. (2010). Enterprise security risk management: How great risks lead to great deeds. The CSO Roundtable of ASIS International: Alexandria, VA. Retrieved from http://www.asisonline.org/education/docs/CSORT_ESRM_whitepaper_2010-04.pdf
Bodner, S. (2006). Servant leadership: The complexity of a simple idea. Pyramid ODI. Retrieved from http://www.pyramidodi.com/papers/servant.pdf
Bureau of Labor Statistics (2011). Occupational homicides by selected characteristics, 1997-2009. United States Department of Labor, Bureau of Labor Statistics. Retrieved from http://www.bls.gov/iif/oshwc/cfoi/work_hom.pdf

Carroll, R. (2011). Cognitive dissonance. The Skeptic’s Dictionary. Retrieved from http://www.skepdic.com/cognitivedissonance.html

Census of Fatal Occupational Injuries Charts, 1992-2010 (revised data) http://www.bls.gov/iif/oshwc/cfoi/cfch0009.pdf
 
Flaherty, J. (2005). Coaching: Evoking excellence in others, 2nd Ed. Elsevier: Burlington, MA. 

Leider, R. (2006). The leader in midlife, in F. Hesselbein & M. Goldsmith, Jossey-Bass (Eds.), The Leader of the Future 2; Visions, Strategies, and Practices for the New Era. A Wiley Imprint: New York.

Lennick, D. & Kiel, F. (2008). Moral intelligence: Enhancing business performance & leadership success. Wharton School Publishing: Upper Saddle River, NJ. 

Parker, P. (1999). Let your life speak; listening for the voice of vacation. Jossey-Bass: San Francisco.

Quinn, R. (1996). Deep change: Discovering the leader within. Jossey-Bass: San Francisco.

Schneier, B. (2003). Beyond fear: Thinking sensibly about security in an uncertain world. Copernicus Books: New York.

RESOURCES


Michael Brady, MA, CPP

Michael Brady is a life-long security leadership professional. He has provided security and safety services as a manager in high tech, as an independent security consultant, and as an executive for security service providers. Currently an account manager, consultant, and trainer for Hannon Security Services, Inc., Michael is also an adjunct instructor in the Security Management program at Saint Mary’s University of Minnesota School of Graduate & Professional Programs. Michael recently completed his Master of Arts in Human Development degree where he focused on issues of leadership, team building, and problem solving.  He blogs at http://eclecticbreakfast.blogspot.com and can be reached at michael_brady_cpp@yahoo.com