Building (and Keeping) a Great Security Team: Why People Stay
By TorchStone Director of Global Embedded Services, Jess Damewood
Building great security management teams has never been more important. Physical and cyber threats multiply with a host of bad actors seeking to capitalize on weaknesses. A workforce that is not aligned with leadership can also be a major risk. Chief Security Officers and their leadership teams are continually refining their expectations both for their operational teams, as well as the vendors and suppliers that give them the ability to increase their capacity. However, corporate leaders, security professionals, and their teams can benefit from staying up on emerging trends in the workforce. Workers who lean toward a holistic view of job satisfaction, the need to align their purpose with the corporate organization, and a refreshed view of the concept of engagement will continue to pose challenges as well as opportunities for hiring managers and leaders going forward.
Satisfaction and retention are now more of a two-way street than before. Leaders often think we can compensate with cash, but evidence shows that this has little impact on a sophisticated talent pool who are prioritizing different happiness factors. The solution is great talent acquisition and development, aligned with an organization’s mission and values.
A Human Touch
I recently had a conversation with a trusted colleague who is very involved in learning and using the new capacity that AI has to positively affect global corporate security. At the conclusion, I was struck by the comforting reality that AI will probably remain, at least for now, supportive in nature. The core services that drive decision-making in the C-Suite will still depend on a person implementing a task or program, and that person will be the best person, hand-selected, and vetted by experts in the industry as the candidate most qualified and aligned with the company’s purpose and values. We are in a supercharged and ever-expanding environment that values automation, but the secret to building great security teams still relies on us! Security organizations find their sweet spot by relying on our internal resources and tools that align with best practices and often help define our why.
AI may get us closer to the right person for the job by screening and sourcing candidates far more efficiently as well as candidate matching and predicting actual success probabilities based on past performance of similar profiles, but as my colleague Scott Stewart says, it won’t be able to move forward without human analysis. The most successful security organizations focus on continuous improvement in whatever they do. We all will find those value-adds in our purpose aligned between leaders and our employees.
Just Right
Many of us are very concerned about headcount. As leaders, it is important to us how many reports we have in our downlines; how many of those are managers; and what they do for the vision, strategy, and the bottom line. Headcount, in the abstract, seems to justify itself and in many cases reflects the health of an organization. However, that is not always the case. The wrong headcount can have disastrous consequences. Security leadership partnering with our HR business partners under a shared vision of the future for the security team, its members and their attributes lead to an organization that can effectively respond to changes in the workforce that demand better engagement and alignment with their values.
Pull Together
As an intentional product with an overarching purpose that is aligned with company values, the security management organization turns from a machine cranking out yesterday’s work in dated terms to a proactive organization as tightly tied to the strategic goals of the C-Suite as those of its employees. Furthermore, highly matrixed organizations depend on the core value alignment of their vendors and partners as well as their full-time employees and encourage the blending of strategic approaches with the customer in mind. A well-balanced and intentional team with a well-defined purpose that allows employees and leaders to align on interests will be more satisfied and more likely to stay on our teams as happy and productive colleagues.
Individuals Make Up the Team
While the linked data examining factors that contribute to employee satisfaction and success focused on non-security corporate workforces—more generally, most of us would say that we see our own experiences and security teams reflected. Unfortunately, there is often a gap between what many of us believe is the key to retention and what employees tell us through data, and this gap could not be more pronounced. Gallup cites the number as high as 75% of employees that leave companies for reasons that their manager can influence, which does not include compensation.
Where are our deficiencies, and where are security leaders missing the mark? Our employees are telling us what the concept of belonging is to them, and what they need to feel more integrated. Data shows that development opportunities, remote work, and compensation are less important to employees than leaders think they are. Also, far more important to employees than what leaders appreciate is a sense of belonging on a supportive team, advancement opportunities (not “development” opportunities), and a true sense of being valued by the organization and their leaders. Hopefully, leaders don’t wait for the exit interview before realizing how to help build employees’ sense of belonging in a personalized way.
Follow a Successful Process
We need to apply this data to our security organizations and the people that support it. We have considerable influence over a majority of reasons that employees may leave a security organization. This process starts at the first instance of talent acquisition. The review of a resume, phone screening, and everything after initial contact is crucial in shaping the candidate’s perception of the dynamic of the workplace and the team. Our processes for recruiting and retention need to be consistent, intentional, and committed. Here are some suggestions for success:
1. Know your why. Know your candidate’s why. Explain in clear terms what the founders of your organization thought when they were establishing the purpose of the company. Explain how the mission has evolved, the values and culture of the company, and the successes and challenges the candidate may face in the role. Explore how this resonates with the candidate and how they view themselves within the culture and becoming a part of the company’s story and future.
2. Explain the foundational thought and documentation including mission statements, policy, and tenets that provide form and structure for daily professional life in your organization. Professionals like baselines and knowing what to expect.
3. Understand the value of diversity. Widen your net and network as much as possible to find the team that is going to reflect the diversity in the world, corporation, and customers served. Factor in the diversity of education, tenure, and formative backgrounds in the field or discipline.
4. A purpose isn’t enough. You need tenets. If you know your why, you need to articulate how your team develops left and right lateral limits to define what you will (or won’t) do. Tenets are short, impactful statements that usually articulate what teams do to deliver on their piece of the strategic vision and can be organizational in nature (e.g., Shell Business Principles).
5. “If someone tells you who they are, believe them.” The key is to give everyone from candidate to employee a chance to do just that. Move away from conversations in 1:1’s, personnel evaluations, or candidate interviews that allow room for bias in any form. Transparency in communications that manages expectations and gives a clear path to resolution along with a true effort to reach out to employees or candidates on their terms are two of the key points in getting to employees truly being able to speak openly and honestly.
6. Remember that the evaluative process for employees and candidates alike is a two-way street. We are being evaluated as leaders as we evaluate employees and candidates. What you say, who you are, and how you relate your purpose and the things you will and won’t do to activate that purpose will be remembered, and decisions will be made because of it.
In many cases, the things that we do in our respective organizations have not changed conceptually for many decades (centuries?). But the workforce and the pressures that the world places on it are changing at a phenomenal pace. It is obligated that we move and change with it to give the most to the relationships that we have with our candidates and employees.
Invest in People
As leaders, we have the privilege and the duty to truly listen to our employees and give the opportunity to be heard on the things that really matter. That is the human element that will forever be a part of building and keeping great teams. As we see, change is also a part of being human; the change in the way that employees see engagement strategies and their value proposition itself moves and shifts. Building a great security team requires us to live our organizational purposes, create high-level and operational guideposts that reflect what we will do and not do, and communicate these things frequently and honestly to our candidates and employees. This is what the data and our employees are telling us. If we make it easy for them to align with us and our values, we can hire, develop, and retain the best talent to do the important work. Most importantly, we can do the right thing by our most valuable security resource, our people.