Home » Security Leadership » Career/Staffing

Bob Moore Knows How Not to Get Fired

Remember: Once you have a security leadership job, it's the little things that help you keep it.

Soon after arriving at biotech company Genzyme, CSO Dave Kent learned it had 13 discrete building access systems and that dozens of employees were authorized to delegate access privileges (see The Architect). Kent consolidated down to one system and authorized only a handful of employees to give access privileges (a more secure practice, anyway). Thing is, he also had the overarching new plan that would require tons of resources, but he took the easy win first and used it to build his case for the big picture effort.

Eight years later he's still CSO.

Learn How to Use, Uh, Whaddya Call It?

So you've got a few easy wins under your belt. Now start building a foundation for long-term success. These concrete tips focus on further dousing that mystical aura of security that Humphrey talked about and replacing it with, well, a fiscal aura.

Mike Coughlin, CSO of pharmaceutical company Wyeth, came up through the ranks like many CSOsmore from the law enforcement side of things than from the business side. But Coughlin says that today, an aspiring security executive who studies criminal justice is "having his or her education robbed. I want accounting, management, even English and history," he says. "You used to be able to get away with it. We were in the in-house police force. But no one who wants to keep his CSO job ignores business anymore."Coughlin says he needs to improve his own business acumen. You get the sense he's exaggerating some--peers speak highly of him--but then again he also says one business skill CSOs need is "the ability to make attractive, uh, what do you call them?, the, uh, presentations. The medium's the message. The ability to be slick, it gets senior management on your side."

PowerPoint is good. Humphrey says to learn budgeting and strategic planning. Variance analysis. "A good security executive," he says emphatically, "can demonstrate contributions to the bottom line, even though their job means taking money from the company and they'll never have irrefutable proof of their effectiveness."

It seems like pretty obvious advice, to get business savvy, but it's worth rehashing. Lenzner says she sees candidates who lose sight of this in uncertain situations (such as the one many of you are inbeing a new CSO or your company's first one). Those from the physical security world slip into a dogmatic enforcement mentality. And those from the IT world will likewise slump back into a technical posture.