Best suited to corporate imperatives

When discussing security management with my boss - him having one of those enviable ‘Head of...' titles that induce instant responses from those same people I have to wait weeks to talk to - he was confident in attesting that, for the contemporary corporate security manager, at least, a background in the armed forces or the police service is less important than having strong interdisciplinary business skills. I then began to muse a little.

The protagonists and adversaries for and against this statement have equally good arguments, atop which I have weaved my own over a very diverse 27-year career in the security sector.

A helpful place to start is to understand what value those with a background in the armed forces add to the corporate environment, and then to list their shortcomings. Likewise with their business contemporaries. We can then begin to understand the risks posed to organisations from possibly biased recruitment strategies, and the ensuing training and development implications.

Services dominate the scene

Up until the late 1980s, senior security positions were very heavily dominated by senior ranking (usually retired) services personnel. For my part, I worked for a company where an inviolable prerequisite for a security management position was to have achieved a minimum rank of inspector in the police service. To think of applying for a security post with anything less was a derisible action.

As one ascended the security management hierarchy within the company, one found the incumbent of that position was of a progressively senior former rank in the police, leading up to the ‘top dog' who was a former DAC hailing from the Metropolitan Police. It always amused me how those higher up the chain were referred to as ‘Guv'nor'.

From the corporate viewpoint it's not difficult to understand why such appointments were made. Ex-services personnel have a very reliable employment history. One which is easily checked. They have an air of authority and a presence about them that adds a certain gravitas to their position, particularly when interviewing the dishonest. They may have excellent investigation skills and a thorough understanding of criminal evidence and procedure, coupled with a 'nose' for dishonesty that takes a lifetime to acquire.

Such individuals are usually strong in a crisis, since much of their former work involved crisis management. Training throughout their career will have been specialised and very professional, and many will have highly-developed leadership skills (though not necessarily always suited to the business management environment, a point I shall examine in due course). They also have that ‘seasoned veteran of life' maturity which is always useful.

Being cynical about matters, I would also venture that many appointments were made because a person with a large occupational pension may be prepared to work for less money. The host company was gaining ‘a calibre individual' on the cheap.

Undoubtedly, one of the prime reasons that so many large corporations employed very senior services personnel is for their contacts throughout the law enforcement and intelligence community - a valuable asset to any company that's almost beyond measure.

There is also a large amount of kudos for the Board to be able to say: "Our head of security is a former Brigadier, don't you know"...

The benefits of employing ex-services personnel are considerable, then, but nonetheless I believe there are risks that have been ignored. As such, many companies have paid the price of blindly going down this route.

Examining the disbenefits

It's fair to say that many former services personnel have done - and continue to do - an outstanding job in the corporate security arena. That said, several have been spectacular failures despite their star-studded background.

Much of the reason for that is tied up in an inability to adapt to a radically different environment which is much more fluid and fast-changing - and certainly more insecure - than the institutionalised ‘job for life' occupations. There are likely to be tougher demands in relation to accountability and measurable performance. The corporate world represents an environment where delivery, deadlines and customers are King and profitability is God.

Certainly, life in the armed forces has its pressures but these are likely to be very different to a ruthlessly competitive corporate market, for which a former services individual may be ill-prepared despite any high grade puritanical security skills he or she might possess. Office technologies continue to outpace anything found in the services, except in specialised units. Then there is the issue of employment relations which are (increasingly) legally onerous and keep company solicitors and Human Resources practitioners fully engaged for days on end.

Services personnel of any seniority enjoy an ability to issue directives and see them carried out in smart order without too much debate. Failure to comply allows the superior to mete out immediate and unpleasant penal sanctions. There is no such prerogative in commerce, wherein issues are settled by debate, consultation, influence, persuasion and compromise. This is an environment where anything smacking of "I'm the Boss" becomes dangerously close to harassment, and where a good old-fashioned ear-bending is viewed as outright bullying (‘Don't tread on me!', SMT, February 2006, pp34-35). The problems of recruiting and managing staff are now fraught with highly litigious pitfalls.

These days, very few companies are ‘rank' oriented and this may be unpalatable to those ex-services and police personnel who enjoyed considerable status and privilege as, say, a chief superintendent or lieutenant colonel (and who are now a relatively small cog on a large wheel with a manager nearly half their age).

While I spoke earlier about the benefits of ‘authority' and ‘presence' that these individuals have, if overdone this will be very alienating among today's young workforce (for whom everyone is deserving of equal respect, and an admission of current or past seniority translates to: "So what?")

Services personnel are inclined to be appointed to the next position on the basis of time served and the passing of examinations rather than proven competence. Indeed, some will undoubtedly reach the most senior of levels without really being tested in any one arena. Gilbert Kelland - former assistant commissioner (crime) for the Metropolitan Police - once observed that this led to "articulate but ineffective leaders".

In a similar vein David Shayler - the renegade MI5 officer - once remarked that the life of an intelligence officer left them entirely unsuited to employment in the ‘real world', and that the private security sector was riddled with management incompetence as well as the carefree disposal of budgets that could only be described as profligate waste.

Many very good security managers have bought into a seemingly impressive security solution sold by a glossy company which has then caused untold problems within the business because the right questions weren’t asked and the risks not properly assessed

However, I'm sure many companies would positively salivate at the prospect of having a former MI5 officer as their security manager!

Knowledge of business drivers

Having been ‘sired' in the corporate environment, security managers may not have the same number (or depth) of skills as service personnel. This is to their detriment, for sure. They will, however, have grown very comfortable with modern technology, will understand profit and loss and business drivers, will be much more flexible in their dealings with others, more likely to ally themselves to corporate goals and be able to ‘speak the language of business'.

The corporate security manager is likely to have ascended to increasing levels of responsibility based on a combination of qualification, delivery of results, personal qualities, people management, business acumen and proven commitment. Think about this... How many senior service personnel were brought up on phrases such as ‘cost-benefit analysis' or ‘customer-driven solutions'?

So, pick your side. As always, the best of both worlds lies somewhere between these two backgrounds. They seem polarised by opposites, but both have an enormous amount to bring to the table. High grade security skills and high grade business skills combined will make for an invaluable team member.

Seen in this light, then, the argument has never really been about: "Who is best? Ex-services and police personnel or business gurus?", and then blindly recruiting one or the other. Rather, the questions Corporate Britain should be asking are: "What does this person bring to the party? What value will they add? What skills do they have, and which of the necessary ones they lack can they acquire quickly?" It's all about measurable, performance-based competencies. Just like any other discipline. That's as it should be.

Post-9/11 and 7/7, security has never occupied a higher place on the business and social agenda, but we are still faced with a fundamental need to completely understand both the security risk and the business risk, the latter being the more holistic risk management approach for practising professionals.

Asking the right questions

It's vitally important to understand that any proposed security solution will have effects elsewhere. As such, there are other perspectives to be sought from IT, Human Resources, marketing, finance, customer services and the distribution chain, etc.

Unlike the situation pertaining in the services, the long-suffering tax payer will not be footing the bill for failures or disasters, and escape is definitely not a promotion away.

Post-Turnbull, the concepts of risk management and corporate governance are now centre stage. This is likely to have an increasing measure of implication for the security manager and, in this vein, they would do well to take a leaf from the risk manager's notebook. The title ‘risk manager' is actually something of a misnomer since no one person has sufficient breadth of knowledge to ‘manage' the risks of an entire business.

The title ‘risk co-ordinator' is more appropriate, since this individual will have to act cross-functionally to engage specialists in thinking about risk as it affects their areas, and then guide them through the risk management process in order to help them fulfil that aspect of their responsibilities. In truth, this is not a bad model for ‘smart' security management.

Development and acclimatisation for the corporate security manager is not a simple issue because so many skills are required. It all hinges on the host industry, and how his/her employers perceive the role. Some will attach a heavy emphasis to physical security solutions or investigations and criminal prosecutions. Others may veer more towards IT and information security or audit and compliance. Health and Safety may be an element, or possibly crisis management, disaster recovery and fire prevention. The skills required for delivering and quantifying security education and awareness will always feature.

A military ranking or a police service background does not imply that the individual is able to meet the needs of a given position.

A focus for development

Development for the corporate security manager has to be focused according to the environment that the individual is now operating in and the risk(s) faced by the company. Regardless of their background, security managers need to assess quickly what skills they have - and those needed to make up any shortfall - in order that they are on the same page as their masters with regard to the identification of assets, the assessment of risk and the provision of solutions.

Having mused for some time, I think the answer for my ‘Head of...' boss would be that the only difference that an individual's background should make - be they from the armed services or otherwise - is: "What is the shortfall between what this person already knows/does and what is required to make this person fully-functional so that they might deliver optimum value in this environment?" (assuming, of course, that the employer is already comfortable the individual concerned represents ‘material' that can be worked upon as time progresses).

For some who enter the corporate security arena at ‘grand fromage' level, this will be an effortless transition. Others require time and effort (as is the case for most of us, in fact). The employer just needs to be satisfied that this in itself does not pose an unacceptable risk.

As for those with degrees or pips on the shoulder, an alternative career beckons... or a past one will have to satisfy.