Living in two worlds

If there is one cliché that bears repetition it is that crime is the only real growth industry in the developed world. That fact - in unison with the continuing threat of terrorism from a range of groups - should of course mean that EVERY commercial, industrial and institutional organisation in the UK ought to place a very high priority on the need for security provision. Is this happening? If not, why not?

If the answer is that many organisations are still failing to grasp the realities, where do the deficiencies lie? Do today's security professionals have to shoulder some of the blame, or is the fault down to uninformed or obdurate senior management and their blinkered accountants and procurement mandarins?

Of course this is a little unfair. Not all management is pig-headed and not all financial managers short-sighted, but it would seem to be realistic to say that, where inadequate security is to blame, it is usually attributable to managerial failings or a lack of resources.

Corporate security ‘culture'

One of the most interesting things about the security profession is that, unlike virtually all others in the corporate sector, it is still very much a second choice career.

It was almost inevitable that the ‘security culture' would closely resemble the primary features of the male, military, middle-aged and middle class culture of the groups from which it recruits (predominantly the military or the police service). If one adds ‘white' to that list, one begins to see why some organisations tend to reject the inherent values cherished by so many in the security profession.

Let's be honest here. The values which a police officer or a soldier holds in the highest esteem - duty, loyalty, teamwork, discipline and an adherence to the traditional hierarchical structure - are antithetical to the way in which, for example, local authorities now see themselves developing.

Perhaps in a defensive move - or more likely as an unconscious reflex - the security professional tends to strive to preserve his (or her) working secrets. Those of us employed in security appear to have attempted the creation of a mystique about the whole area and, although this may have preserved some of our jobs, it has not helped us to integrate our functions within the mainstream corporate structure.

A different game

In 1979, the ‘grand old man' of security, Peter Hamilton - himself the product of the Army and Government security - suggested that, in time, corporations would gradually integrate their security functions, placing the up-and-coming manager in the Security Department for a couple of years as part of his or her own personal development. This has not happened quite in the way that Hamilton foresaw, partly because many companies - and, it must be said, Government - have curtailed their graduate management training programmes.

Arguably, however, the main reason why Peter's predictions have not been realised is that, instead, we have seen what is best described as an ‘explosive' growth in the outsourcing of security. This has resulted not only in commercial and industrial organisations contracting-out their non-core functions, but even Government departments and local authorities looking to the private sector for the provision of support services.

In certain cases, security management is being delegated to this ‘new breed' of professional. Security is losing out. Just as it did when the computer professionals took control of data and information security from under our noses, so too have facilities managers created a situation whereby, in many organisations, security is now but a subset of that department. Elsewhere, former insurance officers have become risk managers working at far higher salaries.

Is it inevitable that if what is left of security is not subsumed into facilities management, it will instead become part of risk management or the wider focus of loss prevention?

What this provocative philosophising really means is that if security is to maintain its status as an independent profession (with all that this implies), we have to start changing our opinions and outlook.

For a start, security professionals must play facilities managers at their own game. Make security useful. If the managing director turns around and says to you: "Old Joe in the Stores is retiring, so we're going to reorganise. Will you take over his responsibility for the pool cars?" then jump at this suggestion. Reply with: "Yes, and while I'm doing that, wouldn't it make sense for the drivers to be transferred, too?"

Setting managerial priorities

To be professional, you need to set priorities. One of the easiest ways to go about the role is do nothing save for responding to crises. Such an approach might work for years on end, and you'll get away with it. This has been the tactic of what one might call The Rescue Squad Hero-type of manager.

They'll ‘take the correct steps to deal with an incident'. It may be a couple of years down the line before senior management pose the question: "Why are we having all of these emergencies?" A more-than-usually alert chief executive might wonder why no pre-planning or preventative security work is going on.

Then there's The Busy Beaver. The manager ensconced in his office, surrounded by books, magazines and arcane security equipment. No-one really knows what this person does, and they're always seemingly too busy to talk. "Send me a memo" will be their stock response to queries.

Security is a partnership activity. The need to protect the organisation’s assets, people and operations leaves no room for stovepipe communications or internal empire-building

How about The Lunching Lizard? Recession, redundancy and downsizing has made this individual a little less ubiquitous of late, but those who are left on the scene can still be found lunching - or ‘being lunched'. No-one knows what they do when ‘not at table'. Didn't a certain Gordon Gekko once state (albeit in the classic movie Wall Street) that: "Lunch is for wimps"?

When industrial security first started the next sort of manager was very common. Most large facilities had one. The ‘species' saw its industrial role as virtually indistinguishable from its previous career. They used to be described as ‘a good thief taker' but, unfortunately, never allowed anyone else to forget it. This is The Factory Policeman. Such types now spend most of their time reading the obituaries in Police Review, and attempting to learn the new short caution.

Finally, perhaps the most potentially dangerous type of all. This security manager, often in his prime, views the whole thing as a bit of a game. Charming and capable, they will nonetheless have a fatal flaw - their career is more important to them than anything else, and they'll not let anything or anyone interfere with that premise.

Often achieving very senior positions, they'll flit from job to job, rarely staying in any one task for more than a couple of years. Under the well-cut suit and carefully arranged hair, readers, lurks The Steel-Fanged Butterfly.

Security's great paradox

Today, the practice of security is in a stage of its history that can appear paradoxical. On the one hand, security is being seen more and more as a professional discipline. One practised by specialist personnel. On the other hand, security is swiftly becoming the business of every person in the workplace.

How, then, do we reconcile these two apparently contradictory notions, and then rationalise the place of the security manager in the provision of an effective security strategy within an organisation's structure?

Larger organisations have both the requirement and the budget for a professional head of security. In others, the role may fall to someone who is double or even treble-hatted: the facilities manager or the head of personnel, for example. At the same time, the guarding function may be hived-off and given to someone with the title of Security Manager but having only security guarding responsibilities.

If we look briefly at a professional head of security, we should see a strategist who is able to pull together all of the diverse aspects of the corporate risk and security portfolio. Not only will he or she be able to advise on each individual area of security activity, but they'll also be able to integrate these activities to create an holistic solution. They will be skilled in assessing risks and threats, and in guiding the chief executive and members of the Board towards achieving maximum protection for the corporate bottom line.

However, the security manager will be unable to make their strategy work unless they accept the fact that every part of the security plan can only succeed if it is operated as a partnership. The formal security team members cannot - and, indeed, should not be the only people seen to hold a security role. Rather, a professional organisation will share the security responsibility.

Typically, the breakdown of responsibilities might see the Security Department sharing the protection of premises, guarding and stock control with facilities management, pre-employment screening duties with Human Resources, information security with IT, investigations with the Audit Department and business continuity with Group Operations.

Integrator and strategist in one

In the modern era, the role of the security professional is to be an integrator and a strategist, to advise and to maintain an ongoing awareness of the host organisation's strategic security programme.

Finally, we come to the most crucial members of the corporate security operation. To be successful, the discipline of security must be at the heart of the company. Indeed, CBI director general Sir Digby Jones recently said: "Security must be in the DNA of every corporate organisation" (‘Regulation "must be policed" states CBI boss', News Update, SMT, December 2005, p7).

If a company has 6,000 members of staff and 60 people in the security team, it does not have only 60 security officers. It has 6,000, because a professional security manager will draw every member of staff into the security plan. It's the only way that plan will succeed.

Security that is only effective when a designated member of the security team is present is no security at all.

The overriding lesson to be learned by the corporate security director or manager is a simple one. Their role is not to enforce security. Rather, it is to use their specialist skills and experience to assist all members of the organisation in making the company's security regime work.

Security is a partnership activity. The need to protect the organisation's assets, people and operations leaves no room for stovepipe communications or internal empire-building.