Security policy is just as good as the paper that it is written on. However, those professionals who want to incorporate sound policy with demonstrated good procedures understand that a written document is just part of the solution. Success rests on the entire enterprise accepting and incorporating the policy as a normal part of doing business. The road to that success can be quite bumpy, but I’ll lead the way.
There two kinds of challenges facing security professionals; self-Inflicted and the second, institutional.
1. Self-Inflicted challenges are the ones that we place in our own way. They are perceptions about our capabilities (or lack there) that professionals form about us. The perceptions manifest two different ways; lack of vision and lack of initiative.
a. Lack of Vision - The Dr. No Syndrome- “No, you can’t do this or have that.” “The NISPOM says blah blah blah!!!” “The answer is NO, now frame your questions accordingly.”
In my early days as a facility security officer (FSO), I once told a program manager that we couldn’t do what he wanted. However, later research indicated that his solution was definitely a possibility. Unfortunately, he did the research himself and pointed out my error. I was lucky that he approached me professionally and I was able to maintain a good reputation and not that of a “Dr. No”. As part of an enterprise team, we should help with solutions that help the organization perform while complying with National Industrial Security Program Operating Manual (NISPOM), national, or corporate regulations and policies.
b. Lack of initiative – “If people thought security could do better they would come talk to me.” I remember as an export compliance officer an incident where one of our business developers proceeded to form a business plan with International Traffic in Arms Regulations (ITAR) controlled implications. A colleague of mine expressed remorse that he had not been contacted. “They know I’m here,” he said. “It’s their responsibility to find me and start the licensing process.”
Though he was technically correct, where’s the motivation and initiative? I learned from that initiative and made it my business to attend every program and business development and contract meeting I could find. Taking such initiative allows the security manager to anticipate program needs ahead of time. In this capacity you can implement and direct policy as issues arise and not after the issue gets ugly.
2. Institutional Perceptions
a. Lack of understanding - “You’ll interrupt cost, schedule and performance.”
The statement above is a well expressed perception that security provides no value added. Many times, it’s a direct result of self imposed obstacles. Recall the earlier example where I began attending all program, engineering and business development meetings. As a brand new FSO, I invited myself to one of my first security meetings. I was able to demonstrate the impact of security requirements to the enterprise should we win an engineering contract. The value added was the identification of storage and classified work requirements and what it would take to meet those requirements.
After the meeting, I headed back to my office. The phone rang.
“Hello”, I answered.
“Who did you charge the meeting to?” replied the no nonsense contracts manager.
“Huh?” I replied, obviously not understanding.
“What line item, did you charge to? I can’t afford to pay everyone’s way to any meetings they want to attend.
“Oh, now I’m following. Don’t worry, I’m free; indirect charge. I hope you liked the direction the meeting went.”
The phone was silent for a moment.
“Sure, you’re welcome to attend anytime,” she relented before hanging up.
Demonstrate that security is a value added when applied early and effectively. Proper procedure can help programs to reduce costs, improve schedule and enhance performance.
b. Limited expectations - “Just take care of the clearances.”
I remember sitting in an FSO’s office while she lamented her lack of effectiveness. She explained that she was not involved in her company in any other way than taking care of security clearances and annual security refresher training. She wanted to offer so much more and she did have many years of valuable experience.
Expand expectations by demonstrating incredible value. Contribute to contracts discussions, help the HR department protect personal identifiable information, consult business development on possible impacts of the classified contracts they are pursuing. Think of ways beyond the NISPOM or other requirements and assist the enterprise.
In most cases security is an indirect charge, capable of contributing to the entire organization without impacting individual program costs. However, FSOs and security specialists have to overcome self imposed and institutional perceptions. It takes work and initiative to do so, but the entire enterprise benefits.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing. Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook". See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
No comments:
Post a Comment