Happy fall! I live in Georgia, so my fall isn’t quite as cold as some parts of the country, but we’re breaking out the jackets and preparing for our annual ¼” of snow (that will, of course, shut down the entire city). With the change in seasons also comes planning for a new year. This got me thinking about the function of security in corporations and how it has evolved. More importantly, I thought about how security should be incorporated into strategic plans. I want to share some of my thoughts on this in the post below. By the way, you can expect to hear from me often within this new series of posts we’re calling our Strategy Series. If you have any comments or feedback, let me know! And be sure to reach out to Nexum if we can help with any of your security initiatives.
The Role of Security
When speaking in public, I frequently talk about the role of security in business. I use two statements to set the stage for this conversation. The first is my own (and a bit cheesy; I will not be quitting my day job to pursue a career as a professional slogan creator anytime soon).
“Security must be the enabler of Yes, not the facilitator of No”
The meaning behind this is the simple idea that the role of security must be to move the business forward or to create a competitive advantage. For many organizations, the security team is viewed as the team that says “no,” or the team that blocks progress. I would challenge all of us to correct that image and recognize that security can be one of the most valuable assets in an organization.
There is a parallel example from our legal teams. In some cases, the legal team may be viewed as “getting in the way” of business, but the reality is that a good legal team is one of the most potent assets an organization has to grow and win new business. Certainly, the legal team’s role is to protect the organization, but they will do so while enabling the organization to meet critical goals. The security team should be viewed through the same lens.
Let me give a real example. I cannot mention customer names, but I will discuss the scenario. I worked with a company that focused on welding parts. The first thought might be that security would not be that critical in that business and certainly would not provide a competitive advantage. Yet this organization was forward-thinking and recognized the opportunity that security could provide. This company worked with confidential blueprints from the automotive and military sectors. By putting advanced security in place and advertising the policies and tools used to protect the valuable intellectual property (the blueprints) of their clients, they were able to grow their business. Their approach to security was the key enabler for this growth – taking security well beyond a purely defensive tool and leveraging their strengths as a competitive advantage.
“It is amazing how many drivers, even at the Formula 1 level, think that the brakes are for slowing the car down,” – Mario Andretti.
The other quote I like to use that applies to this way of thinking is from Mario Andretti. I am a huge Formula 1 fan, so finding a way to leverage my favorite sport with my profession was too good to pass up.
This might seem like an unusual statement (of course, the brakes slow the car down). That is true, but the point of the quote is that the brakes do far more than slow the car, and that is not even the most critical function. The essential operation of the brakes is to ensure the car is positioned correctly for the optimal route through the corner, with the correct balance between front and rear to maximize acceleration out of the corner. In other words, the very tool designed to make the car go slow is the most critical element in making the car go fast.
This same thought process applies to security. Of course, security has to protect the organization, but the role of security is much greater and should be used as a competitive advantage and business accelerator.
As we enter the final quarter of the calendar year and many of us are writing our strategic plans for the coming year, I would like to encourage all of us to think differently about security and evaluate how security can move from a purely defensive mechanism to a strategic business asset and differentiator.
Check Out More Resources
The Nexum team attended Black Hat 2023 and DEF CON 31 conferences in Las Vegas. Check out this post about their experiences and some guidance on the differences between the two events.