Recently, I had the opportunity to speak with a facility security officer who was ready to move on to another job. He was frustrated because he had not been able to get his senior leaders on board with the security plan. It seemed no matter what he had sent for approval, his policies were not taken seriously. Since I had only heard one side of the argument, I could not come to a conclusion about the root cause of his frustration. However, I do know that he is not alone as many FSO’s of small defense contractors face similar issues within their own companies.
Problems such as those mentioned above stem from two possible reasons in small defense contractor companies. The first is the FSO has not developed a reputation of understanding how to apply security measures to the way the company makes money. The second is that the senior officers have appointed a lover level employee to the FSO position.
Understanding how security fits into the organization is vital. Security managers who over-react or use unsubstantiated scare tactics can lose credibility quickly. They should present security programs in a way that makes business sense to the senior leaders. FSO’s should also understand that the security program belongs to the company and is not theirs. It is a business decision and not a personal success or failure. For example, a security practitioners may present security requirements above and beyond the NISPOM when they are not necessary. When challenged to justify expenses or rational for change in policy, the FSO’s may defend their decisions by recalling conference or training events and may take such requests as personal challenges. The experienced FSO understands that security decisions are based on careful risk assessment, and not on general or best practices that may not fit a company’s business model or culture.
The second problem addresses the level of the hired or appointed FSO. Suppose the FSO does make a sensible request based on threat assessment and NISPOM requirements. The program is presented professionally, but the management does not understand the role of the FSO as compliance officer and they are typically left underutilized. Perhaps they consider the FSO as a strictly administrative function. In these instances, the FSO has little input into the culture of the company and struggles to implement critical security measures.
Consider successful security models in Fortune 500 companies. They are larger and usually part of a mature corporate structure. Even larger defense contractors fit this category. Successful companies have security managers, chief security officers and compliance officers that are able to address security, privacy, and sensitive company information. These officers usually hold positions and responsibilities at the executive level as well as possess management skills and graduate degrees.
FSO’s in smaller DoD contractors have a unique challenge as far as the company culture and corporate structure. Perhaps the FSO was appointed from a lower management or assistant position. The management has mistakenly believed that the position is strictly administrative and is in place to request clearances and file away classified material. In other situations, these smaller companies grow larger with new contract requirements and responsibilities and work requirements grow with them. Those lower level employees are now faced with situations of growth, but their influence has not increased. The growth is happening and changes are made without their input, leaving them to play catch-up.
Look and act like senior leaders-So, how does the described security manager create influence and credibility that counts? First of all, they should observe the managers and imitate them. If management is dressed professionally, then the FSO should dress similar. If management requires professional and college education, the FSO should complete theirs.
Learn how the company earns money-Understand the acquisition and buying system and become an expert. When the security manager understands the contracts process, they can contribute and present the security program in such a way that everyone understands. Instant credibility is gained when management knows the security manager is on board with cost reduction and compliance.
Presenting the security program does not have to be a frustrating event. If an FSO is in a position lacking credibility and influence, then they should do whatever it takes to move to the next step. Establishing credibility is a must and it involves making the transition from an administrative clerk to a risk analyzing and compliance professional. Learning to look and act like management and demonstrating an understanding of the business cycle is key to making that move toward excellence.
Read more about this article and follow Jeff's other ariticles, newsletters and updates @ http://www.redbikepublishing.com/index_files/Page412.htm
Jeffrey W. Bennett is the owner of Red Bike Publishing (http://www.redbikepublishing.com). He is an accomplished writer of non-fiction books, novels and periodicals. Published books include: "ISP Certification-The Industrial Security Professional Exam Manual"-Red Bike Publishing
Visit our site often for in formation on the upcoming book "Managing the Security of Classified Information and Contracts".
About Red Bike Publishing: Our company is registered as a government contractor company with the CCR and VetBiz (DUNS 826859691). Specifically we are a service disabled veteran owned small business.
Jeffrey W. Bennett
Author of ISP Certification-The Industrial Security Professional Exam Manual
Join our newsletter
Follow me on twitter
Join the Linkedin Industrial Security Professional Group
Post a Comment