We were fortunate to have Andrew Plato of Anitian host the UMSA WebTracks webinar this month. The subject was security vision and leadership, and his message was simple: making people care about security requires a security vision and a great leader to implement it.

We have a security program problem

One of Plato’s main points was that in order to make people care about security, we need to make people understand why it matters, not just tell them there is a problem and expect them to care.

Plato practiced what he preached in this webinar. He started by acknowledging that we are not going to waste time talking about what we already know; instead, he simply stated that we all know we have a security program problem and then quickly moved on to understanding the problem – a lack of security vision.

What is a security vision?

Plato shared that just like your company has a vision statement, your security department needs one, too. Why? Because people are inspired by vision statements. People work hard for and defend things that inspire them. A security vision that illustrates your department is working for the greater good will make people care about security because they too want to work for the greater good.

When you have a security vision, it unites your company in a common goal and enables an agile, authentic, aligned and actionable security program.

As an example, Plato compared the FedEx vision statement to Raytheon’s.

FedEx: “FedEx Corporation will produce superior financial returns for its shareowners by providing high value-added logistics, transportation and related business services through focused operating companies.”

Raytheon: “One global team creating trusted, innovative solutions to make the world a safer place.”

Employees are going to be a lot more committed to Raytheon’s idea of greater good than FedEx’s financial promise if their leadership treats their employees with the respect their vision statement implies.

Being a great security leader

Having a great security vision is not enough to make people care about security; you also need to be a security leader who embodies that vision and continually works to help others embody it. Plato shared seven characteristics of a great security leader:

• Trustworthy – If employees don’t trust you or believe your vision is authentic, they won’t follow you.
• Analytical – You have to be able to get into the details, assess them and make them easy to understand for those outside your department.
• Vision – You need see the future. You need to know where your company and department are going so you can be a step ahead with security solutions.
• Inspirational – It is up to you to bring the greatness out of employees and to acknowledge greatness when you see it.
• Inclusive – Security requires you to get everyone on board. Even the people you don’t like or the people that don’t like you need to be committed to the security vision for it to work.
• Humble – Put the needs of company and vision ahead of your needs.
• Fearless – Know that people are going to chastise you and try to tell you that you are wrong. If you know your plan is the best there can be, be fearless in promoting it.

Andrew Plato is a phenomenal speaker and is the king of entertaining slideshows. This blog post barely scrapes the surface of all the helpful points he made during his webinar. You can watch his webinar for free to get more in depth on the topics above and learn about an action plan for creating and implementing your security vision.