Industrial security

Written as a guide for Niccolò Machiavelli's Medici lord, Lorenzo the Magnificent, The Prince is frequently misunderstood and the word ‘Machiavellian’ is often used as an insult. Personally, I have always thought of The Prince as being a very pragmatic and practical treatise. 

“What has this got to do with security?” you may well ask, well in many ways, the security professional needs to adopt a pragmatic, Machiavellian approach to mitigating the threats and risks faced by the enterprise they are charged to protect. Whilst we hope that the work of highly skilled professionals is recognised by their colleagues and the wider community, it may sometimes mean that they run the risk of being unpopular.  

Even in my volunteer capacity with ASIS, I cannot please everyone. Despite spending a considerable amount on my working week as an unpaid volunteer leader, there are always those who seek to criticise. Normally they are the ones sitting on the side-lines without making any positive contribution, but always happy to point out another’s perceived failings. 

Security practices and procedures, when applied well, support the needs of the enterprise as well as protecting people, property and assets and can frequently deliver a tangible ROI and act as an ‘insurance policy’ protecting things like reputation and mitigating the insider threat.

The old view of the security manager was often the person who says “No” and stops people from doing something. Although this can still, to some extent, be the case (we do need to limit access to premises / data / people, moderate behaviour and protect people from doing themselves or their colleagues harm)  more and more security is being seen as an important business department in the same way as marketing or HR or FM. 

This doesn’t mean that security has become universally popular but it is becoming more valued. The proliferation and scope of acts of terror, serious and organised crime, including cyber attacks, have the unintentional benefit of increasing the regard that security and the security professional is held. The other factor is the rise in the skill and knowledge level in the security profession. Most managers now will have relevant academic qualifications, internationally recognised certifications, be members of professional bodies, undertake CPD / CPE etc.   

These factors mean, hopefully, that the security professional can speak with a more informed voice, but that the advice given and actions taken do not necessarily become any more popular, just harder to ignore.  

Communicating a message, particularly one relating to security is a key skill. Our friend Machiavelli also wrote “He who wishes to be obeyed must know how to command” and whilst this is not necessarily the message you would want to convey in a modern business environment it could be translated as “If you want your policies to be adopted and adhered to, you need to know how to deliver these clearly and in a way that encourages their adoption.”

So to summarise, whilst being universally popular is good and can deliver the results you want, we must not be afraid to be a bit unpopular if we want to succeed.   

“It is better to be feared (respected) than loved, if you cannot be both.”

Mike Hurst CPP is vice chairman of the UK Chapter of ASIS International and a member of its European Governance Work Stream and its Professional Development Council. For more information visit www.asis.org.uk