It's Time to Promote Security Talent From Within

COMMENTARY
Years ago, I attended a conference that was keynoted by a well-known and brilliant scientist. The talk was well-researched, thought provoking, and entertaining.  I enjoyed it thoroughly.

There was one comment  the speaker made that stuck with me.  The speaker was making the point that countries that have scientists on their currency tend to value science more than those that do not. As an example, the speaker showed a five Lira banknote of Israel that was in circulation from 1968 to 1973 depicting Albert Einstein. “Albert Einstein was not Israeli, but when you are that smart, everyone wants you as theirs,” the speaker noted.

This statement by the keynote speaker — a world-renowned scientist — taught me a valuable lesson. In this specific case, the keynote speaker, brilliant in the field of science, was unable to deduce why Israel would feel a connection to Albert Einstein — something that many of you may have intuitively understood. I believe that in the security field, we can learn an important lesson from this that is sorely needed and long overdue. We need to learn to recognize talent when it is right in front of us.

I think that we as a security community should ask ourselves why we don’t promote more from within.  In my opinion, not promoting from within is a huge error in judgment.  Many in the security community likely agree with me.  Here are five reasons why I think so:

Experience: I think most people would agree that there is no substitute for real-world experience.  Time in the trenches is important in any field, including security.  Without a background that includes hands-on experience, it is difficult for any leader to truly understand and appreciate the very domain-specific challenges that security professionals grapple with.

Problem solving: While many people have problem solving skills, these skills are honed with experience.  Time in the security field teaches analytical people to more efficiently gather and process the information required to make timely and accurate decisions.  Without that experience, a newly minted leader risks leading their flock astray.

Trust: Relationships in security are built on trust, perhaps even more so than in other fields.  These connections are built over time and are often born out of time together in the trenches.  To put it colloquially, security is all about street cred.  It is simply not possible for an outsider to garner this level of trust within the field, which will adversely affect that leader’s ability to be successful.

Respect: Security professionals are notorious for working harder, longer, and more diligently for those they respect than those they do not.  Perhaps that should not be the case, but it is the reality of the field.  When a respected leader asks a lot of their team, the team will almost always rise to the occasion.  Sadly, this has not been my experience when the leader lacks that respect.

Passion: A true leader is passionate about what they lead.  When someone has invested the majority of their career into the security field and has worked tirelessly to improve the state of security, that passion is palpable.  The security team will see a leader’s passion (or lack thereof) and will respond in kind.  This has a direct impact on the performance of the security team as a whole.

There are smart people and good leaders that have grown up in a variety of fields.  In security, however, the time has come to promote security leaders from within.  Not doing so will continue to hold us back as a field and will continue to put enterprises unnecessarily at increased risk.