Disclaimer: The views expressed in this article do not necessarily represent the views of the agency or the United States.
Are you having difficulty receiving acceptance from senior leadership? Are you struggling to obtain buy-in for security funding other than the three Gs — guards, guns and gates? Let me share with you how I have been successful in gaining buy-in from senior leadership.
The goal is to focus on changing the security culture and receiving the buy-in you have been searching for from senior leadership. How do I do it? The answer is data. In case you haven't figured it out yet, security is in the customer service business. Our customers drive the services that we provide to our organization, and data tells our story. Most of our senior leaders do not understand the depths of security and day-to-day duties. If we are unable to tell our story, we will never receive buy-in from leadership. For each security program that you have, start tracking each service that you provide.
A perfect example of this would be how law enforcement tracks its calls for service. Each time an officer is dispatched to a call, that call is tracked and used to determine working hours for the fiscal year. For security, the same concept can be used for each program. For example, in December, the Identity Credentialing and Access Management program compiled the following numbers on identity cards:
New Issuance: 83
Pin Resets: 43
Access Control Programming: 84
Certificate Updates: 37
Lost/Stolen/Missing Card Replacements: 12
ID Card Destructions: 7
Employee Separations: 8
Employee Onboarding: 12
Now, imagine tracking the services for all of your security programs, administrative tasks, staff hours and so on. Sure, there will be growing pains when formulating a tracking sheet and asking your staff to take on the added workload. I can assure you, though, that the extra effort is worth it and will return on your investment (time). By tracking these numbers, you can then use them to provide a weekly, monthly and yearly report. The most valuable part is that you now have the evidence and data required to justify your security needs to senior leadership. In addition to the data, you can also determine whether your programs provide value to your organization or cost them unnecessary money. The data gathered could also be used to justify staffing needs. Most importantly, though, the data tells your story and defeats the old mindset that security is only in the three Gs business.
I hope you found this discussion helpful, and as always, I am happy to discuss this method in more depth. If you're interested in learning more, please reply or email me directly for a more expanded discussion.