Although historically security has experienced a relatively low priority in the corporation’s management structure, post the incidents of 9/11 in the US and 7/7 in the UK this situation has changed dramatically. Therefore, the position and skills of security managers is being looked at in a new light.
Within this study, the intention is to address the question of whether managerial skills are of more importance than specialist knowledge for security managers. It is the author’s opinion that the likely conclusion of the research undertaken is that, although managerial skills are of paramount importance to a security manager, because of the delicacy of their position a high level of specialist skills are also essential.
Essentially, security is deemed as being a “protector of resources” (van der Bijl 2005, p.75). As such, its task is to defend a business against loss, theft and damage. This task includes all areas of the operation, including systems, equipment, property, employees and customers. In the commercial sense, this protection level also extends to the future profitability of sensitive data controlled by the business.
The security threat to any organisation manifests itself in a number of ways. In the physical sense burglary, criminal damage and attacks against the employee or customer can be a major problem, particular with an organisation such as the NHS (van der Bijl 2005, p.75), where of necessity there is a high degree of open access. In the non-physical sense there is the potential, particularly with the growth of information technology, for a growth in thefts of personal records, business data, damage, and disruption to internal systems. Incidents in any of these areas will have a significant impact upon the organisation in terms of trust, confidence and cost.
Addressing these issues, particularly in larger organisations, requires the business to design and implement a security strategy that is efficient and achieves the desired goals. For this strategy to be effective there is a need for a managerial structure that is able to discern the resources required, including personnel, their tasks, operational procedures and deployment.
In general terms, the role of a manager is to ensure the achievement of the objectives that have been set, either by directive from higher management or those outlined within his or her job description. This will include strategic planning, organising and coordinating the tasks, then monitoring and controlling the outcome. Therefore, it is important that the manager possesses the relevant personal and knowledge abilities to complete these tasks (Cowling and Mailer 2004, p.50).
Although in many ways the duties of a security manager is similar to that of any other managerial position within the business, their role is defined by the specific sector and culture they are working in (Easterby-Smith and Lyle 2003, p.235). Because of the uniqueness of their position, a security manager’s initial task will be concentrated upon assessing the risk. Before a strategy can be developed, he or she will need to ascertain the nature, location and degree of any potential breaches of security. For example, if it is a physical danger they will need to know where the likelihood of this occurring is; what preventative measures, such as CCTV are in place, and how effective they are. Similarly, in areas such as information technology, the manager will need to assess whether existing protective IT measures are sufficient or in need of improvement. Risk assessment in security requires a high level of expertise and, although this can be undertaken by the use of outside consultants, it is equally important that the security manager has a reasonable level of relevant skills, as without these there is an increased potential for strategy failure (can der Bijl 2005, p.77). Only if the manager has some understanding of the risk assessment can he or she ensure the implementation of an effective protection strategy.
Having established a strategy, the security manager will need to ensure that he or she has sufficient resources to match and fulfil the objectives of that strategy. In a commercial organisation, as Yu-lee (2002) shows, this is not always a straightforward task as there will usually be a requirement to match the cost of additional resources against the benefits they produce. For example, if deploying security lights it must be proven that they will reduce the incidence of crime and therefore benefit the business in ways such as reducing insurance premiums and raising consumer confidence, thus leading to potential increased profitability.
The coordination of tasks, namely ensuring that the information and resources is delivered to the right place at the right time (Mullins 2004, p.421), is an area that also requires an element of skill and knowledge particular within the security industry. If the manager does not have an understanding of the purpose of the task, it is likely that this will lead to errors resulting from incorrect deployment of information or resources.
Managing human resources
One resource that is crucial to operational security is the personnel. Successful management of human resources is therefore a key skill requirement for the security manager. The success of any business strategy is directly related to the people that operate it, and security is no exception. Managers need to ensure that they get the best out of their employees in terms of their understanding, ability and dedication to the job they are employed to do, and much of this will depend upon the relationship that is developed. In this respect, a successful manager will adopt a leadership role that is a combination of the various leadership models, such as some of those described in the works of Laurie Mullins (2004, p.312).
Understanding the needs of the workforce, and creating a harmonious working environment where all employees are motivated to work towards a common goal is the art of good leadership and management. This is especially the case in the modern environment where there is more employee choice (Mullins 2004, p.282). It is equally important for the workforce to feel that they have an involvement and future with the business. The manager can achieve this in two ways.
The security manager can improve employee involvement within the organisation by delegation of tasks and encouraging their contribution, by way of ideas and suggestions, to the strategy formation itself. Not only does this empower the employee, it also leads to an expansion of potential solutions available to the security manager, therefore providing an increase in the number of solutions available from which to successfully address potential security issues that arise.
Employee development is an equally important area of management duties. Employees will only be competent at their work if their knowledge and training matches the needs of the task that are set for them. Part of the manager’s role is to encourage the development of these skills. An effective manager will be aware of the value of this process, both for the future of the organisation and the employee, and therefore introduce an employee learning and development process as part of their operational strategy. This usually involves the introduction of structured training programmes catering for individual and group employee needs. In most industries, these training programmes will be organised using a combination of internal training, which will include familiarising the employee with the organisation’s policy and specific needs, and external training to ensure they remain updated on industry developments, including the use of modern technology. In the case of certain individuals, the training may also include succession targeted learning, where such individuals are considered able to be promoted in the future to management or leadership roles.
The level of interrelationship between manager and employee can define good leadership, which in the author’s opinion is an essential element of a manager’s tasks. It is increasingly becoming the consensus of opinion that the quality of leadership is a necessary skill requirement for managers (Mullins 2004, p.284). The employment of the leadership skills described previously demonstrates the manager’s commitment to their employees and, in the majority of cases will produce a favourable result (Mullins 2004 p.316 and 422). In addition, it improves staff retention levels and provides for a level of strategy continuity that is essential in areas such as security.
As with other management duties it is apparent that, in the case of managing human resources, there is a need for the manager to have specialist security knowledge. The evaluation of employee creativity and its benefits to the organisation is made more difficult if the manager does not have an understanding of the business special skills. A similarly difficulty would be experienced in the formation and conducting of internal training programmes. Without such knowledge, it is likely that the effectiveness and value of such training programmes will be reduced.
Management and knowledge
Knowledge, learning, and its management, is important in business. The better understanding brought about by knowledge will lead to a higher level of competency of managers as well as their employees and improve the performance of the business (Mullins 2004, p.393). Staff will react positively to a more competent and experienced manager than they will one who is lacking in the skills associated with their role.
The other aspect of knowledge at management level is their increased ability to be able to monitor the strategy that they have implemented and evaluate the performance of their employees. A classic example of the disastrous effects that results from a lack of managerial knowledge can be found in the collapse of Barings bank in the early 2000’s. As Howard Davies explained at the time, this occurred because the bank’s management decided to diversify into an area of the business where they had little or no experience. This and the inability of their financial systems to deal with the new business left them in a position where they were unable to monitor the situation and staff activities until it was too late. In effect, the cause of this collapse could also be attributed to a breakdown in the operation of the internal security systems that these types of financial organisations normally operate. Just as important, as this case proves, is the need for continued learning. Had the Barings management undergone a process of learning to achieve a competence in the new business skills, the opportunity for security breaches and danger of failure would have been identified earlier and significantly reduced.
From the research carried out for this study, it is the author’s conclusion that whilst it is essential for security managers to have management skills, their specialist skills are equally important in order for them to be able to effectively and safely manage their areas of responsibility. As van der Bijl (2005, p.77) observed in his paper on security in the NHS, a security manager without the requisite knowledge and skill is “as daft as employing a financial director without accounting skills.” Skill deficit in such an important aspect of any business, in my opinion would reduce the level and effectiveness of the security manager as much as the lack of management skills.
Bartol, Kathryn M., and Martin, David C (1998). Management. McGraw Hill College. UK.
Bohlander, G. W., Snell, S. A., & Sherman, A. (2004). Managing human resources (13th ed.). Florence, KY: Thomson Learning Higher Education.
Cowling, A.G and Mailer, C.B (2004). Managing Human Resources. 3rd Rev. Ed. Butterworth-Heinemann Ltd. London, UK.
Davies, Howard. (2001). Management skills and competencies in a rapidly changing financial environment. Egon Zehnder International Insurance Symposium. Munich, Germany. Retrieved 3 February 2007 from http://www.fsa.gov.uk/Pages/Library/Communication/Speeches/2001/sp78.shtml
Easterby-Smith, Prof. Mark and Lyles, Marjorie (2003). The Blackwell Handbook of Organization Learning and Knowledge Management. Blackwell Publishers. US.
Mullins, Laurie J (2004). Management and Organisational Behaviour. 7th Rev. ed. FT Prentice Hall. UK.
Muncaster, Phil (2006). Challenges ahead for security managers. IT Week. London, UK
Van der Bijl, Nick (2005). Security in modern healthcare. Hospital Engineering and Facilities Management, Issue 2.
Yu-Lee, R.G. (2002) Essentials of Capacity Management. John Wiley & Sons Inc. p. 150-153