Many companies worry about attrition – and for good reason. Few areas feel this pressure more acutely than the field of security. While companies can’t control the tight job market, they can control some of the factors pushing employees to leave.
Many factors contribute to departures, but poor managers are consistently ranked among the top factors, if not the top factor. A poor security manager, in particular, can have a disastrous effect on the security team. So how can organizations know if they have the wrong security officer in place? Here are the top 10 signs.
1. Inability to think strategically: In my experience, the ability to look ahead, identify the right direction, and see how to move from the current state to the desired future state is not a common trait. Although many positions in security do not require it, a security management position most certainly does. Bad leaders lack this ability, and it results in constant meanders and zigzags.
2. Running from crisis to crisis: As mentioned above, bad security managers are neither strategic nor methodical. They cannot anticipate, cannot see potential problems, and cannot anticipate crises. Thus, they spend most of their time running from crisis to crisis and actually hamper their security team’s ability to progress.
3. Reluctance to put anything in writing: Writing things down brings certainty, direction, and accountability that bad security managers run away from. Unfortunately, these leaders often believe that what is not written cannot be used against them. This is unfortunate because it creates a security organization that is confused, lacking direction and desperate for someone to take charge and take responsibility.
4. Words and actions do not match: I’ve never been a fan of “do as I say, not as I do”. Most people I’ve worked with aren’t fans either. It is easy to speak in words about matters requiring special attention. It’s much harder to understand them, identify the root causes, develop a plan to address them, and then implement that plan successfully. Bad security managers use words while their better counterparts use action.
5. Poor communication skills: Security leaders must work hard to build trust with team members, leaders, customers, partners, and other stakeholders. A big part of that is good communication skills. Bad security managers lack the required skills and often lead to a loss of trust. When this feedback comes from stakeholders, and especially customers and partners, it’s never a good thing.
6. Removal of talents: While we expect a leader to nurture and cultivate talent, bad security leaders do the opposite. They suppress talent. Maybe they believe that the best talents are wise for them. Perhaps they fear that the best talents are too successful and too beautiful. Whatever the reasons, if top talent in an organization is being removed, it’s a bad sign.
7. Self-centered: Good leaders listen more than they talk; at least they listen before they speak. They put their teams before themselves and give them what they need to succeed. Poor leaders do the opposite. They focus on saving themselves from crisis after crisis. As a result, the needs of the security team are not being met, initiatives are not moving forward, and frustration and disappointment are increasing. Since bad leaders don’t listen particularly well, they can’t hear the storm coming and therefore continue to focus only on what they need to.
8. Does not make difficult decisions: Leadership requires decision making. Not all decisions are easy, but every decision is important. The toughest decisions test a leader. Bad leaders may try to pawn decisions on others or dodge decision-making in other ways – but in the end, the decision won’t be made. This leaves their security teams in a state of paralysis; the security posture of organizations suffers.
9. Does not answer difficult questions: Bad security managers can’t stand being held accountable for answering tough questions. Thus, they will avoid them, change the subject, stall, or use a variety of other avoidance techniques. Needless to say, as more stakeholders see the leader dodging tough questions, trust in the security team is rapidly eroding.
10. Take Coverage (and Credit): Bad security officials are often pretty good at co-opting allies to cover for them – but they rarely or never give kudos. They are quick to point fingers when something is wrong, but when things are going well, they rush to take credit for it. At some point, their allies may become wise; if they stop covering the leader, watch out.
Although organizations cannot completely stop attrition, they can control certain factors that contribute to it. By finding and eliminating weak “leaders” within their security teams, organizations can reduce the risk of security personnel becoming frustrated, demotivated and demoralized. This makes it easier to reduce the attrition rate to a more manageable level and helps security teams work more effectively to improve their organizations’ security posture.
