Lead on Purpose

Promoting Leadership Principles in Product Management

How Leaders Deal Effectively With the Security of Their Company and People


Guest post by Rebecca Gray

Today, the most valuable commodity many companies have is not a product, but information – proprietary systems, processes, patents, or financial information, and the damage inflicted by a security breach goes far beyond its immediate costs. Top management sets the tone – and the potential effectiveness – of the company’s security practices. The following represent some of the critical aspects of what you as a company leader must do in order to maintain effective security programs:

Awareness – Adequate security includes awareness of potential threats, as well as the means for protecting against those threats:

  • In-house or contracted security? – Depending upon the size of the company, dealing with security issues might be beyond in-house capacities, with leaders forced to rely upon security experts to determine risks, to craft, and to implement policies. The challenge is to understand security liabilities well enough to deploy the security solution that best addresses risk and exposure.
  • You don’t need to reinvent the wheel – But you do need to understand how it works. There are excellent books, white papers, workshops, and websites available to help company leaders understand modern security measures.
  • Keep your legal counsel in the loop – Like security issues, privacy laws are constantly changing, and you don’t want your security measures to leave your company vulnerable to litigation. Your legal representatives should review security plans before they are put into play.

Commitment – Once you have decided upon your company’s general requirements and capabilities, you will need to formulate and implement a viable security plan. This will involve:

  • Authorizing appropriate security staffing or submitting, reviewing, and approving bid requests for contract security services
  • Learning and understanding the proposed policies and procedures
  • Supporting policies and procedures once they are developed and approved.

Follow-through – Merely implementing a security policy isn’t enough. Corporate leaders must endorse security efforts wholeheartedly. To ensure that there is ongoing engagement from both sides of the table, consider these ideas:

  • Stay up to date on security trends, news, and issues –Leaders must stay abreast of major changes and how they might affect their organization.
  • Include security news and updates in regular employee communications – Update all affected employees when security changes occur.
  • Seek employees’ feedback – Employees are most familiar with daily operations, so they furnish the best feedback about security policies.

You need to recognize that a breach in your company’s security – even a seemingly minor one – poses a significant threat to the vitality of your company. Preventative policies and efficient responses to security problems set the tone for success within your company, supporting employees and customers’ safety and security as well as the company’s profitability

Rebecca Gray writes about criminal background check for Backgroundchecks.org. She welcomes your comments at her email id: GrayRebecca14 [at] gmail [dot] com.

The Product Management Perspective: Typically product managers have little to no involvement in company security. However, they do have the responsibility to make sure their products comply with the company’s security policies, and more important, that they comply with the security needs and concerns of their customers.

2 thoughts on “How Leaders Deal Effectively With the Security of Their Company and People

  1. I think the real question product managers (PMs) need to ask is “What proportion of my product’s development time should be devoted to security?” It may vary from release to release but it still needs to be there.

    The worst answer a PM can give is “I don’t know”. An unmeasured or unarticulated requirement means no requirement. The frequency and severity of security incidents is increasing, such as the latest eBay and Target breaches. With software moving from on-premise to SaaS, security is more and more the vendor’s responsibility, too.

    However, PMs are not alone. Security is a specialist area – it can be high technical and evolves rapidly. PMs need to work with architects and information security professionals. Not every issue must be fixed but important ones need to be considered. Remember that sometimes the best solutions are non-technical (e.g. contractual obligations, avoiding certain features, etc).

    • Anthony, I like the question you propose. Understanding the security needs of the software you’re building/maintaining is critical to its overall success. PMs should definitely take the time and effort necessary to assure their software is secure, regardless of the market it serves.

      Thanks for your insight!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s