Five Key Objectives for a Security Intelligence Advisor
The key objectives for security intelligence advisors were adapted from a recent webinar, “Taking Your Intelligence Function from Good to Great.” This article represents the combined advice of our expert panelists from that broadcast.
Intelligence professionals need to think of themselves as not only “analysts,” but as information brokers, facilitators and alignment experts. These security intelligence advisors have a unique and expanding role in the corporate setting. They provide actionable guidance for a variety of decisions. They serve as a bridge between not only risk management professionals, but between different business units who seek to mitigate risks.
The field of private sector intelligence is dynamic and evolving, which presents new opportunities for security intelligence advisors. For those who which to make a positive impact and grow their careers, we suggest the following five key objectives:
Become a good service provider
While security intelligence always implies some level of analysis, security intelligence advisors must think of themselves more broadly to be effective in the corporate setting. Intelligence is a service, and focusing on being a good service provider should be one of your key objectives.
Here’s one way to think of it: security intelligence helps executives and other leaders in the organization make better business decisions with regards to risk and opportunity.
You can do that in a number of ways. You can do it by reducing uncertainty. You can synthesize information for these decision makers. You can make sense of the unknown, you can analyzed facts and do a few other things. Ultimately you are providing decision support on any major decision – including high-risk choices – that your organization is going to make.
Understand your stakeholders
This starts with doing whatever it takes to really understand your internal clients, which likely includes the “owners” of different business units and other key executive and stakeholders. Here are some suggested questions that can help build your understanding:
- Who are your primary customers?
- What do they want, need, and expect from a security intelligence advisor?
- Though which channels do they receive information? (e.g., email, Slack, etc.)
- How should you position or deliver security intelligence to help them understand or decide?
- How does security intelligence relate to their responsibilities in the organization – and the organization’s success?
- What is costing them money or making it harder to operate? Are their challenges or risks faced by their workforce? How complex is their supply chain? Do they face significant weather impacts or manmade disruptions?
Connecting intelligence with profitability
In the corporate setting, the profit motive is the prevailing motive. Intelligence advisors have the ability to decrease costs – or avoid new costs – by reducing risk. These costs come in the form of insurance premiums, inventory shrinkage, cargo theft, legal/regulatory liability, and more.
Intelligence advisors can contribute by helping stakeholders make informed decisions on topics that impact profitability. There are other agendas and priorities which vary in terms of immediacy, implications, and strategic significance. These will differ across industries, but examples include: due diligence on potential partners or brand ambassadors; where to locate offices, stores or other facilities; emerging risks in different markets; and more.
It’s important for you to understand how your work relates to your organization’s profitability. You will need to successfully advocate for budget and demonstrate the ROI on that spend.
Ongoing discussions
Emotional intelligence is crucial. You need empathize for the various challenges your colleagues are navigating. Try to understand their goals and how they relate to your skills.
You will need to meet regularly with your key stakeholders throughout your time as a intelligence advisor. You’ll have many conversations with these people, and here is a suggestion for your overall narrative:
You tell these business unit leaders how you think you can help them based on what they’ve told you and other intel you’ve gathered. You would like to ask their support to try your proposed program. Then you implement your program. After some time, you meet with them again and remind them of what you’ve implemented. Is this working for the desired purposes? Is the program achieving results? Are the notifications, reports easy to understand?
You are creating a feedback loop that helps you refine your security intelligence program(s) over time.
For some key stakeholders, it is advantageous to gain a much deeper understanding of how they think and operate. Depending on where they sit in the organization, you may not have the opportunity to spend extensive time with them. Instead, you may need to gather this information from your colleagues who know them. What’s this person like, what’s their personality, what’s their main mode of communication?
If and when you meet with these VIPs face to face, you don’t need to waste your time understanding the basics. You can ask more specific questions, and explore important concepts in greater depth.
Over time, you want to anticipate key trends and the security intelligence needs of your leadership team and other stakeholders. And then have an answer ready before they even ask.
Align Stakeholders and Priorities
The intelligence function often resides in the security department but should operate cross-dimensional and cross-departmental because it supports organizational goals. An intelligence analyst must effectively build a bridge between security and other departments.
Alignment is key because there are other people within the enterprise who manage risk – but aren’t part of the security team. And risk is not siloed. These risk management colleagues reside in legal, in cybersecurity, in your supply chain group, in HR, in a range of other teams. Your intelligence function will operate more effectively if you can get all of these different groups on the same page and focused on the same priorities.
Alignment is also important because you will have limited resources. As you understand how to align your programs and risk mitigation efforts with your organization’s most important or impactful priorities, you need to be thoughtful about how you invest in technology and other resources. What are your organization’s biggest intelligence requirements or information requirements? You’ll need to match your collection capabilities to address those.
Tailor your intelligence product(s) to your customer(s)
Intelligence should be tailored. Otherwise, it’s arguably not intelligence.
There is no “best” intelligence product. And depending on your organization, some intelligence products can deliver sub-optimal results because they just don’t fit the company. Whatever your intelligence product is, it should be tailored to your internal customer(s). It really boils down to how well you understand your internal customers. Who’s consuming this intelligence you are providing? And what do they want?
Some people want to get on the phone and get a summary verbally and ask follow-up questions. Some people want detailed written report. Mike Mallard used to work for a Swiss investment bank would do risk analysis for the bank’s institutional clients. The standard report that they reviewed was usually 20 or 30 pages with very detailed, qualitative and quantitative analysis. The recipients closely reviewed all of that information.
Mike later worked for a U.S. financial services company. Those stakeholders wanted one paragraph with the key bullet: do this, or don’t do this. If any of these stakeholders needed a deeper understanding of our recommendation, they would come back and verbally ask ‘why?’
What if you can’t determine what your stakeholders want?
There are challenges sometimes with having access to specific customers, but by and large, everyone should think about intelligence as a participatory sport. In situations where it’s just not possible to work as closely with the customer as you’d like, you have become effective at anticipating needs. And sometimes you might just have to take a chance and see if you can hit the mark by producing something.
If you find yourself in that position, here are a couple of practical intelligence products you can consider:
Products which address the five Ws: who, what, where, when, why – and how of a specific situation or issues that stakeholders are examining. If it’s a recurring issue where they will need regular updates, learn how they’re receiving that information currently and whether you can tailor a product to it.
Warning products. Providing early warning is just a core element of intelligence and what we do as advisors. It’s difficult to imagine an organization that would not appreciate early warnings when you consider potential business disruptions, to operations, people, meetings, and events facility.
Products that create a demand for what you can provide. Showcase the breadth of expertise within your function. And that includes those outside of your own department. These are essentially marketing materials here, to just show who you are and what you can do.
Anything that’s timely, relevant, and actionable. Depending on the scenario, it could be a situation report in a form of an email, or a robust assessment, or something else.
Continuously hone and improve your skills
Don’t focus too much time and attention on the delivering the perfect report or the optimal slide deck.
One way of looking at security intelligence and your role as an intelligence advisor: You are the product. It’s not the report, it’s not the slideshow, it’s not the SOP.
So instead of thinking too hard about how you can improve a given type of report or deliverable, think about you can improve yourself as a practitioner. Ask yourself: what can I do to improve my skills, training, or knowledge?
Your organization will benefit from your expanding skillset and enhanced ability to add value. You will benefit not only from upleveling your capabilities, but from the deliberate approach you take as you determine areas for improvement. This will likely prompt you to consider your desired career path and how your skills can take you there.
The post Five Key Objectives for a Security Intelligence Advisor appeared first on Topo.ai.
*** This is a Security Bloggers Network syndicated blog from Strategic Security Insights – Topo.ai authored by Andrew Saluke. Read the original post at: https://topo.ai/five-key-objectives-for-a-security-intelligence-advisor/
