Tips for a New Security Director — Presenting to Senior Executives
Step 1: Know your audience
Executives tend to group into types — there are specific brains that function in a way that gets refined over time and when someone rises up to a leadership position this means their brain has REALLY gotten specific in perspective based on skills.
You have to be able to communicate with each of these styles — often in the same room at the same time. This is especially true when you go to a higher level.
Type 1: The Why thinker
Why are we doing this and why now? (Sales, marketing, the CEO) You need an answer to this one that’s built into your presentation. Even if the answer is five slides from now, go ahead and state it. Example:
- Why do we need to re-badge everyone when we really just need to get everyone back into the building?
- Formula for this one: restate question + expertise consulted + 1. positive impact for people +2. positive impact for company +3. positive impact for facility
- “We’re recommending we go ahead and re-do all badges as people are coming back to work because we’ve done some research into industry best practices and our protocols aren’t compliant with the most recent thinking. We feel that taking the time to do this now will help reconnect our employees with new protocols (you can add humor here) and get a new picture since none of us look the same after a year. We know badging keeps our company and employees protected and we want to make sure we know who is in our offices.”
Type 2: The What thinker
They care about the background, the science, the history. Mostly engineering and technology — the CTO and VP of Engineering. The challenge with this one is keeping from being derailed because their questions can get really in-depth. This one is best to address with a quick answer and an offer to have coffee or send a dossier with details.
Type 3: The How thinker
Thinks by asking how based questions — how do we get this over this obstacle? How do we get it done? The COO and operations-based thinkers. These people can tend to go tactical quickly and they are FAST thinkers. Try to not give into feeling like you need to have an immediate answer. Example:
- Problem/Ask: We’re going to develop a program to plan for a shut down in case the dam down the street bursts.
- How thinker: Can we add a moat and install flood fencing and gates so with a button we can just seal off the whole compound?
How you respond is to A. Hold on to your patience B. Say, “That’s certainly something we could look into but I suspect budget will be a concern.” DEFLECT if this type of executive hammers you during a presentation. (Chances are very good that the rest of the executives are somewhat worn out with this person because I guarantee they do this at EVERY presentation). If you DO KNOW the answer to their how, then you can state it — but be FACTUAL and BRIEF. By all means do not slam them into the ground (I have had to do this and it takes practice to eviscerate someone without having them see the bloody gash until hours later).
Type 4: The What If thinker
This group falls into two camps: What if negative and what if positive.
- What if positive are entrepreneurial executives like the CEO of a start up. They see the POTENTIAL of something quickly and will want to question things that shoot off in different directions. What if when we’re on the way to Mars we build a rocket ship that can go to Venus?
- What if negative are people who think about how things can go wrong. These are people like the corporate counsel, the CFO, Facilities, people in security. These are the people who will help polish something into a diamond because they immediately see all the negatives and that strengthens the objective. The key is to NOT ARGUE with a negative thinker. I’ve had my best luck by thanking them and then moving on.
- Example:
- “I don’t see the need for weather monitoring. Our people can work from home. We don’t need to add that. We’re not a supply chain.”
- The formula: thank you + personal statement + we’ve done some analysis and benchmarked with our peers. I can send you some more detailed information.
- “That’s a great point, Leslie. I appreciate you pointing out that we can all work from home now. If it’s okay, I’d like to send you some additional information about the cost savings some of our peer companies have seen with weather monitoring. We’ve looked at the data in terms of benchmarking and I think you’ll appreciate what we’ve found.”
About Executives
- Be brief. It’s not that they don’t want to be informed in depth, it’s that they don’t have time.
- Senior executives know in their career they’re going to have to delegate — they hire people who can be force multipliers for them — go into it assuming they hired you because you’re the expert.
Security-Specifics
- Remember that most security is designed to be invisible — many executives don’t actually know what it takes to make them secure — don’t hold this against them, it’s a danger in the profession.
- What you perceive as a threat might not even make it onto their radar — keep this in mind. Try to really just focus at first on the threats that are most important. We all know crazy stuff happens — but people outside of our world do not have the experience or even the mental head space to look at something and immediately see all 72 ways someone could die or the building could be breached or exploded. This is not their headspace.
- Related, try to not give them apocalyptic thinking. Tie everything back to people. It’s always about protecting PEOPLE as the asset. Secondly, it’s about protecting SPACES, but for most companies their leases keep most of the expense and worry away from the organization.
- Do not ramble. Don’t go in front of them entirely cold. If you’re asked something on the fly — common in the start up /tech space — pause for a beat and THINK — no one will fault you for this pause to organize your thoughts. Try to hold your face as if you’re thinking deeply, not as if you are a deer in headlights. It is always okay to give a brief answer using one of the algorithms below and then say you’d be happy to do some deeper thinking and come back with a more complete answer.
- Security will never be given the due or the budget to really have everything BUTTONED up like you’d like it. That’s a reality. Because it’s a cost center. Sadly, it will take something happening to really get people to sit up and take notice.
- Try to balance between protecting the organization by not putting the REALLY crazy stuff in writing with the need to actually document. Recommendations reports should include things that the organization can actually take action on.
- There is always an agenda at the executive level. There are undercurrents and disagreements and jockeying for position with detractors, supporters, those who are figuring out which way the wind is blowing, and people who are there for the money and not the people. Try to stay above that fray, but sometimes you’ll feel it.
Step 2: Structuring a Formal Presentation
- Be prepared to be interrupted and asked to go back a slide
- Be prepared for a well-crafted slide to get a “next” statement
- Be flexible.
- Execs think fast, process fast, and hate having their time wasted. Think speed reading.
- Follow an inverted pyramid in presenting – most important information goes first. You can include more detailed info, but put it in a dossier or appendix and include a link so they can see if if they want more in-depth, but don’t make them wade through six pages of explanation.
- Strong call to action/ask. Make it clear what your ASK is. Even state it up front if you need to. Sometimes they just need to know you’re asking for something so they can say yes – or no.
- Be ready to follow up with the WHY.
- The basic formula: why you are there + why it matters + the background + (existing project = the update) (new project = the ask) + how to go forward
- Why are you here (I am here to)
- Why is it important (this is important because)
- What is the background (just to give you some background on this – ONE SENTENCE MAX)
- What is the update or what is the ask
- The latest update is xxx
- Because of XXX, I recommend we xxx
- How to go forward (the way forward is)
- What if negative
- If objections: I know some of you might be thinking xxx. Consider xxxx
- If consequences: If we don’t do xxx then xxxx
- If presenting alternatives: We also considered xxx, and we still think xxxx
- What if positive:
- After all, we’re trying to achieve (big initiative) and this (thing) will help us do it (better, faster, etc.)
- Formula 2: Tell them what you are going to tell them, tell them, Then, tell them what you told them.
- Your presentations should be organized this way:
- Cover
- High-level findings
- <Conclusions
- Recommendations
- Appendix with any deeper info/explanations (this is better to put online or offer to email out — depends on the culture)
- Don’t end with a QA — take questions throughout
- Put a memorable quote in at the beginning or end
- Use a story to close
Step 3: How to WRITE for Executives
- Short phases
- Use active voice (avoid using It is, There is, There are).
- Sentence formula 1: Subject + verb + clause
- Example: Our access control system (subject) needs to be updated (verb) because it’s no longer in compliance with best practices (clause).
- NOT: It is now time to think about updating our access control system.
- Because, it takes almost the entire sentence to get to what the sentence is about and the verb “update” is buried.
- Know what you want your audience to FEE
- Good about what they are doing?
- Urgent sense of action?
- Fear?
- Confidence?
- Clear short, to the the point — key words, short sentences
- Rule of three:
- Always give 3 benefits for every point/ask
- Always give 3 examples to back up everything
Situational Executive Briefing
At some point, you’ll have a crisis you need to brief executives on. This is VERY regimented writing.
- Executives need the high points first, and then if there’s a story that comes next.
- Briefings will occur frequently, you’ll need to be really crisp and clear with each one and that takes time.
- This is the formula: (time)+(situation = people+thing that happened)+(impact to who – people, place, company)+(actions being taken, what we’re doing about it).
- ALWAYS USE WE, don’t use I. You don’t want your updates getting subpoenaed during discovery and anyone using them to pin you with responsibility. My team, we, PhysSec (this is a good practice for ANY presentation)
- If anyone on your team is going to give situational updates to executives on your behalf or during a crisis — YOU must approve them first. Teach your team the update algorithm. Executives are VERY prone to notice spelling or grammatical errors and these updates are very likely to be officially in a record somewhere.
- I have way more in-depth holding statements and update info I can give you as a template.