The resignation of Secret Service Director Julia Pierson prompted a discussion between a friend and I about jobs that focus on being in charge of the security of something. For the purpose of our discussion, the something didn’t have to be the President of the United States. It can be the security of a campus network, a physical structure, or something as large and complex as the Department of Homeland Security.
The four links included above are a very small sampling of fairly recent examples of the head of some sort of security being forced or voluntarily resigning their duties in the face of security breaches and the ensuing backlash.
Unfortunately, in most of these cases, the person charged with directing security was fighting a losing battle from the outset. Taking on a role as the head of security for anything means that you’re saying essentially “I believe that with limited resources, and finite time, I can protect against a variety of threats that have nearly unlimited resources and infinite time.” It’s crazy to believe that’s possible.
I personally don’t believe that Julia Pierson got in to the position of leading the United States Secret Service while simultaneously not understanding how locks on doors work, as Congressman Darrell Issa seems like he’d like me to believe by asking Ms. Pierson ‘$800 million a year, millions of dollars or more during your tenure, each year, than the president’s request, and that door was unlocked with no one standing at it when Mr. Gonzales came through?‘
Unfortunately the reality is that providing security is really mostly about preventing exposure of easy areas of vulnerability, and making whatever it is you’re charged with protecting a *slightly* less attractive target that the next thing that might attract the attention of attackers.
When security incidents ultimately do occur, someone has to take the fall, and in almost every case, it’s going to be the person charged with leading the security effort. This despite the fact that if someone stays in a security related position long enough, it’s nearly inevitable that some sort of incident will occur that draws criticism from those outside looking in, wondering how the person in charge could have let this happen.
Success as the head of a security operation seems to me to be largely dependent on your timing. Joseph Clancy, the man who has been named as interim Director of the Secret Service to replace Pierson, is a good example of timing working in your favor. Clancy retired from the Secret Service in 2011 after heading security at Comcast. After his departure from Comcast, there were several security incidents, but since Joseph Clancy departed before the breaches actually occurred, he gets to reap the benefits of a successful security tenure there, and now moves back to the Secret Service to take over for the departing Pierson, who’s timing wasn’t so lucky.
That’s not to suggest that Clancy is a poor choice, or unqualified for his role, it’s just a reminder that being successful as the head of security for anything is really as much about your timing as it is your skill and experience in the security world.
It’s also a not-so-gentle reminder that when it comes to personal security, both in the physical world and online, it’s unwise to depend on anyone regardless of their credentials or history, to do all of the work for you. Be smart, and help make yourself a less attractive target. It’s also wise to consider whether you think your timing is good enough to allow you to be successful leading any security effort.