For most cleared professionals, the prospect of visiting their Facility Security Officer (FSO) or Special Security Officer (SSO) (collectively, “security manager”) is about as enticing as a colonoscopy. The reason for the discomfort is simple: most of my clients view their security manager as an extension of the proverbial “man” – a government informant constantly looking over their shoulder and just waiting to catch them in a slip-up.
That’s an unfortunate misconception, and one that does clearance holders at large a great disservice. While it is true that some security managers do inevitably take things too far, the vast majority of them are not out to play “gotcha”. Instead, the good security managers I’ve encountered accurately understand their role to be primarily one of educator and liaison over enforcer.
How Security Clearance Holders Should Work with Their FSO
With that in mind, clearance holders would do well to establish a collegial relationship with their security managers. That doesn’t necessarily mean becoming lunch pals or carpool buddies, but it does mean not treating one’s security manager like a pariah. Try introducing yourself to your security manager, asking what s/he sees as the most common security violations in your organization (so you can be sure to avoid those pitfalls), and consider asking for a voluntary security audit of your workspace to ensure you are compliant with expectations.
I know that may sound like “asking for” a security violation but framing the opportunity as a practice assessment (“If I stored my classified materials this way, how would that be viewed?”) should avoid those sorts of problems. I can’t tell you how many security clearance revocations I see that could have been avoided if the clearance holder had just asked questions instead of making assumptions. It is better to find out ahead of time that whatever you’re thinking about doing isn’t acceptable than to wait until getting caught and reprimanded. Security violations are not conducive to the “beg forgiveness later” approach because the initial consequence of documentation isn’t discretionary; security managers are typically required by both company and government policy to report security violations to the government.
How Managers Should Make The Most of Their FSO
On the managerial side, I advise all my corporate and executive-level clients that the highest and best use for their organization’s security manager is to incorporate him or her into strategic planning sessions. A security manager who understands their employer’s business model or enterprise goals can plan ahead of time for the security issues most likely to arise during execution of the organization’s strategic plan and ideally prevent them before they occur through additional training, monitoring, or enhanced physical/technological counter-measures. That’s good for the organization and good for the employees.
No matter how you slice it, security managers are an indispensable yet under-utilized resource in many organizations. With a bit of foresight and thoughtful decision-making, that doesn’t have to be the situation.
This article is intended as general information only and should not be construed as legal advice. Consult an attorney regarding your specific situation.
