5 Steps to Address a Positive Security Agenda

At Oslo Business Forum, Marianne provided leaders with five simple steps to address a positive security agenda that will take hold in their organization’s culture.

Marianne Tholin is the Managing Director of Devoteam Denmark & Norway and the Group VP of Managed Services. With a career spanning more than 25 years in IT services businesses, her primary achievements are in change management, entrepreneurship, and transformation. 

Security, People & Culture

Security is sometimes a topic that fails to gather steam in an organization. Whether physical or cyber, people intrinsically understand that it is important. But it’s difficult to rally around a cause about preventing something from happening rather than making something happen.

“Security is a top management responsibility,” said Marianne. “We need to have plans and understand the threats and risks, even if we hope they will never materialize.”

We’re all guilty of feeling as if security sometimes hinders us. It slows us down with prompts to enter long codes and the need to remember complex passwords. And still, we know we cannot be without it. As leaders, we must secure our businesses on the cyber side or risk threats that can wreak irreparable damage to our businesses.

Kopi av Kopi av MaxEmanuelson_OsloBusinessForum_MAX09222 (1)

How to Create a Positive Security Agenda

Marianne encourages leaders to recognize that, in the end, security is about people. It is about their behaviors, attitudes, and perspectives—which is why strengthening your organization’s culture is critical to strengthening your security.

"Security is about people, behavior, attitude, and perspective."

“We can take the help of systems and processes and partners who are specialized,” said Marianne. “But in the end, protection is never better than your weakest link.”

So, how do we set up systems to influence the right behaviors and effectively shape our cultures? Marianne believes a positive security agenda can be achieved in five simple steps. 


  1. Train. There’s a lot we can learn from industries accountable for physical security. Look outside of your organization’s four walls for illustrations of effective training. For example, the constant presence of security training in airlines demonstrates how deeply embedded it is in their cultures.


  2. Implement. While we hope the security risks in our industries and organizations never materialize, we must plan for the possibility. And perhaps even more important than constructing the plan is ensuring everyone—from the C-Suite to the shop floor—is aware of it.


  3. Test. Even a seemingly perfect plan can fail if it goes untested. Leaders must make time for testing their plans, running drills, evaluating results, and taking corrective action. Not only does this help refine the plan, but it creates a greater likelihood that people will be able to enact it when needed.

  4. Reward. Because security is ultimately about people, it’s necessary to consider human behavior in establishing your security agenda. Leaders are responsible for taking action in a positive, not punitive, way. Promote and reward the right behaviors to support security.


  5. Repeat. The leaders who are most successful at establishing a positive security agenda recognize that security requires constant attention. Cycle through these steps again and again to ensure accountability for security becomes embedded in your culture.


Key Points

  • One of the most complex leadership challenges is determining how to make security feel like something we must pay attention to when we’re preventing something from happening rather than making something happen.
  • Security is about people, behavior, attitude, and perspective, which makes your organizational culture critical.
  • Leaders can shape a positive security agenda in five steps: Train, implement, test, reward, and repeat.

Questions to Consider

  • Have you trained, implemented, and tested your security agenda?
  • Do you promote and reward the right behaviors when it comes to security?
  • Where is your weak link? At which step might your security agenda fail?

Sketchnote_Fireside_MarianneTholin copy

Want to be a part of the OBF community? Join Oslo Business Forum 2023: Thriving in Chaos now!

.