What could you change over the course of 27 years?
When Nelson Mandela went to prison in 1964, satellite television was the height of innovation.
And in 1990, the year he was freed, the internet had just been invented.
So it comes as no surprise that once Mandela was released, he immersed himself in the community and culture he was deprived of for so long.
This meant he never turned down an opportunity to sing in the streets with groups of children. He’d also insist on picking out gifts for his partner, despite crowds forming outside of the shops while he made his decisions. Despite being pre-social media, the grapevine was alive and well and word, by text message, traveled fast!
It became instinctual for our team to approach groups of children ahead of the president and give them a quick pep talk. Many of my years as VIP protection unit commander were spent scanning public places and predicting who he might approach next.
But let’s make one thing clear: these strategies weren’t taught in a security seminar. You wouldn’t find them in any test. There’s no multiple choice option that says ‘talk to the children before Mandela arrives’.
We knew what security approach to take because we had an understanding of how the president might behave in a range of situations. Spending the majority of my working time with Mandela, I began to understand who he was, and what drove his decision making. The places he liked to go, the people he liked to see.
Nelson Mandela was renowned for his empathy. A trait that proves invaluable for security teams, too.
Empathy provides the kind of visibility you won’t achieve with a surveillance camera. Personal, physical, and cybersecurity strategies benefit from an empathetic approach.
And while it may not be something you can measure in the literal sense, empathy in security is something you can start cultivating today.
Defining empathy in data center security
For data center security professionals, empathy means being able to put yourself in the position of anyone who interacts with a data center. That’s everyone from owners and tenants to operators and colleagues from other departments. It even extends to intruders; if you don’t understand their motivations, how can you stop them getting what they want?
While security professionals may not sympathise with the people trying to cause harm, assessing security infrastructure from the perspective of an intruder helps security personnel identify weaknesses and likely paths into the building or systems. Think like a criminal.
As we all know, attackers don’t need to be physically present to cause harm. Yet, an analysis of over 40,000 security breaches in 2019 showed that 34% of them involved an internal figure. The line between physical and cyber security attacks is blurred. Your cyber strategy is only as strong as your physical one (and vice-versa).
Security is a human-centric field. You’re dealing with huge swathes of data and private information. Employees who bring their pains and personal lives to work can quickly put assets at risk – whether or not that’s intentional.
Occupy the mental space of a colleague, and you’ll understand how barrier height impacts their line of vision. Get inside the mind of an intruder, and you’ll know which entry points seem most appealing.
No empathy? No chance.
One of the biggest security risks of not developing empathy, is confirmation bias. Individuals look for evidence to support their judgements instead of building a hypothesis based on thorough investigation. They stop engaging in conversation, and rely on their personal experiences to guide all decision making.
Years of real-world evidence and lived experience are inherently valuable. But empathetic security teams know they need to balance this anecdotal knowledge with the vital input of end-users, colleagues, operators, and anyone else who may be on the receiving end of their security strategy.
Empathetic security seeks to understand, before diagnosing. You stop trying to fix the person, and start fixing the problem. Humans are harder to change than operations and infrastructure. Empathy is knowing people make a variety of decisions, and having the systems and tools in place to protect users, clients, and properties; if those decisions lead to risk.
Owners, operators, and security personnel will all interact with the asset differently. Their desires and motivations will be different. Their roles and responsibilities, too. An operator wants to maintain the live environment, and security personnel want to prevent physical and cyber-attacks from jeopardising the asset. Ultimately, all parties want to maintain a secure, fully operational live environment.
The Nelson Mandela (security) Challenge
On the very day that he became president of South Africa, Nelson Mandela began his agenda of reconciling its people.
Back in 1994, we attended what is now considered a historic football match. The stadium was crammed with 60,000 football fans, while 184 VIPs that included Kings, Queens, and global leaders waited for the newly inaugurated President to finish at the stadium and host them for lunch! So when it was time to leave, we were keen to get the president safely back to his car.
No sooner had he got into the vehicle, President Mandela was getting back out. I stood watching, on my first day by the president’s side, wondering what the motivation for this was.
Mandela had spotted a police colonel, in full blue uniform – a symbol of the system that had relentlessly pursued him up until his arrest, then tried, convicted and imprisoned him. For life.
The colonel’s eyes widened as Nelson Mandela approached. When the president came to a stop, he put out his hand and said, “Colonel, I just want to tell you that today, you have become our police. I’m now the president of this country, but I want you to know that from today forward, there’s no more you and us. You are now our police, too.”
I’ll never forget the sound of the colonel’s tears hitting the floor.
Nelson Mandela was driven by a vision to bring unity to the people of South Africa. In order to protect him, our security team had to understand this vision too. Security is fundamentally emotional. Behind every attack – even cyber – there’s a human at the controls. Speak to the people if you want to build security strategies that speak to the challenges.
Rory Steyn is an accomplished former member of the South African Police force. In 1996, Mandela appointed him leader of his personal protection team. Rory later retired from the police force and set up his own security consultancy, NSA Global Security Consultants. NSA Global is now South Africa’s largest executive protection employer, counting Fortune 500 and blue-chip companies among their clients. Rory also founded The African Icons Invitational in 2018, a charity cycle ride that raises funds to support the children of police officers slain in the line of duty.