Building influence: How is security becoming a business enabler?

ISJ catches up with Artem Sherman, Division Head, Security & Investigations, Resolver.

A 2025 report from ASIS International suggests that security is shifting from a cost centre to a business enabler. What’s driving this change?

The 2025 ASIS International report (Understanding the Evolving Role of Security, ASIS International) was really interesting.

It’s great to get a pulse check so early on in the year, particularly as things shift and change quite rapidly these days. As businesses become more integrated, departments and functions simply cannot afford to be siloed – that includes security.

I’d like to think that the persistent thought leadership content and research conducted in the security space from organisations like ASIS International and ISJ is helping to shift the mindset.

I think security departments are realising that an integrated approach is a better way to operate, and this is something that many leaders have been championing for years.

It’s getting to a point where this approach can’t be ignored anymore. I think efficiency is a massive part of this – organisations by their nature always want to do more with less.

However, as technology gets better, this is actually becoming more achievable. I think the drive for efficiency is forcing functions to collaborate; to share capabilities, technologies and tools and become strongly aligned with the business as opposed to the individual function. This trend is not exclusive to security.

In light of recent findings, how do you think leaders are demonstrating their value and building influence within organisations?

By thinking outside of their role! I’m not referring to altruism, but the realisation and mindset that you’re a part of a whole is key.

What great security leaders have been doing is embracing the idea that the success of their organisation is their success.

They are then applying what is within their control, within their purview, to maximise outcomes and help organisations achieve these goals. This is the opposite of doing security for security’s sake.

I think the findings from the ASIS International report are a great indicator that security leaders are starting to think with greater business acumen and a more optimistic outlook on technology and change.

I’m so happy to see our space evolve and people understanding that technology is a necessary component to our success.

You’ve talked about “bad admin” – tasks that waste time but add little value. How can security teams eliminate inefficiencies and focus on strategic work?

I think there’s two major ways to eliminate inefficiencies in terms of themes.

The first is by embracing technology in everything that they do – we have to make the effort to get over the hump of adoption. When we’re trying to put technology in place, people often give up and say: “This is too different. This is too new. It’s too much to train everybody.”

Then, they give up. What they don’t realise is that they are probably just a few steps away from getting somewhere.

We have to embrace technology, push through and get over that hump that exists with any change. Otherwise, we won’t be able to realise the massive benefits that live on the other side of that hill.

The second theme is related to letting go and rethinking the processes that exist. I think functions in security get stuck like they do in every department because of the classic concept of: “That’s how it’s always been done.”

In security, admittedly, we might see this a bit more because some of the fundamentals haven’t had to change for decades. We need to react by adopting and changing our processes and ways of working to maximise those benefits and realise them.

I think security technology fundamentally didn’t evolve for some time. Over the last 15 years or so, however, the development process has become faster.

In recent years, in fact, especially with AI in place, it’s just skyrocketing. We went from having trouble evolving from the last few decades, to embracing the latest generation of technological security advancements rapidly.

Before many of us even had time to get used to the previous generation, the next wave was in front of us.

It’s exponential the rate at which AI is evolving. The applications of AI are evolving as well and it’s hard to keep up. But, we’re going to have to learn to keep up.

If it took us ten years to modernise the security function in an organisation, we simply cannot afford another ten year runway. We can maybe afford a one year runway, but beyond that, we will start getting left behind.

What makes Resolver’s offering unique when it comes to helping organisations proactively identify, assess and mitigate risks?

Resolver is supported by decades of experience and a deep well of expertise in the security and risk space. And, of course, we’re owned by Kroll. As a Kroll company, we are supported by centuries of practitioner expertise in these domains globally.

The Resolver software, specifically, is unique in that it is a platform that was built from the ground-up to be hyper-configurable and to help solve security and risk management use cases.

With that hyper-configurable platform, we are able to fit into some of the largest companies in the world – all of which operate uniquely.

There is no single organisational standard. There’s no cookie-cutter solutions, either. Large organisations actually build their own functions and innovate how they solve risk and security problems.

Our platform allows us to meet these organisational challenges – meeting them where they are and understanding how they work – as opposed to forcing them to change things that don’t need to be changed just to fit into a solution.

This is true whether these organisations are focused on traditional corporate security use cases or highly specialised investigations, for instance, challenges related to supply chain, brand protection ethics and/or compliance.

We solve a combination of problems in a unified way, end-to-end, in a single platform. That’s something that nobody else in this space can do.

What is Resolver’s roadmap? How do you see AI and other emerging technologies impacting security teams in the next few years?

Resolver is focused on continuously strengthening its leading investigations and case management capabilities.

We invest a lot in R&D and we have had a specific focus, over the last few years, on AI and automation in order to make a real impact at a customer level – in ways that speed up and eliminate work for them.

We have just launched a new automation capability that enables teams to intelligently, and in a responsive way, apply and execute their standard operating procedures (SOPs) against different incident types.

The impressive thing is that it doesn’t really matter whether you’re doing this in New York or LA, whether the person is responding to an incident that started last week or whether that individual is new or has been doing the job for over a decade.

With our playbook automation, the checklist of necessary actions in response to an event is always available and automatically applied.

It’s built around SOPs and operational processes, ensuring consistency in execution across your organisation.

When it comes to critical events, there’s things that must happen, especially in the compliance or workplace violence space and other areas where there are no optional components to how you respond to things.

We released this capability early this year, and we’re also launching our next generation of AI capabilities shortly, with a portal agent and auto-triage, where our goal is to improve how incidents are reported.

People are used to completing forms or calling a hotline.

Of course, Resolver has all these methods of reporting, but we want to improve the experience with an agent that is better than a chatbot; it is intelligent and reactive based on the thing being reported.

It can pursue lines of inquiry to collect the maximum amount of information based on the situation and not waste the submitters time by asking questions that are not relevant.

We want to make the experience better for the people reporting incidents and concerns. On the other end of it, what we’re doing is also fully automating the triage work.

This is an example of taking the “bad admin” – something that somebody may have to do hundreds or thousands of times per year – and fully automating the triage process. This is a key area where we see AI being well-applied.

The work of triage in this context is fairly structured, but people, unfortunately, still continue to have to do it.

We want to take this admin away and solve problems, allowing teams to focus on having an impact and carrying out investigations as opposed to processing things and doing repetitive clicking.

We don’t believe that software can single-handedly turn security upside down and reinvent it – we want to support teams and take away tasks they shouldn’t have to do.