The passing of the Private Security Industry Act 2001 introduced regulation to much of the private security industry in England and Wales. This legislation has, however, only provided partial regulation, with several areas of the private security industry subject to no or limited control. This article examines the gaps in the regulation of those who manage security departments and companies. It illustrates some of the weaknesses in not fully regulating the management of security and how this gap may have implications for the ultimate success of the legislation in transforming this sector, particularly in failing to change the culture of the security industry. The article concludes with a model for regulating security managers, which could be used to enhance the UK regulatory system, but which could also be utilised in other jurisdictions where there is no or minimal regulation of security managers.