The thoughtful security practitioner
: exploring reflective practice in security risk management

Student thesis: Doctoral Thesis


Security risk management is a young, rapidly growing and multifaceted occupation that is concerned with managing internal and external threats to organisations. The occupation is also known and frequently referred to as “corporate security”, “security management” or “in-house security”. Security risk management is part of the private security domain and contributes to the overall security architecture.

Reflective practice is a learning tool, which aims to facilitate professional practice and learning by way of conscious cognitive action focusing on professional practice related issues. It is most prominent in health care and education, and increasingly discussed and utilised across a much larger number of occupations. Available reflective practice frameworks offer processes and structures that assist practitioners in their professional development, especially in challenging workplace situations. Despite substantial existing knowledge about reflective practice across numerous occupations, little is known about reflective practice in the field of security risk management.

This study explored how senior security risk management practitioners experience reflective practice in relation to managing external threats to organisations. Its main aim was to fill a gap in the body of knowledge on reflective practice and security risk management and contribute to security risk management practice by providing practical information about the application of reflective practice in the discipline. It looked specifically at the extent to which the practitioners in the study reflected on their own practice, the ways in which they did so, and the usefulness of reflective practice for security risk management practitioners. To do so, the study used grounded theory methodology to collect and analyse data, including empirical data that was collected by means of semi-structured interviews with 19 purposefully selected senior security risk managers, to explore how security risk management practitioners perceive and utilise reflective practice in the workplace.

The outcome of the study is twofold. From a theoretical perspective, the study provides a substantive theory about how senior security risk management practitioners experience reflective practice in the workplace. The theory holds that senior security risk management practitioners are deliberately thoughtful about their professional practice, and are not simply executors of only technical solutions to practice. Senior security risk management practitioners have integrated reflective practice into their practice, which signifies a strong commitment to improve professional security risk management practice. From a professional practice perspective, the study offers essential functional information about reflective practice in security risk management. The key findings are that the senior security risk management practitioners in the study regularly and purposefully reflected on professional practice, mainly to improve practice, despite generally little understanding of formal reflective practice or theory. They were found to do this in two ways: on their own and together with others mainly within their organisation. Their organisational reflection appears better structured than their individual reflection, and more linked to existing frameworks and processes. Such practitioners’ reflective practice is often triggered by critical situations in the workplace, e.g. incidents or emergencies, and they reflect less during routine practice situations. The study also found that they see value in reflecting on professional practice, as a means of improving their security risk management practice.

The study concludes that, as security risk management is habitually a complex and demanding practice, reflective practice is a valuable tool to improve practice in this field, as it allows practitioners to deliberately engage in professional learning. The thesis therefore makes the following key recommendations: that reflective practice should be more routinely embedded in security risk management; that such practitioners should use reflective practice more fully in routine workplace situations; and that further research should be conducted to test the substantive theory and explore the topic in greater detail.
Date of AwardNov 2017
Original languageEnglish
SupervisorAlison Wakefield (Supervisor)

Cite this