At the Frontline: A Q&A with Boston Scientific CSO Lynn Mattice

Boston Scientific's Lynn Mattice discusses asset protection, outsourcing security operations, and dealing with terroristic threats

I think the other aspect of it, though, is that if you have a well structured program, your employees will respect that. One of the telling issues was that when 9/11 hit, we received a flood of messages from our workforce telling us how much they appreciated the types of controls we had in place. The whole philosophy behind an effective security program dealing with the protection of your personnel is to create an environment that they can come into and feel safe and comfortable, and allow them to focus all of their time and energy into creating value for the corporation. If they're worried about who's going to come through that door, or whether they're safe, they're not going to be focused on the next new product we're going to be sending out the door, the next new innovation we're trying to create. So that's where corporate security function can provide incredible value for the company.

SIW: Terrorist attacks continue to occur outside of Iraq and Afghanistan, and the attackers clearly do not confine themselves to targeting political officials and military personnel. With that in mind, what steps do you take to implement executive protection for company officials traveling abroad?

Mattice:I have a philosophy generally that executive protection in many cases is fairly significantly driven by the ego of the protectee. We take what I consider to be a very realistic approach to executive protection. It is a risk-based program that deals with who's going, where are they going, what are the circumstances they're going to be going into, and what are they going to be doing while they're there. For instance, if we have a senior executive that's going to be going into a high-risk environment, we take a very low-key approach to their arrival and departure and their movement while they're there. There isn't a broad range of people that have knowledge of where they're going or what they're going to be doing while they're in that place. We put on protective measures as necessary. Lots of times you see people driving around in big limos. We'll drive them around in a routine sedan that blends into the environment, or put them in a van. We'll do things that are atypical to normal executives, and if there's a need for a press event, we have them do that as they're exiting the country rather than entering it.

SIW: Does your security department use in-house staff, or do you outsource all or portions of your program?

Mattice:I outsource all of it. I am the only security person on staff at Boston Scientific. My direct staff here at headquarters is provided by a vendor. My resources around the world that I use are all provided by outside resources. And I do that specifically because it doesn't matter how good we think we are, none of us have that local contact and local knowledge that's necessary to be effective (at a remote site). That doesn't mean I won't send one of my local staff people overseas to deal with an issue that's evolving, but I do it with the help of local resources.

SIW: How do you control quality and performance with a completely outsourced staff?

Mattice:Just like you would anywhere else. We have performance objectives and standards that they have to meet, we have metrics that measure their performance, we do a balanced score card program on suppliers, we have project manager that we use to track the progress of each individual on each project. We have what I call my red-yellow-green reporting system, which tracks which issues as they're evolving and which ones are in critical mode.

SIW: Does your outsourced staff come with all the knowledge and skills necessary to do their job, or do you train for them yourself as well?

Mattice:I have no problem sending people out for training. The most important key is finding the right people. And I go out of my way to not look for security people, but to look for bright people that I can mold. That's not to say there aren't a lot of bright people in security, but I don't want to have to battle with the people on philosophy. I know what philosophies work in here, and from a strategic standpoint I know what we can do in this company. What I try to avoid is getting somebody who has a trenched approach to life because this is the way they've always done it in their security environment. I've found that by structuring the program in the manner I have, we're able to select very bright people, bring them in and train them to the methodologies and approaches that work for us rather than having to try to break habits. I'm trying to keep us heading towards the company goalpost, not the individual's goalpost.