Senior security leaders from organizations across the country gathered this week in Seattle for the annual ASG Security Summit/The Great Conversation event to learn about the challenges facing their peers and to share industry best practices. The theme throughout the event centered on what security executives need to do to get a seat at the table with decision makers within their companies and how they can prove the value of their department to the C-suite.
Ron Worman, managing director of The Sage Group, who moderated a “State of the Industry” panel discussion that included former Starbucks vice president of partner and asset protection Francis D’Addario, OR3M CSO Jeffrey Slotnick, and William Plante, director of professional services for Aronson Security Group, said that security is in its third generation with technology and services being focused on information management. The first generation, he said, involved locks, guards and gates, while the second generation included bringing devices onto the corporate network. Industry analysis presented at last year’s event from Gartner showed that, for the most part, security budgets within organizations were expected to stay relatively flat, only increasing by a half of percent. According to Worman, this projection has held true this year and security executives are being asked to do more with less.
D’Addario stressed that security executives must have a strategic outlook and vision for their department. The focus, he said, should not strictly be on optimizing costs, but on optimizing results for the organization. “Things are always going to happen,” D’Addario said, “but we’re going to talk about them before they do. It’s not about enterprise risk management; it’s about board-level risk.”
Slotnick, who has been influential in helping develop industry standards around organizational resilience management, said that security has increasingly moved out of its silos within organizations and has started to work with all of a company’s stakeholders. He believes, however, that some security managers are still hampered within their organizations due to their inability to speak the “language of business.”
In addition to the panel discussion, there were also three keynote speeches at the event focused on three topics: Leadership, resilience, and metrics.
Providing a perspective on how security should work hand-in-hand with the C-suite was Microsoft Chief Accounting Officer Frank Brod, who serves as the company’s corporate vice president of finance and administration. Brod, who plays a key role in every financial decision at Microsoft, said that he works closely with the company’s security department, which has the monumental task of keeping over 180,000 employees working in 200 countries around the world safe.
While many companies see security as a cost center, Brod said it’s a top priority for Microsoft, which has more than 700 facilities worldwide, In addition to the obvious access control concerns with a company the size of Microsoft, Brod said they also have to secure special events, ensure safe travel for employees and executives, conduct background checks, as well as secure information and cyber assets. The company also has a fraud investigations unit and even monitors social media sites to ascertain whether or not there could be a threat to one of their facilities, according to Brod. To accomplish these tasks, the company has three security operations centers located in the U.S., the UK and India that provide around-the-clock surveillance and security.
With a background in the chemical industry, Brod is intimately familiar with how vital the security arm of an organization is and he believes there are several steps security managers can take to become more influential in their organization. These include being able to articulate a clear strategy, acting as an ambassador for the company’s goals, and serving as a coach and mentor to others.