Earlier this month at the Great Conversation conference in Seattle, SIW had an opportunity to sit down with Francis D’Addario, the former vice president of partner and asset protection for Starbucks and an emeritus faculty member for the Security Executive Council (SEC). D’Addario leads the SEC’s Next Generation Security Leader program, which is designed to provide security executives with the business skills necessary to survive in today’s corporate landscape. For years, many businesses have seen the security department as a cost center rather than a contributor to the organization’s bottom line, so it is crucial for today’s security leaders to show how they’re delivering value to the business.
What really brought this to the forefront, according to D’Addario, were the years following the 9/11 terror attacks when organizations put a lot of money and effort into security only to see no tangible return on their investment.
“Ten years ago, I would say that we were, ultimately, misaligned in terms of our assignment of being the all-hazard risk detectors and mitigators for major enterprises, corporations, NGOs and agencies,” explained D’Addario. “Don’t forget, after 9/11 we were on the job of being ever-vigilant, theoretically, and we spent trillions of dollars on security that did not have any viable payback in the decade that ran from 2001 through the (economic) downturn that we’re just coming out of. What happened was there was a loss of credibility and a loss of confidence (in security).”
However, D’Addario said that in recent years, security practitioners have once again started focusing on enterprise risk management strategies that will pay dividends down the road and show the value proposition of security to the C-suite.
“I would say that in the last few years, we’ve put our eye on the horizon again. We are engaged in longer planning and that includes facilitation of a more effective supply chain for better risk mitigation outcomes for organizations, institutions and economies,” said D’Addario. “Now we are assessing what the imperatives of management are and what the strategic goals of our organizations are. Our ability to measure our success is imperative. We can’t have anymore failures of confidence. We have to measure confidence and security and all of the risk mitigation processes that we bring to bear and we have to do that in a way that’s viable for our stakeholders and our stakeholders’ stakeholders.”
While it may seem like a simple exercise for security executives to learn to speak the language of business, D’Addario said that oftentimes one of the biggest hurdles for CSOs is just learning to stop and listen.
“When you listen, you’re going to find the leadership imperatives of your organization very well enunciated,” said D’Addario. “For our senses, particularly in the communications realm, we have people that are going to be audio learners, we’re going to have people that are going to be visual learners that have to see the charts and graphs, and we have people that have to read it. I think we have to take a multimedia effort in not only listening, but anticipating that when we’re reviewing the text or we’re reviewing the symbolic iconography of whatever the value system or strategic objectives are of the organization, that we’re not only in full alignment with all of it but we’re enabling it, we’re having a discussion around what are the risk implications to those lofty imperatives and goals and we’re mitigating against those all of the time.”
D’Addario believes that one of the biggest challenges facing today’s security executives is the shear velocity of change in global connectivity.