SPECIAL FEATURE
By Mark McCourt, Publisher decision to predict an event that will hap- In 1963 David Ogilvy, the father of Madison Avenue and author of a classic pen and prevent it from happening or business book, “Confessions of an Advertising Man,” wrote: “An advertisement to respond effectively to an event thereby stopping a disaster from becoming a catas- is like a radar sweep, constantly hunting new prospects as they come into the trophe.” Now, “predict an event that will happen” has been added to the statement. market. Get good radar, and keep it sweeping.” Half a century later advertisers The people, processes and technology needed to be predictive are sweeping across are at last taking him at his word. Behavioural profiling has gone viral across the the Security 500, bringing with them broad internet, enabling firms to reach users with specific messages based on their operational and bottom-line benefits. Now security organizations are more able to pre- location, interests, browsing history and demographic group. Ads can now follow dict who is likely to take property and when and calculate risk. By being predictive, users from site to site: a customer who looks online for flights to Frankfurt will threats can be acted upon and mitigated before their negative impact occurs. be inundated with German holiday offers. Conversant, a digital-marketing firm Neither criminal actors nor consumers uses an algorithm to deliver around 800,000 variations of an ad to its big clients’ realize how closely their online behavior can be tracked, analyzed and spun into action- prospective customers to make it as irresistible as possible. Kraft, a food company, able intelligence. Nor does Mother Nature. It’s predictable then, that the Predictive monitors online opinions on its brands in an office which it calls “the looking glass.” Era is having a significant effect on security The Economist, Little Brother, September 2014 organizations. The mission, organizational chart, talent requirements and activities of the predictive organization are forcing a dramatic change in their risk strategies and s you read through this Preventive Era emerged. By identifying fore- execution. year’s Security 500 Report seeable risks, security organizations could What is clear is that the drive to become and the advertisements take preventive action to eliminate vul- predictive will continue, and the stresses it surrounding it, you may nerabilities and thwart potential threats. will place on risk and security organizations not realize how much Predictive Security evolved to identifying during this transition are significant. Here marketing’s mission is risks to prevent events from occurring and are some key areas that face change as a Aintertwined with security’s. Perhaps a digi- effectively responding to unforeseen events result: tal marketing conference would be as valu- that occur. Leadership: It must be more intertwined able to you as attending a security industry For example, we learned that by not lock- with the businesses culture and its goals to event because the era of collecting, analyz- ing our doors the property in our homes build the right programs that deliver mea- ing and interpreting information to iden- would be stolen, and we responded. From sureable benefits. C-Suite and Board sup- tify risks and predict threats has arrived. experience we could predict this outcome. port are required. Scorned for its use by three-letter gov- We learned to lock our doors. But we did Human Capital: A major challenge is ernment agencies, the results are clear. It not know which homes would be robbed, or trying to hire people who may not yet exist. works. The Predictive Revolution is the when or by whom. The new breed of security officer is more culmination of a three-stage evolution in Locking our doors is preventive. likely to wield an algorithm than a gun. risk and security practices. Now, the Predictive Revolution is here. HR’s engagement in talent management is First was the Responsive Era, which Like marketers who leverage technology to necessary. defines most of enterprise security’s his- gather information and intelligence to pre- Communication: Gathering, processing tory. Similar to the show “Law and Order” dict future buying behavior, physical, cyber and returning information to avoid high where each episode begins with a dead and intelligence security operations centers probability threats can cement an enter- body, security waited for the phone to (SOCs) work to predict and thwart events prise security department’s future as either ring alerting them to an event requiring that would negatively impact business conti- a clairvoyant or a Chicken Little. Once response and an investigation to complete. nuity, infrastructure and stakeholders. a threat is identified, having a mitigation Doors were not locked, and when property plan in place with a high likelihood of suc- was stolen, the police were called to take a cess is important. report and perhaps investigate. Post 9/11, “Any successful organization needs to Budget: “Doing more with less” is a com- the bar was raised by insurers, corporate advance in all three domains of people, mon theme among organizations’ changing leadership and stakeholders, who demand- process and technology. But it starts with practices to focus on technology resources ed and funded bigger and better security good people to advance the latter.” and human capital to leverage them, while programs. Thus, the familiar “guns, guards Rich Mason, Honeywell maintaining a constant risk posture during and gates” and “second career cops” defini- the transition. tions waned. The enterprise security pro- Technology: Perhaps it goes without say- fession gained momentum. As I have written before, it’s all about: ing, but a significant investment in new and “RISK” became centric to the securi- “Getting the right information to the right different technologies and a change from ty’s mission and management role. The people at the right time to make the right prior technology strategies is happening. SPECIAL FEATURE
Having expert team members in this disci- happen and what to do next. Strong busi- and discussion. Cyber is finally getting pline and internal relationships (especially ness leadership driving organizational align- the organizational attention deserved to do with IT) is important for success. ment with enterprise goals is making the what security does best: Evaluate the risks Predictive Era a reality among Security 500 and craft a plan to eliminate vulnerabilities, members. mitigate risks and prepare for resilience in “We are involved in company, not merely response to an incident. security decisions which means there are 2014 KEY TRENDS The two key casualties at Target were no surprises. That is the critical difference AND AREAS OF FOCUS: the CIO and the CEO. But IT’s role and that enables success.” expertise is not in securing. It is in enabling. Steve Baker, State Street Corporation 1. Cyber Crime Organizing the business to address the cyber It is counterintuitive that cyber crime is the threat as a business risk and staffing to number one threat facing enterprise security successfully remove the threat are the best The security profession has never been leaders, because only 28 percent of those secu- practices for securing the business. more dynamic than it is today. Just look rity leaders that rank it as their first concern in Steven Chabinsky hit the organizational nail around the world and it is clear that from the Security 500 report have direct responsibil- on the CEO’s head in a recent Cyber Tactics physical to intellectual to logical property, ity for it. Indeed, the number of incidents is column for this publication, when he wrote: it might all be stolen and sold, in the click growing rapidly in scope and quantity. The Unfortunately, the pervasive attitude of a mouse. Hostilities around the world, in Target case study with no CSO or CISO in that cybersecurity is an IT problem rather our schools and at our workplaces continue position was an easy, um, target (sorry) for than a C-Suite whole-of-enterprise concern to escalate and demand action. Natural cyber criminals. But Target is not unique in nei- likely stems from the top. As the National disasters, pandemics and extreme weather, ther understanding nor preparing well against Association of Corporate Directors recently combined with globalization require travel cyber threats as Home Depot, JP Morgan observed, a lack of cyber expertise on cor- support, emergency medical resources and Chase and numerous other enterprises proved. porate boards presents a real and urgent constant vigilance. Thus, it is the ones and The cost, brand damage and, in the threat to oversight. Inexplicably though, zeroes that will tell us in greater quantity Target case, CEO’s career have appropri- the NACD also found that “a demand for and quality what is happening, what will ately risen to the top of C-Suite issues IT experience generally has not surfaced SPECIAL FEATURE
in director recruitment.” That needs to What responsibility does enterprise secu- And domestic abuse has an economic change. Simply put, thinking of cyberse- rity have for the privacy of its brand and lead- impact on businesses because women are curity as an IT issue is similar to believing ers? For example, the BuyPartisan App reveals the most frequent victims, often missing that a company’s entire workforce, from the the political leanings of company board mem- work and being terminated because while CEO down, is just one big HR issue. bers and executives when a product barcode is there are policies against workplace vio- And the 13th Annual EY Global Fraud scanned. Yes, it just got harder to sell soap. lence, there are frequently no policies for the Survey: Overcoming Compliance Fatigue: It is important to track the fallout from victims of that violence. Reinforcing the Commitment to Ethical Growth the Catsouras (U.S.) and Costeja (Europe) showed that 48 percent of CEOs considered privacy decisions facing what content can stay cyber crime as “low risk to their business.” As and what must be removed from websites and “Workplace violence is at the forefront of you know, they are flat out wrong. search engines. Contrary to popular belief, a our security concerns right now. We provide The 2014 Verizon Data Breach recent Boston Consulting Group study found personal safety training and conflict resolution Investigations Report shows that every that younger consumers are as concerned training for our employees, because they deal Security 500 sector is targeted and victim- about their privacy as older generations. with a lot of confrontational situations on a ized by cyber crime. At the same time, Thus, an increasingly used mitigation daily basis. Their ability to negotiate through they are able to classify the nine most used strategy is buying cyber insurance to protect some real difficult situations minimizes the threats indicating that defending against businesses against the financial risks in the amount of risk to them and the amount of risk known threats will work against cyber. connected world. Including both liabilities and to us as first responders.” the actual cost of crime, insurance policies (and Kirk Simmons, their premiums) will be on the rise as board Hennepin County, Minnesota “Initially, we were like a hockey goalie risk committees consider both the cyber threats facing the net instead of watching the against legal, personal and brand exposure. threat. By turning around, we get to work The PwC 2014 Global Economic Crime For a statistical look at the problem, the on knowing the opponent, understanding Survey reported that 24 percent of compa- World Health Organization gives a global their moves. We are able to balance security nies have been a victim of cybercrime. PwC view in their recent study, the World Health against threats. Our defenders become theorized the number as higher, since many Organization’s Key Facts (2013): collectors of information and intelligence organizations either don’t report or don’t • Violence against women – particularly to build a defensive strategy and know that they are victims. As a result, PwC intimate partner violence and sexual vio- optimize response. Learning as much as anticipates a steady increase in cyber insur- lence against women – are major public possible about the adversary’s tactics and ance coverage by companies seeking to miti- health problems and violations of wom- techniques gives us an edge in discovering gate financial risks related to cyber crimes. en’s human rights. and stopping attackers.” • Recent global prevalence figures indicate that Gary Gagnon, MITRE 2. Workplace Violence 35 percent of women worldwide have expe- As the NFL spins out of control over the rienced either intimate partner violence or recent Adrian Petersen, Ray Rice and Greg non-partner sexual violence in their lifetime. And, yes there is clear evidence that cyber Hardy incidents, you may wonder what it • On average, 30 percent of women who crime is a business, not an IT, problem. As has to do with your enterprise. First, it is a have been in a relationship report that Business Week reported, customers will stop case study in crisis management as the lack they have experienced some form of phys- shopping and take their banking business of preparation and resilience within the ical or sexual violence by their partner. elsewhere. The report recognized that 71 NFL regarding workplace violence issues • Globally, as many as 38 percent of mur- percent of customers will switch banks due (and/or domestic abuse). Second, it docu- ders of women are committed by an inti- to fraud. Also, it notes, retailers experience a ments the observation of Michael Chertoff, mate partner. significant drop in brand perception after a former Director of Homeland Security, that • Violence can result in physical, mental, data breach. As reported in the 2013 Security once a crisis occurs in an enterprise, the sexual, reproductive health and other 500, a study by HB Gary found that 78 ability of the CEO to manage and execute health problems, and may increase vul- percent of investors are unlikely to invest in a their business agenda becomes impossible. nerability to HIV. company with a history of cyber attacks. And workplace violence is prevalent across • Risk factors for being a perpetrator include Skating on the other side of the ice all sectors, especially in healthcare. low education, exposure to child maltreat- is privacy. Marketers are leaning heavily ment or witnessing violence in the family, on the customer information that can be harmful use of alcohol, attitudes accepting gathered from online and offline behavior. “It’s a horrible response. The NFL has of violence and gender inequality. But Security can learn a thing or two about essentially re-victimized the victims by • Risk factors for being a victim of intimate intelligence and information gathering from trying to smooth it over and not expressly partner and sexual violence include low marketing programs. A recent report in The giving their apologies to the victims. The education, witnessing violence between Economist titled: “Stalkers, Inc.” states that whole incident was a debacle, in how the parents, exposure to abuse during child- surveillance is the advertising industry’s new NFL handled it. It’s just getting worse and hood and attitudes accepting violence and business model, noting the average person worse and worse in their handling of it and gender inequality. is being observed by 1,300 marketers each understanding the cycles of violence.” • In high-income settings, school-based time they click on a website. But once you Raquel Singh, programs to prevent relationship violence turn that hockey goalie around, you go Voices of Women Organizing Project among young people (or dating violence) are from defense to offense inviting new threats. supported by some evidence of effectiveness. SPECIAL FEATURE
• In low-income settings, other primary ability to identify escalating behavior to infrastructure, especially by leveraging the prevention strategies, such as microfi- predict violent acts by integrating training, corporate network, has opened a new indus- nance combined with gender equality technology and observation will increase try of automated solutions to support and training and community-based initiatives prevention. enhance the mission. that address gender inequality and com- The Physical Security Market by System munication and relationship skills, hold and Services Report by Markets and Markets promise. “We recognized early on at our large projects the global market for access control, • Situations of conflict, post conflict and facilities, those with over 200 people, that IP video surveillance management software, displacement may exacerbate existing vio- these organizations become organisms locks, PSIM, perimeter intrusion detection, lence and present new forms of violence with changes in culture and behavior; system integration, and designing and con- against women. incidents increase. Understanding how sulting will reach $88 billion by 2019. That behavior will change helps us prepare for, is a considerable jump from a market cur- predict and prevent incidents.” rently estimated at about half that size, but “For workplace violence threats, George Booth, eBay not unrealistic. we’ve really strived for open lines of Similarly, the investment in cybersecurity communication with our employees so products and services will continue to grow. we can hopefully anticipate and avoid any While the situation in the NFL may not TechNavio’s analysts forecast the global situation on the front end. We provide be directly applicable to all enterprises, the cyber security market will grow at 11.81 continual awareness messaging to them awareness and discussion it created allows percent annually through 2018. Forecast at and reinforce that if you see something or the opportunity to scrutinize and update $67 billion by Gartner Group in 2013, that hear something, please say something.” current policies and programs. number would push the combined total of Jerry Blum, AutoZone cyber and physical security spending more 3. Technology Integration than $110 billion. and Management All totaled, physical and cyber security William Nesbitt from Security Technology integration and management technology spending is big and will get big- Management Services International offers appeared on the Security 500 horizon for ger, worldwide through 2018. the hierarchy below to reduce both work- the first time in 2012. It has remained front place violence incidence and the program’s and center and has risen to the third-most cost. mentioned issue this year. There are a num- “We are making a concerted effort to Note how education, listening, talking ber of factors at work here, primarily driven support logical security by leveraging our with employees and watching for concern- by risk management and security goals. And intelligence and social media monitoring ing behaviors are highly effective practices the investment and growth is significant. programs to help them protect against for identifying threatening behavior and Simply, the security’s role is too wide to rely the threats. A second initiative is to speed diffusing potentially violent situations. The solely on manpower. And the technology identity management. And Big Data is on our roadmap. We ask ‘What don’t we know?’ and ’How can technology help fill in the blanks?’” George Booth, eBay
Here are several key factors at play in this year’s Security 500 findings: The movement toward preventive and predictive security programs: The security mission has migrated from responding to preventing, and is mov- ing toward predicting. Having situational awareness to identify and mitigate threats requires information. And security technol- ogy has become very good at collecting, analyzing and presenting many data points into actionable information. Thus, as long as technology supports and enhances secu- rity’s mission as directed by the C-Suite, technology investment will continue to accelerate. Tracking social media, big data and data mining are all critical to capture, analyze and act on information for the purpose of predicting events and protecting against Graphic courtesy of William Nesbitt negative events. SPECIAL FEATURE Where Security Lives Security 500 Members report into or are within these departments: COO/Operations 22.50%
Facilities 17.00%
CEO/President/Executive Management/ Board/Board Committee 16.50%
CAO/Administration 12.00%
Human Resources 11.00%
CFO/Finance 11.00%
Risk/Legal 6.00%
Information Technology 4.00%
CSOs’ Top Areas of Responsibility
Investigations 97% Workplace Violence Prevention/Active Shooter Prevention 97% Terrorism/Bomb Threats 94% Physical/Assets/Facilities (Proprietary Property Not for Resale) 91% Security Technology & Integration 84% Weather/Natural Disasters 83% Workforce/Executive/Personnel Protection/Travel Support 80% Contract Management (Guards, Technology Integrators, Contract Employees) 80% Business Resilience (Business Continuity, Emergency Management & Disaster Recovery) 80% Risk Management Planning 76% Be or Become “Customer Facing” (Meet With and Enhance Security for Customers) 70% Fire 67% Loss Prevention/Asset Protection of Goods for Resale 66% Regulatory Compliance 65% Brand Protection/Intellectual Property/Product Protection/Counterfeiting/Fraud Protection 54% Political Unrest 54% Global Security Operations Center Management 52% International Workforce Protection and Support 52% Business Expansion Support 47% Supply Chain/Product Diversion/Logistics/Distribution 32% Emerging/Frontier Market Expansion 29% Drug and Alcohol Testing 29% Cyber/Information Technology 28% Insurance 15% SPECIAL FEATURE
The demand for more data and analytics of Cloud Based-Solutions, Big Data and the EVERYTHING will continue to rise among Internet of Things: “We want to be on the cutting edge security organizations. Security programs will If you use Google Maps then you may have of school policing by finding new and rely heavily on gathering and analyzing infor- experienced watching the roadway on the innovative ways to keep kids safe.” mation from the Internet of Things. screen turn from green to yellow to red, indi- Hector Rodriquez, Improved cost/benefit of technology cating traffic has slowed and then stopped. Santa Ana Unified School District beyond security only applications: How does that happen? There are a lot of The improvements in security technology Google users on that road, and their devices are bringing important information through are transmitting their current position, direc- 4. Budgets analytics, friendlier user interfaces, better tion and speed. As those devices slow from price/performance and applications beyond 50 miles per hour to 35 to 20, then the security. The ability to apply technology for roadway colors change. That is big data, and constant operations (versus only emergencies/ it provides useful information, in this case, for events) is powerful. One example is using security to help employees with travel. access control/ID systems and reporting to negotiate and reduce insurance rates, which are typically set by insurer estimates. Those “More things are connecting to the bottom line savings impress the C-suite, offset Internet than people – last year there costs and expand security’s contribution. were more than 5 billion cellphones, 2 Migrating physical security onto the billion broadband connections and 1 billion Budget vs. 2013 network: people who are on Facebook and Twitter. By Total The increased role of Information 2020, there will be 50 billion devices that Technology supporting the “security appli- will be connected to some network.” Increased 65% cation” and moving security onto its net- Jeanne Beliveau Dunn, Cisco Stayed the Same 21% work is driving the adoption of IP-based technologies at an ever faster pace. IT looks Decreased 15% at technology on a “per se” basis, meaning The impact of social media is already sig- “does this product do what it is supposed to nificant and will continue to grow as a first do and solve the problem?” As a result, their alarm for security operations centers. The Ultimately, value is driving budgets in participation in the acquisition and adop- opportunity to monitor social media posts, 2014. Security organizations that have tion of security technology products brings as events that may impact your organization become trusted advisors for managing risk both immediacy and criticism to the pro- and its people occur, is a powerful resilience and enabling businesses to succeed are curement process. But the outcome is that tool. The vast amount of information wear- gaining credibility and a strong internal IT is used to spending on IT and has no able and cloud connected devices will gener- brand. The result is stronger financial sup- issue doing so for security or other internal ate will enable security organizations to better port. In 2014, 65 percent of Security 500 customers to improve processes and better identify risks, manages events and increase members reported their budgets increased manage information. resilience. over the prior year. And that is the high- est percentage of members reporting an increase in the history of the Security 500 benchmark survey.
“Our executive leaders have consistently given us the support and opportunity to prove that security can and should bring value to the bottom line. By aligning with the long-term company and department strategy, we deliver meaningful results, and we get support.” Vance Toler, Southwest Airlines
The average increase was 8 percent (ver- sus 9 percent in 2013). This is a strong jump over 2013 when 47 percent reported increased budgets. Fifteen percent reported their budgets were decreased. This is a slight improvement over the prior year survey, with 17 percent reporting reduced budgets. Those reporting a budget decrease experi- Graphic courtesy of BI Intelligence enced an 8 percent cut. SPECIAL FEATURE
And fewer organizations were stagnant. More and more, security is participating unruly fans at sporting events, no one is Only 20 percent reported having the same in completing proposals, giving prospects excluded from planning and participating budget, a significant drop from the prior tours of their security departments and in resilience. year’s 35 percent. Combined, 85 per- engaging with customers. And technology is playing an increasingly cent reported their budget increasing or Budgets are also getting support because important role allowing communications remaining the same (versus 83 percent in the enterprises are not only experience secu- through social media and mass notifica- 2013). rity’s competent work, but getting feedback tion systems to accelerate both the inbound As the security profession has matured, in metrics and measures. Last year’s Security fusion and outbound distribution of infor- business-minded executives have brought 500 keynote theme, “Time to Play Money mation. Pervasive information allows stake- strong leadership and organizational skills to Ball” has borne out. holders to no longer just be bystanders, but their enterprises. Successful leaders consider By having a strong grasp of the mission to be actors supporting resilience programs. themselves a key part of the company’s man- and directly showing both support for and While the mass participation of stake- agement team with responsibility to under- contribution to top and bottom line goals, holders and their personal technology is stand and contribute to business goals. security is gaining additional funding by increasing the speed of detection and diag- making its customers successful. nosis, there is still the issue of appro- priate response. Someone has to have “Working for a conglomerate means you 5. Business Resilience authority and expertise to correctly respond will never get bored, as the environment is Security magazine defines enterprise resil- and ensure that an event is not improperly so diverse. Risk management is an iterative, ience to integrate business continuity, emer- managed or worse, that a disaster becomes a dynamic negotiation. It requires good gency management and disaster recovery. It catastrophe. relationship management, marketing, and Incident Emergency Discover Business a good awareness of business objectives Management Management Recovery Continuity and risk tolerances and is a perfect function by which to explore all of the other key
functions in a global business.” Time Rich Mason, Honeywell Source: Tech Target is accepted that no matter how much pre- Knowing both the authority (e.g. corpo- Underlying the business goals in many emptive work is done, events will occur. And rate security, fire department, cyber SOC, sectors are compliance costs to ensure busi- managing in a crisis, limiting the damage and etc.) and the individual(s) is the result of ness continuity. Many sectors including getting the enterprise’s operations back up strong rehearsal, typically table top exercises connected commerce, healthcare, finance, and running normally is important. From and communication. Getting to know one higher education and energy, face myriad local offices impacted by weather to the glob- another prior to an emergency is as impor- physical and cyber security requirements al supply chain disrupted by political unrest, tant as the actual plan. from government regulations. New regula- the expanse of issues is wide and growing for tions require new spending, changes to busi- security programs to plan and prepare. ness processes, and training. “We built a challenged security culture where security is everyone’s responsibility “It goes to the fact that every employee – enlisting our 40,000 employees to be on “It is my job to understand our security at every level of the enterprise takes the lookout.” costs better than they do (i.e. financial responsibility for ensuring MITRE’s security Greg Halvacs, Cardinal Health management). That allows us to gain and the security of the information with credibility and make the business case.” which we are entrusted. It’s a core part of Stephen D. Baker, our culture.” Response activities typically include State Street Corporation Gary Gagnon, MITRE evacuating the affected area, searching for those that need to be rescued, assessing the breadth and depth of the emergency and There is a cost to ensuring compliance We have witnessed a long, slow cycle working to contain damage and restore that is only overshadowed by the fear of over the past century of self-reliance by operations. These activities are directed at the cost of not being compliant. In con- stakeholders shifting to a heavy reliance maintaining life and regaining the emotion- nected commerce and retail, the cost and on emergency responders. Currently, the al well-being of the impacted community. sophistication to be PCI DSS compliance integration of emergency responders and The lack of leadership and communica- is significant. However, failure to meet PCI stakeholders toward risk and resilience is tion during a disaster in a timely manner DSS compliance can be catastrophic. Target being employed. This integration makes often leads to significant communication is facing a class action lawsuit, government resilience planning an “all hands on deck” and operational problems beyond just the fines, reduced sales volume and significant process and the notion of the first respond- actual incident. Brand image, public relations, brand damage. Thus, the cost of compli- er has changed. Those for whom resilience revenue and profit loss, legal liabilities and ance and related security budgets are being programs are meant to secure are actively CEO firings are more often the outcome of driven higher across this and other sectors. participating in their own safety. Across poor enterprise resilience programs. Examples There are also compliance requirements all sectors, from K-12 students rehears- include Katrina in New Orleans, Virginia placed on companies by their customers. ing lockdowns to fans texting about other Tech, BP and Target, where the lack of a coor- SPECIAL FEATURE dinated and timely response led to significant damages beyond the initial incident.
6. Physical Security, Crime and Asset Protection The FBI’s Crime in the United States report for 2013 identified 7,252,652 prop- erty related crimes including larceny, rob- bery and burglary, totaling $15.5 billion in losses. Enterprises (non-residential) from busi- nesses to public schools get their fair share. Incidence of crimes in non-residential sites: • Robbery 27.3% • Burglary 25.5% • Larceny 15.0% (estimated)
“We spend a lot of times securing our parking lots…your Average Joe burglar has changed to where they don’t spend their time robbing houses. They rob cars.” Jim Sawyer, Seattle Children’s Hospital Source: Project.org
Statistics are not available, but logically the both dollar value and potential brand dam- within their countries. And 11 percent of dollar value of commercial enterprise asset age. In addition to the monetary losses, failing the CEOs surveyed considered misstating theft has a higher dollar value than residen- to deliver for supply chain partners expecting financial performance to be a justifiable tial. Also, motor vehicle statistics include all deliveries to conduct business can cause the action. Only 6 percent of the overall respon- losses and are not identified by victim (per- loss of business contracts. Resold products dents considered doing so justifiable. sonal or commercial) in the FBI statistics. that are damaged or altered may lead to sig- In the retail sector, loss prevention issues nificant brand, warranty and financial losses. continue to impact businesses despite Insider crime, including both physical “Our security team has the opportunity increased investments in technology, train- assets and white collar theft and fraud, were to effectively and positively impact more ing and tactics. The National Association of noted as major areas of risk that Security than 1.8 million employees servicing 70 Shoplifting Prevention notes: 500 members are targeting to increase con- million customers around the world every • More than $13 billion worth of goods trols, improve audits and identify inappro- single day. One of my main motivations is are stolen from retailers each year. That’s priate activities that typically lead to a loss. to ensure that our customers come into our more than $35 million per day. Corruption is also a concern as the inci- restaurants and feel safe and secure and • There are approximately 27 million shop- dence has doubled over the past two years enjoy their meal. We have a very strong lifters (or 1 in 11 people) in the U.S. today. to 16 percent, according to a report from supply chain, and we have worked hard to More than 10 million people have been the EY Global Fraud Survey. More than protect our food from the farm to the fork.” caught shoplifting in the last five years. 40 percent of the CEOs surveyed believe Dennis Quiles, McDonald’s that corruption and bribery are widespread
“With retail stores, you are faced with some additional challenges like shoplifting and employee theft, return fraud, organized retail crime, online fraud and traditional robberies and burglaries. Getting merchandise from Point A to B has become much more complex.” Jerry Blum, AutoZone
While shoplifting shrink is a major drain on retailer profits, product diversion within supply chains is also a significant challenge. Diversion criminals are typically more profes- sional than shoplifters including members of organized crime. The typical theft is larger in Source: advantagepolygraphservices.com Retail/Connected Commerce THOUGHT-LEADER PROFILE
Going the and security challenges for AutoZone’s has a library that everyone has access to, and international locations as well, advis- much of those materials are around leader- Extra Mile ing senior management on international ship, management, effective communica- security issues and monitoring domestic tions and presentation skills, we expose our and international travel for employees. teams to these on a regular basis,” he says. With stores in Puerto Rico, Mexico and “To be a leader in this organization, you Brazil, as well as the U.S., he says: “We have to be committed to building a diverse face issues of importing and the sup- and high-performance team, and we’ve been Jerry Blum ply chain concerns – getting merchandise very successful in that. If we have an indi- from point A to point B – have become vidual who is lacking in a certain area, we Director of much more complex. Mexico and Brazil identify that area, address it with them, and Security Services, both have some unique challenges. Each purposefully focus on developing that nec- AutoZone, Inc. country has unique requirements, and essary skill.” the coordination with local authorities Within loss prevention measures and even in the presentation of cases has presented supply chain security, crisis management is some challenges.” To address some of these key. Blum is also responsible for emergency concerns, Blum and his team work with preparedness training, which includes table- n more than 5,300 AutoZone stores the Retail Industry Leaders Association top exercises with every department, but the in the U.S., Puerto Rico, Mexico (RILA), Overseas Security Advisory structure of the company helps as well: “We Iand Brazil, the number one job for Council (OSAC) and ASIS International have a pretty flat structure, which allows us AutoZoners is to provide “Wow! Customer for intelligence gathering and information to be nimble and make decisions quickly Service.” And AutoZone’s security focus sharing with other retailers, and AutoZone and on our own. AutoZone really empowers is no different, says Jerry Blum, Director has a security team in Mexico that Blum its people. We train them to make the right of Security Services for AutoZone. The describes as robust and in-tune with local decisions. We allow them to make decisions, security team’s focus is on more than just issues. and we support them. customers. There are vendors, employees Open lines of communication with “Our managers know that I’m available and other business partners, too. employees and stakeholders is one of the to them at any time and they can come to To secure a business partner’s needs, keys to Blum’s workplace violence miti- me for advice. Likewise, I know that my Blum’s team will work with them to protect gation strategy, including awareness cam- VP is available, and I can consult with her theft-prone products while still keeping paigns and a workplace violence hotline whenever I need,” he adds. them available to the customer with anti- where AutoZoners can leave confidential Prior to joining AutoZone, Blum theft devices or placing the merchandise in concerns before an incident takes place. served 27 years with the Memphis Police a well-monitored section of the store. “As far as the C-Suite is concerned, I Department, where he retired as a Deputy “The potential for risks like workplace think they would consider our security team Chief. He has earned numerous awards, violence incidents or data breaches, are not unobtrusive, yet highly responsive to their including the Memphis Police Department just limited to retail, but with retail stores, needs. We are engaged in all aspects of the Medal of Valor. you face additional challenges like shoplift- business, and we don’t impede anybody in ing and, of course, employee theft, return providing great customer service,” he says. SECURITY SCORECARD fraud, organized retail crime, online fraud, In fact, AutoZone’s Store Support Center’s › Annual Revenue: $9.8 billion and traditional burglaries and robberies,” Alarm Services Group recently received one › Security Budget: $28 million Blum says. “We deal with store operations, of the company’s highest internal awards legal, finance, HR, merchandising and – the Extra Miler – which is presented to CRITICAL ISSUES › Cybersecurity the supply chain; it’s just an environment an individual or group of employees who › Workplace Violence where hard work and cooperation really demonstrate outstanding performance. The › Asset Protection/Theft pays off.” team earned it by implementing a new pro- Blum wears many hats within the corpo- gram in which some members worked three SECURITY MISSION ration, including overseeing management, weeks straight without a day off, Blum says, › Insurance operation and maintenance of all secu- to ensure that the program was implement- › Fire rity-related equipment; business continu- ed effectively and best served the company’s › Supply Chain › Regulatory Compliance ity and disaster recovery; security officers; purposes. › Supporting Business Growth corporate investigations; international due In return for their dutiful service, Blum › Drug Testing diligence; and services, including executive and other AutoZone leaders work to invest › “Customer Facing” Posture protection. back into their teams. › Business Resiliency He has to be mindful of unique business “We have a training department here that Healthcare/Hospitals/Medical Centerssection THOUGHT-LEADER PROFILE
Protecting tions, communications, or mergers and Cardinal Health has to protect products acquisitions,” he says. “We partner with “to the last mile,” Halvacs says. “Our driv- the Last Mile them. We make sure we’re at the table, ers deliver products to thousands of points and that we remain proactive. When we of care every day. Because of the levels identify potential security issues, we sit of products we carry, sometimes they’re Gregory down with leadership and educate them targeted for theft, so we’re always looking L. Halvacs on what we want to do and how we want at how to prevent theft within the supply to go about doing it. I think it’s very chain, especially on the last mile – the last SVP, Chief high-level and has built a lot of credibility point to the customer, whether it’s a chain Security Officer Global Security, throughout the years in the organization pharmacy or an independent retailer or Flight Operations, at all levels.” hospital.” Global Real Estate, Halvacs’ security team develops metrics To best mitigate the risk to the last mile, Cardinal Health Inc. and in-house case studies to help sell their Halvacs and his team use CAP Index rat- case to the C-Suite, as well as to educate dif- ings and predictability modeling, as well ferent business units about emerging risks. as extensive awareness training of driver surroundings, including if they’re being fol- lowed. he nature of providing health care “We have disaster Halvacs says that the strength and reli- services is changing, particularly preparedness plans in ability of Cardinal Health’s supply chain T as the focus shifts from hospital- services are perhaps most evident when based care to providing care in more cost- place to ensure that disasters – like tsunamis, floods, torna- effective settings. The introduction of the all of our customers does or hurricanes – strike. “We have Affordable Care Act and other key drivers disaster preparedness plans in place to are making it increasing important for can always receive ensure that all of our customers – particu- health care providers, and their supply larly hospitals and retail pharmacies – can companies, to reduce costs for customers the medical and phar- always receive the medical and pharma- and patients, says Greg Halvacs, the Chief maceutical supplies ceutical products their patients need, even Security Officer and Senior Vice President in times of disaster. Through our global for Global Security, Flight Operations and their patients need.” command center, we track the T-minus Global Real Estate at Cardinal Health, schedules for hurricanes, and our regional a health care services company based in But it’s not just the C-Suite that is teams assist with monitoring weather and Dublin, Ohio. being educated about security measures – wild fires. We make sure that our four dis- “The Cardinal Health tagline is Cardinal Health’s security team recruits its tribution centers are fully stocked, so we ‘Essential to Care,’ reinforcing that we not 40,000 employees to be on the lookout: have the capability and agility to respond only provide medical products and phar- “We are building a culture where security is throughout our network.” maceuticals that are essential to the deliv- everyone’s responsibility. We constantly get ery of health care, but we also provide a reports from the field, reporting suspicious SECURITY SCORECARD broad array of products and solutions that activity.” › Annual Revenue: $91 billion improve the quality and cost effectiveness A part of that effort’s success is Cardinal › Security Budget: Confidential of care,” he says. Health and the security team’s commitment Some of those initiatives that Halvacs to hiring the very best security talent. The CRITICAL ISSUES provides through security include sharing enterprise’s background check and drug › Asset Protection/Theft › Crisis Management contract services from national vendors testing program was recently centralized › Fraud/IP Theft: External, Partner and for security equipment, access control and under one individual, and the company Insider Threats background checks. The Cardinal Health switched methods from urine analysis to sales team also presents the company’s hair testing to mitigate the possibility of SECURITY MISSION 8,000 independent retail customers with cheating on drug tests. Halvacs can also › Insurance options for continuing education classes depend on security and compliance coor- › Cybersecurity in security solutions, which could focus dinators at each of Cardinal Health’s 400 › Fire › Supply Chain on robbery prevention, risk mitigation, global locations to implement policy pro- › Regulatory Compliance store security and personnel safety, for cesses across the enterprise, including a › Supporting Business Growth example. company-wide technology upgrade on › Drug Testing “We work across the whole organiza- security systems three years ago. › Risk Management Planning tion, whether it’s HR, quality, legal, opera- As a supply chain-based enterprise, Diversified THOUGHT-LEADER PROFILE
Unique-ness Aviation Administration, the Department of tice what we preach,” Gagnon test ran this Defense, and the Department of Homeland integrated approach to intelligence- and Security. He has unique insights into his resource-sharing at MITRE before bringing client base, having held leadership positions it to clients. One of his first moves as CSO in solving information security issues for was combining MITRE’s physical and infor- the U.S. Army, U.S. Navy, and National mation security divisions, a departure from Gary Gagnon Security Agency. industry standard. “These functions cannot MITRE is a not-for-profit organization and do not operate independently,” he says. Senior Vice that operates federally funded research and “They’re all part of a security ecosystem.” President and Chief Security Officer, development centers (FFRDCs). Government This security ecosystem consists of a MITRE Corporation agencies establish FFRDCs to address spe- highly capable and motivated team. MITRE cific, long-term needs that can’t be met by in- relies on an all-inclusive approach, in which house staff or traditional contractor resources. every security team member can manage, In this capacity MITRE plays a unique role as rather than just route, an issue or inquiry a trusted adviser to both military and civilian through to resolution. “We work as risk any organizations protect their government agencies. management advisers for the organization,” cyber infrastructure by looking For Gagnon, earning and preserving that notes Gagnon. “Our value is rooted in Minward, focusing on their trust means never recommending any cyber- continuous improvement, sharing what we own networks and systems. They dedi- security capability or approach to a sponsor learn and changing thinking about security cate themselves to reducing the attack sur- that hasn’t first been tested on MITRE’s to a threat-based defense model.” face, assessing their vulnerabilities, and own computer networks and systems. To share information across an entire conducting system patching – all to con- “We realized that we needed to run our community, there needs to be a common tinuously monitor their own networks. network security solutions here to under- language and Gagnon has led MITRE’s To Gary Gagnon, senior vice president stand and prove them out before taking them efforts to establish and communicate soft- and chief security officer of the MITRE to our government sponsor customers,” says ware industry security data standards to for- Corporation, this defense posture makes Gagnon. “That way, we practice what we tify vendor products against vulnerabilities. about as much sense as having Tuuka Rask preach and we preach, what we practice.” To fully understand the critical needs of turn his back on the opposing team during MITRE’s approach to cyber defense is his sponsors, Gagnon focuses on customer the Stanley Cup playoffs. Rask, the star based on the “kill-chain” framework, origi- engagement. “At MITRE, we view security goaltender for the Boston Bruins, doesn’t nally developed by Lockheed Martin. The as a team sport and operate as a team,” he fend off slapshots by staring at his own kill-chain depicts the phases of a cyber says. “It’s the only way to gain adoption goal’s crossbar or checking the durability attack, comprised of a series of steps that an across our various organizational depart- of the net. He focuses on his opponents, adversary might take to compromise, con- ments, understanding client issues and dem- watching as their playbook unfolds, identi- trol and exploit a target. onstrating due diligence to ensure success.” fying their weaknesses and signaling to his By better understanding adversaries – teammates for backup. their tendencies, techniques, tools and Gagnon thinks this strategy can be just as intentions – organizations can bolster their SECURITY SCORECARD effective in protecting cyber assets. “Initially, threat-based defenses and improve their › Annual Revenue: $1.7 Billion we were like a hockey goalie facing the net chances of preventing, detecting and miti- › Security Budget: Confidential instead of watching the threat. By turning gating cyber intrusions. around, we get to work on knowing the “MITRE adopted the ideas, practiced CRITICAL ISSUES › Brand Protection/Intellectual Property/Product opponent, understanding their moves. We them, added to them, and started talking Protection/Counterfeiting/Fraud Protection are able to balance security against threats. about them, and promoting them with our › Business Expansion Support Our defenders become collectors of infor- sponsors,” says Gagnon. mation and intelligence to build a defen- In fact, MITRE offers many ways to help SECURITY MISSION sive strategy and optimize response,” he sponsors adopt this more proactive stance. › Asset Protection/Theft explains. “Learning as much as possible For instance, it helps diverse stakeholders › Enterprise Resilience about the adversary’s tactics and techniques create partnerships for sharing detailed › Fraud/IP Theft: External, Partner and Insider Threats › Regulatory Compliance gives us an edge in discovering and stopping cyber threat information, which can then › Risk Management Planning attackers.” be used to improve the defense capabilities › Supporting Business Growth As the director of cybersecurity at of each individual member. Partnerships › Supply Chain MITRE, Gagnon plays a key role in guiding also give members tools and strategies they › Technology Integration and Management the defense of some of the nation’s most might not otherwise have access to. › Workplace Violence critical cyber assets – those of the Federal In keeping with his commitment to “prac- Governmentsection THOUGHT-LEADER PROFILE
Ambassador Bellevue University (Nebraska), aimed to minimize the amount of risk to them and the change that mentality to a proactive security amount of risk to us as first responders.” for the County strategy. For example, he is boosting his staff’s Departments in Hennepin County potential by exposing them to a variety of are run almost as their own indepen- organizational leadership and security mate- dent business units, and security training rial, which they discuss on a regular basis. requirements are at the discretion of each “We set aside time to discuss these prin- department head. Some have more partici- ciples, and we use them when we plan out our pation than others (service center employees, Kirk D. mission for the next three- or four-year period for example, are well-versed in de-escalation Simmons to establish guidelines for where we need to go methodology now), but employees are able and where we should be from a professional- to access training on their own, if they pre- Security Manager, ism standpoint. We also look at our training fer, through the County’s training website. Hennepin County components to make sure that they’re appli- “I feel as though it’s a good idea to get as cable to what we’re currently responsible for. many frontline staff members to these train- ing sessions as possible – it will help them “I don’t view be able to do their jobs better, so customer ourselves in a service rankings will reflect more positive “ eing a government organization that experiences, and employees will be able to services every facet of the public, there security organization work in a safer environment.” Bis a whole host of different scenarios as a ‘necessary evil,’ “I don’t view ourselves in a security orga- that take place on a daily basis,” says Kirk but more of nization as a ‘necessary evil,’ but more of Simmons, Security Manager for Hennepin a real partner in being able to help deliver County in Minnesota. “There are occasions a real partner in being those services to the residents of the county where people are getting their kids taken away able to help deliver and to the employees. When people walk from them or they’re being told they need to those services.” in to work or to get their services, if they pay a lot of money in taxes. So, for them, it’s see a security officer standing there, they not a really pleasant experience all the time. So, “People are becoming more familiar with feel safe. We’re there to be ambassadors for as the security department, we want to ensure my expectations, and I’m feeling that they’re the county – giving directions, providing that employees and the people utilizing our growing beyond that now, taking the initia- services – simple as that.” services can do so in a safe manner. We’re there tive to know what our overall security mis- Before joining Hennepin County’s secu- to protect them and make sure they do what sion is and being able to articulate that with rity team, Simmons was the Corporate they need to do and get home safely.” our training.” Loss Prevention Manager for Musicland Hennepin County has more than 100 Security employees have a minimum of Stores Corporation. He has also served both buildings in its system, including libraries, first responder training, and they provide reserve and regular in the United States service centers (“A one-stop government services above and beyond the typical call of Marine Corps as a Military Policeman. shop” that include vital records, taxpayer duty, including escorting litigants to and from Security thanks him for his service. services, DMV, passports, etc.), health ser- their vehicles if requested, security planning vices, courthouses, and other government for events and ID badging responsibilities. SECURITY SCORECARD facilities and offices. For the past eight years, Hennepin County security training › Annual Revenue: $1.9 billion Simmons has been the Security Manager extends beyond the department also, as › Security Budget: $5.6 million for the County, and he has seen the security workplace violence is one of the main risks department grow from a necessary evil to a facing Simmons’ team today. They provide CRITICAL ISSUES › Workplace Violence legitimate partner in the local government. basic personal safety training and conflict › Service Coordination “When I first started with security in resolution training for employees, especially › Resource Allocation Hennepin County, people just came into for those who deal with confrontational work for a bad day, and that was pretty situations daily. SECURITY MISSION much it,” he says. “Nobody really under- “It seems to be inbred in the culture these › Insurance stood what it meant to formulate a mission days that if people don’t get what they want, › Cybersecurity and establish long-term goals, and work they have a tendency to lash out physically,” › Fire › Supply Chain towards those goals, adjusting them along Simmons says. “It’s in our best interest to › Supporting Business Growth the way to make sure they met with where make sure that all the employees know as › Risk Management Planning the country was going.” much about these solutions as possible. These › Asset Protection/Theft Simmons, who earned a Master of Arts educational tools help them negotiate through › Terrorism degree in Organizational Leadership from some of the really difficult situations, so they Utilities/Energy THOUGHT-LEADER PROFILE
Learning Self- takes for either an investigation to happen work up case studies from other munici- or for some kind of response team to arrive, palities to share with city officials, or build Reliance from the longer people have to wait for restora- metrics on investigation close rates, or Isolation tion of water services or, just at the very reductions in intrusions after changing the least, where we can guarantee the quality of fencing (a 99- to 100-percent reduction the water that’s being provided.” so far, Ubiadas reports) or other security Alexander S. And while Ubiadas might not be able to measures. Ubiadas, Jr. prevent natural disasters, he and his team “Once we successfully sell the security can work to mitigate other threats. He works brand, people are very appreciative; they Emergency with neighborhood watch groups and local like the concept of what we’re doing, and Management security associations to stay tuned in to what’s they want us to do more. They look to us as Staff Officer happening on the island and what trends to subject matter experts, and they recognize Board of Water watch for, in addition to internal security that we have the knowledge, experience Supply, City and measures and awareness programs. and capability that we can provide on an County of Honolulu as-needed basis if something arises,” he “It’s a noble cause says. “They recognize that they can call us for personal security advice instead of the doing security in police. They start to understand our mission as a security and emergency management s Hurricane Iselle barreled down on such an isolated resource, and then they start to change their the island of Oahu in early August, area because I can’t direction and have a more positive attitude A Alexander Ubiadas was prepared. toward us. He had already invested in ruggedized secu- rely on someone “The key is in giving them the ‘What’s in rity equipment at isolated facilities, built it for me,’” Ubiadas adds. “That’s what gets long-term recovery plans and worked with next door.” them on board to help us all succeed.” his staff to get facilities as ready as possible Prior to joining the Honolulu Board for the storm. Because while people might Board of Water Supply personnel in the of Water Supply, Ubiadas was a full-time survive for a while without electricity, they field are taught what constitutes suspicious emergency manager with the Hawaii Air truly need safe, clean water, no matter the behavior and how to report it. In-house and National Guard and served in several posi- weather. contracted security officers patrol the facili- tions, including being deployed in sup- Ubiadas is the Emergency Management ties and areas regularly. Deterrents include port of Operations Iraqi and Enduring Staff Officer for the City and County of signage, random anti-terrorism measures, Freedom. Security magazine thanks him for Honolulu’s Board of Water Supply, where decoy police cars and cameras, and elec- his service. He is married and has one son, he and his team are responsible for pro- tronic security measures. Chain link fences and in his free time, he can be found prac- tecting the clean water infrastructure for are being replaced by expanded metal fences ticing his marksmanship or spending time the entire Island of Oahu, which includes with razor-wire at the top to help further with family. thousands of miles of pipeline, thousands discourage intruders. of assets, more than 300 facilities, 600-plus “We’ll provide personal protection for SECURITY SCORECARD employees and hundreds of daily visitors. In employees going into high-threat or very › Annual Revenue: $186 million order to secure this infrastructure, Ubiadas secluded areas where we have many of our › Security Budget: $1 million relies on advance information and threat facilities, where there might not be anyone awareness, because often help is thousands around if they call for help. We also give CRITICAL ISSUES › Physical Security of miles away. employees resources, such as referrals to self- › Cybersecurity “We have to be very self-reliant, especially defense classes, if they’re truly concerned › Insider Threats here in Hawaii, and we’re able to do that about their safety,” he says. because our water sources are here, and this “A lot of our work is done behind the SECURITY MISSION tropical environment allows for recharging scenes, and that can lead to some people › Insurance of the aquifers,” Ubiadas says. “It’s a noble not seeing the value of security, because we › Fire › Supply Chain cause doing security in such an isolated area try to conceal it when we use anti-terrorism › Regulatory Compliance because I can’t rely on someone next door. I measures, trying to prevent incidents, and › Supporting Business Growth can’t rely on anyone other than who I’ve got. so it doesn’t affect operations, cause panic or › Drug Testing … If there’s a catastrophic incident, we have delays.” › “Customer Facing” Posture agreements that we can use, but it’s going to In order to sell security as more than just › Risk Management Planning take them a while to get here. The longer it an insurance policy, Ubiadas and his team Healthcare/Hospitals/Medical Centerssection THOUGHT-LEADER PROFILE
The Ultimate involve workers, clients, customers and visi- ing lots, because parking lots are inherently tors. It ranges from threats and verbal abuse unsafe for many reasons. They are convergent Security Strategy to physical assaults and even homicide. In zones for bad things like domestic violence – Embracing 2010, the Bureau of Labor Statistics (BLS) and assault. In addition, your Average Joe data reported healthcare and social assistance burglar has changed to where they don’t Authentic workers were the victims of approximately spend their time robbing houses. They smash Customer Service 11,370 assaults by persons – a greater than and grab cars. Our outside presence pays off.” 13-percent increase over the number of such Sawyer examines security incidents on a assaults reported in 2009. Almost 19 percent monthly basis and assesses the success of the of these assaults occurred in nursing and situation based on the resolution, with the residential care facilities alone. goal always being a non-violent resolution. Sawyer says that this is his greatest security “We are fairly self critical and for a reason. Jim Sawyer challenge, and he trains his staff to deesca- Too many organizations drink their own late as much as possible. “A lot of clients Kool-Aid, so to speak, and never examine Director of in hospitals aren’t exactly refined, sensitive their practices and behaviors. That is all Security Services, Seattle Children’s intellectuals. But if their child is sick, they are things wrong. Organizations need to ask Hospital totally focused on their child, and we want ‘Are we a just culture?’ and ‘Do we make to support them during that difficult time. I mistakes that anger people?’” hear a lot of security organizations stress, ‘We The hospital emergency room continues have zero tolerance.’ Well, that’s nonsense. to be a challenge at Seattle Children’s, as it It’s a reactionary term. For healthcare, that’s is with most hospitals. “People are in crisis,” im Sawyer has a lot of “friends for life” toxic. You don’t want that. And we tolerate a he says. “Often, people come in, and they at work. Some of the “friends” Sawyer lot, which we should. We get spit on, sworn think their child is much worse than they Jhas made were at one time hostile, at, cursed at with some frequency. And that’s are. We also see more cases of self-injurious angry and frustrated clients, people tested because people are under stress. What we children. Twenty-five years ago, I would see by enormous stress levels. want is ‘zero incidents.’ You don’t want any- maybe one child a month come in who was Jim Sawyer is Security Director for Seattle thing bad to happen. And that’s how you have self-injurious. Now we sometimes see five to Children’s Hospital, a 250-bed children’s to build your program on a ‘zero incidents 10 a day. That is quite a concern.” hospital in the Laurelhurst neighborhood of philosophy.’” The bottom line with his security strat- Seattle, which is currently ranked as one of His staff of 75 proprietary security offi- egy and risk mitigation, Sawyer says, is cus- the top 10 children’s hospitals in America by cers is trained in customer service while tomer service. “It sounds basic, but if you’re U.S. News & World Report. quickly taking a thorough assessment of working with the public, train your staff to Sawyer and his team work every day in the client and the situation. “Our security make good first impressions, to deescalate the hospital’s open environment to diffuse officers are more about supporting people in a situation, to read body language, to read and support many hostile and angry parents crisis and treating people well than being an verbal and non-verbal cues and ultimately who are frustrated by life’s recent events. enforcer,” Sawyer explains. “If someone asks to treat people right. If you can do that, you Those frustrations include but are not lim- for help, we never turn them down. And the can move mountains.” ited to money challenges, debt, bankruptcy, same time, with a smile on our faces, we’re family strife and having a sick child. doing a quick risk assessment to determine SECURITY SCORECARD Sawyer has many methods that helps him what, if any threat, they are to our hospital, › Annual Revenue: $1.665 Billion “make friends” and to diffuse many hostile patients and staff.” › Security Budget: $3 Million situations. “Our security team uses a term “You have one shot to make a good first called ‘restatement for clarification,’ which is impression, and we work very hard on that,” CRITICAL ISSUES › Workplace Violence paraphrasing,” Sawyer explains. “We listen to Sawyer adds. “We issue 1,500 photo ID › Staffing and Training people’s complaints and restate what they’ve badges every day. We greet people at the hos- › Patient Behavioral Health and Violence told us. Some people are stunned that they pital entrance, and we authenticate whether are being listened to versus having summary they belong here. And then if they are lost, we SECURITY MISSION judgements made about them. By listening, will walk them to their destination. We don’t › Active Shooter we have the opportunity to build true rap- want to become an Orwellian nightmare › Drug and Alcohol Testing › Enterprise Resilience port and have a ‘friend for life.’ Many of our for somebody. But when they walk into the › Physical/Assets/Facilities new-found ‘friends’ were people who were entrance of the hospital, they will find us.” › Regulatory Compliance initially hostile, if not threatening.” An additional area where Sawyer and his › Security Technology and Integration Workplace violence is a recognized hazard team have focused attention is the hospital › Weather/Natural Disasters in the healthcare industry. It can affect and parking lots. “We spend a lot of time on park- Education (University) THOUGHT-LEADER PROFILE
Life Happens At the same time, the regulatory land- student groups and graduate students. scape in higher education is evolving. The Dailey’s team also offers prevention Here Clery Act is being expanded to record awareness programs that students and additional crimes. Dailey works closely with employees may attend based on personal IAHSS for the Duke University Hospital interest. Among the most popular are active and is working towards accreditation for shooter and the Citizen’s Police Academy their police department. which receives six times the applicants as Security’s mission is to help create an there are seats available. John Dailey environment for world class education, Chief Dailey joined the Duke Police Chief of Police, research, healthcare and entertainment. department as an officer after six years in Duke University Simply stated, without a secure environ- the U.S. Army. He moved into a manage- and Duke University ment, Duke cannot be Duke. And Dailey ment role at Duke, was recruited to North Hospital recognized early that a secure environment Carolina State as Assistant Police Chief could not be created alone. and then returned to Duke as the Chief in 2009. “This is a fast changing and highly dynam- “Security is in ic profession. Security is in front of every col- nd Duke’s security team assures it. lege leader today. We get tremendous support “Thinking about the higher edu- front of every from leadership with both vocal and finan- Acation and healthcare facilities at cial recognition. We meet with student and Duke, it is amazing what occurs on a given college leader employee groups and ask how they feel about day. Students learn something that will their safety and get ideas. We listen well and change their life. Another person’s life will are highly responsive. That makes a big dif- be saved at the hospital. A researcher will today.” ference,” says Dailey. make a discovery that changes quality of At the heart of Duke’s program are the life for others. There may be a wedding in “We partner with the Office of highly dedicated professionals who are pas- the chapel. There is a high likelihood Duke Information Technology and are develop- sionate about service and very connected to will compete for or win a national sports ing comprehensive technical security plans. the culture and helping it achieve its goals. championship. And we have celebrity speak- There are now templates across similar “We work at it every day,” adds Dailey. ers and lecturers visiting frequently. This facilities. For example, our data centers, and “When we have a day without fear or inci- is a very rewarding, exciting and dynamic physical plant (critical dependency facilities) dents, we allow Duke to do what makes environment,” Chief Dailey explains. have one level of security. Residence Halls Duke great. That is the expectation. That is The security team at Duke is all about have another,” explains Dailey. the mission.” higher education above the surface, and they Human resources provides background work to keep law enforcement below the sur- screening and intervention to stay in face. “We continue to focus on customer ser- front of potentially threatening behavior. SECURITY SCORECARD › Annual Revenue: $4 Billion vice for all the stakeholders on our campus. “We work to educate others to recog- › Security Budget: $12 Million Duke is consistently named a top 10 institu- nize and report concerning behavior. We tion and high quality service is expected from have three teams of highly skilled, cross- CRITICAL ISSUES every department, especially security. The functional professionals that comprise our › Workplace Violence mission is a successful and positive experience Behavioral Assessment Teams that work › Security Technology and Integration for every person that visits Duke.” with students, employees and patients, as › Affordable Care Act Duke ensures that their team members required. And the Environmental, Health SECURITY MISSION are highly trained in necessary law enforce- and Safety department manages fire pro- › Active Shooter ment and emergency management skills. At tection, but we are the first responders. › Asset Protection/Theft the same time they focus heavily on emo- Hence we coordinate and drill closely to › Behavioral Health and Violence tional capabilities. “We emphasize empathy be prepared,” he adds. › Enterprise Resilience so our officers see things the way the student, Students are engaged in their own safety, › Fan Violence patient or victim sees them. We look hard as well, as additional federal regulations are › Loss Prevention/ at emotional intelligence during hiring and making safety programs mandatory on col- Asset Protection of Goods for Resale › Player Misconduct promotions. We work to hire the people who lege campuses. During the first week all new › Risk Management Planning fit into the culture and are able to manage the students are required to attend a security › Sexual Assault environment. This can be very challenging, session and to attend follow up programs › Weather and we discuss it all the time,” Dailey says. held by peers including resident advisors, Education (K-12) THOUGHT-LEADER PROFILE
“Hope” is Other assignments included overseeing He aligns his outreach efforts with the goal the LASPD’s Communication Center, as of closing the achievement gap within the dis- Not a Plan well as canine operations, firearms training, trict, helping to push higher graduation rates motors and the technology unit. In addi- and getting more kids to attend college. “If tion, Chief Rodriguez also has significant you approach the problem from that perspec- operational experience at the executive level tive, you are solving a lot of community crime Hector of police administration including internal issues,” he says. He does so by sending his staff Rodriguez, investigations, audits and strategic planning. to training beyond tactical mandates and giv- Ed.D. He also served as a full-time, as well as a line ing them classes on understanding the develop- Chief of Police, reserve police officer with the Los Angeles ment of the teenage brain. “A teenager does not Santa Ana Unified Police Department (LAPD). He holds mas- have fully developed rational thought process- School District ter’s and doctorate degrees in Education es,” he adds. “Our officers need to understand Police Department from the University of Southern California. this in order to better engage young adults who “We are working at creating the safest are still developing as human beings.” possible campuses,” he says. “We are not Another type of training is how to address focusing solely on enforcement, but also on runaways from a counseling perspective and to prevention and intervention. We realize that give parents resources that can impact the qual- hief Hector Rodriguez believes so we help shape our kids’ views about police ity of life on campus. He stresses: “We have a much in the Santa Ana Unified officers and government in general, based daily opportunity to impact a young person’s CSchool District (SAUSD) and the on our contacts with them. We strive to life. I talk about that every day. If we do our job safety of the children who attend SAUSD engineer trust and build collaboration. We right, we will have an impact on the commu- schools that he sends his own children to are very well prepared to respond to active nity crime rate because our kids will graduate.” school there. shooter events, but more importantly, we All of his officers will receive EMT train- “We are protecting very valuable assets – want to ensure as much as possible that we ing this year, further perpetuating the idea children,” he says, “so one of the things that I get to the child before he or she gets to that that they are there to help and support stu- did was enroll my sons in the school district. point of wanting to cause harm.” dents and not necessarily be just an enforcer. This a very challenged district with its share “Our schools are not violent, but we rec- While he has support from parents and the of community issues and under-resourced ognize that some of our schools are located school board, he does admit that there’s a agencies, yet I brought my two boys here to in socio-economically challenged areas with a challenge to measure prevention. “If there’s make the point that we trust our officers with higher rate of crime issues. Occasionally, some no crime, people assume that you don’t need the most valuable things that parents have.” of these issues will spill on to our campuses,” the resources that you are asking for. But The Santa Ana Unified School District he adds. “So our officers need to know what’s that’s when you really need them because you Police Department is a school district in going on in the neighborhoods.” are making a difference.” Orange County, California, that serves the One area of attention in the media, with city of Santa Ana. Although its geographic regards to school security, is arming school size is only 26 square miles, it is the sixth larg- resource officers. SAUSD’s school resource SECURITY SCORECARD › Annual Operating Revenue: $505 Million est school district in the State of California officers are armed. “It’s an unfortunate neces- › Security Budget: $7.2 Million with approximately 58,000 students. sity. They have to protect the students and Chief Rodriguez has worked to not just themselves. There’s no question. You cannot CRITICAL ISSUES teach his 26 officers (eight of whom are school have a police officer on a campus that is not › Increase in Crimes resource officers) about safety; he has taught armed. We hope that they don’t have to use › Providing Relevant Threat Assessment Training to prevention and intervention strategies as a their weapon, but hope is not a plan. We are Officers and Changing the Mindset from Reactive to Preventative/Predictive means of addressing school security problems. not arming teachers, though; teachers are › Civil Activism/Demonstrations He understands a police agency’s con- there to teach and protect our children, but stantly evolving role in the community. He they don’t have the same mindset or level of SECURITY MISSION has more than 26 years of law enforcement training that we do with regards to the use of › Active Shooter experience, 23 of which have been in the area a firearm as a defensive tool.” › Asset Protection/Theft of school policing. Prior to his selection as Armed or not armed, Chief Rodriguez › Contract Management (Guards, Technology Chief, he was a member of the Los Angeles says, is not the focus. Instead, it’s training his Integrators, Contract Employees) › Enterprise Resilience School Police Department (LASPD) for staff to be completely engaged on campus to › Investigations more than 22 years, with his most recent build trust. “The more trust that students › Security Technology and Integration assignment as Deputy Chief of Field have in our officers, the more information › Terrorism Operations; a command of approximately they will receive about gangs, theft and at- › Workplace Violence two-thirds of the 360 sworn officers. risk students who can cause problems.” Transportation/Supply Chain/Distribution THOUGHT-LEADER PROFILE
Common Ground unless you understand not only what address the threat or risk. It has to be a problem needs to be solved, but how it balance. Departments lose credibility when in Different fits within that organization.” they don’t keep that balanced approach in Perceptions of “We align our goals to the company’s,” mind.” Toler says. “And then at the end of the day, Safety is the airline’s number-one prior- Security we have to deliver meaningful and measur- ity, and Southwest looks at risk manage- able results and produce effective security ment as an enterprise-wide initiative, so strategies. We have to walk the walk and assessments are coordinated with other talk the talk. For security organizations to business units. Under Toler’s leadership, demonstrate true value, you also have to security at Southwest Airlines has posi- be proactive. tioned itself as a collaborator and an Vance Toler “Proactivity comes in many forms,” he enabler of business, not a blocker, which continues, “whether it’s getting out in front in turn has opened many doors for the Director of of your employees and developing meaning- security team to succeed. Corporate Security, ful education and awareness programs, or “Everyone at the table has a different Southwest Airlines developing risk assessment protocol and perspective of security and risk, and they processes aimed at mitigating known or often apply a different level of importance evolving threats across the system, or part- to what you’re recommending based on nering with leaders and employees to solve how they perceive the risk. If the objec- unique problems. You have to achieve those tive is perceived as unnecessary, it will be “ t the heart of our mission at things before you’ll be looked at as anything viewed as having high risk, low returns. Southwest Airlines is an unrelent- more than a reactionary department.” Others who perceive it to be needed will Aing dedication to deliver the highest As Southwest Airlines expands to interna- view it to have both high returns and lower quality of customer service in the industry. tional service, especially, proactive security risk. We have to understand what is being After all, we’re in the service and hospitality strategies are key to assuring the business, asked, and when possible, try to meet in the industry. Our purpose is to connect people Toler says. New routes to the Caribbean middle. to what’s important to them in their daily and Mexico bring opportunities for business “I think our biggest contribution, of lives. In order for the security team to make expansion, as well as some additional risk, which there are many from my great team, a meaningful contribution to the success of but the prospect is not an unwelcome one is day in and day out coming in with the the company, we can’t deviate from those for Toler. approach of ‘We are here to help,’ to enable core beliefs.” This is the mission statement “We focus our resources on areas we the operation to move forward while miti- of Vance Toler, the Director of Corporate determine pose the greatest potential for gating the identified risk.” Security for Southwest Airlines. loss, or brand impact. Right now, inter- Toler joined Southwest Airlines in 1995 Toler, who has been with the company for national security is top on our list, which as a Fraud Investigator to create and imple- nearly 20 years, refuses for security to be a includes developing an effective travel risk ment the Finance Investigation unit. He roadblock to Southwest’s growth or to hinder management program for our employees lives in Keller, Texas, with his wife, Debbie, its excellent customer service for more than who are going to these new international and daughter, Sydney. 100 million passengers who fly Southwest destinations. We’re learning along the way, annually. Having the reputation of being and it’s obviously exciting from an opera- SECURITY SCORECARD a department of denial can be “a common tional standpoint, a revenue standpoint, and, › Annual Revenue: $17.7 billion albatross hung around security’s neck,” he believe it or not, a security standpoint.” › Security Budget: $3.5 million says. And he and his team work hard to avoid One key is to keep stringent security, that reputation in the enterprise. often put in place in an effort to stamp CRITICAL ISSUES › Enterprise Risk Management Enhancement “One of the most important attributes out risk, from bogging down agile business › Employee Travel/Kidnapping & Ransom of a successful security organization is practices: “Anyone – any security leader › Maintaining Awareness you have to be first and foremost viewed or security department – can stop theft,” as a trusted business partner. We have Toler says. “But if we shut down the opera- SECURITY MISSION achieved that over a period of time by tion to do so, obviously that approach is › Insurance consistently demonstrating that we know ineffective and unreasonable. So we do our › Cybersecurity › Fire our business; we know the company’s best avoid the strategy of ‘no.’ We approach › Supply Chain direction; we know each business unit’s the table with the attitude of how can we › Supporting Business Growth operation. You can’t make recommenda- make this happen within the organization’s › Asset Protection/Theft tions for security programs or provide business units’ needs, and develop an effec- › Enterprise Resilience council or guidance that has any value tive and sustainable solution that will still Agriculture/Farming/Food Manufacturingsection THOUGHT-LEADER PROFILE
From Farm “The global security managers do the same to mentor and support future security profes- type of work for their restaurants at the region- sionals. “First, we make sure that the candidate to Fork al or country level that we do here,” Quiles can do the job. We don’t hire based on the fact says, “they protect the employees, the brand that someone likes the person,” he says. “It is and the business.” because that person holds the management His relationship with the McDonald’s and technical skills and has what it takes to C-Suite is “a procession of trust and mutual manage the position. Then we mentor by dis- Dennis cooperation,” he says. “We are viewed as cussing development opportunities for future Quiles, CPP business partners because we influence and growth. We also help our global security Director of provide support to the organization includ- managers with their development programs Global Security, ing supporting the organization’s business and talent management when appropriate. McDonald’s plans and goals. We actively collaborate with We pride ourselves in providing assistance. On Corporation McDonald’s intelligence managed by Senior many occasions it’s about what the person’s Intelligence Manager, Ryan Long. Ryan’s experience would bring that will enhance the team provides us with actionable intelligence system. We hire the individual that is prepared to work with management to ensure that they to meet the challenge, has the right attitude, are well informed. Some of the information is skills and personality for the job.” ince 1955 McDonald’s has been comprised of global safety and security related “I have truly enjoyed my role over the proud to serve the world some of trends and issues that may impact the system past 18 years,” Quiles adds, “in part because Sits favorite food. Along the way, and business strategies going forward.” of the opportunity to work with so many McDonald’s not only lived through history, Quiles’ peers share a “mutual perception; diverse cultures and the development oppor- but created it: from drive-thru restaurants, to they look at McDonald’s Security as col- tunities that have arisen from operating in Chicken McNuggets, to college credits from laborators,” he says. “We work with indus- 119 countries. McDonald’s Global Safety Hamburger University and much more. try subject matter experts and federal and and Security professionals have the oppor- Dennis Quiles, a U.S. Army veteran, is local agencies to enable mutual cooperation tunity to effectively and positively impact Director of Global Security at McDonald’s and to develop sustainable networks. The the system and the 70 million customers Corporation, where he has served for the focus of McDonald’s Security is to provide around the world that choose McDonald’s last 18 years. A 34-year veteran of the pro- restaurant staff with tools that help them every single day. One of our department’s tection business, Quiles is an acknowledged understand the safety and security guide- main objectives is to ensure that when our professional in physical security, hospitality, lines developed to provide a safe and secure customers come into our restaurants they corporate security and casino surveillance. working environment.” feel safe and secure. Our company’s goal is to “We deliver leadership and safety and security Global Security’s proficiency becomes ensure McDonald’s remains a place that you solutions to our global partners while support- evident through several initiatives including can bring your family to have a comfortable ing the organization’s strategic business plans. McDonald’s worldwide scorecard, owner/ and enjoyable dining experience.” We uphold our core business values and protect operator and customer comments and industry our most valuable assets which are our custom- surveys. “The data is very helpful,” Quiles says, SECURITY SCORECARD ers, people, products and brand,” he explains. “and of course, we are always reviewing our › Annual Revenue: $26 Billion Most McDonald’s restaurants are individually practices to improve the system, and I wouldn’t › Security Budget: Variable owned and operated so Quiles and his team have it any other way because the information serve as a resource and work to convey secu- provides us the opportunity to enhance our CRITICAL ISSUES rity best practices to franchisee- and company- services and see how everyone is looking at us › Customer and Crew Safety › Cybersecurity owned restaurant managers across the globe. rather than just looking in the mirror.” › Food Defense Quiles’ role also involves functions for McDonald’s operations management is › Civil Activism/Demonstrations physical security for the corporate and regional most proud of its food, so Quiles and team offices and supporting a team of security contribute to keeping the supply chain safe SECURITY MISSION managers around the world. The department’s and effective. “We strive to work with suppli- › Asset Protection/Theft success is due to the undivided collabora- ers, owner/operators and crew who tirelessly › Brand Protection/Fraud/IP Theft: External, tion of the Home Office Global Safety and work around the clock to ensure that we pro- Partner and Insider Threats › Enterprise Resilience Security Team: Jim McHenry, Director of vide fresh and safe products for our custom- › Political Unrest/Activism Global Safety; Filippo Marino, Director of ers. That’s our goal. We have a very strong › Risk Management Planning Intelligence and Executive Protection; Cory supply chain, and we have worked hard to › Supply Chain Keith, Meetings and Events Security Manager; protect our food from the farm to the fork.” › Terrorism and the strategic direction of the Global Safety Quiles is quick to appreciate the opportuni- › Workplace Violence and Security Vice President, Michael Peaster. ties that he’s been given to succeed so he works Finance THOUGHT-LEADER PROFILE
Securing Other eliminates information gaps and keeps his provides significant support to the Legal team ahead of the curve. team through litigation support activities People’s Money “I consider myself a business person first, and to the Compliance group through its with an expertise in security. Banking regu- assistance with due diligence and investi- lations can have some advantage for a secu- gations pertaining to global money laun- rity function to have direct view of expecta- dering laws; Foreign Corrupt Practices Act tions and demands on security. It enables us violations; and employee ethics infractions. Stephen D. to influence and control the security-related Security is a separate global division and Baker risk management agenda,” he says. has centers of excellence to maximize its Cybersecurity, political unrest/travel effectiveness and efficiency. “By reporting Vice President and safety and terrorism/shareholder activism to a member of the management com- Deputy CSO, State are some of the biggest risk issues and mittee, we have visibility into long-term Street Corporation are heavily intertwined. “Our big ‘risk’ plans and initiatives. This allows us to focus is the protection of our critical identify risks and present those risks and solutions early to the business people who own them. The result is that the bank makes the right decision as an entity. ll $27,430,000,000,000 of it. “It is my job to Security is neither dictating a policy nor That is $27 “Trillion” with a being dictated to when it comes to risk A capital “T” of other people’s understand our management,” Baker says. money under custody at State Street The security team has worked to measure Corporation. Most of their customers, security costs all aspects of their value and cost matrix. actually, are other financial institutions as One initiative separated constant RFP costs, well as institutional investors, and their brand and business relies on the contin- better than my SECURITY SCORECARD uous vigilance of their executive leaders › Annual Revenue: $9.8 Billion including Steve Baker, Vice President and bosses do.” › Security Budget: $29 Million Deputy CSO. “State Street, which is the second oldest CRITICAL ISSUES bank in the United States, was founded in infrastructure. State Street is designated › Cybersecurity 1792 and has a great foundation enabling as a Systematically Important Financial › Political Unrest/Activism › Terrorism us to look at risk profiles and support the Institution (SIFI) in the U.S. and globally › Safeguarding State Street’s people, property, business by addressing threats. Our bank’s because of its size, complexity, intercon- information, reputation and the continuity of business nectedness and the lack of readily available strong focus on satisfying customers and operations worldwide through the implementation investors, as well as protecting our reputa- substitutes for the financial infrastructure and improvement of security programs and safety tion, has strongly integrated security into it provides.” states Baker. measures. the business,” says Baker. “We are a leading State Street Global Security is highly trust bank, so the big bucket we manage as a regarded by all of its stakeholders. The secu- SECURITY MISSION › Asset Protection/Theft business is risk.” rity team works closely with senior business › Brand Protection/Intellectual Property/Product Global Security’s mission is to safeguard executives. “By being integrated into the Protection/Counterfeiting/Fraud Protection our people, property, information, reputa- business, we understand the goals prior to › Business Expansion Support tion and ensure the continuity of business planning. Reaching across the organization › Enterprise Resilience operations. Security does this through the and working with the other business units is › Fraud/IP Theft: External, Partner continuous implementation and improve- a favorite aspect of my job,” he says. and Insider Threats ment of security programs and safety mea- The financial services sector has its › Employee Travel/Kidnapping & Ransom sures. Security’s participation on key com- unique challenges and opportunities. › Fire mittees such as Operational Risk, Country Banking laws require banks to have a › Insurance Risk and Vendor Risk committees, along CSO. Jack Eckenrode is the bank’s Senior › Regulatory Compliance with a reporting line to the Chief Legal Vice President and Chief Security Officer. › Risk Management Planning Officer who serves on the Executive Security is required to develop a security Supporting Business Growth › Supply Chain Management Committee, gives the State program and present it to the Board of › Technology Integration and Management Street Security staff a very relevant place Directors for approval. That approval pro- › Weather of responsibility. In addition Baker’s role vides support for the programs implemen- › Workplace Violence on the Corporate Incident Response team tation. The Global Security function also THOUGHT-LEADER PROFILE such as hourly contract officers and equip- to do occupancy modeling for the global real from the top on down to our interns.” ment costs from variable costs including estate department, provide actual use and Security’s engagement in the business sick leave and vacation. By separating these incident reports for insurance quotes and from inception to delivery ensures that State items they are more able to predict expenses leverage travel information for employee tax Street has solid enterprise risk management and budget across the organization. issues. “We are able to reduce cost, increase planning. “We are involved in company, A second initiative to improve security efficiency and gain internal customer satis- not merely security decisions, which means without increasing costs was the move faction as a result,” he notes. there are no surprises. That is the critical from four leased office buildings to one Security conducts internal evalua- difference that enables success. The many bank-owned building. While the direct tions and surveys that result in security inbound calls we receive for advice points to cost of security increased, they were able team members being highly regarded and our value across the company. to document that the indirect costs funded valued. The key to success is ensuring “By satisfying customers, regulators and by the bank at the leased buildings met or prospective hires are a strong cultural providing a safe workplace for employees exceeded these direct costs. Thus, the cost fit with more of a business risk focus and visitors, Security will continue to be a transfer was equal. “This is a financial ser- and less of an enforcement mentality. viable entity by being engaged in the busi- vices company, and our bosses understand Second, training is critical. “We require ness and supporting the company’s goals. financials! It is my job to understand our our employees to identify training needs We are expected to be the experts and are security costs better than they do. That and complete these programs. We also often asked, ‘how do we get this done?’” allows us to gain credibility and make the have a flexible structure that allows vol- concludes Baker. “We work each day to business case,” says Baker. unteering, pursuing certifications, asso- reduce risk, win customers over, meet regu- Security contributes to the direct bottom ciation involvement and participating latory requirements and support the busi- line results as well. By capturing actual entry on mentoring teams, on bank time,” ness while safeguarding our people, all and exit data through the access control says Baker. “And we lead by example. with management support! I love my job!” system at their buildings, the bank was able Everyone participates in these programs Industrial/Manufacturing THOUGHT-LEADER PROFILE
Honeywell is also a Six Sigma enterprise, of Excellence where all standard work, such Changing the a set of techniques and tools for process as training, managing employees’ clearances, improvement developed by Motorola in facility clearances, lining up audits and pre- Weather 1986. Six Sigma seeks to improve the quality audits and inspections, gets managed. “It also of process outputs by identifying and remov- trains our security team on being better busi- ing the causes of defects (errors) and minimiz- ness people. I think that’s what is changing ing variability in manufacturing and business in the security environment. It is taking pure processes. Each Six Sigma project carried play security folks and up-armoring them Rich Mason out within an organization follows a defined with marketing skills, with procurement sequence of steps and has quantified value skills and engineering skills, and overall, cre- VP, Honeywell targets, for example, reducing costs. That ating well-rounded business professionals.” Global Security, process helps security’s role at Honeywell, Overall, security’s mission is “about peo- Honeywell Mason says, because defects – with security, ple,” Mason adds. “Any successful organiza- it’s risk– is managed very carefully. “We look tion needs to advance in all three domains of for repeatable process, and we try to eliminate people, process and technology. But it starts defects and waste,” Mason says. “I am con- with good people to advance the latter. At stantly tracking failure modes and working Honeywell people are our ultimate differen- oneywell is a Fortune 100 diver- on solutions to ensure those issues don’t arise tiator. We have skilled, motivated people that sified technology and manufac- again. Through our leadership we’ve built an embrace change and are constantly looking H turing leader, serving customers environment that is continuously improv- for ways to improve and increase their pro- worldwide with aerospace products and ing. We’re not comfortable just reporting the ductivity through new tools and standardized services; control technologies for build- weather; we’re actively changing it.” work. That’s what makes us valuable partners ings, homes and industry; turbochargers; However, the challenge with managing risk to the Leadership team,” says Mason. and performance materials. With such with a Six Sigma environment, Mason says, At the end of the day, what also defines diversity of opportunity at Honeywell, is the risk to become complacent. “One cam- Mason’s success, he says is “doing mean- having the right controls and security in paign for us right now is resilience. I think ingful work. Protecting Honeywell and place is critical to long-term success. too many security organizations are getting national security interests in the chemical, Rich Mason, VP of Honeywell Global caught in the trap of saying compliance is aerospace, defense, process control, manu- Security, sees beyond the sheer size and chal- good enough to manage risk. Some will say: facturing and technology sectors are very lenges of managing security operations at a ‘If I’m ISO certified and if I have my govern- rewarding.” large diversified company and has embraced ment certification, I’m secure.’ And I like to and capitalized upon Honeywell’s unique push back on folks and say that’s minimum security challenges and business opportuni- security. Let’s not confuse that with resil- SECURITY SCORECARD ties. “Working for Honeywell means you ience. Resilience is this concept of no matter › Annual Revenue: $39 Billion will never get bored, as the environment what gets thrown at us we can minimize the › Security Budget: Confidential is so diverse,” Mason says. “Risk manage- impact, we can get up quickly, we can learn CRITICAL ISSUES ment is an iterative, dynamic negotiation. It from it and we can continuously improve. › High Growth Regions requires good relationship management, The only way to do that is when security is › Cyber Resiliency marketing and a good awareness of business integrated, when it is built in, not bolted on.” › Governance Risk and Compliance objectives and risk tolerances and is a per- Mason’s professional background is both SECURITY MISSION fect function by which to explore all of the physical and cybersecurity, with previ- › Asset Protection/Theft other key functions in a global business.” ous security positions before being named › Business Expansion Support “What makes this job interesting is that Honeywell’s first Chief Information Security › Cybersecurity we’re very diverse in terms of our risk toler- Officer for the Aerospace division, and then › Drug and Alcohol Testing ance,” Mason adds. “I have to deal with dif- taking on the CSO role. › Employee Travel ferent ends of the spectrum: one that wants His cyber background has proven use- › Enterprise Resilience flexibility and another that is grounded ful in his CSO role at Honeywell as he › Loss Prevention/ in significant regulatory requirements, like has responsibility over cyber, physical and Asset Protection of goods for resale Defense, that aren’t willing to go as fast or industrial security, which covers managing › Risk Management Planning › Supply Chain aggressive. We don’t have a ‘one size fits all’ employee and facility government clear- › Supporting Business Growth approach. Security is very much a dialogue. ances. A CSO for each of Honeywell’s major › Terrorism Our security team consists of businesspeo- lines of businesses report to him. Mason › Weather ple, consultants and advocates. That’s what reports to Honeywell’s General Counsel. › Workplace Violence makes us unique and successful.” Honeywell has developed Security Centers SPECIAL FEATURE
Securing the enterprise’s physical assets about guns, guards and gates, anymore.” and goals to build security’s internal brand as and supply chain is a major part of the job, Actually, it’s not about people that use a professional and proactive organization. perhaps somewhat taken for granted or guns, guards and gates anymore. The overlooked at the C-Suite. As Dennis Quiles gates are still there; the people are being of McDonald's notes, integrating asset pro- changed. “At Honeywell we have skilled, motivated tection programs with the company mission people who embrace the vision of can be achieved. integration as an enabler, standard “Companies looking for more security staff work and Six Sigma as a defect reducer, 7. Human Capital: aren’t going to find them – they’re going commoditization as a value creator, security Hiring, Training and Retention to have to create them. We wanted to call as a competitive advantage builder, attention to this security shortage because intelligence as a risk manager, data as a it’s not a quick fix. This won’t be solved in a predictor, and relationship management as “To be a leader in this organization, you’ve year. It will be a four- to eight-year cycle in the glue that holds it all together.” got to be committed to building a diverse order to close that gap.” Rich Mason, Honeywell and high-performing team.” John Stewart, Cisco Jerry Blum, AutoZone Finding, training, motivating and retain- The level of executive management and ing qualified people that meet the organi- The acceleration of an effort to defend organizational leadership skills, having a zational culture and want to be a part of a against cyber crimes, integrate new tech- strong cultural fit and immersing in the busi- successful team for the long-term career is nologies and support organizational goals ness vision and goals of their organization are a great challenge. International sourcing is is demanding a new set of skills, cul- a critical first step for CSO success. The next particularly difficult due to the sticker shock ture, people and on-going training pro- step is to build an organization of deputies associated with compensation levels. grams. Many CSOs have said, “It’s not and specialists that internalize the same values There is an ongoing reliance on human
Source: Control Risks Control Source: SPECIAL FEATURE resources to identify, train and develop the enterprises with business operations in The global economy is not only impacting leading talent within security organizations Europe, 72 percent provide security services business people who work in or travel inter- enabling security to become more effective for those operations. nationally. Universities, hospitals, volunteer and valuable to its stakeholders. Human At the top of the list for business expan- and religious organizations are expanding to capital management is now critical for any sion is reputational risk. New markets international destinations at an increasing CSO to remain ahead of the curve and involve new cultures, stakeholders and pace. Cleveland Clinic has opened a medi- succeed. expectations. Gregg Anderson, a director cal center in Saudi Arabia; The Church of at Crowe Horwath LLP in Chicago noted Latter Day Saints has missionaries travel- 8. Business Expansion in Insurance Business magazine, “It’s not just ing around the world, constantly. Carnegie looking at the return on investment.” Mellon, Duke and Johns Hopkins all have The movement toward a single global campuses in China. And volunteers are at office of the CSO enabling a consistent risk, as recently witnessed, from terrorist mission and leadership to support the glob- beheadings to Ebola outbreaks. al enterprise has led to our consolidating emerging markets, frontier markets and business growth into one trend this year, “Our security officers are more about business expansion. Having a single optic supporting people in crisis and treating Geographic Security for planning risk management, policies, people well than being an enforcer.” technology integration, threat analysis and Jim Sawyer, Seattle Children’s Hospital Responsibility employee support is becoming a best prac- (Among Those With Locations): tice. The concept of security as an accelera- Attitude: If security officers were given Total tor for reaching objectives and maximizing an accurate title on their badges, it would North America 98% financial results is being noticed and appre- read “Director of First Impressions” directly Australia 74% ciated by internal business leader customers. relating to the importance of how attitude Europe 72% CSOs clearly view their role as an executive and demeanor impact either a prospective who contributes to organizational success by customer or criminal’s behavior. South America 72% managing security and risk. Equally impor- Concierge programs, including hiring Asia 71% tant, they work in organizations where the hospitality majors and training them in Africa 63% C-Suite understands the economic value security and safety, have come into popular- added and does not view security as a nar- ity. The C-Suite likes the brand image and row, technical function. they tend to have higher employee retention The push to emerging and frontier mar- rates and are ultimately are less costly over kets was a consistent critical issue among 9. Workforce, Executive and time than traditional hourly guard services. Security 500 members in the first years of Travel Protection What is clear is that these “Directors of the survey. This category has matured to Both keeping the workforce secure, First Impressions” are critical for the secu- encompass supporting business expansion informing them they are secure and having rity brand and reflect strongly on the CSO enterprise wide. International locations, no them participate in their own security by and security operations. matter how unique or challenging, have educating and changing their behavior is an Technology: Travel tracking and support become part of the new normal. The integra- art and a science. Travel is stressful to many solutions enable enterprises to keep in touch tion of security into business expansion goals people when it goes off without complica- with their stakeholders. Should an event dis- and planning has enabled security to research tions. Delays, health issues, fear or being rupt that traveler’s plans, such as a natural and identify risks, assign specialists to sup- victimized do not only impact that indi- disaster or personal health issue, the plans port expansions and in turn, stay ahead of vidual and their productivity; but clearly are already in place to know, notify, support business unit requirements. have implications for the brand, employees and take action on that person’s behalf. This and other ecosystem partners. technology is being utilized for everything While coordinating safe passage and 24/7 from weather to political unrest to both “One of the most important attributes of a support for stakeholders has been a role for reassure stakeholders prior to their business successful security organization is you have some security organizations historically. It travel to supporting them during impactful to be first and foremost viewed as a trusted became mainstream after Hurricane Katrina events. The importance of the reassurance business partner.” and the drive for international growth dur- is that it strengthens both security’s and the Vance Toler, Southwest ing the 2009 deep recession in the U.S. and overall enterprise’s brand in the mind of the Europe. It continues to be a growing service stakeholder. as new technologies and services become Intelligence: There is a lot of informa- This question was changed from the prior available (as noted in the big data section). tion available today. Bringing it into an years to ask part one: “In which regions does Attitude, technology, intelligence, commu- Intelligence Operations Center for analy- your organization have business operations?” nication and collaboration are the key ele- sis, discussion and appropriate action is a and part two: “Do you provide security ser- ments to successful travel support programs. critical step in successfully implementing vices in this region?” As a result, the answers This year, 80 percent of Security 500 mem- the travel support program. Collecting all compared to prior years are not comparable bers report responsibility for workforce, Twitter mentions of your company alone but are more accurate. For example, among executive and travel protection. may or may not be useful. But under- SPECIAL FEATURE standing the trend lines and themes within the tools to participate appropriately are 1. Dealing with reputational harm and the those messages is valuable to gain situation- required. Approved hotel lists for corporate business risk associated with cyber-crime al awareness more quickly. Having smart, travel are one example where risks are iden- will become part of a General Counsel’s intellectually curious team members who tified in a certain geography and reduced by responsibility set. can connect the dots and translate informa- selecting pre-screened properties. 2. Balancing significant growth opportuni- tion into intelligence is a significant part Collaboration: Especially for international ties in Africa with perceived corruption of the predictive movement across leading travel support, having feet on the ground risk. security organizations. relationships with local knowledge is vital. 3. The impact of regulation will be felt It is a best practice to engage local law stronger than ever by the financial ser- enforcement in areas where enterprises have vices industry. “Doing ‘meaningful work’ is a success physical and human capital investments. 4. FCPA compliance will remain a top pri- criterion. Protecting Honeywell and In addition, providers of guard, travel and ority for life sciences companies operat- national security interests in the chemical, medical services are routinely engaged as ing in emerging markets. aerospace, defense, process control, a risk mitigation component of interna- 5. Anti-money laundering and corruption manufacturing and technology sectors is tional business planning. Their institutional programs to face greater scrutiny. very rewarding for me.” knowledge, experience and relationships are 6. The opportunity to leverage “Big Data” Rich Mason, Honeywell critical at times of increased risk or crisis. in the context of compliance and anti- corruption will allow companies to ask 10. Regulatory Compliance new questions. Communication: Engaging stakehold- Understanding, funding and managing The study also warns of “regulatory com- ers in their own safety through educa- regulatory compliance within your specific pliance fatigue” having a negative impact tion, behavioral modification, policies and Security 500 sector is now anticipated and on enterprises that are not up to the task of support resources (technical and human) expected by the C-Suite from its security maintaining their programs as consistently play a core role in workforce protection. leaders. Brian Loughman, the EY Americas and constantly as required. Enterprise lead- Individuals that work against their own Leader for Fraud Investigation & Dispute ers should also focus on the right program wellbeing make security’s job difficult and Services (FIDS), identified six key themes to meet the threat, which might mean doing expensive. Thus policies, their purpose and for regulatory compliance: more than the minimum.
Source: Carlson Wagonlit 2014 RANKINGS
Agriculture/Farming/Food Manufacturing Rank Company Name Security 500 Member Title City State 1 Archer Daniels Midland Jeffrey Larner Vice President of Global Security Decatur IL 2 General Mills, Inc. Christoph J. Welsh Director of Global Security Minneapolis MN 3 McDonald's Corporation Michael Peaster Vice President of Global Safety and Security Oak Brook IL 4 Perdue Farms Kort Dickson Director of Corporate Security Salisbury MD 5 McCormick & Company, Inc.* Bryan Fort Director of Corporate Security Sparks MD 6 Pepsico, Inc.* David Carpenter Vice President of Security Purchase NY 7 Farmer John Meats Robert L. Jones Vice President of Human Resources Vernon CA 8 Hershey's* Matthew F. Ryan Director of Corporate Security Worldwide Hershey PA 9 Kellogg Company* Scott Lindahl Chief Security Officer Battle Creek MI
Senior Manager of GIS and ITOPS Security for America, Kraft Foods Global, Inc.* Ruben Chacon, CISSP, CISM Northfield IL 10 Spain
11 Land O'Lakes, Inc.* Dan Taussig Director of Global Security Arden Hills MN
Executive Vice President of Corporate Development and Agrium* Leslie O’Donoghue Calgary AB 12 Strategy; Chief Risk Officer
13 Syngenta Corporation* C. David Gelly Director of Corporate Security Winston-Salem NC 14 The Scotts Company* Lenny Hall Global Security Manager; Chief Security Officer Marysville OH
LISTED ALPHABETICALLY
Mars, Incorporated Scott W. Sheafe Global Security Director McLean VA
Monsanto Company Peter Sullivan Director of Global Security St. Louis MO
Business Services/Consulting Rank Company Name Security 500 Member Title City State 1 ADP Roland Cloutier Chief Security Officer Roseland NJ 2 EY (formerly Ernst & Young) John Imhoff Director of Global Security Washington DC 3 Deloitte Ted Almay Global Chief Security Officer Raleigh NC 4 Iron Mountain Incorporated Jack Faer Chief Security Officer Boston MA 5 CACI International, Inc. Jeffrey J. Berkin Senior Vice President; Chief Security Officer Fairfax VA 6 Hogan Lovells Jeff Lolley Head of Global Information Security Washington DC 7 InfoMart Robbie Bible Chief Information Officer Marietta GA 8 ADT Security Services* Ed McDonough Chief Security Officer Boca Raton FL
SAIC (Science Applications International Stephen T. Colo Senior Vice President; Chief Security Officer McLean VA 9 Corporation)*
10 KPMG* Charlie Steadman Executive Director of Firmwide Security New York NY 11 PricewaterhouseCoopers* Preston Jennings Chief Information Security Officer New York NY 12 Brink's Incorporated* Phillip Henning Director of Physical Security and Global Security Richmond VA
LISTED ALPHABETICALLY
Accenture Timothy Weir Managing Director of Global Asset Protection Chicago IL
Experian Stephen Scharf Chief Information Security Officer Costa Mesa CA
Marchex Greg Nelson Director of Security Seattle WA
*Estimated THE 2014 SECURITY 500 SECTOR REPORTS
2014 ANALYSIS
Agriculture/Farming/Food Manufacturing
CRITICAL ISSUES: BUDGET VS. 2013: GEOGRAPHIC RESPONSIBILITY: Cybersecurity Increased 43% Africa 83% Budget/Funding Decreased 57% Political Unrest/Activism Asia 83% Technology Integration and Management SECURITY REPORTS TO: North America 83% Supply Chain Australia 67% Asset Protection/Theft Human Resources 50% Chief Risk or Legal Officer/ Europe 67% Regulatory Compliance Risk/Legal/General Counsel 33% COO/Operations 17% South America 67%
ORGANIZATIONAL RESPONSIBILITIES: Brand Protection/Intellectual Property/ Be or Become “Customer Facing” Security Technology and Integration Product Protection/Counterfeiting/Fraud Protection 100% 83% (Meet With and Enhance Security for Customers) 33% Investigations 100% Terrorism 83% Drug and Alcohol Testing 33%
Political Unrest 100% Global Security Operations Center Management 67% Emerging/Frontier Market Expansion 33%
Workplace Violence 100% Weather/Natural Disasters 67% Regulatory Compliance 33% Workforce/Executive/Personnel Protection/Travel Business Expansion Support Supply Chain Support 100% 50% 33% Contract Management (Guards, Business Resilience (Business Continuity, Fire Technology Integrators, Contract Employees) 83% Emergency Management & Disaster Recovery) 50% 17% Employee Travel/Kidnapping & Ransom 83% Loss Prevention/Asset Protection 50% Physical/Assets/Facilities Risk Management Planning (Proprietary Property Not for Resale) 83% 50%
Business Services/Consulting
CRITICAL ISSUES: BUDGET VS. 2013: GEOGRAPHIC RESPONSIBILITY: Cybersecurity Increased 56% North America 100% Political Unrest/Activism Stayed the Same 33% Terrorism Decreased 11% Asia 67% Technology Integration and Management Regulatory Compliance Europe 67% SECURITY REPORTS TO: Supporting Business Growth Chief Risk or Legal Officer/Risk/Legal/ South America 67% General Counsel 33% CEO/President/Executive Director 23% Africa 56% CFO/Finance 22% Australia CIO/Information Technology 22% 56%
ORGANIZATIONAL RESPONSIBILITIES: Business Resilience (Business Continuity, Brand Protection/Intellectual Property/ Emerging/Frontier Market Expansion Emergency Management & Disaster Recovery) 89% Product Protection/Counterfeiting/Fraud Protection 67% 44% Investigations 89% Business Expansion Support 67% Regulatory Compliance 44% Physical/Assets/Facilities Global Security Operations Center Management Fire (Proprietary Property Not for Resale) 89% 67% 33% Security Technology & Integration 89% International Workforce Protection and Support 67% Political Unrest 33% Contract Management (Guards, Terrorism/Bomb Threats Drug and Alcohol Testing Technology Integrators, Contract Employees) 78% 67% 22% Workforce/Executive/Personnel Protection/Travel Loss Prevention/ Cyber/Information Technology 78% Support 67% Asset Protection of Goods for Resale 22% Be or Become “Customer Facing” Risk Management Planning Insurance 78% (Meet With and Enhance Security for Customers) 56% 11% Workplace Violence Prevention/ Supply Chain/Product Diversion/Logistics/ Weather/Natural Disasters Active Shooter Prevention 78% 56% Distribution 11%
Some charts may not equal 100% due to rounding. THE 2014 SECURITY 500 SECTOR REPORTS
2014 ANALYSIS Construction/Real Estate Development
CRITICAL ISSUES: ORGANIZATIONAL RESPONSIBILITIES: Enterprise Resilience Major Incidents Be or Become “Customer Facing” (Meet With and Enhance Security for Customers) 100% Technology Integration and Management Affordable Care Act Contract Management (Guards, Technology Integrators, 100% Contract Employees)
Investigations 100% BUDGET VS. 2013: Increased 100% Physical/Assets/Facilities (Proprietary Property Not for Resale) 100%
Security Technology & Integration 100% SECURITY REPORTS TO: COO/Operations 100% Terrorism/Bomb Threats 100%
Weather/Natural Disasters 100%
GEOGRAPHIC RESPONSIBILITY: Workplace Violence Prevention/ Active Shooter Prevention 100% North America 100%
Diversified
CRITICAL ISSUES: BUDGET VS. 2013: GEOGRAPHIC RESPONSIBILITY: Enterprise Resilience Increased 67% North America 100% Political Unrest/Activism Decreased 33% Workplace Violence Cybersecurity Europe 67% SECURITY REPORTS TO: Budget/Funding CAO/Administration 67% Asia 33% CEO/President/Executive Director 33%
ORGANIZATIONAL RESPONSIBILITIES:
Brand Protection/Intellectual Property/ Loss Prevention/Asset Protection of Goods for Workplace Violence Prevention/ Product Protection/Counterfeiting/Fraud Protection 100% Resale 100% Active Shooter Prevention 100%
Physical/Assets/Facilities Workforce/Executive/ Business Expansion Support 100% (Proprietary Property Not for Resale) 100% Personnel Protection/Travel Support 100%
Business Resilience (Business Continuity, Be or Become “Customer Facing” Regulatory Compliance Emergency Management & Disaster Recovery) 100% 100% (Meet With and Enhance Security for Customers) 67%
Contract Management (Guards, Risk Management Planning Fire Technology Integrators, Contract Employees) 100% 100% 67%
Cyber/Information Technology 100% Security Technology & Integration 100% Political Unrest 67%
Supply Chain/Product Diversion/Logistics/ Global Security Operations Center Management Drug and Alcohol Testing 100% Distribution 100% 33%
International Workforce Protection and Support 100% Terrorism/Bomb Threats 100% Emerging/Frontier Market Expansion 33%
Investigations 100% Weather/Natural Disasters 100% Insurance 33%
Some charts may not equal 100% due to rounding. THE 2014 SECURITY 500 SECTOR REPORTS
2014 ANALYSIS
Education (K-12) SECTOR SPECIFIC METRICS: SECURITY REPORTS TO: Security Budget/K-12 Student $1.70 COO/Operations 45% CRITICAL ISSUES: Board or Board Committee 9% Cybersecurity CFO/Finance 9% BUDGET VS. 2013: Staffing and Training Facilities 9% Asset Protection/Theft Increased 36% GM/Business Unit 9% Active Shooter Other 19% Budget/Funding Stayed the Same 55% GEOGRAPHIC RESPONSIBILITY: Decreased 9% North America 100%
ORGANIZATIONAL RESPONSIBILITIES: Loss Prevention/ Investigations Drug and Alcohol Testing 100% Asset Protection of Goods for Resale 73% 36% Physical/Assets/Facilities Brand Protection/Intellectual Property/ Terrorism/Bomb Threats 100% (Proprietary Property Not for Resale) 73% Product Protection/Counterfeiting/Fraud Protection 27% Workplace Violence Prevention/Active Shooter Security Technology & Integration Global Security Operations Center Management Prevention 100% 73% 18% Business Resilience (Business Continuity, Workforce/Executive/Personnel Protection/ Supply Chain/Product Diversion/ Emergency Management & Disaster Recovery) 91% Travel Support 73% Logistics/Distribution 18% Weather/Natural Disasters 91% Regulatory Compliance 64% Emerging/Frontier Market Expansion 9% Contract Management (Guards, Fire Insurance 82% Technology Integrators, Contract Employees) 55% 9% Risk Management Planning 82% Cyber/Information Technology 45% Be or Become “Customer Facing” Political Unrest (Meet With and Enhance Security for Customers) 73% 45%
Education (University) SECURITY REPORTS TO: GEOGRAPHIC RESPONSIBILITY: CRITICAL ISSUES: COO/Operations 21% North America 71% Budget/Funding Facilities 14% Asia 14% Technology Integration and Management CAO/Administration 7% Workplace Violence Africa 7% Sexual Assault CEO/President/Executive Director 7% Active Shooter Australia 7% CFO/Finance 7% Europe 7% BUDGET VS. 2013: CIO/Information Technology 7% Increased 93% South America 7% Stayed the Same 7% Other 37%
ORGANIZATIONAL RESPONSIBILITIES: Terrorism/Bomb Threats 100% Regulatory Compliance 79% Cyber/Information Technology 29% Contract Management (Guards, Brand Protection/Intellectual Property/ Weather/Natural Disasters 100% Technology Integrators, Contract Employees) 71% Product Protection/Counterfeiting/Fraud Protection 21% Workplace Violence Prevention/ Security Technology & Integration Insurance Active Shooter Prevention 100% 71% 21% Workforce/Executive/Personnel Protection/ Fire Business Expansion Support 93% Travel Support 71% 7% Investigations 93% Loss Prevention/Asset Protection of Goods for Resale 57% Emerging/Frontier Market Expansion 7% Risk Management Planning 86% Political Unrest 57% Supply Chain/Product Diversion/Logistics/Distribution 7% Be or Become “Customer Facing” Drug and Alcohol Testing Other (Meet With and Enhance Security for Customers) 79% 36% 14% Business Resilience (Business Continuity, Global Security Operations Center Management Emergency Management & Disaster Recovery) 79% 36% Physical/Assets/Facilities International Workforce Protection and Support (Proprietary Property Not for Resale) 79% 36%
Some charts may not equal 100% due to rounding. THE 2014 SECURITY 500 SECTOR REPORTS
2014 ANALYSIS
Energy and Utilities
CRITICAL ISSUES: BUDGET VS. 2013: GEOGRAPHIC RESPONSIBILITY: Cybersecurity Increased 43% North America 100% Budget/Funding Decreased 57% Supporting Business Growth Asia 29% Enterprise Resilience Workplace Violence SECURITY REPORTS TO: Australia 29% Employee Travel/Kidnapping & Ransom COO/Operations 43% Africa 14% Chief Risk or Legal Officer/Risk/Legal/ 29% General Counsel Europe 14% CEO/President/Executive Director 14% Human Resources 14% South America 14%
ORGANIZATIONAL RESPONSIBILITIES: Contract Management Risk Management Planning Loss Prevention/Asset Protection of Goods for Resale (Guards, Technology Integrators, Contract Employees) 100% 86% 57% Workplace Violence Prevention/ Investigations Cyber/Information Technology 100% Active Shooter Prevention 86% 43% Physical/Assets/Facilities Workforce/Executive/Personnel Protection/ Global Security Operations Center Management (Proprietary Property Not for Resale) 100% Travel Support 86% 43% Supply Chain/Product Diversion/Logistics/ Security Technology & Integration Business Expansion Support 100% 71% Distribution 43% Terrorism/Bomb Threats 100% Fire 71% Emerging/Frontier Market Expansion 29% Brand Protection/Intellectual Property/Product Weather/Natural Disasters Political Unrest Protection/Counterfeiting/Fraud Protection 86% 71% 29% Business Resilience (Business Continuity, Be or Become “Customer Facing” Emergency Management & Disaster Recovery) 86% (Meet With and Enhance Security for Customers) 57% Regulatory Compliance 86% International Workforce Protection and Support 57%
Finance/Banking/Insurance
SECURITY REPORTS TO: BUDGET VS. 2013: CRITICAL ISSUES: CAO/Administration 26% Increased 53% Workplace Violence Stayed the Same 26% Facilities 16% Budget/Funding Decreased 21% Cybersecurity Human Resources 16% Technology Integration and Management CFO/Finance 11% GEOGRAPHIC RESPONSIBILITY: North America 100% Regulatory Compliance Chief Risk or Legal Officer/Risk/ 11% Political Unrest/Activism Legal/General Counsel Asia 47% Europe 42% Fraud/IP Theft: COO/Operations 5% External, Partner and Insider Threats South America 32% Africa 16% Supporting Business Growth Other 15% Australia 16%
ORGANIZATIONAL RESPONSIBILITIES: Contract Management (Guards, Weather/Natural Disasters Business Expansion Support Technology Integrators, Contract Employees) 100% 84% 63% Investigations 100% Global Security Operations Center Management 79% International Workforce Protection and Support 63% Physical/Assets/Facilities Risk Management Planning Emerging/Frontier Market Expansion (Proprietary Property Not for Resale) 100% 79% 42% Be or Become “Customer Facing” Loss Prevention/ Terrorism/Bomb Threats 100% (Meet With and Enhance Security for Customers) 74% Asset Protection of Goods for Resale 37% Workplace Violence Prevention/Active Shooter Business Resilience (Business Continuity, Cyber/Information Technology Prevention 100% Emergency Management & Disaster Recovery) 74% 21% Workforce/Executive/Personnel Protection/ Political Unrest Drug and Alcohol Testing Travel Support 100% 74% 21% Fire 89% Regulatory Compliance 74% Insurance 16% Brand Protection/Intellectual Property/ Supply Chain/Product Diversion/Logistics/ Security Technology & Integration 89% Product Protection/Counterfeiting/Fraud Protection 63% Distribution 5%
Some charts may not equal 100% due to rounding. THE 2014 SECURITY 500 SECTOR REPORTS
2014 ANALYSIS
Government (Federal, State and Local)
CRITICAL ISSUES: BUDGET VS. 2013: SECURITY REPORTS TO: Workplace Violence Increased 50% CAO/Administration 25% Insider Threats Stayed the Same 37% Technology Integration and Management COO/Operations 13% Budget/Funding Decreased 13% Supporting Business Growth Facilities 13% Chief Risk or Legal Officer/Risk/Legal/ GEOGRAPHIC RESPONSIBILITY: General Counsel 13%
North America 100% Other 36%
ORGANIZATIONAL RESPONSIBILITIES: Physical/Assets/Facilities (Proprietary Property Not Business Resilience (Business Continuity, Brand Protection/Intellectual Property/Product for Resale) 100% Emergency Management & Disaster Recovery) 63% Protection/Counterfeiting/Fraud Protection 13% Investigations 88% Fire 63% Business Expansion Support 13% Terrorism/Bomb Threats 88% Political Unrest 63% Cyber/Information Technology 13% Be or Become “Customer Facing” Loss Prevention/ Drug and Alcohol Testing (Meet With and Enhance Security for Customers) 75% Asset Protection of Goods for Resale 50% 13% Contract Management (Guards, Regulatory Compliance Insurance Technology Integrators, Contract Employees) 75% 50% 13% Security Technology & Integration 75% Risk Management Planning 50% International Workforce Protection and Support 13% Workforce/Executive/ Supply Chain/Product Diversion/Logistics/ Weather/Natural Disasters 75% Personnel Protection/Travel Support 38% Distribution 13% Workplace Violence Prevention/ Global Security Operations Center Management Active Shooter Prevention 75% 25%
Healthcare/Hospital/Medical Center
CRITICAL ISSUES: BUDGET VS. 2013: SECURITY REPORTS TO: Workplace Violence Increased 76% COO/Operations 22% Budget/Funding Technology Integration and Management Stayed the Same 14% Facilities 19% Active Shooter Decreased 10% CEO/President/Executive Director 14% Staffing and Training Human Resources 11% Patient Behavioral Health and Violence GEOGRAPHIC RESPONSIBILITY: CAO/Administration 5% Asset Protection/Theft North America 76% CFO/Finance 3% Asia 8% CIO/Information Technology SECTOR SPECIFIC METRICS: Europe 3% 3% Security Budget/Hospital Bed $260.71 South America 3% Other 23%
ORGANIZATIONAL RESPONSIBILITIES: Brand Protection/Intellectual Property/ Investigations Regulatory Compliance 97% 78% Product Protection/Counterfeiting/Fraud Protection 38% Supply Chain/Product Diversion/Logistics/ Terrorism/Bomb Threats Weather/Natural Disasters 97% 78% Distribution 35% Workplace Violence Prevention/ Risk Management Planning Drug and Alcohol Testing Active Shooter Prevention 97% 76% 32% Physical/Assets/Facilities Contract Management (Guards, Technology International Workforce Protection and Support (Proprietary Property Not for Resale) 92% Integrators, Contract Employees) 73% 32% Security Technology & Integration 89% Fire 73% Global Security Operations Center Management 30% Be or Become “Customer Facing” Workforce/Executive/Personnel Protection/Travel Emerging/Frontier Market Expansion (Meet With and Enhance Security for Customers) 84% Support 73% 19% Business Resilience (Business Continuity, Business Expansion Support Insurance Emergency Management & Disaster Recovery) 84% 46% 16% Loss Prevention/Asset Protection of Goods for Resale 78% Political Unrest 43% Cyber/Information Technology 14%
Some charts may not equal 100% due to rounding. THE 2014 SECURITY 500 SECTOR REPORTS
2014 ANALYSIS
Hospitality/Casino
CRITICAL ISSUES: SECTOR SPECIFIC METRICS: SECURITY REPORTS TO: Staffing and Training Security Budget/Hotel Key $1,044.49 GM/Business Unit 67% Budget/Funding COO/Operations 33% Enterprise Resilience BUDGET VS. 2013: Supporting Business Growth Increased 67% GEOGRAPHIC RESPONSIBILITY: Decreased 33% North America 100%
ORGANIZATIONAL RESPONSIBILITIES: Fire 100% Be or Become “Customer Facing” (Meet With and Enhance Security for Customers) 67% Investigations 100% Brand Protection/Intellectual Property/Product Protection/Counterfeiting/Fraud Protection 67% Loss Prevention/Asset Protection of Goods for Resale 100% Business Expansion Support 67% Physical/Assets/Facilities (Proprietary Property Not for Resale) 100% Business Resilience (Business Continuity, Emergency Management & Disaster Recovery) 67% Risk Management Planning 100% Insurance 67% Terrorism/Bomb Threats 100% Regulatory Compliance 67% Weather/Natural Disasters 100% Contract Management (Guards, Technology Integrators, Contract Employees) 33% Workplace Violence Prevention/Active Shooter Prevention 100% Drug and Alcohol Testing 33% Workforce/Executive/Personnel Protection/Travel Support 100% Political Unrest 33%
Industrial/Manufacturing
CRITICAL ISSUES: SECURITY REPORTS TO: GEOGRAPHIC RESPONSIBILITY: Cybersecurity Human Resources 25% Workplace Violence North America 100% Chief Risk or Legal Officer/Risk/Legal/ Supporting Business Growth 25% General Counsel Europe 85% Budget/Funding CFO/Finance 10% Terrorism Asia 75% Supply Chain COO/Operations 5% South America 70% Facilities 5% BUDGET VS. 2013: Australia 55% Increased 48% CIO/Information Technology 5% Stayed the Same 33% Other 25% Africa 30% Decreased 19%
ORGANIZATIONAL RESPONSIBILITIES:
Investigations 100% Global Security Operations Center Management 85% Business Expansion Support 60% Workplace Violence Prevention/Active Shooter Loss Prevention/ Supply Chain/Product Diversion/Logistics/ Prevention 100% Asset Protection of Goods for Resale 85% Distribution 60% Workforce/Executive/Personnel Protection/Travel Risk Management Planning Emerging/Frontier Market Expansion Support 100% 85% 45% International Workforce Protection and Support 95% Security Technology & Integration 80% Regulatory Compliance 45% Physical/Assets/Facilities Weather/Natural Disasters Fire (Proprietary Property Not for Resale) 95% 80% 40% Brand Protection/Intellectual Property/Product Terrorism/Bomb Threats Drug and Alcohol Testing 95% Protection/Counterfeiting/Fraud Protection 75% 30% Business Resilience (Business Continuity, Political Unrest Cyber/Information Technology Emergency Management & Disaster Recovery) 90% 75% 20% Contract Management (Guards, Be or Become “Customer Facing” Insurance Technology Integrators, Contract Employees) 85% (Meet With and Enhance Security for Customers) 70% 10%
Some charts may not equal 100% due to rounding. THE 2014 SECURITY 500 SECTOR REPORTS
2014 ANALYSIS
Information Technology/Communications/Media
CRITICAL ISSUES: SECURITY REPORTS TO: GEOGRAPHIC RESPONSIBILITY: Workplace Violence Chief Risk or Legal Officer/Risk/Legal/ 40% North America 100% Employee Travel/Kidnapping & Ransom General Counsel Cybersecurity Facilities 20% Asia 90% Political Instability CAO/Administration 10% Europe 90%
CFO/Finance 10% Australia 80% BUDGET VS. 2013: Increased 80% Human Resources 10% South America 70% Stayed the Same 10% Other Africa Decreased 10% 10% 60%
ORGANIZATIONAL RESPONSIBILITIES: Investigations 100% Terrorism/Bomb Threats 90% Regulatory Compliance 60% Supply Chain/Product Diversion/Logistics/ Security Technology & Integration Weather/Natural Disasters 100% 90% Distribution 60% Workplace Violence Prevention/Active Shooter Workforce/Executive/Personnel Protection/Travel Loss Prevention/ Prevention 100% Support 90% Asset Protection of Goods for Resale 50% Business Resilience (Business Continuity, Business Expansion Support Cyber/Information Technology Emergency Management & Disaster Recovery) 90% 80% 40% Contract Management (Guards, Emerging/Frontier Market Expansion Risk Management Planning Technology Integrators, Contract Employees) 90% 70% 40% Brand Protection/Intellectual Property/Product Be or Become “Customer Facing” Global Security Operations Center Management 90% Protection/Counterfeiting/Fraud Protection 60% (Meet With and Enhance Security for Customers) 30% International Workforce Protection and Support 90% Fire 60% Drug and Alcohol Testing 20% Physical/Assets/Facilities Political Unrest Insurance (Proprietary Property Not for Resale) 90% 60% 20%
Ports/Terminals
CRITICAL ISSUES: ORGANIZATIONAL RESPONSIBILITIES: Weather TWIC Compliance Brand/Product Protection 100% Technology Integration and Management Business Continuity 100%
Corporate Security 100% BUDGET VS. 2013: Increased 65% Cyber/Information Technology 100% Stayed the Same 25% Increased 10% Disaster Recovery 100%
Investigations 100% SECURITY REPORTS TO: CEO/President/Executive Management 100% Physical Security/Facilities 100%
Regulatory Compliance 100% GEOGRAPHIC RESPONSIBILITY: Supply Chain/Vendor 100% North America 100%
Some charts may not equal 100% due to rounding. THE 2014 SECURITY 500 SECTOR REPORTS
2014 ANALYSIS
Retail (Connected Commerce)
CRITICAL ISSUES: BUDGET VS. 2013: GEOGRAPHIC RESPONSIBILITY: Cybersecurity Increased 50% North America 83% Loss Prevention (Retail) Stayed the Same 17% Organized Retail Crime Europe 42% Decreased 33% Workplace Violence Asia 33% Political Instability SECURITY REPORTS TO: South America 33% CFO/Finance 50% Chief Risk or Legal Officer/Risk/Legal/ Africa 17% General Counsel 33% COO/Operations 17% Australia 17%
ORGANIZATIONAL RESPONSIBILITIES:
Investigations 100% Weather/Natural Disasters 83% Emerging/Frontier Market Expansion 50% Workplace Violence Prevention/ Risk Management Planning Global Security Operations Center Management Active Shooter Prevention 100% 75% 50% Brand Protection/Intellectual Property/ Business Resilience (Business Continuity, Business Expansion Support Product Protection/Counterfeiting/Fraud Protection 92% Emergency Management & Disaster Recovery) 67% 42% Contract Management (Guards, Fire Regulatory Compliance Technology Integrators, Contract Employees) 92% 67% 33% Loss Prevention/ International Workforce Protection and Support Cyber/Information Technology Asset Protection of Goods for Resale 92% 67% 17% Workforce/Executive/Personnel Protection/ Security Technology & Integration Drug and Alcohol Testing 92% Travel Support 67% 17% Physical/Assets/Facilities Be or Become “Customer Facing” Insurance (Proprietary Property Not for Resale) 83% (Meet With and Enhance Security for Customers) 58% 17% Supply Chain/Product Diversion/Logistics/ Terrorism/Bomb Threats Political Unrest 83% Distribution 58% 8%
Spectator Sports (Arenas/Facilities/Teams/Venues)
CRITICAL ISSUES: BUDGET VS. 2013: SECURITY REPORTS TO: Terrorism Increased 100% Facilities 17% Fan Violence CAO/Administration 8% Player Misconduct GEOGRAPHIC RESPONSIBILITY: CEO/President/Executive Director 8% Weather CFO/Finance 8% North America 84% COO/Operations 8% CIO/Information Technology 8% Asia 8% Chief Risk or Legal Officer/Risk/Legal/ General Counsel 8% Europe 8% Other 35%
ORGANIZATIONAL RESPONSIBILITIES:
Terrorism/Bomb Threats 100% Risk Management Planning 83% International Workforce Protection and Support 42% Business Resilience (Business Continuity, Weather/Natural Disasters Cyber/Information Technology 100% Emergency Management & Disaster Recovery) 75% 33% Workplace Violence Prevention/Active Shooter Workforce/Executive/Personnel Protection/Travel Global Security Operations Center Management Prevention 100% Support 75% 33% Contract Management (Guards, Technology Brand Protection/Intellectual Property/Product Investigations 92% Integrators, Contract Employees) 67% Protection/Counterfeiting/Fraud Protection 25% Physical/Assets/Facilities Loss Prevention/Asset Protection of Goods for Business Expansion Support (Proprietary Property Not for Resale) 92% Resale 67% 17% Be or Become “Customer Facing” Political Unrest Insurance (Meet With and Enhance Security for Customers) 83% 67% 17% Fire 83% Security Technology & Integration 67% Emerging/Frontier Market Expansion 8% Supply Chain/Product Diversion/Logistics/ Regulatory Compliance Drug and Alcohol Testing 83% 42% Distribution 8% Some charts may not equal 100% due to rounding. THE 2014 SECURITY 500 SECTOR REPORTS
2014 ANALYSIS
Transportation/Logistics/Supply Chain/Distribution/Warehousing
CRITICAL ISSUES: BUDGET VS. 2013: GEOGRAPHIC RESPONSIBILITY: Workplace Violence Increased 75% Supply Chain Stayed the Same 13% North America 100% Technology Integration and Management Decreased 12% Maintaining Awareness Asia 50% Budget/Funding SECURITY REPORTS TO: CEO/President/Executive Director 25% Europe 25% COO/Operations 25% Chief Risk or Legal Officer/Risk/Legal/ 13% General Counsel South America 13% Other 37%
ORGANIZATIONAL RESPONSIBILITIES: Business Resilience (Business Continuity, Global Security Operations Center Management Political Unrest Emergency Management & Disaster Recovery) 100% 88% 63% Contract Management (Guards, Technology Loss Prevention/Asset Protection of Goods for Supply Chain/Product Diversion/Logistics/ Integrators, Contract Employees) 100% Resale 88% Distribution 63% Physical/Assets/Facilities Investigations Cyber/Information Technology 100% (Proprietary Property Not for Resale) 88% 50% Terrorism/Bomb Threats 100% Risk Management Planning 88% Drug and Alcohol Testing 50% Workplace Violence Prevention/Active Shooter Security Technology & Integration International Workforce Protection and Support Prevention 100% 88% 50% Be or Become “Customer Facing” Weather/Natural Disasters Emerging/Frontier Market Expansion (Meet With and Enhance Security for Customers) 88% 88% 38% Brand Protection/Intellectual Property/ Workforce/Executive/Personnel Protection/ Fire Product Protection/Counterfeiting/Fraud Protection 88% Travel Support 88% 38% Business Expansion Support 88% Regulatory Compliance 75% Insurance 13%
2014 Security 500 Methodology
THE SECURITY 500 Benchmarking metrics among peer organizations. 500 Report based on security metrics for their Survey is based on information from several • The data requested and metrics used to individual sectors, however, security leaders sources: benchmark within each sector were based were given the option this year in the Security • Data supplied directly by participating on the input of our advisors. 500 Survey to be either listed by rank or alpha- enterprises The purpose of the Security 500 is betically. This serves to provide these security • Data obtained through public resources/ to create a reliable database to measure organizations the recognition they deserve as records your organization versus others and create members of this prestigious list without dis- The Security 500 tracks 18 vertical a benchmarking program among security closing their position within the market. markets and collects unique data where organizations. The results will enable you to Based on continued feedback and the goal appropriate (such as the number of unique answer the question, “Where Do I Stand?” of creating a valuable resource for our partici- facilities in healthcare) and applies this data as a basis of an ongoing peer review pro- pants and industry, the Security 500 is spread to key metrics. The key metrics collected cess. Due to the greater accuracy of the across 18 different sectors. We recognize this year include but is not limited to: information provided by security executives that as a result of continued unprecedented • Security Spending/Person compared to that of estimations, completed economic changes some organizations and • Security Spending/Revenue entries were given greater weight in the rank- their security leaders may no longer be in • Security Employees/Officer ings than the estimations. Additionally, the place. The listings are based on the informa- “Person” is focused on the type of person sector in which a company is ranked is based tion available at the time of publication. Each the security budget is intended to protect. on self-reported information. For example, participating organization will receive their Examples include employees, citizens, students one clothing retailer may select “Retail” and confidential report by November 30, 2014. and patients. There is a series of general ques- another clothing manufacturer may select For additional information, please e-mail to: tions that all participants completed along “Manufacturing/Industrial” as their sectors. [email protected] with unique questions within each sector. The 500 enterprises and security leaders Security thanks all of the participants in The 2014 Security 500 Survey includes listed in this report are among the biggest and the Security 500 Report – without their the following: best security organizations in the world. All of assistance and insight, this valuable resource • Sectors were measured and evaluated on them have been included in the 2014 Security would not be possible. Some charts may not equal 100% due to rounding. 2014 RANKINGS
Construction/Real Estate Development Rank Company Name Security 500 Member Title City State 1 General Growth Properties Dan Ryan Senior Corporate Security Director Chicago IL 2 AECOM* Dennis Clark Vice President; Chief Security Officer Los Angeles CA
3 Chicago Bridge & Iron (CB&I)* Richard A. Fisher Vice President of Global Corporate Security The Woodlands TX
4 Empire State Building* Donald P. O'Donnell Director of Security New York NY 5 Forest City Enterprises* Vince Hill Vice President of Loss Prevention Cleveland OH 6 Colliers International* Terry De Niro Director of Security Sacramento CA 7 GWL Realty Advisors Inc.* Ernie Eves Manager of Security and Life Safety Edmonton AB 8 Jones Lang LaSalle* John Friedlander Director of Security Chicago IL 9 Boston Properties* Alan Snow Director of Safety and Security Boston MA 10 Simon Property Group* Vincent Cascella Director of Corporate Security Operations Indianapolis IN 11 Servest UK* Michael Lamoureaux Managing Director London 12 Macerich* Chris Woiwode Vice President of Security Santa Monica CA 13 Pulte Group* Gary Haire Director of Corporate Security Bloomfield Hills MI
Diversified Rank Company Name Security 500 Member Title City State 1 Cox Enterprises Duane Ritter Vice President of Corporate Security Atlanta GA 2 The MITRE Corporation Gary J. Gagnon Senior Vice President; Chief Security Officer McLean VA 3 Charles River Laboratories Stephen Morrill Corporate Vice President of Global Security Wilmington MA 4 Loews Corporation* Jerry Meade Corporate Director of Security New York NY
5 Toyota Tsusho America, Inc.* Matthew Nunn Corporate Security Manager Georgetown KY
6 Williams Companies* Bruce List Director of Security Houston TX
LISTED ALPHABETICALLY
Safelite AutoGlass David Riber Director of Corporate Security Columbus OH
Education (K-12) Rank Company Name Security 500 Member Title City State 1 Los Angeles School Police Department Steven Zipperman Chief of Police Los Angeles CA 2 Montgomery County Public Schools Robert B. Hellmuth Director of the Department of School Safety and Security Rockville MD
3 Clark County School District Police James R. Ketsaa Chief of Police Henderson NV
Cleveland Metropolitan School District Lester Fultz Chief of Security Cleveland OH 4 Division of Safety and Security
5 Santa Ana School Police Department Hector Rodriguez Chief of Police Santa Ana CA 6 Littleton Public Schools Guy Grace Manager of Security and Emergency Planning Littleton CO 7 Frederick County Public Schools Clifton V. Cornwell Supervisor of Security and Emergency Management Frederick MD 8 McCracken County Public Schools Larry Zacheretti Director Paducah KY 9 Oswego City School District John C. Anderson V Director of School Security and Safety Oswego NY 10 Radnor Township School District Joe Perchetti Supervisor of Security Wayne PA 11 Whitfield County Public Schools Mike Ewton Chief Officer of Operations Dalton GA 12 Broward County School District* Jerry Graziose Director of Safety Department Oakland Park FL 13 Fairfax County Public Schools* Frederick E. Ellis Director of Office of Safety and Security Falls Church VA
*Estimated 2014 RANKINGS
Education (University) Rank Company Name Security 500 Member Title City State
University of Pennsylvania Division of Vice President for Public Safety; Superintendent of Penn Maureen S. Rush, M.S., CPP Philadelphia PA 1 Public Safety Police New York University Department of Public Randy Stephan Vice President of Global Security New York NY 2 Safety Associate Vice President for Safety, Security and Civic University of Chicago Marlon C. Lynch Chicago IL 3 Affairs; Chief of Police 4 University of Florida Linda Stump Chief of Police Gainesville FL 5 Duke University John H. Dailey Chief of Police Durham NC 6 University of South Carolina, Columbia Chris Wuchenich Associate Vice President for Law Enforcement and Safety Columbia SC 7 Johns Hopkins University* Edmund Skrodzki Executive Director Baltimore MD 8 The University of Texas at Austin* Gerald Robert (Bob) Harkins Associate Vice President for Campus Safety and Security Austin TX 9 The Ohio State University* Vernon Baisden Assistant Vice President for Public Safety Columbus OH 10 Michigan State University* James Dunlap Director of Public Safety; Police Chief East Lansing MI 11 Texas A&M* J. Michael Ragan Chief of Police College Station TX 12 High Point University Jeff Karpovich Security Director High Point NC 13 University of La Verne Stan Skipworth Senior Director of Campus Safety La Verne CA 14 West Virginia University Police Department Bob Roberts Chief of Police and Emergency Management Morgantown WV 15 Medical College of Wisconsin David Feller Director of Public Safety Milwaukee WI 16 Longwood University Police Department Robert R. Beach Chief of Police; Director of Public Safety Farmville VA Bluegrass Community and Technical Todd Gray Operational Manager for Security and Safety Lexington KY 17 College 18 Carson-Newman University James A. Hodges Director of Safety and Security Jefferson City TN LISTED ALPHABETICALLY
Drexel University Domenic Ceccanecchio Vice President of Public Safety Philadelphia PA
Norwich University Michael P. Abraham Chief of Security Northfield VT
Yosemite Community College District Becky Crow Director of Campus Safety Modesto CA
Energy and Utilities Rank Company Name Security 500 Member Title City State 1 Baker Hughes, Inc. Michael Couzens Vice President; Chief Security Officer Houston TX 2 Chesapeake Energy Corporation Tony Blasier Vice President; Chief Security Officer Oklahoma City OK 3 Consumers Energy John G. Russell CEO Jackson MI 4 San Antonio Water System Joshua Dean Director of Security San Antonio TX 5 Honolulu Board of Water Supply Alexander S. Ubiadas, Jr. Emergency Management Officer Honolulu HI 6 Exxon Mobil Corporation* Chad Stevens Global Operations Manager of Security Houston TX 7 Shell Oil Company* Terry Whitley Senior Security Manager Houston TX 8 Chevron Corporation* Wesley Lohec Vice President of Health, Environment and Safety San Ramon CA 9 Duke Energy* Darren Myers Managing Director of Enterprise Protective Services Charlotte NC 10 Pioneer Natural Resources* Butch Brazell Director of Global Security Irving TX 11 American Electric Power* Stanley Partlow Director of BL Transportation Services and Security Columbus OH 12 FirstEnergy Corperation* James Whitley Jr. Executive Director Akron OH 13 Florida Power & Light Company* James Burke Director of Security Juno Beach FL Global Vice President of Environment, Health, Hess Corporation* Elizabeth L. Cheney New York NY 14 Safety and Social Responsibility 15 Tennessee Valley Authority* David G. Jolley Vice President of Security and Emergency Management Knoxville TN 16 Xcel Energy* Rick Benolken Manager of Safety and Training Minneapolis MN 17 Southern California Edison* Dana Kracke Vice President of Safety, Security and Compliance Rosemead CA Vice President of NERC Compliance and Critical Entergy Corporation* Chris Peters The Woodlands TX 18 Infrastructure Protection 19 DTE Energy* Michael Lynch Chief Security Officer Detroit MI
*Estimated 2014 RANKINGS
Energy and Utilities - continued Rank Company Name Security 500 Member Title City State 20 Kinder Morgan Energy Partners, LP* Dwain Jones Corporate Director of Security Houston TX 21 Spectra Energy* Michael Frankovich Director of Security Houston TX 22 Memphis Light Gas and Water* LaShell Vaughn Vice President; Chief Technology Officer Memphis TN 23 BC Hydro* Doug Powell Manager of SMI Security, Privacy and Safety Burnaby BC 24 Helmerich & Payne* Matthew White Global Security Manager Houston TX 25 PG&E* Anil Suri Vice President; Chief Risk and Audit Officer San Francisco CA 26 Hunt Consolidated, Inc.* James Savage Senior Vice President of Global Security Dallas TX 27 JEA* William Bland, CPP Security Manager Jacksonville FL 28 Portland General Electric Company* Joseph L. Goodale Security Manager Portland OR 29 Sabine Pass LNG/Cheniere Energy, Inc.* Bruce Graham Manager of Security and Emergency Response Cameron LA 30 Manitoba Hydro* Chris McColm Chief Security Officer Winnipeg MB 31 Vectren Corporation* Janell Ellis Manager of Corporate Security Evansville IN 32 El Paso Water Utilities* Al Heredia Chief Security Officer; Emergency Response Coordinator El Paso TX LISTED ALPHABETICALLY
Birmingham Water Works Scott Starkey Security Manager Birmingham AL Vice President of Corporate Exelon Corp. F. Edward Goetz Chicago IL and Information Security Services NV Energy Bruce Barnes Manager of Infrastructure Security Las Vegas NV
Peabody Energy Andrew Cobb Director of Global Security St. Louis MO
Rio Tinto David Gracey Global Head of Security Montreal QC
Finance/Banking/Insurance Rank Company Name Security 500 Member Title City State 1 Fidelity Security Services (FSSI) Dan Sauvageau Chief Security Officer Boston MA 2 Prudential Financial Lori Hennon Bell Chief Security Officer Newark NJ 3 State Street Corporation Jack C. Eckenrode Senior Vice President; Chief Security Officer Boston MA 4 State Farm Insurance Dan Consalvo Director Corporate Security Bloomington IL 5 Capital One Timothy T. Janes, CPP, CFE Managing Vice President; Chief Security Officer McLean VA 6 E*TRADE Financial Russell Ross Vice President of Corporate Security Menlo Park CA 7 Nationwide Mutual Insurance Company Jay C. Beighley CPP Associate Vice President of Corporate Security Columbus OH 8 WellPoint, Inc. Greg Wurm Director of Domestic Security Operations Indianapolis IN 9 CNA Financial William Phillips Chief Security and Safety Officer Chicago IL Senior Vice President; Head of Global Corporate Security MasterCard Richard Gunthner Purchase NY 10 Group 11 Blue Cross Blue Shield of Florida Harold Grimsley, CPP Senior Director of Corporate Security Jacksonville FL 12 Aflac Scott Shaw Senior Manager of Security Columbus GA 13 Thrivent Financial Mark Theisen Director of Corporate Security and Business Resilience Appleton WI 14 People's United Bank Richard Sardellitti Security and Investigations Agent Danvers MA 15 Insurance Corporation of British Columbia Bill Anderson Manager of Corporate Security North Vancouver MB 16 Burke and Herbert Bank Lester J. Bain CSO, CFE Director of Security; BSA Compliance Officer Alexandria VA 17 American International Group* Steven Tursi Vice President; Chief Security Officer New York NY 18 Wells Fargo & Company* Michael Bacon Executive Vice President; Chief Security Officer San Francisco CA 19 Fannie Mae* Patrick Williams Director of Corporate Security and Resiliency Washington DC 20 Morgan Stanley* Neil Vetrano Vice President of Corporate Security and Investigations New York NY 21 Kaiser Permanente* Phil Hoffman Director of Security Services Oakland CA 22 New York Life Insurance* Leonard Mackesy Chief Security Officer New York NY 23 Freddie Mac* Henry Thomas Director of Corporate Security McLean VA 24 TD Bank* Gerry Bianchi Vice President; Senior Manager of Physical Security Mount Laurel NJ 25 Aetna* David Gionfriddo Director of Corporate Security Hartford CT 26 Allstate* Jeffrey Wright Vice President; Chief Information Security Officer Northbrook IL 27 Progressive* Paul Beckwith Chief Security Officer Mayfield Village OH
*Estimated 2014 RANKINGS
Finance/Banking/Insurance - continued Rank Company Name Security 500 Member Title City State 28 Comerica Bank* Herbert Kaltz Vice President; Corporate Security Manager San Jose CA 29 CIBC World Markets* Ted Samul Manager of Corporate Security New York NY 30 Edward D. Jones & Company, LP* Roland Corvington Director of Global Security Services St. Louis MO 31 Amerisourcebergen Corp.* Chris Zimmerman Vice President of Corporate Security and Regulation Valley Forge PA 32 New York Stock Exchange* Brian Gimlett Chief Security Officer New York NY
LISTED ALPHABETICALLY
Manager of Security, Business Continuity Automobile Club of Southern California Jason H. Cook Costa Mesa CA and Emergency Services
Bank of New Hampshire Shaun Sanborn Senior Vice President; Security Administrator Laconia NH
Blue Shield of California Cary Takagawa Senior Manager of Corporate Security and Safety San Francisco CA
Goldman Sachs Ken Damstron Global Head of Safety and Security New York NY
LPL Financial Kevin Cliff Director of Global Corporate Security Concord NC
Visa, Inc. Don Hill Head of Global Security and Safety Foster City CA
Western Union Financial Services Phil Hopkins Vice President of Global Security Englewood CO
Government (Federal, State, and Local) Rank Company Name Security 500 Member Title City State 1 New York City, N.Y.* Joseph F. Bruno Commissioner of the Office of Emergency Management Brooklyn NY
New Jersey Office of Homeland Security Edward Dickson Director Hamilton NJ 2 and Preparedness*
Director of the California Governor’s Office of Emergency California Emergency Management Agency* Mark Ghilarducci Mather CA 3 Services
4 Illinois Emergency Management Agency* Jonathon Monken Director Springfield IL
Secretary of the Department of Public Safety and Virginia* Brian Moran Richmond VA 5 Homeland Security
6 Los Angeles* James Featherstone General Manager Los Angeles CA 7 Chicago* Gary Schenkel Executive Director of the Office of Emergency Management Chicago IL
Managing Director for the Office of Emergency Philadelphia* Samantha Phillips Philadelphia PA 8 Management
9 Florida* Bryan Koon Director of Emergency Management Tallahassee FL 10 Dallas* Dean Sydlowski Director of Corporate Security Edmonton AB 11 Boston* Rene Fielding Director of the Office of Emergency Management Boston MA 12 San Francisco* Bijam Karimi Director of Emergency Management San Francisco CA 13 Houston* Carl Matejka Coordinator for the Office of Emergency Management Houston TX 14 Toronto* Dwaine Nichol, CPP Director of Corporate Security Toronto ON 15 Hennepin County Kirk D. Simmons Security Manager Minneapolis MN 16 Clark County Theodore Hooper Assistant Manager Las Vegas NV 17 Ventura County Rosalind Harris Security Manager Thousand Oaks CA 18 Department of State* Gregory B. Starr Assistant Secretary for Diplomatic Security Washington DC 19 Phoenix* Robert Hughes Manager Phoenix AZ
Coordinator of Security Services and Emergency Ontario Ministry of Finance Brian Wood, PSP, ABCP Oshawa PE 20 Management
21 Phoenix Water Services Department John Culwell Security Supervisor Phoenix AZ 22 Austin* Otis Latin, Sr. Homeland Security and Emergency Management Director Austin TX 23 Federal Reserve Board* Michell Clark Director Washington DC 24 New York City Environmental Protection Kevin T. McBride Deputy Commissioner Flushing NY 25 Edmonton Dean Sydlowski Director of Corporate Security Edmonton BC 26 Pollard Banknote Ltd. Eric Hrycyk Director of Corporate Security Winnipeg NB 27 Columbus* Miki Calero Chief Security Officer Columbus OH
*Estimated 2014 RANKINGS
Healthcare/Hospital/Medical Centers Rank Company Name Security 500 Member Title City State 1 HCA - Hospital Corporation of America Tim Portale Chief Safety and Security Officer Nashville TN 2 Cleveland Clinic Gordon M. Snow Chief of Protective Services Cleveland OH 3 Tenet Healthcare* Britt T. Reynolds President of Hospital Operations Dallas TX 4 Carolinas HealthCare System John Knox Executive Vice President; Chief Administrative Officer Charlotte NC 5 Massachusetts General Hospital* Bonnie Michelman Director of Police, Security and Outside Services Boston MA 6 New York-Presbyterian Hospital Jeffrey Bokser Vice President of Safety, Security and Emergency Services New York NY 7 Fraser Health Jeffery Young Executive Director of Integrated Protection Services Surrey MB 8 Cardinal Health Greg Halvacs Senior Vice President; Chief Security Officer Dublin OH
Vice President for Public Safety; Superintendent of Penn Hospital of the University of Pennsylvania Maureen S. Rush, M.S., CPP Philadelphia PA 9 Police
10 Dallas County Hospital District Kenneth Cheatle Chief of Police Dallas TX
University of California-Irvine Health Scott Martin Director of Security and Parking Orange CA 11 System
The University of Texas MD Anderson William Adcox Chief of Police Houston TX 12 Cancer Center and UT-Health
13 Seattle Children's Hospital Jim Sawyer Director of Security Services Seattle WA 14 Aurora Health Care Mike Cummings, CPP Senior Vice President of Security Loss Prevention Milwaukee WI 15 Brigham & Women's Hospital* Robert Chicarello, CPP Director of Security and Parking Boston MA 16 Duke University John H. Dailey Chief of Police Durham NC 17 Medical City Dallas* Leonard Sullivan Director of Security Dallas TX
Ohio State University Wexner Medical Michael Mandelkorn Director of Security Columbus OH 18 Center
Greenville Health System Law Enforcement Joseph V. Bellino, CHPA Chief of Police; Director of Security Greenville SC 19 Services
20 University Health Network Todd Milne Senior Manager Toronto PE 21 Metropolitan Hospital Center Anthony S. Notaroberta Senior Associate Director New York NY 22 Boston Children's Hospital Robert Ryan, CPP, CHPA Security Director Boston MA 23 Dana-Farber Cancer Institute Ralph Nerette Security Director Boston MA 24 Saint Francis Hospital and Medical Center Jack Mayoros Director of Security Hartford CT 25 Baystate Medical Center Thomas F. Lynch Dierctor of Security Springfield MA 26 HealthEast Care System Kathryn Correia President; CEO St. Paul MN 27 Parkview Health Thomas Rhoades Director of Police and Public Safety Fort Wayne IN 28 Lancaster General Hospital Daniel Ford Director Security and Safety Lancaster PA
Associate Vice President for Safety, Security and Civic University of Chicago Medical Center Marlon C. Lynch Chicago IL 29 Affairs; Chief of Police
30 Community Health Systems* Gordon Carlisle Vice President of Facilities Management Franklin TN 31 Baltimore Washington Medical Center Karen Olscamp President Glen Burnie MD 32 Antelope Valley Hospital Timothy Lidberg Director of Safety and Security Lancaster CA 33 Mayo Clinic Health System - Eau Claire Drew Neckar, CPP, CHPA Regional Director Eau Claire WI
The University of Texas Medical Branch at Thomas E. Engells Chief of Police Galveston TX 34 Galveston
35 Van Andel Institute Jana Hall Chief Operating Officer Grand Rapids MI 36 Indiana University Health North Hospital Garry Kimble Chief of Police and Protective Services Carmel IN 37 King's Daughters Medical Center Scott Hill Director of Environmental Safety; Chief Security Officer Ashland KY 38 West Virginia University Police Department Bob Roberts Chief of Police and Emergency Management Morgantown WV 39 Anderson Hospital Paul J. Head Security Manager Maryville IL
Director of Protection Security Services and Emergency Atlantic Health System* Alan J. Robinson Morristown NJ 40 Management
41 Advocate BroMenn Medical Center* Peter Fee Manager of Public Safety Normal IL 42 Ascension Health* Patricia Maryland President of Healthcare Operations; Chief Operating Officer St. Louis MO 43 Catholic Health Initiatives* Phillip L. Foster Senior Vice President; Chief Risk Officer Englewood CO 44 Trinitas Regional Medical Center John Dougherty Director of Security Elizabeth NJ
*Estimated 2014 RANKINGS
Healthcare/Hospital/Medical Centers - continued Rank Company Name Security 500 Member Title City State 45 Cedars-Sinai Hospital* Corey Hart Manager of Safety and Security Los Angeles CA 46 Henry Ford Health System* Kevin Robinson Security Manager Detroit MI 47 Shands HealthCare* Steve Truluck Director of Safety, Security and Transportation Gainesville FL 48 Children's Healthcare of Atlanta* Josh Bornstein Director of Safety and Security Atlanta GA 49 Cadence Health* George DiLeonardi System Director of Safety and Security Winfield IL 50 The Methodist Hospital - TMC* Geoffrey Povinelli Director of Security Services Houston TX
Cincinnati Children's Hosptial Medical Myron Love Manager of Protective Services Cincinnati OH 51 Center*
52 Parkland Health and Hospital System* Kenneth Cheatle Chief of Police Dallas TX 53 Cook Childrens Healthcare System* David B. Hollar Director of Security Fort Worth TX 54 MetroHealth Systems* Deborah Bonzak Director of Protective Services Cleveland OH 55 Providence Health and Services* Michael Boyd Chief Information Security Officer Renton WA 56 Harlan Laboratories* Ted Wasky Global Chief of Security and Safety Indianapolis IN 57 Good Samaritan Health System* Lawrence Phillips Director of Security and Emergency Preparedness Lebanon PA 58 Holy Cross Hospital* Michael Paseltiner Director, Information Services Fort Lauderdale FL 59 Blessing Hospital* John Bozarth Administrative Director Quincy IL 60 Indiana University Health West Hospital* Kurt Oosterlinck Director of Security Avon IN 61 Specialty Hospital of Washington-Hadley* Melvin Stewart Security Manager Washington DC
Coler Goldwater Specialty Hospital and Vito Aleo Director of Hospital Police Roosevelt Island NY 62 Nursing Facility*
63 Children's Hospital of Philadelphia* Michael Brooke Director of Security, Parking and Transportation Philadelphia PA 64 St. John's Lutheran Ministries* Tom McKenna Director of Facility Services; Security Resident Manager Billings MT 65 Hoag Memorial Hospital Presbyterian* Edward Aguilar Manager of Security and Emergency Management Newport Beach CA 66 Jersey Shore University Medical Center* Douglas Campbell Senior Manager for Risk and Security Neptune NJ 67 Memorial Medical Center* Ed Curtis CEO; President Springfield IL 68 Specialty Hospital of Washington-Hadley* Melvin Stewart Security Manager Washington DC
LISTED ALPHABETICALLY
Advocate Illinois Masonic Medical Center A.L. Matthews Public Safety Manager Chicago IL
Lancaster Regional Medical Center Jeffrey Hatfield Director of Security Lancaster PA
Lexington Medical Center Joel B. Huggins Director of Public Safety West Columbia SC
Mercy Health - Muskegon James Roberge Senior Director of Facilities Muskegon MI
Nationwide Children's Hospital Daniel Yaross Director of Security Columbus OH
Shawnee Mission Medical Center Charles Murray Director of Security Shawnee Mission KS
Tanner Health System Gary L. Thomas Associate Administrator for Campus and Support Services Carrollton GA
Yosemite Community College District Becky Crow Director of Campus Safety Modesto CA
Hospitality/Casino Rank Company Name Security 500 Member Title City State 1 Marriott International, Inc. Hector Mastrapa Vice President of Global Safety and Security, Americas Bethesda MD 2 The Walt Disney Company Ron Iden Senior Vice President; Chief Security Officer Burbank CA 3 MGM Resorts International Tom Lozich Executive Director of Corporate Security and Surveillance Las Vegas NV 4 Hilton Hotels* John Beers Director of Safety and Security McLean VA 5 Hyatt Global* Mark Sanna Global Head of Security; Corporate Vice President Chicago IL 6 Royal Caribbean Cruises Ltd.* Gary Bald Senior Vice President; Chief Security Officer Houston TX 7 Caesars* Tim Donovan Executive Vice President; General Counsel Las Vegas NV 8 Starwood Hotels* Paul Frederick Vice President of Global Security and Safety Stamford CT 9 Wynn/Encore Las Vegas* Stephanie Wallace Director of Surveillance Las Vegas NV 10 Las Vegas Sands* Brian Nagel Senior Vice President; Chief Security Officer Las Vegas NV
*Estimated 2014 RANKINGS
Hospitality/Casino - continued Rank Company Name Security 500 Member Title City State 11 Augustine Casino Karen Shinham Director of Security Coachella CA 12 Casino Aztar* Derek Boss Director of Security Evansville IN 13 Gold River Casino & Casino Oklahoma Ellery Crossman Director of Security Anadarko OK 14 La Cantera Hill Country Resort Shaun Burdick Director of Security San Antonio TX 15 Boyd Gaming Corporation* Stan Smith Vice President of Emergency Management Las Vegas NV
Industrial/Manufacturing Rank Company Name Security 500 Member Title City State 1 Honeywell Rich Mason Vice President of Honeywell Global Security Morristown NJ 2 General Electric Company* Art Cummings Chief Security Officer Fairfield CT 3 Caterpillar, Inc.* Timothy L. Wiliams Director of Global Security Peoria IL 4 General Motors Corporation* Coover Chinoy Director of Enterprise Security Detroit MI 5 Johnson & Johnson* Kevin Donovan Director Enterprise Security New Brunswick NJ 6 United Technologies Corporation* Lee Warren Chief Security Officer Hartford CT 7 Ford Motor Company* Chris Hager Director of Corporate Security and Fire Dearborn MI 8 Procter & Gamble* Jonathan Blumberg Director of Global Security Cincinnati OH 9 ConocoPhillips Jim Snyder Chief Security Officer Houston TX 10 Pfizer* Rod McLeod Director of Global Security New York NY 11 Northrup Grumman* Christina Morris Chief Security Officer Millersville MD 12 Lockheed Martin Corporation* Robert E. Trono Chief Security Officer Bethesda MD 13 Johnson Controls, Inc.* Bob Soderberg Vice President of Enterprise Security; Chief Security Officer Glendale WI 14 Novartis International* Andrew Jackson Head of Global Corporate Security and Aviation Emeryville CA
Vice President of Environmental, Health and Safety; Huntsman Corporation* Ron Gerrard Salt Lake City UT 15 Corporate Sustainability Officer
16 Abbott Laboratories* Robert Graves Director of Global Security Abbott Park IL
Senior Director of Enterprise Risk Management and TE Connectivity Ltd. John E. Turey Berwyn PA 17 Security
18 Texas Instruments Incorporated* Brian Wrozek Director of Worldwide Security Dallas TX 19 Altria Timothy J. Caddigan Director of Corporate Security and Facilities Richmond VA 20 Bechtel* Tom Depenbrock Senior Security Manager San Francisco CA 21 Amgen* Wayne Williams Director of Corporate Security Thousand Oaks CA 22 Linde North America Jim Sonntag Security Manager, Region Americas Stewartsville NJ 23 Cummins, Inc.* William Martin Global Director of Security Columbus IL 24 Goodyear Tire & Rubber Company* Mike Hunstman Chief of Police Akron OH 25 Fluor Corporation* Garry Flowers Executive Vice President of Project Support Services Irving TX 26 LyondellBasell* Sam Smolik Vice President of Health, Safety and Environment Houston TX 27 Agilent Technologies Barry Gentry Director of Security Loveland CO 28 Sony Computer Entertainment America* Pete Kutch Director of Corporate Safety and Security Foster City CA 29 MWV (formerly MeadWestvaco)* Robert Feeser Executive Vice President of Global Operations Richmond VA 30 Emerson Electric* Tony Vermillion Vice President of Global Security St. Louis MO 31 Ecolab* Hasana Sisco Vice President of Global Safety, Health and Environment St. Paul MN 32 Ingersoll Rand* Kelly Richard Director of Global Security Davidson NC 33 Beckman Coulter, Inc.* Jeff Linton Senior Vice President; General Counsel Chaska MN 34 Eastman Chemical Company* David A. Golden Vice President Kingsport TN 35 Deere & Company Jeffrey Chisholm Director of Enterprise Security and Preparedness Moline IL 36 Bristol-Myers Squibb* Amy Lyons Vice President of Corporate Security New York NY 37 Actavis/Watson Pharmaceuticals Paul Bisaro Chairman; Executive Director Parsippany NJ 38 Rockwell Collins Michael J. Sullivan Director of Security Cedar Rapids IA 39 Reynolds American, Inc. Stephen A. Grimaldi Director of Corporate Security Winston-Salem NC
*Estimated 2014 RANKINGS
Industrial/Manufacturing - continued Rank Company Name Security 500 Member Title City State 40 Hospira Dan Colin Director of Global Security and Privacy Officer Lake Forest IL
Senior Director of Global Protective Services and Public Emergent BioSolutions Mark Alley Lansing MI 41 Affairs
42 General Dynamics Corporation* Raymond H. Musser, CPP Director of Security Falls Church VA 43 DuPont* Donald Ostmann Director of Security, North America Wilmington DE 44 Dow Corning* Kevin Kendrick Corporate Vice President of Global Security Midland MI 45 Boston Scientific* Mark Darmiento Director of Global Security Marlborough MA 46 Kohler Company Patrick McCarthy Director of Global Security Kohler WI 47 Herman Miller, Inc. Dan Wilkins Security Manager Zeeland MI
Vice President of Global Sustainability and Environmental, Colgate-Palmolive* Lori Michelin New York NY 48 Health and Safety
49 Mattel* Brian Blome Vice President of Global Security and Investigations El Segundo CA 50 Carestream Health, Inc. Thomas J. Rohr Sr., CPP Director of Worldwide Corporate Security Rochester NY
Chief Security Officer; Corporate Director of Emergency The Dow Chemical Company* Timothy J. Scott Midland MI 51 Services and Security
52 Weyerhaeuser Company* Sara Kendall Vice President of Corporate Affairs and Sustainability Federal Way WA 53 Westinghouse Electric Company* Russ Cline Director of Global Security Madison PA 54 International Paper* Donald Macdonald Director of Corporate Security Memphis TN 55 Harlan Laboratories Ted Wasky Global Director of Security and Safety Indianapolis IN 56 Amway* Terry Celori Manager of Enterprise Protection Services Ada MI 57 Watson Pharmaceuticals* Gary D. Stewart Director of Security Corona CA 58 Biogen Idec Daniel Biran Vice President of Global Security Cambridge MA 59 Bose* Michael Phillips Director of Global Security Framingham MA 60 W.L. Gore & Associates, Inc.* Ken Ford, CPP Global Security Leader Newark DE 61 Sanofi* David Kent Vice President of Security Bridgewater NJ
Senior Manager for Environmental, Health and Safety; Logitech* Scott Sidlow Newark CA 62 Security
63 Textron Systems Corporation* E. Robert Lupone Executive Vice President; General Counsel and Secretary Wilmington MA 64 Dixie Brands, Inc.* Sy Alli Director of Corporate Security 65 Autodesk, Inc.* Dave Ego Senior Manager of Global Safety and Security/CREFTS San Rafael CA 66 Infinera* Dennis Hawker Global Security Manager Sunnyvale CA 67 Vishay Siliconix* Mansour Farahmand Security Manager Santa Clara CA 68 Palantir* Geoff Belknap Director of Global Security Palo Alto CA 69 Weatherford International* Andrew Baer Director of Global Security Dublin
LISTED ALPHABETICALLY
Briggs & Stratton Corp. Dave Droster Director Wauwatosa WI
Kimberly Clark Corporation James T. Murphy Vice President of Global Security Irving TX
Merck Grant Ashley Vice President of Global Security and Aviation Whitehouse Station NJ
Navistar Jeff Medek Director of Global Security Lisle IL
PING, Inc. Doyle Parker Director of Security and Telecommunications Phoenix AZ
Raytheon Dan Schlehr Vice President of Global Security Services Waltham MA
Teradyne, Inc. Katherine L. Collins Global Manager of Corporate Security North Reading MA
The Boeing Company Dave Komendat Vice President; Chief Security Officer Chicago IL
*Estimated 2014 RANKINGS
Information Technology/Communications/Media Rank Company Name Security 500 Member Title City State 1 Dell, Inc. John E. McClurg Vice President; Chief Security Officer Austin TX 2 Microsoft Corporation Mike Howard Chief Security Officer Redmond WA 3 Verizon Communications* Michael Mason Chief Security Officer Basking Ridge NJ 4 Viacom, Inc. John Honovic, CPP Vice President of Security and Business Continuity New York NY 5 International Business Machines Corp.* Joe Morton Chief Security Officer Armonk NY 6 Google* Eran Feigenbaum Enterprise Director of Security Mountain View CA 7 Oracle Corporation* Mary Ann Davidson Chief Security Officer Redwood City CA 8 EMC Corporation* Dave Martin Chief Security Officer Hopkinton MA 9 Apple* David Rice Director of Global Security Cupertino CA 10 Juniper Networks, Inc. Doyle B. Minnis, CPP Senior Director of Safety and Security Sunnyvale CA 11 Symantec Corporation* Chris Berg Senior Director of Corporate Security and Safety Mountain View CA 12 VMware Joseph Brown Director of Global Security and Safety Palo Alto CA 13 Yahoo* Greg Jodry Director of Corporate Security and Safety Sunnyvale CA 14 Hitachi Data Systems Michael Clements Director of Global Protective Services Santa Clara CA 15 Intuit, Inc. Thomas Hale Director of Corporate Security Mountain View CA 16 NVIDIA Corporation Jensen Huang Chief Security Officer; Head of Global Protective Services Santa Clara CA 17 AT&T* Ed Amoroso Chief Security Officer; Senior Vice Presidnet Dallas TX 18 McAfee, Inc.* Brent Conran Chief Security Officer Santa Clara CA 19 Citrix Systems, Inc.* Michael John Director of Safety and Security Santa Clara CA 20 Facebook, Inc.* John Sullivan Chief Security Officer Menlo Park CA 21 Intel* David Hoffman Director of Security Policy; Global Privacy Officer Santa Clara CA 22 Sprint Nextel* Perry Siplan Chief Security Officer Overland Park KS 23 Progress Software Richard King Director of Corporate Security Bedford MA 24 Sony Pictures Entertainment* Stevan Bernard Executive Vice President Culver City CA 25 T-Mobile USA* William Boni Vice President; Chief Information Security Officer Bellevue WA 26 salesforce.com* Patrick Heim Senior Vice President; Chief Trust Officer San Francisco CA 27 Time Warner* Raymond Drayton Director of Corporate Security New York NY 28 DreamWorks Animation SKG* Matthew Bogaard Head of Corporate Security Glendale CA 29 Turner Broadcasting System, Inc.* Bart Szafnicki Vice President of Corporate Security Atlanta GA
Los Angeles Paramount Pictures* Scott LaChasse Vice President of Security and Emergency Services CA 30 (Hollywood)
31 Vantiv* Kim Jones Chief Security Officer Cincinnati OH 32 AMC Networks* Bruce Turtell Director of Safety and Security New York NY 33 Sybase* Larry Eade Senior Director of Corporate Security Dublin CA 34 Pandora* Gary Backus Manager of Safety and Security Oakland CA
Senior Vice President of Corporate Services; Chief Security CBS* Tom Cruthers New York NY 35 Officer
36 Twitter* Greg Acton Head of Safety and Security San Francisco CA 37 McGraw Hill Financial* Robert Pritchard Vice President; Chief Security Officer New York NY
Vice President of Security, Environmental Health and Fox Entertainment Group* Richard Culver Los Angeles CA 38 Safety
39 EDM Americas, Inc. Aaron Pappa Senior Director of IT Infrastructure Scranton PA
LISTED ALPHABETICALLY
Adobe Systems Brad Arkin Vice President; Chief Security Officer San Jose CA
CISCO David Walters Director of Global Safety and Security San Jose CA
Comcast Corporation Mark Farrell Chief Security Officer Philadelphia PA
Frontier Communications Lynne Monaco Corporate Director of Safety and Security Rochester NY
Nielsen Robert Messemer Chief Security Officer Schaumburg IL
*Estimated 2014 RANKINGS
Ports/Terminals (Sea, Land, Air) Rank Company Name Security 500 Member Title City State 1 Port of Long Beach Randy Parsons Director of Security Los Angeles CA
2 Massachusetts Port Authority* Joe Lawless Director of Maritime Security; Chief of Massport Police Baltimore MD
The Port Authority of New York and New 3 Joseph Dunne Chief Security Officer New York NY Jersey
4 Port of Beaumont Stephen Davis Chief of Police Beaumont TX
5 Chicago O'Hare International Airport* Richard A. Fisher, CPP, CFE Federal Director of Security Chicago IL
6 Los Angeles World Airports* Patrick Gannon Director for Homeland Security and Public Safety Los Angeles CA
Hartsfield-Jackson Atlanta International 7 Balram Bheodari Aviation Deputy General Manager Atlanta GA Airport*
8 Port of Los Angeles Ronald Boyd Chief of Port Police and Security Los Angeles CA
9 Port of Houston Authority* Mark Smith Chief of Police Houston TX
10 San Francisco Airport* John Garrity Commander San Francisco CA
11 Miami International Airport* Lauren Stover Assistant Aviation Director of Public Safety and Security Miami FL
12 Dallas-Fort Worth Airport* Alan Black Vice President of Operations DFW Airport TX
13 GA Port Authority* John Trent Senior Director of Strategic Operations and Safety Savannah GA
14 Virginia Port Authority Colonel Michael L. Brewer Chief of Police Front Royal VA
15 Austin Bergstorm International Airport* Denise Hatch Security Manager Austin TX
16 Port of Corpus Christie* H. Archambo Chief of Port Police and Security Corpus Christie TX
17 Port of Greater Baton Rouge* Cortney White Director of Engineering and Security Port Allen LA
18 Port of San Francisco* Ken Tashian Program Manager for Homeland Security San Francisco CA
19 Port of Savannah Thomas Tickner District Commander Savannah GA
Retail/Connected Commerce Rank Company Name Security 500 Member Title City State
1 eBay George Booth Senior Director San Jose CA
2 Limited Brands John Talamo Vice President of Loss Prevention and Safety Services Columbus OH
3 AMAZON George Stathakopoulos Vice President of Information Security Seattle WA
4 Wal-Mart Stores, Inc.* Kenneth Senser Senior Vice President Bentonville AR
Kenneth P. Mortensen, Esq., CIPP/ Vice President; Assistant General Counsel; Chief Privacy 5 CVS Caremark Corporation* Woonsocket RI US, CIPP/G, CIPM Officer
6 Starbucks Coffee Company* Jack Sullivan Vice President of Global Safety and Security Seattle WA
7 AutoZone, Inc. Libby Rabun Vice President of Loss Prevention Memphis TN
8 Costco* Larry Mongague Director of Security Issaquah WA
9 The Kroger Co.* Karl Langhorst Director of Loss Prevention Cincinnati OH
10 Lowe's Companies, Inc.* Claude Verville Vice President of Loss Prevention, Safety and Hazmat Mooresville NC
11 Target Corporation* Brad Maiorino Chief Information Security Officer Minneapolis MN
12 Safeway* Kathleen Smith Corporate Vice President of Loss Prevention Pleasanton CA
13 Kohl's Corporation* Randy Meadows Senior Vice President of Loss Prevention Menomonee Falls WI
14 Brinker International Wyman Roberts CEO Dallas TX
15 Best Buy* Erik Buttlar Senior Director of Asset Protection Richfield MN
16 Walgreens* Tim Belka Senior Director of Global Security Springfield Township IL
17 ARAMARK* Jay Hess Global Security Director Philadelphia PA
18 Dave & Buster's, Inc. James Brussow Director of Security Dallas TX
19 Big Y Foods, Inc. Mark Gaudette Director of Loss Prevention Springfield MA
20 Jack in the Box* Gene W. James, CPP Director of Asset Protection San Diego CA
21 Sports Authority* John Clark Director of Corporate Asset Protection Englewood CA
22 Domino's Pizza, Inc. Van Carney National Director of Safety and Loss Prevention Ann Arbor MI
Tween Brands - Justice and Brothers Associate Vice President of Loss Prevention and Risk 23 Robert LaCommare, CFI New Albany OH Stores Management
24 Art Van Furniture Michael F. Case Director of Loss Prevention Warren MI
25 Cabela's* David O'Brian Director of Corporate Asset Protection Sidney NE
*Estimated 2014 RANKINGS
Retail/Connected Commerce - continued Rank Company Name Security 500 Member Title City State
26 Ann, Inc.* Maurice Cloutier Vice President of Corporate Loss Prevention New York NY
Assistant Vice President of Asset Protection and Risk 27 Dressbarn Brian Bazer Mahwah NJ Management
28 Gap, Inc.* Marjorie Jackson Director of Global Corporate Security San Francisco CA
29 Ascena Retail Group, Inc. Eric Pidgeon Director of Loss Prevention - Global Supply Chain Pataskala OH
30 Raley's* Jack Leidecker Director of IT Security West Sacramento CA
31 Quiksilver* Kevin Hatcher Director of Security Huntington Beach CA
32 Overwaitea Food Group* Keith Colonval Director of Resource Protection Vancouver BC
33 Wendy's* Chris Manning Director of Loss Prevention and Security Dublin OH
34 Things Remembered James Baumgart Senior Manager of Loss Prevention Heighland Heights OH
35 Under Armour* Frederick H. Bealefeld III Chief Security Officer Baltimore MD
36 Express, Inc.* Joe Reisinger Vice President of Brand Security Columbus OH
LISTED ALPHABETICALLY
Nutrisystem, Inc. Bill Durso Senior Director of Security, Facilities and Office Services Fort Washington PA
Ralph Lauren Corporation Shawn Segers Senior Director of Corporate Security New York NY
Spectator Sports (Arenas/Stadiums/Venues) Rank Company Name Security 500 Member Title City State
1 MetLife Stadium Daniel DeLorenzi Director of Security East Rutherford NJ
2 FedEx Field* Chris Bloyer Vice President of Operations Landover MD
3 Arrowhead Stadium* Brian Schaeffer Manager of Security Kansas City MO
4 Cowboy Stadium* Jeff Stroud General Manager Arlington TX
5 Yankee Stadium* Todd Letcher Executive Director New York NY
6 SMG, Mercedes Benz Superdome* Donald Paisant Chief of Public Safety Foster City CA
7 Staples Center* Lee Zeidman President Framingham MA
8 The Rose Bowl* George Cunningham Chief Operations Officer Pasadena CA
9 Sun-Life Stadium* Todd Boyan Senior Vice President of Operations Miami Gardens FL
10 Gillette Stadium* Kelly Way Director of Operations Foxboro MA
11 Busch Stadium Joe Abernathy Vice President of Stadium Operations St. Louis MO
12 Comcast Spectacor, Wells Fargo Center* Mike Hasson Vice President of Security and Services Philadelphia PA
13 University of Phoenix Stadium* Joe Coomer Director of Security and Services Glendale AZ
14 San Diego Padres at Petco Park* John Leas Executive Director San Diego CA
Spectator Sports (Leagues/Teams/Events) Rank Company Name Security 500 Member Title City State
1 National Football League Jeffrey Miller Vice President; Chief Security Officer New York NY
2 FIFA* Ralph Mutschke Head of Security Zurich Switzerland
3 Major League Baseball* Dan Mullin Senior Vice President of the Department of Investigations New York NY
4 National Hockey League Dennis Cunningham Vice President of Security New York NY
5 NASCAR* Mike Lentz Senior Director Daytona FL
Executive Vice President and General Counsel; 6 National Basketball Association Richard W. Buchanan New York NY Chief Compliance Officer
7 U.S. Tennis Open Michael Rodriguez Director of Security New York NY
8 Ironman World Championship* John Bertsch Director of Public Safety and Emergency Management Kailua-Kona HI
*Estimated 2014 RANKINGS
Transportation/Logistics/Supply Chain/Distribution Rank Company Name Security 500 Member Title City State
1 YRC Worldwide, Inc. Wayne "Butch" Day Chief Security Officer Overland Park KS
2 Schneider National, Inc. Walt Fountain Director of Safety and Enterprise Security Green Bay WI
3 Ryder System, Inc. William Anderson Group Director of Global Security Miami FL
4 McKesson* Robert Pocica Senior Vice President; Chief Security Officer San Francisco CA
5 Jacobson Companies Christopher Steinour Security Manager Clive IA
6 Ingram Micro* Bob Burbach Vice President of Global Security Santa Ana CA
7 United Airlines* Michael J. Quiello Vice President of Corporate Safety Chicago IL
8 Con-way Freight* Curtis J. Shewchuk Chief Security Officer Ann Arbor MI
9 Union Pacific* Robert Morrison Chief of Police North Lake (Omaha) NE
10 Southwest Airlines Vance Toler Director of Corporate Security Dallas TX
11 Sound Transit Kenneth Cummins Chief Security Officer Seattle WA
12 Thermo Fisher Scientific* John F. Mitchell Director of Corporate Security Pittsburgh PA
13 FedEx Ground* Paul Stritmatter Managing Director for PPS Pittsburgh PA
14 American Airlines * John Caldwell Senior Manager - Corporate Security Fort Worth TX
Vice President of Safety, Security and Environmental 15 US Airways, Inc.* Paul Morell Phoenix AZ Programs
16 The Jones Group* Bryan Gilligan Vice President of Facilities Lawrenceburg TN
LISTED ALPHABETICALLY
Associated Grocers of NE, Inc. Alan Cote Loss Prevention Manager Pembroke NH
Cargill Claude Nebel Vice President of Global Security; Chief Security Officer Wayzata MN
Ferguson Enterprises, Inc. Raymond C. Ferrara Director of Security and Business Continuity Newport News VA
Walker SCM, LLC Derreck Brown Corporate Security Manager Valley Stream NY
WW Grainger Keith Blakemore Director of Corporate Security Lake Forest IL
*Estimated