Subscribe to RSS - Presentation

Presentation

Away with logic and other advice for security professionals in retail

 - 
Monday, April 4, 2011

By Joe Davis, director of loss prevention for T-Mobile USA.

Having served in retail for 19 years, I’m not big on endorsing vendors or third-party products. The cardinal rule of showing complete objectivity when it comes to outside companies has been deeply engrained in me. Yet, I’m about to share with you rave reviews of the Wharton/ASIS Program for Security Executives: Making the Business Case for Security, which I recently attended. I am making this exception because in doing so, I believe there is enormous benefit to be gained by my peers. This course delivered such a new perspective and practical insights that I believe living by them can advance security in organizations to a whole new level. For my part, I feel as though I went from zero to Ivy League MBA in 10 days. So what exactly, you might ask, did I learn that was so valuable?

Not New Information, But A New Perspective
The program that I attended is the Wharton/ASIS Program for Security Executives: Making the Business Case for Security, or as I like to refer to it, Wharton’s Executive Bootcamp for Chief Security Officers. Like any executive business program, it is designed to lay a foundation for individuals in business who may not have a comprehensive understanding of all the different functional areas. As you would expect, the program is broken down into several different areas: strategic thinking, leadership, essentials of finance, fundamentals of marketing and a few more. My expectation was to walk in and learn an extensive amount of new information about the functional areas to which I am not typically exposed to in my career. Walking out, I realized that the greatest achievement was taking things that I already knew and refining my understanding of the application of these things into my business in a day-to-day process.

While the program is called, Wharton/ASIS Program for Security Executives: Making the Business Case for Security, there is absolutely no material on security presented. A clever approach by Wharton. Why would they need to teach security experts about security? What they want to do is teach security experts how to most successfully achieve their goals in the whole business environment. I did not necessarily learn new information; what I learned was how to look at my job from a new perspective. Think about the difference in climbing into a helicopter and taking an aerial tour of the Grand Canyon as opposed to experiencing it as a hiker at the bottom of the canyon. Let me tell you, the perspective is starkly different.

Here are some examples of insights I took away from the program that you can bring to your organization as well.

The Need To Define Strategy Differently
Think of how many different books and articles are written on strategy: what it is, how to define it, how to create it. At Wharton, they teach that the definition of strategy is simple: “A plan to win.” Too often, business executives focus on strategy as a process: A means to an end rather than the end itself. But strategy is ultimately about achieving outcomes. In security, that means reducing losses, expanding the revenue model, increasing sales, or any other number of enterprise business objectives. If you don’t infuse your team with the ultimate goal, strategy quickly digresses into the realm of implementing tactics, with focus lost on winning. We don’t want participation trophies, we want championship trophies.

Too often we are overcome with the process that may hold us captive. At Wharton they encourage the development and implementation of a sound business strategy, but, more importantly they stress the critical nature of defining what winning looks like to you and your business. In my business today winning is hitting key financial metrics as well as the overall protection of the assets of my company. Taking strategy out of the visionary realm and placing it into the tactile world of specific outcomes will drive ownership and accountability within your business.

Logic is not always the best tool
Security professionals have a tendency to respect logic above all else. After all, it’s essential to success in our own jobs. We have to follow a path of facts to their logical conclusion to identify and solve problems. And while logic is a critical tool in security, it is not always the best tool when working with other functional areas in the organization.
Sit down. This isn’t going to be easy. But sometimes you have to let go of logic and focus on relationships. While it might sound eerily like something off of the Oprah Winfrey show, it’s the truth. When it comes to getting buy-in from different groups or winning over skeptics to your way of thinking, logic is not necessarily the most effective tool. It is true for communities, families, businesses and any human network: people do things for people they know and like. Asking for a favor as a friend is likely to yield better, quicker results than trying to enforce action through formal channels. What does this mean for security professionals? Well, it means getting out and getting exposure to colleagues across the organization and interfacing with them on a regular basis. Often, security professionals limit their exposure to executive leadership and other functional areas unless it’s required by a specific project or event. This is often done in the name of efficiency. So when security needs or wants something, they are reduced to delivering dry arguments for action, which produce little enthusiasm and gain a paltry following. An investment in colleagues and relationships is an investment in your strategy.

Let’s say you want to change the way you are protecting a distribution center and want to increase guard coverage. Many times, a security professional will pull together a plan and give a list of reasons why additional guards are needed. But without relationships, the executives see you as a walking blank check. Knowing you personally, and the value you are adding, and what you are trying to accomplish for the organization, makes accepting your proposal much easier, a more personal affair.

How to Ask for Money

Our instructor for this session, John R. Percival, PhD is a professor of finance at Wharton. Dr. Percival provided some excellent case studies on building shareholder value within your business. His real life examples and engaging delivery had me more interested in Finance than I thought was actually possible. Asking for budget dollars in the security realm is a tedious annual process that is many times bane of a CSO’s existence. I learned that it’s easier to ask for funding if you can do it in a manner that drives value into your organization by delivering the message in the language of the finance team. Shift your focus from asking about financing for your project to telling how your project will positively impact financials. This is about communicating in the language of your audience. Instead of asking for money and justifying why it should be spent, position your projects in light of the value they will drive to the bottom line: the reduction in loss, the savings in personnel, the increase in time spent focusing on the customer.

Security is often pigeon-holed as a cost center, when in reality it can and should be marketed as a competitive advantage. Think about how security positively impact the business. For example, by mitigating risk, the company can deploy more stores in the market. By reducing shrink, the business can invest in growth initiatives. By streamlining operations to reduce loss, security improves efficiency and helps save labor costs. It’s easy for security professionals to focus on what’s inside their area instead of focusing on their true impact to the outside organization.

Prepare for Meetings
“Really?” you’re asking. “Prepare for meetings?” It seems obvious, but amidst the frantic pace of business today, think of how inefficient most meetings are. How many times have you been to a meeting at a set time and the only preparation time you have is the time it takes from you to walk from the last meeting into the next? The executive course really delves into the value of being prepared for meetings. The prepared person is more effective at gaining their expected outcome than the person with no agenda. It’s a small, seemingly unimportant concept, but the result of poor preparedness is simply that all your time spent in meetings gets thrown down the drain. When you think about how many meetings you have each week, that’s a significant loss.

In Conclusion: Escape out of the security silo
In short, the big lesson I learned was how to avoid getting caught up in the security silo and how to start viewing my work as a program that aligns with the company’s strategy. I know that what I am doing in security is helping the organization achieve its goals, but often I reduce my programs to tactical plans that I fail to communicate to others in the organization on a regular basis.

Security is its own animal. It’s not like sales or marketing and will not be treated like those things. In some ways, it’s the least understood function in the organization. Therefore, our job of explaining how security supports the overall strategy of the organization is much harder than it is for others. We have to look for points of integration as opposed to points of differentiation. The good news is that as security professionals, we have many strengths that we can leverage to better communicate our messages and objectives. We know people. We understand interviewing and picking up on body language and other clues. We can easily tell how people are responding to our interaction. Use this skill to guide you when presenting proposals and communicating with others.

The program’s academic director, Mario Moussa, told us, “Reality is a liquid, not a solid.” It’s the truth. In the security world, we pine for a firm foundation from which to work. We must learn to be willing to step into the liquid and immerse ourselves in the fluid reality in which business exists. We have to gain flexibility outside of the self assurance that we have developed in our specialty over the years and recognize that there is a different way to doing things. Failure to do so limits our success and that of our companies.

Joe Davis is a director of loss prevention for T-Mobile USA. He manages a team of corporate and field level investigators focused on enhancing profitability within the enterprise. Joe’s team is responsible for all internal and external operational improvement and investigative programs in the business. Since joining T-Mobile in 2008 Joe has designed and implemented numerous cutting edge programs from risk mitigation in the retail stores, to reducing operational expenses by $30MM.

Physical security and IT folks will be mingling at ASIS

 - 
Thursday, February 24, 2011

Just last week, I wrote about the convergence between IT and physical security after Gareth Webley, the keynote speaker at TechSec Solutions, discussed his effort to consolidate security and IT during his tenure as the chief security officer of National City Corporation.

Well, apparently everyone wants to jump on board. I just received a press release from ASIS International announcing that this year's conference in Orlando (Sept. 19-22) will co-locate with (ISC)², a large membership body of certified information security professionals. (ISC)² (not to be confused with ISC West and ISC Solutions) will hold their first annual Security Congress in conjunction with ASIS International. According to the release, the two associations will share educational programming, which I think could be great for security practitioners who may feel intimidated by IT folks and their techie talk.

Why did ASIS make this move? Here's what Ray O'Hara, the president of ASIS, has to say:
“This agreement reflects the rapidly evolving, converging roles of the information security and traditional security professionals within the global business marketplace,” stated O’Hara. “By strategically aligning our organizational resources, our combined memberships of more than 100,000 professionals gain access to core knowledge and best practices across the full spectrum of information and traditional security. The opportunity to connect with one’s security counterpart and to build a solid practitioner network is one of the most valuable benefits to be derived from this relationship.”

It seems fair to say that the more physical security practitioners know about the world of IT, the more valuable they will be to their respective organizations. I'll be leaving room on my schedule to check out some of these educational programs - you should, too.

Challenges of being ex-military

 - 
Monday, September 28, 2009

I read a great article in the Boston Globe this morning about the various challenges for individuals coming out of the military and (re)entering the civilian workplace.

And while many of the people profiled in this article have fairly extensive educational backgrounds (operations management, master’s degrees in business management with an emphasis in security and emergency management) it doesn't seem like there's a very straightforward approach for those leaving the military to transition into the private security sector. Is there a lack of educational opportunities out there? Compared to a lot of other industries, it seems like the security sector is booming and that there shouldn't be a shortage of jobs, especially for those who are motivated to take it beyond the traditional guard role, but perhaps that's just an impression rather than a reality.

Or, is it a matter of approach?

“For many veterans, it’s really not realizing how much you bring to a potential employer and how to market that skill,’’ said Coleman Nee, undersecretary of the Massachusetts Department of Veterans’ Services.

Especially in this industry, I would think military experience would be the most recognized and valued (since many in the industry have a similar background), but is it becoming more necessary for CSO's and those who hold management level security positions to have a business background rather than a military background? This could prove to be a major, major shift in the industry.  I don't know. You tell me.

Recipes for Industry Education

 - 
Tuesday, April 22, 2008

I've been really lucky the past five years to have come across professionals that have helped me in workshops, sessions, internet stuff and generally how to communicate. Here's a few random thoughts; please discuss...

- A subject matter expert that write a session is not always the best person to give it

- The person that organizes a workshop is not necessarily the best person to present a session

- You should always assume the teacher will not show up or say the dog ate the presentation

- If you can cut a session's slides by 2/3 and say about the same thing, you should do it (I have to really start taking my own advice!)

- Stop using PowerPoint as your primary means of communication; the slides are just there to support what the edu team has to say, not the other way around

- People are freshest in the morning

- People like freshly baked chocolat ship cookies in the afternoon

- Put an energetic speaker on after lunch so as to not induce "food coma"

- If you're managing a workshop, make sure the content is useful for the goals of the workshop

- "Design" sessions are far easier to write than "Managing" sessions

- Involve people that actually use the systems, not just the marketers of them

- Everything has a means of regulation; if there is an AHJ out there that can impact your discussion or some legal precedent, you better be ready to talk about it

- Many come to education sessions expecting there will be a discussion of the device's, system's or security program's cost

- Many people will try to leave early

- If you tie in some type of relavent accreditation or recognition, they will come in droves

- Every industry has its terminology; show people how to survive a project meeting?

- If you can provide the handout material electronically, people seem to prefer that media

- If you have a professional event person like someone having the CMP (Certified Meeting Planner) credential, you'll take a huge step closer to success

- Keep the room cold; plan on 20% of the people attending to show up unregistered (walk-ins)

- Get plenty of sleep the night before your session, or just plan on having a Starbuck runner ;)