Pinkerton Vice Chairman Tim Williams spent several decades leading security efforts for some of the most well-known Fortune 500 brands. In a recent podcast, he provided insight into what he sees now as he looks at risk management from the other side of the table.
This post recaps some of Tim’s comments as he touches on technological advancements related to security, the pressure on C-suite executives to develop a solid security strategy as part of overall company goals, and how, after all his time in the industry, he is still learning and growing along with his clients:
Surprises working in private security
My biggest surprise working in private security is realizing how much I’ve had to learn. I’ve been watching several colleagues here are Pinkerton and reorienting myself to being able to approach clients differently.
Those who are successful here subordinate their needs to the client so that the client’s success meets their objectives. The ability to serve the client in this capacity—where you’re two or three steps removed—takes skill and patience and the special ability to develop a trusting relationship.
I’m still learning from my clients, and it’s interesting to say that, even after 40 years, I have a lot to learn, especially being on the other side of the table—and I respect that.
Biggest difference between corporate vs. private security
Pressure on corporate leadership teams, particularly Chief Security Officers, my former colleagues, is even greater than what it was prior to my joining Pinkerton.
The quick movement of disruptive technologies like Artificial Intelligence, the pressures with a global economy and on budgets have made the job even more dimensional and difficult in terms of sitting on the other side of the table, chatting with clients and trying to understand how to walk in their shoes.
It’s clear that the competitive pressures of a global economy will continue apace, and those can have significant implications to the Chief Security Officer.
These technological and global pressures aren’t just felt by the CSO—it’s mostly falling on staff groups who may not have clarified what their role is and how they perform and execute the goals of the corporation.
Operations continually tend to go through efficiencies on how to make a product better, stronger, cost-effective and free of defects. But with all the disruption occurring in every industry, staff groups have a particularly close eye on them to ensure they don’t get caught behind their competitors.
Creating a written corporate strategy
The art of writing a strategy has come and gone over my 40 years in corporations, and specifically with security. Aside from clarity on what direction a company is headed, a written strategy is particularly profound in the security area because we have not done a good job letting the C-suite know what our function means in their particular environment, and what security risks they face.
I’ve always been a strong advocate—even though it’s difficult and takes time—to write a very precise strategy that lays out the philosophy of security, the direction, what the internal and external risks are, and how those risks should be addressed.
If you don’t define what security is in your corporation, the culture will define it for you.
Who are the cross-functional partners?
What is the outcome you’re looking for?
What are the protocols for what will and won’t be done?
It takes a lot of work, but once you’ve developed answers to those questions with precision, and recognizing that they’re going to be fluid, you’re always going to come back and address different issues. Once that’s done, you’ve at least got a baseline for how to handle the risks in your particular environment—and the C-suite gets that.
Differences in collaboration between private vs. corporate security
In the last few years, there has been increased importance placed on having a collaborative attitude towards security instead of being sectioned off into silos that don’t regularly interact. In other words, there’s no hiding anymore!
Having a trusting relationship where people can feel comfortable picking up the phone is critical for everyone in business these days, not just the security organization.
It’s unlikely that you’re going to be successful if you’re not persistently collaborating with other staff functions and the business itself. You want to be able to influence as an honest broker between various groups to mitigate those security risks within the corporation.
The security benefit of artificial intelligence
Since the late 1980s, I’ve been an advocate of a converged strategy between cyber security, physical security, and crisis management. When you bring them together, you have all three legs of the stool to define the risk properly and determine how to manage it.
The advances in technology and the amount of data that’s available comes with a lot of risk. Whether it’s the Internet of Things or people using their personal devices for work-related functions, hacking, data breaches and more creates added pressure for the C-suite—particularly the CSO. The convergence with these technologies and Artificial Intelligence is beginning to play a larger role, not just from a technological breach standpoint, but in how companies are addressing their risk mitigation and risk management.
With Artificial Intelligence, the C-suite can sit back, see these advances coming and recognize how they can get ahead if a competitor is gaining an advantage. A.I. could displace much of the internal auditing and tax process within organizations, so it’s up to operations and staff people to help facilitate and drive those technologies for business success.
Security people need to have at least a basic understanding of Artificial Intelligence so they can understand and have dialogue about what its potential security risks are.
Having this knowledge allows security teams to relate to the data scientist and the business strategist when they’re looking to create an A.I. application with you at the table. These technologies are here, and how we integrate them is the key issue we face in terms of making them successful while reducing costs and increasing efficiency. More corporations are creating Artificial Intelligence academies to give their key employees an orientation to what they need to know to be more effective in developing and applying the technology.