With his responsibilities growing, Brad Brekke wraps all these initiatives together to support the company’s broader mission to serve his guests and communities.
Security 500 Rank - 35
Brad BrekkeVice President,
Assets Protection
Target Corporation
Minneapolis, M.N.
Safety and Security Are Part of the Experience
As a guest of Target, a person’s entire visit experience includes comfort, safety and security before he or she even enters the premises. Target’s “Safeness” view is expansive and includes employees, customers, supply chain partners and everyday citizens who may or may not be guests in a Target store.
“We started in simple retail. Providing physical security and preventing shoplifting were the primary parameters of the job,” recalls Brad Brekke. “Then we were asked to assess and mitigate risks and now the role has expanded to include the global supply chain, cyber environments and cyber security and to protect the brand and company reputation.”
As Vice President of Assets Protection, Brekke leads a diverse team of executives with backgrounds in the public and private sectors in a comprehensive effort to address safeness, theft and fraud issues affecting Target and the communities it serves. Prior to joining Target in 2001, he served with the FBI focusing on white-collar crime and public corruption. In addition, Brekke is a licensed attorney and has practiced in the areas of business law and litigation.
“One of the biggest changes has been security’s increased involvement with executive management. Security is now represented on key committees and is an important player at developing company strategies,” says Brekke. Business decisions on everything ranging from store location to allowing travel to certain geographies for sourcing used to be managed without security’s input. Today, the Asset Protection team is part of that decision-making process -- an integrated, executive level function with a strong voice at Target.
“9/11 woke a lot of people up to the realities of risk and the necessity of security’s involvement. The result has been an elevation in talent across the security function. Today, security leadership includes individuals with academic credentials and those with increasingly diverse business perspectives, backgrounds and experience are entering the profession,” says Brekke.
“The demand at the board level that security provide a clear business value and plan has led to the elevation of talent,” he continues. “Another influencer is the emergence of technology and the realization of its value to increase capabilities and impact productivity. Organizations like ours have recognized that they needed a different skill set to fully utilize these tools.
“Our profession has also seen a shift in the crisis management approach. Crisis management used to be addressed as a response at the local level. Now we have a forward-looking approach at the global level for risk mitigation and prevention,” says Brekke. “Looking back, it was really after 9/11 that security began to change.”
While security has changed significantly in the past few years, Brekke’s highest priorities are consistent with years past – specifically his team is tasked with ensuring a secure working and shopping environment for Target team members and guests and to develop partnerships that build safer communities. New focus areas include securing the global supply chain and ensuring data security – both critical tasks in today’s environment.
“We wrap all these initiatives together to support the company’s broader mission to serve our guests and communities,” continues Brekke. “While our core role centers on stores and distribution security, our responsibilities have grown exponentially.”
- The Safe City partnership brings together government officials, the business community and police to improve community safeness using technology such as instant messaging and strategically placed cameras.
- The Twin Cities Security Partnership, pioneered by Target Assets Protection and led by the FBI, facilitates the sharing of vital security intelligence between the public and private sector.
- State-of-art forensic labs at Target focus on video, computer and latent fingerprint forensics to support the business needs of Assets Protection, and the company offers these services to law enforcement agencies nationwide.
- C-TPAT – Customs-Trade Partnership Against Terrorism – strengthens the security of the international supply chain where Target plays a key role in defining anti-terrorism import standards for our industry.
Beyond the Forensics Lab, Target also provides technical expertise to law enforcement as upon request. “We have a very knowledgeable technology team that our partners can leverage, for example, in the design and implementation of wireless systems. We’re pleased to be able to share resources and do so on a regular basis.”
“Target is a progressive and aggressive organization. I really enjoy working in this environment,” explains Brekke. “The culture is collegial and very team oriented. Each day I am presented with new challenges in this very dynamic industry.”
Chad Callaghan impacts hospitality security. “There is no major disaster or crisis situation that Marriott will not be impacted by. Either we will be in the area impacted or we will be providing relief and support to those in that area.”
Security 500 Rank - 28
Chad Callaghan, CPP, CLSDVice President, Enterprise Loss Prevention
Marriott International
Bethesda, M.D.
It’s Brand and Reputation
On November 8, 1974, pop singer Connie Francis was in her room at the Jericho Turnpike Howard Johnson's Lodge room after she performed at the Westbury Music Fair. A man broke into her room, beat and raped her for over 2 hours and told her he would kill her. Her assailant was never caught. Terrified, she did not perform onstage for years and became a recluse.
A negligence trial changed the future of hospitality security.
Among the most influential thinkers in delivering the best possible security and life safety for their guests, employees and assets is Chad Callaghan. A 31-year Marriott veteran, Callaghan worked directly with architect and construction teams to develop the first hotel chain with security incorporated into the plan. When the first Courtyard opened October 1983 in Atlanta, it was designed with the room entrance doors on the inside of the building. Card readers were added to the exterior doors to improve security and reduce personnel costs. And a Marriott guest comment card asks, “Do you feel safe?” It sparked a revolution in managing risk, reducing liability and increasing security.
Callaghan is a self-described “bootstrap person,” who joined Marriott as an hourly employee when there were 30 hotels worldwide. He learned security on the fly through reading, ASIS International programs, peer groups and ongoing training. Fast-forward to 2007 and his expertise may be unequalled in the industry. He is an incoming ASIS Board member and chair of the lodging sub-council for DHS’s real estate sector. Callaghan is a member of the CSO Roundtable and a past co-chair of the Commission on Guidelines for ASIS International.
Today, Marriott’s holistic approach to security includes two design professionals that work with the architects and a loss prevention statistician to measure security’s performance and return on investment. Marriott’s worldwide loss prevention team includes 17 members at corporate as well as three loss prevention directors at Marriott International, Marriott Vacation Club and The Ritz Carlton. In addition, Marriott has thousands of loss prevention specialists at their larger properties worldwide.
Marriott Loss Prevention is charged with protecting the interests of over 150,000 employees, guests, property owners and shareholders at hotels, golf courses, convention centers, timeshares and restaurants. All totaled, they welcome over 500,000 people a day to their facilities and over 200 million people a year. The challenge comes with a lack of repetition. Most of the 500,000 people who will arrive tomorrow are different then those that visited today. Focus is on asset protection, employee safety, guest safety and crisis management.
“There is no major disaster or crisis situation that Marriott will not be impacted by. Either we will be in the area impacted or we will be providing relief and support to those in that area,” says Callaghan. “We lost 13 people and our WTC area hotel on 911. Eleven guests and two employees were never found. We evacuated over 2,000 people successfully. At the same time, the Times Square Marquis was the center of 911 operations. Before Katrina hit we had crisis management teams and plans in place, including communicating and securing government resources.
“While it is not a perfect comparison, we compare ourselves to a medium-sized city to measure crime rates and performance. Our crime rates are miniscule vs. medium-sized cities,” say Callaghan. “Our facilities are open to the public so access is easy, security is harder. Managing a closed facility such as a utility site or employee-only building is easier.”
Internally, Marriott’s Loss Prevention statistician measures loss as a percentage of sales. The percentage is very low within their industry; the loss prevention team continues working to further reduce it. They measure key loss prevention factors including assets, workers compensation and guest liability. They also count the guest satisfaction surveys responses.
Marriott has made security and safety “everyone’s business” by communicating and training non-loss prevention employees about security. “We get safety and security questions from meeting planners,” says Callaghan, “Because prospective customers want this information. We have met with our marketing department to help tell this story.”
What does Marriott own? Brand and reputation is the shorthand answer. They actually own very few buildings. It is critical to Marriott and the board that a proactive program is in place. “Our board’s knowledge of these actions has increased our visibility and Marriott’s ability to manage crises,” says Callaghan.
Among the profession’s greatest challenges is credibility of the security function. “I think our profession suffers from those companies where security does not have a strong profile,” states Callaghan. For the future, “I worry about the ongoing issue of balancing freedom against access and safety. How will terrorism change the face of hospitality in this country? We will be forced to search and metal detect our guests as is done in other countries? We need ongoing, consistency of thinking about security outside the box.”
Callaghan’s passion for his profession and his good fortune at finding a job and a company he loves are inspiring. “Everyday something different is going on. I like helping people and solving problems,” concludes Callaghan.
The focus is on changing risk management at Cisco, says Chris Kite, vice president, Global Work Place Resources and Risk Management, Cisco Systems.
Security 500 Rank - 16
Chris KiteVice President
Global Work Place Resources and Risk Management Cisco Systems
San Jose, Calif.
Heroes and Culture Make the Difference
It is not everyday you get to save lives and some of Cisco’s people are true heroes,” reflects Chris Kite with genuine pride and passion. “I enjoy doing something with great impact and importance.” Kite is not about improving security at Cisco. She is about changing how enterprise risk management, including security, is thought about, designed and delivered at Cisco and to their customers- globally.
To understand how far forward Cisco has brought the security discussion, it is important to understand the organization’s structure and culture.
Global Risk Management and Global Workplace Resources is a holistically designed organization within Cisco’s finance department because the loss risk of security is a balance sheet item. Within this organization are enterprise risk management, which includes design including environmental (green is big), productivity and comfort, costs and security. The organization also integrates Business Resiliency (see Security Magazine July 2007) and Global Safety and Security within this organization.
“We looked at how older buildings were constructed, in silos, with multiple networks, systems and controls and worked to bring all of that together in the design stage. The convergence of bringing networks together with building systems, controls, security and life safety in a ‘green kind of way,’” explains Kite is the all encompassing goal. “Business resilience, facilities management and crisis management are all tied together.”
Workplace Resources play an equal role as the strategy includes wellness, safety and security for all Cisco stakeholders. Success means creating an environment that is healthy, productive, and safe and as Kite simplifies, “Where people want to come.” Resiliency means increased productivity. Part of enterprise risk is good employee relationship management. Plans don’t make things happen, people do. The benefits are measurable in retention and productivity on the bottom line.”
Cisco also measures their return on investment through surveys among employees, and recognition they receive (such as “Best Places to Work” and “The Security 500”). Cisco is also determined to “eat their own dog food.”
“The number one reason Cisco would not enter a region or a country would be the inability to keep people secure including political risk, personal safety and disease. There has been a big shift at how Cisco looks at security’s mission. It changed from protecting to being a growth enabler for the organization,” explains Kite.
They are building new campuses in Shanghai, Bangalore and Switzerland where these concepts are being put to the test and creating better work environments. “Engineering is always asking us ‘what else, what else’ in terms of our needs and opportunities to develop new solutions. At the same time, we are testing and providing feedback to engineering on new technologies and products,” says Kite.
While security has always been a part of the company, it has become part of the culture on a personal level. John Chambers, CEO, participates in crisis management drills. Kite is very proud of her company’s role during Katrina. She was one of the volunteers to join the American Red Cross and go to New Orleans.
“We live in an uncertain world and have to be prepared for the next surprise. Katrina was the first disaster I have been through. While I was proud of the opportunity to give personally, I also found it an opportunity to take theory and apply and develop professionally,” says Kite.
“We don’t have it all figured out. But the upside of risk is opportunity and those opportunities need to be evaluated. There is too much being sold on fear right now when the discussion needs to be about mission success. Security should be part of normal operations and we work toward that daily,” says Kite.
A marathoner and tri-athlete, the Lancaster, Pa. native points out the opportunities security executives have to make an impact, “We need to be better at employee location in an emergency and it needs to be universal. General business intelligence and communications are lacking. We need to shorten the cycle time between an event and having the information necessary to make decisions. And while the technology to aid in a crisis has improved greatly, the industry can and should do much more.”
Clearly, Chris Kite’s vision will keep her running for the foreseeable future.
Ronald Mahaffey is a realist. He believes security must stay ahead of the bad guys, and keep on top of new threats. That’s a constant. “We must never become complacent.”
Security 500 Rank - 2
Ronald E. Mahaffey
Chief Security Officer
American International Group
New York City, N.Y.
Give Them a Sense of Security
Among the most respected and top performing Wall Street companies is AIG. The company aspires to be a world leader in everything it does, including security. So when their CEO asks, “What are you doing to protect our people?” you had best have a great answer.
Ron Mahaffey and AIG’s security team have a great answer. AIG’s programs are not just evolutionary or best practices. They are revolutionary and have reset the bar for security excellence and emergency preparedness. Visiting organizations including the Department of Homeland Security, FEMA, New York State and City Offices of Emergency Management and leading government security integrator SAIC have concluded that no other organization has anything like what AIG has and that they are better prepared than any other private U.S. organization.
AIG was the first company in New York City to evacuate non-fire emergencies with elevators. The results? New York City’s building codes have incorporated this step in the recent revision for high-rise buildings.
Perhaps no private organization has done as much or continues to work as diligently in the field as AIG for its 106,000 global employee workforce, shareholders, investors and visitors. “We have to give our employees a sense of security. Everybody from the CEO on through supports the program,” says Mahaffey. The department includes over 50 security professionals plus a large proprietary guard force (only one of whom was on the staff when Mahaffey arrived in 1993).
“When I arrived it was really ‘old-time’ security – guns, guards and gates. When I was hired, the AIG executive team saw security as more and I then began working with other departments,” reflects Mahaffey. For example, the security department focuses on investigations such as threats against employees especially claims adjusters, domestic disputes that find their way into the work environment and other workplace violence issues. “We have worked to train non-security employees about collecting intelligence over the phone or preserving evidence. This has allowed us to be more effective while better protecting them.”
But that was just the beginning. A leader with the FBI and deeply involved in the 1993 World Trade Center terror attack and investigation before joining AIG, Mahaffey realized the threats to a global company headquartered on Wall Street were significant and constant.
With the backing of senior management, AIG now has a Shelter-in-Place program with MRE’s (meals ready to eat), water, thick mil plastic and duct tape, defibrillators and first aid kits on every floor. Each employee has been issued a package containing a number of items to include an eye protector and gas mask (they are encouraged to carry it with them at all times) and floor members are trained in emergency preparedness and first aid. “The reality is that in an event not specific to our own building we might be on our own for up to 72 hours. We are prepared to protect employees and visitors in the case of this unlikely event,” says Mahaffey.
Their facilities are equally ready. There are instruments on the exterior of the buildings that send mass communication alarms to the security team and the command center.
“Our systems will identify what the agent is and how ‘hot’ the area is. If it turns out to be only baby powder, well, we’ll be able to tell you what brand.” The emergency preparedness program includes decontamination tents in the lobby able to accommodate both ambulatory and non-ambulatory people.
They have not only installed the emergency preparedness program but AIG drills every other month and their floor wardens include EMTs as well as an on-staff physician. “Close alignment with our business units,” states Mahaffey, “means good security and preparedness.”
States Mahaffey, “We focus on security in two ways, structurally and procedurally. We are in 130+ countries with over 6,000 owned/leased facilities. Can we do: Everything for everyone? No, but we have highlighted the high-risk areas, reviewed each facility and implemented security at the appropriate levels. Nothing impacted us more than 9/11 since we are on Wall Street and have four major facilities in this area.”
The lessons learned on 9/11 were helpful in responding to Hurricane Katrina. AIG had offices in the impacted area of Louisiana and partial ownership in a New Orleans hotel. Following the collapse of the levee, they learned that the hotel had little water, food or fuel for 1,000 guests and employees. The water was rising. Within 6 hours AIG had formed a convoy, emptied a Sam’s Club, hired armed security people and ran a supply line for 36 hours into New Orleans. They made sure everyone received what they needed.
Mahaffey is also proud of AIG’s overseas security and support programs, which continue to expand. The program began by focusing on U.S.-based employees that were moving or traveling overseas to be more security and safety conscious. Today, the program also includes employees posted overseas who are traveling to other countries as well. They have expanded the Security Overseas Seminar (SOS) program’s international content as well and added a female specific feature.
AIG measures the value of their security spending in several ways. The budget process requires his team of professionals to make a case for each program. “We seldom face a lack of support,” shares Mahaffey, “Martin Sullivan (AIG's President and CEO ) and his senior management team are involved and proactive about emergency preparedness and security.”
Chief Security Officer
American International Group
New York City, N.Y.
Give Them a Sense of Security
Among the most respected and top performing Wall Street companies is AIG. The company aspires to be a world leader in everything it does, including security. So when their CEO asks, “What are you doing to protect our people?” you had best have a great answer.
Ron Mahaffey and AIG’s security team have a great answer. AIG’s programs are not just evolutionary or best practices. They are revolutionary and have reset the bar for security excellence and emergency preparedness. Visiting organizations including the Department of Homeland Security, FEMA, New York State and City Offices of Emergency Management and leading government security integrator SAIC have concluded that no other organization has anything like what AIG has and that they are better prepared than any other private U.S. organization.
AIG was the first company in New York City to evacuate non-fire emergencies with elevators. The results? New York City’s building codes have incorporated this step in the recent revision for high-rise buildings.
Perhaps no private organization has done as much or continues to work as diligently in the field as AIG for its 106,000 global employee workforce, shareholders, investors and visitors. “We have to give our employees a sense of security. Everybody from the CEO on through supports the program,” says Mahaffey. The department includes over 50 security professionals plus a large proprietary guard force (only one of whom was on the staff when Mahaffey arrived in 1993).
“When I arrived it was really ‘old-time’ security – guns, guards and gates. When I was hired, the AIG executive team saw security as more and I then began working with other departments,” reflects Mahaffey. For example, the security department focuses on investigations such as threats against employees especially claims adjusters, domestic disputes that find their way into the work environment and other workplace violence issues. “We have worked to train non-security employees about collecting intelligence over the phone or preserving evidence. This has allowed us to be more effective while better protecting them.”
But that was just the beginning. A leader with the FBI and deeply involved in the 1993 World Trade Center terror attack and investigation before joining AIG, Mahaffey realized the threats to a global company headquartered on Wall Street were significant and constant.
With the backing of senior management, AIG now has a Shelter-in-Place program with MRE’s (meals ready to eat), water, thick mil plastic and duct tape, defibrillators and first aid kits on every floor. Each employee has been issued a package containing a number of items to include an eye protector and gas mask (they are encouraged to carry it with them at all times) and floor members are trained in emergency preparedness and first aid. “The reality is that in an event not specific to our own building we might be on our own for up to 72 hours. We are prepared to protect employees and visitors in the case of this unlikely event,” says Mahaffey.
Their facilities are equally ready. There are instruments on the exterior of the buildings that send mass communication alarms to the security team and the command center.
“Our systems will identify what the agent is and how ‘hot’ the area is. If it turns out to be only baby powder, well, we’ll be able to tell you what brand.” The emergency preparedness program includes decontamination tents in the lobby able to accommodate both ambulatory and non-ambulatory people.
They have not only installed the emergency preparedness program but AIG drills every other month and their floor wardens include EMTs as well as an on-staff physician. “Close alignment with our business units,” states Mahaffey, “means good security and preparedness.”
States Mahaffey, “We focus on security in two ways, structurally and procedurally. We are in 130+ countries with over 6,000 owned/leased facilities. Can we do: Everything for everyone? No, but we have highlighted the high-risk areas, reviewed each facility and implemented security at the appropriate levels. Nothing impacted us more than 9/11 since we are on Wall Street and have four major facilities in this area.”
The lessons learned on 9/11 were helpful in responding to Hurricane Katrina. AIG had offices in the impacted area of Louisiana and partial ownership in a New Orleans hotel. Following the collapse of the levee, they learned that the hotel had little water, food or fuel for 1,000 guests and employees. The water was rising. Within 6 hours AIG had formed a convoy, emptied a Sam’s Club, hired armed security people and ran a supply line for 36 hours into New Orleans. They made sure everyone received what they needed.
Mahaffey is also proud of AIG’s overseas security and support programs, which continue to expand. The program began by focusing on U.S.-based employees that were moving or traveling overseas to be more security and safety conscious. Today, the program also includes employees posted overseas who are traveling to other countries as well. They have expanded the Security Overseas Seminar (SOS) program’s international content as well and added a female specific feature.
AIG measures the value of their security spending in several ways. The budget process requires his team of professionals to make a case for each program. “We seldom face a lack of support,” shares Mahaffey, “Martin Sullivan (AIG's President and CEO ) and his senior management team are involved and proactive about emergency preparedness and security.”
For John McClurg, among numerous challenges conquered is convergence under one organizational umbrella. The move strikes across traditional boundaries delineating the cyber and physical worlds.
Security 500 Rank - 5
John McClurgVice President
CSO Global Security
Honeywell
Morristown, N.J.
Making Convergence a Business Success
Every global company looking at emerging markets and opportunities has to appreciate the risks they create. Being an aggressive, global company, having our arms around that risk is important,” says John McClurg. He is Vice President and CSO of Honeywell’s Global Security organization. McClurg’s responsibilities include strategic focus and tactical operations of Honeywell’s internal global security services, both physical and cyber. He is also charged with the seamless integration of Honeywell’s various security offerings and improving the effectiveness and efficiency of security initiatives.
Honeywell is a $31 billion revenue, diversified technology and manufacturing leader, serving customers worldwide with aerospace products and services (40 percent of sales); control technologies for buildings, homes and industry (31 percent of sales); automotive products (15 percent of sales); and specialty materials (14 percent of sales).
Before joining Honeywell, McClurg served as the vice president of global security at Lucent and served in the U.S. intelligence community, as a twice-decorated member of the Federal Bureau of Investigation, where he held an assignment with the U.S. Department of Energy as a branch chief charged with establishing a cyber-counterintelligence program within DOE’s Office of Counterintelligence.
“My role was old-fashioned counter-terrorism and that led to using technology more effectively. So I went out and promoted ‘convergence.’ Bell Labs called (Lucent) and said they ‘wanted to do convergence.’ I went to Lucent and after the company declined I joined Honeywell as part of the team to speed the convergence trend.”
Working closely with Larry Kittleberger, Honeywell’s COO, whom John followed from Lucent, McClurg is a voting member of the company’s IT Council and Technology Leadership Council. “Honeywell is a conglomerate with four business units. Each has a CSO and CISO who report into corporate security but are assigned full-time to their business unit.”
What makes Honeywell and Honeywell Global Security particularly interesting is that one of the business units, Automation and Control Solutions (ACS) manufactures security and life safety products. Says McClurg, “Honeywell Global Security is a big and important customer of Honeywell ACS. We are a constant voice regarding technology, solutions and our needs.”
At the same time, McClurg recognizes and works to make certain Honeywell Global Security’s stakeholders’ interests are protected. “We are a widely held Dow 30 Company, so shareholder interests are considered. Shareholders give an asset to the company and they expect a return,” says McClurg. “Similarly, the board understands that its obligation to shareholders involves a secure environment. We also work to secure our 100,000 worldwide workforce from both external and internal threats, such as workplace violence. Finally, Honeywell has well over 100,000 customers worldwide that depend on us and expect a secure environment.”
The threat of insiders or a “trusted partner” acting against the company or its employees is an ever-present threat. “We are only as strong as our weakest link and unfortunately it is very difficult to find that link,” says McClurg. “We are also very cognizant of the risks that a converged environment and broader dependence on IT systems creates. We work hard to proactively stop negative events from happening.”
Among the numerous challenges Honeywell’s Global Security has conquered is the convergence of cyber and physical security efforts under one organizational umbrella. Why go in this direction? “It was an organizational response driven by what we perceive to be the nature of the threat of the 21st century, i.e. one that strikes across traditional boundaries delineating the cyber and physical worlds,” says McClurg.
All branches of Honeywell are measured and security is held to the same standards of business measurement as other departments. “We are business men and women,” states McClurg, “and expect to contribute to Honeywell’s global success.”
One example of his contribution across the enterprise includes protecting privacy interests. “Encryption and extrusion expenditures have bolstered our ability to advance privacy interests,” explains McClurg. Interestingly, Security Magazine’s recent Security 360° Report identified protecting personal information as “most important” by employees from over 200 U.S. organizations (See Security Magazine August 2007 Issue).
What does he see as the greatest challenge for his profession?
“Staying aligned with business initiatives being advanced in higher-risk emerging markets with data and the actual costs of mitigating unacceptable risk in these regions,” says McClurg. (This Security Magazine interview started when McClurg could squeeze in 20 minutes while in New Jersey and continued during his travel through Asia where he explained what he likes best about his job: “The complexity that characterizes the environment of the global marketplace…keeps us on our toes and mentally sharp.”)
According to Richard Mosquera , by partnering with peer departments and with a win/win plan, buildings have been retrofitted and new ones built with security’s input in the design.
Security 500 Rank - 8
Richard MosqueraDirector, Corporate Security
Con Ed
New York City, N.Y.
Serve the Business and Stakeholders, Too
We live with the reality that New York City in general and Wall Street in particular house the most critical economic infrastructure in the country. Con Ed is a viable target and someone could disrupt the viability,” explains Rick Mosquera, Con Ed’s Director of Corporate Security.
Hired in 2004, he was given a seemingly blank canvas to work with the instruction that his enterprise wanted some changes, but unsure of what changes were needed. The pushback was significant. But, during his 25 year FBI career, he had lots of experience successfully dealing with the bureaucracy of government, silos and the general understanding that “everybody has the most important job, so why are you bothering me?” He quickly concluded Con Ed needed a whole new approach to security. He went to work on changing cultures. First he targeted the culture within corporate security. Second he worked to answer the defensive question from other departments: “Why does security need to be involved?” and to change the culture across Con Ed towards security.
Recognizing that all of these silos also have significant interdependencies enabled him to build bridges, create understanding and appreciation for security and succeed.
Today, Con Ed Corporate Security includes a very robust physical security program for Con Ed and Orange and Rockland Utilities. The department has 27 full-time security managers, technicians and specialists. Significant in their strategy and execution was moving their integration resources in-house. Con Ed hired integrators to build an in house integration company. This reduced cost and sped their response time to security’s needs. They also have contract officers at over 500 locations.
Mosquera views Con Ed’s four million plus customers, investors and over 14,000 employees as security’s stakeholders. “We are heavily regulated and there are threshold levels of security within those regulations. But we have gone well past those,” says Mosquera. “Con Ed’s three primary business units -- electric, gas and steam -- are separate units and operate differently As a result we look at them as our customers and have worked to be integrated into their unique organizations. Post 911, a significant number of security protocols were put in place without any understanding of how different businesses operated. Security became an obstacle. We have changed it to an enabler.”
Changing the mindset is not simple nor did it happen quickly. Mosquera’s department weighs security needs against organizational needs. “We ask: How will it effect the business?” says Mosquera.
By partnering with his peer department heads and creating a win/win plan, buildings have been retrofitted and new buildings build with security’s input in the design. “I felt from day one that we would only succeed at providing an adequate level of security through collaboration and cooperation,” says Mosquera. “We have partnered both internally and externally. The New York police, fire, office of emergency management, FBI and DHS are part of the process.”
Still, the availability of Con Ed’s facilities through Google Maps and the power grids being available online are great concerns that add to the constancy and cost of security’s required programs.
The overall profile of the department as an effective part of the company has been embraced. “The key for us is that our CEO understands security’s value,” says Mosquera. Recently the New York departments of Homeland Security and Public Safety visited Con Ed. Rick asked his CEO to stop by and say hello. He spent 90 minutes with them. “He gets it,” observes Mosquera.
Con Ed security has also built professionalism, improved technology skills and aggressively applied technology solutions. The operation is building a state-of-art operations center and will manage security at the enterprise-level. Rick regularly presents to the Board of Directors, which did not occur before he joined the company. “The Board is extremely engaged in security issues” shares Mosquera.
There is a strong awareness of security’s value and its impact is measured in several ways. Using training and security awareness to reduce theft (especially of copper wire) and laptops/PDAs, for example. As those numbers are reduced, the metrics become clear.
Utilities measure security’s value by passing audits and avoiding external oversights. Pick three letters: DOT, DHS, PUC, TSA, DOE and you will have probably named an agency auditing and regulating Con Ed. Each has mandatory requirements. “Passing audits by having the appropriate level of security equals a valuable security investment,” explains Masquera, “We reach to exceed it.” Most important is keeping the power grid safe and running, serving customers and protecting revenue sources.
Con Ed has exceeded compliance requirements. In a new facility security cameras and the monitoring center will be used to check critical gauges and readings without physically visiting those locations. The operating units will also record repair processes and maintenance and monitor ongoing work activity at street levels through the security surveillance system.
Keeping up with mandates such as the TWIC (Transportation Worker Identity Card) credentialing requirements (Con Ed has waterside facilities) and the cost to administer these programs demands management. The biggest challenge Mosquera sees for our industry: “We must avoid complacency.”
Samuel J. Plumeri, Jr. had a leadership challenge – to rebuild passion and morale across the organization. “We had to deal with the loss of many colleagues while at the same time we had to step up security on many targets.”
Security 500 Rank - 3
Samuel J. Plumeri, Jr.Director of Public Safety
Superintendent of Police
The Port Authority of NY & NJ
Jersey City, N.J.
Complexity of Risks, History of High Morale
I don’t believe there is another organization like this in the country,” states Samuel Plumeri Jr., with the pride and passion that has reinvigorated the morale of this 1,600 plus member organization.
Superintendent Plumeri retired after a successful 32-year career in various law enforcement capacities including the city of Trenton, Mercer New Jersey County Sheriff and the state of New Jersey when he was asked to join the Port Authority after 911. He considers this assignment “an honor and unique privilege.”
On Sept. 11, 2001, this organization lost 84 members including 37 officers and commissioners or 3 percent of its force. This was the largest loss by any single department in U.S. history. Their offices in the World Trade Center were gone and the organization was displaced. Initially, the post 911 NYNJPA force was required to work 12-hour shifts, vacations were not allowed and the officers and their families had to absorb these demands. Their academy was relocated to a college campus in New Jersey.
Plumeri’s leadership was sought to rebuild the force and morale from the emotional low point of the terrorist attacks. His leadership has been the key to rebuilding passion and morale across the organization. “We had to deal with the loss of many colleagues while at the same time we had to step up security on many targets,” recalls Plumeri.
Clearly, no other safety and security organization faces the complexity of risks and challenges NYNJPA does. Plumeri meets new recruits each year with the welcome, “Planes, trains and automobiles!” Described by his colleagues as “far too humble,” his enthusiasm has been infectious during the past five years as supervisors and police officers have not only recovered, but also excelled and improved to own and protect the most critical infrastructures in the United States. “Today, we are both a police force and a counterterrorism force,” he says. The NYNJPA shares responsibility for the region’s “brand” and the officers are trained in customer service, too.
NYNJPA has safety and security responsibility for the 25-mile area around the Statue of Liberty where 17 million live but more critically, over 500 million people served annually through sea and airports, heliports, the NY/NJ PATH train system (230,000 trips/day), train and bus stations, bridges and tunnels. The area is also a powerful economic center for cargo as Port Newark and JFK Airport are each among the five busiest in the country.
The NYNJPA has focused on recruiting, technology, information sharing and collaboration with other organizations including federal, state and local agencies to build an effective intelligence network, training and coordinating across organizations. Among the noticeable improvements is the way intelligence is shared today. The NYNJPA is also involved in working groups to improve systems, security and intelligence. In addition to being an executive board member of the N.Y. and N.J. Joint Terrorism Task Force, the Port Authority works closely with the NYPD Counterterrorism Department, the receive top secret briefings.
“We enjoy the relationship with the FBI and other enforcement partners,” shares Plumeri. “We have thwarted potential attacks during the past five years due to solid, shared information. The strategies, funding and cooperation are good and they are continuing to get better.”
In addition to recruiting and training, the NYNJPA has become a mobile force as well. They are able to move and deploy assets through their Special Operations Division. The ability to mobilize K9, motorcycle, air and other units quickly makes the security more constant and more effective throughout the region.
All of this comes with a price and Plumeri and his management team understand the responsibility of allocating their significant budget created to ensure public safety.
While the evolution to improve safety and security is never ending, the results are measurable and positive.
The NYNJPA has a formal system to improve performance measures. This includes assessments of visibility including officers, surveillance and baggage checks; whether tourists and citizens “feel safe” against the number of “customers” using a specific service. More importantly the confidential information regarding thwarted attacks and a steady decline in the numbers of incidents are analyzed.
But the job and the day never end. Identifying those “unknown” risks such as homegrown terror or overcoming other intelligence gathering anomalies is always on the mind of NYNJPA’s leaders. The key is to “stay up” and focus daily on smarter and faster technologies, systems, processes and execution. The ongoing challenge is to make sure, as best they can, that everything possible is being done to ensure safety and security.
Concludes Plumeri, “We have created a renewed sense of purpose. We owe it those who lost their lives.”
Maureen Rush built the concept of “shared responsibility” into Penn’s culture, educating the community about the need to remove criminal opportunities.
Security 500 Rank - 6
Maureen RushVice President
Division of Public Safety
University of Pennsylvania
Philadelphia, Pa.
Security Is an Educational Effort and a Passion
Everything” keeps Maureen Rush up at night she answered with a laugh. “We live in a 24/7 environment, spend time ‘what-iffing’ and work to prevent bad things from happening vs. responding to events. Virginia Tech changed our focus from drinking to mental health issues. 911’s impact added emergency response and preparedness to our planning. We ask ourselves daily, ‘What do we need to do?’ for the bottom line delivery of safety and security.”
And why shouldn’t it? The University of Pennsylvania campus is located in Philadelphia, which had the highest murder rate among the nation's 10 largest cities last year. Violent crime and property crime grew at a rate that exceeded the national average, according to FBI statistics. Morgan Quitno Press has also identified Philadelphia as the sixth most dangerous city in the U.S. And city budget cuts have reduced the Philadelphia Police Department by 500 officers during the past three years.
Yet, the University of Pennsylvania has steadily managed to reduce all crime (including violence against individuals) 5 percent per year across the university campus and hospitals which host nearly 35,000 international and multi-cultural employees, students and patients. At the heart of this success story is Penn’s Division of Public Safety under the passionate leadership of Rush along with the strong support of Penn’s president, deans, trustees and the powerful concept of “shared responsibility.”
Very hands on and passionate about security, Maureen has embraced and built the concept of “shared responsibility” into Penn’s culture. Shared responsibility has been used at Penn for 14 years with the understanding that the population must use the resources Penn gives them. Since crime is the formula of a diversity of motive opportunities and you cannot stop motive, then you must remove the opportunity.
To do so, the Department of Public Safety educates students aggressively. Each freshman is required to attend a 90-minute program. There are 150 presentations held during the year with the goal of getting students to “sign-on” and look at safety as their responsibility by having peers and prior victims share experiences.
Penn’s Public Safety Division manages a $21 million budget including seven departments and 175 full-time employees including the largest private police force in Pennsylvania (116 sworn officers). Core to the success: the outstanding directors overseeing each of seven departments that comprise the Safety Division. They also rely on their partnership with AlliedBarton and over 450 contract security officers. The University hosts over 20,000 people spread over 260 acres. And they provide security for the Penn Health System’s facilities and over 13,500 employees.
Public Safety reports to the Executive Vice President. With the support of the President, the Deans and the Trustees, there is strong awareness that they are also protecting a very valuable brand. The Vice President of Public Safety is a member of the senior management group and the goal of keeping the expectations of security at the highest levels is at the forefront.
Penn has aggressively pursued new solutions to improve safety and security. These include training officers in new skills including both active shooter training and diversity training. Penn has included emergency response and SWAT training and drilling for several years.
They have also aggressively employed new technologies including 83 PTZ cameras, a new emergency operations and monitoring center and a Mir 3 Mass Notification System capable of notifying 50,000 people in 7 minutes. Penn also collaborates with the city, for example conducting joint drills this fall and they employ extensive crime mapping.
Penn measures the value of security through statistical analysis. The board looks for this analysis to ensure every effort is made to provide adequate safety and security. In addition to reduced crime statistics, quality of life issues are measured. Students and employees are asked how they are feeling about Penn and if they enjoy the environment. Alumni are surveyed on whether they are proud of Penn and the results are clear: Penn applications and their alumni weekend attendance are both skyrocketing.
Consumerism and demographic shifts are driving changes in how security and safety are designed and delivered. More often, students want their amenities including wireless and television as well as easily accessible stores and restaurants. This blends university planning with third party developers and complicates security. Demographic shifts to older student populations as well greater diversity requires better cultural awareness within the safety division.
Maureen was among the first 100 women to become a patrol officer in Philadelphia and held various roles during her 18-year career with the city police force including special victims experience. She moved to Penn in 1994 to lead its victims’ support and special services department. In 1996 she was promoted to Chief of Police and after seven months as interim Vice President of Public Safety, she was named to the post in 2001.
When she is not leading Penn’s public safety initiatives, she is busy raising her daughter, is an avid gourmet chef and enjoys playing guitar and drums at her church. She is most proud of the team of the seven directors who are great professionals and leaders of their departments and staff members.
Bernard Scaglione works closely with emergency preparedness in the city and participates on a committee that reviews emergency management system-wide, not just at the hospital.
Security 500 Rank - 56
Bernard ScaglioneDirector of Security
New York Presbyterian Hospital
New York City, N.Y.
A Mix of Customer Service, Emergency Preparedness
The security force at New York Presbyterian Hospital has succeeded in reaching security’s opposite poles. “We have worked to be less police oriented and more customer service oriented,” explains Bernard Scaglione, “the message is about a culture for compliance and customer service, not a security message.”
At the same time, if the city experiences a major disaster the victims are coming here. “We have emergency preparedness training and drills for pandemics, hazmat including chemical and bio and the training to spot suicide bombers, suspicious and contaminated people before the get into the hospital. And every security team member is CPR certified,” adds Scaglione. How is that for customer service?
The hospital’s security force includes three managers with two in operations and one leading investigations; ten sergeants and supervisors and 125 in-house officers with an annual budget exceeding $5 million.
With over 10,000 employees, over 4,000 people entering and exiting their facilities daily, over 2.2 million square feet spread over two city blocks as well as their psychiatric hospital in White Plains, New York, the hospital manages over one million patient visits annually.
“We work hard to help and be a part of the hospital. Our officers are the direct line for customer service," says Scaglione. Among his department’s challenges, “We work hard to keep our customer service numbers high. It is a challenge to have an officer in someone’s face and requesting ID in a way that generates positive feedback and high customer service scores. But we do.” They also hold “what-if” discussions about other risks with the possibility of a baby being taken at the top as well as being prepared for a possible terror attack.
The hospital implemented a state-of-art baby ID and protection system that was widely publicized in the city. “We want people to recognize this as the best place to have their child in terms of both healthcare and security. This is a marketing message as much as a security message,” shares Scaglione. After 911 they received positive press in the New York Times about their security efforts and how they successfully made people feel safe at the hospital.
The hospital has always been proactive when it comes to security matters and has consistently ranked at the top of the benchmarking studies as a result. 911 and Katrina created a major push on emergency preparedness including pandemics, lockdowns and other emergency situations.
Security is also part of the triage process as they are trained to restrict access and screen victims, relatives and even non-victims who think they may have been exposed or harmed. Their officers are trained with special guns to measure temperatures of victims and move them to a secure, external area for treatment.
“We work closely with emergency preparedness in the city and participate on a committee that reviews emergency management system-wide, not just at the hospital,” says Scaglione. Recently they participated in a citywide mock drill on pandemics. By analyzing the surge capacity New York Presbyterian reacted faster and locked down first among participating hospitals.
Security’s bottom-line benefit is measured on a monthly basis. They have undertaken major investigations to reduce theft and diversion. The results show continued improvement and a cost benefit from their efforts. They routinely seek out and adapt best practices including new technologies such as video and restricted access control to improve security.
They are also surveyed by the Commission on Accreditation of Healthcare Organizations, now called the Joint Commission. It requires annual education for all employees including security. New York Presbyterian exceeds the industry’s requirements as their message of customer service and compliance has changed behavior. Their communications and training work has created the view that good security is a benefit within their culture.
“The future of the security professional depends first on the leader and his department becoming part of the overall organization both internally and externally. We feel we have succeeded not only with the hospital but also with the city. We have good relationships with the NYPD, NYFD and NYOEM (New York Police Department, New York Fire Department, New York Office of Emergency Management). Only then can you play a major role in the culture and create a healthy work environment. We want our employees and patients to feel safe. To achieve that goal, the culture must include security as an integral part.”
Scaglione earned both his bachelors and masters degrees in criminal justice and has enjoyed a successful 25-year career in security. Prior to be named security director at New York Presbyterian Hospital, he held security management positions at Atlantic Health and Bellevue Hospital. Married with three children, he enjoys motorcycling and coaching youth basketball.
“I like being here everyday and addressing the different challenges. The best people are at this hospital and our security team is very motivated and passionate about their work,” concludes Scaglione.
