Closing the CEO, CSO Gap
May 1, 2008
A number of security executives routinely interact with top CEOs and top enterprise chief security officers as a way to conduct their business and bridge the gap. Three are Michael McCann, president and CEO at McCann Protective Services; James Lee Witt, CEO, Crisis Management and Preparedness Services, James Lee Witt Associates; and Howard Safir, CEO, Security Consulting and Investigations Unit, SafirRosetti.
To complement this month’s cover story on What CEOs Think, I’ve gathered these perspectives from the three.
BudgetsMcCann – I see security budgets as continuing to tighten (unless of course there is a major incident). Justification for new equipment and technology will be required.
Witt – In many companies, the individual responsible for security is also responsible for emergency preparation. This often poses some budget overlapping, and in the current economic environment, budgets will be getting even tighter. The company model that CEOs prefer has become one of a minimal internal staff managing the right external resources needed to protect the organization’s proprietary assets.
ComplianceMcCann – Now that security has a seat at the table, CSOs will continue to be under greater scrutiny. I believe audits of their operation and associated costs will occur more often.
Safir – Security executives should expect regulatory requirements in security and emergency preparedness to increase. Those CEOs and companies ahead of the curve, however, will continue to be cognizant of these requirements and will work proactively to identify and address gaps before they become a problem. Companies do not want to be behind the eight ball in this regard and have to play catch up. Being proactive will help.
People IssuesMcCann – It will be more and more difficult to attract highly qualified and experienced candidates. RFP and bids for outsourced security operations will be very competitive. However, with the tightening of security budgets, companies will be more likely to accept low bids. Security companies will be forced to pay lower hourly rates and hire less skilled workers and invest fewer dollars in training.
Safir – Given all the areas of specialization in fields such as business continuity, disaster management, computer forensics and security planning, it is vital that the top security executive develop trusted and vetted partnerships with external vendors that can provide competent and licensed professionals when needed. Controlling supplier relationships in this manner tends to result in better service and considerable savings beyond what a company could maintain in-house.
TerrorismMcCann – With each emergency or incident, more and more focus from the CEO will be directed at security operations and their ability to deliver. Plans have been formulated, security budgets have increased, additional personnel have been hired and senior management has been briefed. Importantly, when an incident occurs, top management will focus on the incident and the response. No more excuses.
Witt – Smart CEOs and their companies use an all-hazards approach to emergency preparation, dedicating the appropriate resources and energy to planning for any type of event. This preparation needs to take place internally, as well as externally with local governments and key vendors. The chief security officer needs to be an integral part of the disaster management and recovery planning process. They must work internally to put a plan in place, but just as importantly, should become familiar with local first responders and law enforcement personnel. You don’t want to meet the fire chief for the first time when your building is on fire.
Management AttentionMcCann – The CEO will be demanding more from the CSO. In some cases, discussions between CEOs will focus on a comparison to others of their respective security operation. In particular if there is a security incident.
Witt – The events that have occurred in our country over the last seven years such as natural disasters, terrorist attacks and regulatory compliance should convince every CEO of the importance of having the right person at the table to plan and manage these high-level issues on a daily basis. Additionally, a CEO’s commitment to the security function is often demonstrated by whether or not they have someone at the table, and the value that is placed on that individual.