Trends Column / Security Leadership and Management / Security 500 Report

Security 500 Trends: Thanks for Nothing

Really, Security 500 Members, when we add up all of the leadership, subject matter expertise and business acumen you bring to your enterprises, what happens? Absolutely Nothing. Well, it is my turn, with the publication of the Security 500, to say to each of the 500 who have been ranked on this year’s prestigious list: “Thanks for Nothing.”

You need only to read this year’s Report and Profiles to understand how this significant investment, estimated at more than $10 billion, by enterprises in people, processes and technology will get you nothing. As Ed Goetz, CSO at Exelon asks, “When nothing happens, is it because you did a good job? Or was it because the threat never materialized?”

Since Exelon is proactively identifying and mitigating risks, ensuring compliance and delivering 24/7/365 operational support to their global workforce, we may never have a clear answer to that question. As best we can tell, Exelon and Mr. Goetz sit high upon the Security 500, volleying cyber and physical security threats back over the net to ensure that at the end of each endless day, nothing has happened.

Of course, Exelon is not the only enterprise guilty of spending a lot of time and money on nothing. Major League Baseball has taken nothing to the next level, being invisible too. Dan Mullin, Vice President of Investigations for the League, shares that,“The most important thing is that our security be rigorous but invisible. Law enforcement is visible but security should be invisible. Baseball is entertainment and our role is to ensure that the fan experience is safe and secure without having to interact with us unless necessary.”

Come to think of it, I had the opportunity to go to a Yankees game this summer, and beyond the nice weather, Yankee win and expensive beer, well, nothing happened there, either. Maybe this is becoming a trend? Seems to be. Getting out in front of risks from cybercrime to weather; political unrest to contagions; compliance to business resilience; executives leading their enterprise’s security function are mitigating risks and making sure that nothing happens.

This has been an intriguing year for security, because there is a downside to this nothing: Complacency. It was mentioned often in conversation during this year’s discussions. The events of 9/11 are 11 years removed. Katrina is seven years in the rearview mirror. Data breach and cyber crimes seem to have a 100-percent impact on the victim enterprise and zero on everyone else, so they often go unnoticed and unheeded. Keeping the C-suite and all stakeholders engaged in their personal security is a challenge. Because, while these Security 500 leaders are working to ensure nothing happens, no one should be so arrogant to believe nothing will.


Executive Leaders Profiled

Each year I am fortunate to meet and interview a number of the business-minded leaders of the Security 500. They generously share their knowledge, experience and time, so that we can share their expertise with you. The profiles offer an interesting look at how the best in the business contribute to enterprise success while achieving their own. 


•  Larry Atteberry, Manager, Emergent BioSolutions

•  Ron Boyd, Port of Los Angeles

•  Russell Cancilla, Baker Hughes, Inc.

•  Jeff Chisholm, Deere & Company

•  Mark Farrell, Comcast Corporation

•  Bryan Fort, McCormick & Company, Inc.

•  Walt Fountain, Schneider International

•  Ed Goetz, Exelon Corp.

•  Jeff Hauk, El Paso Water Utilities

•  Eric Levine, WellPoint

•  Joe McDonald, Switch

•  Dan Mullin, Major League Baseball

•  Stephen Morrill, Charles River Labs

•  Duane Ritter, Cox Communications

•  Alan Robinson, Atlantic Health System



The 2012 Security 500 Coaches greatly improve our process and resultant benchmark reports that all participants receive. They let us know which key data points to collect within each of 18 unique sectors, enabling us to provide a meaningful benchmark tool. We thank them for their gracious investment of time, direction and intelligence to the Security 500 Survey.


            Couldn’t make it to the Security 500 Conference on 11/1? Hear the Security 500 Webinar on 11/6. Register for free at

            Questions about the Security 500? Please email us at:


Read moreTrends at

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Mark McCourt

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.