Trends Column / Security Leadership and Management / Security 500 Report

Security 500 Trends: Thanks for Nothing

Really, Security 500 Members, when we add up all of the leadership, subject matter expertise and business acumen you bring to your enterprises, what happens? Absolutely Nothing. Well, it is my turn, with the publication of the Security 500, to say to each of the 500 who have been ranked on this year’s prestigious list: “Thanks for Nothing.”

You need only to read this year’s Report and Profiles to understand how this significant investment, estimated at more than $10 billion, by enterprises in people, processes and technology will get you nothing. As Ed Goetz, CSO at Exelon asks, “When nothing happens, is it because you did a good job? Or was it because the threat never materialized?”

Since Exelon is proactively identifying and mitigating risks, ensuring compliance and delivering 24/7/365 operational support to their global workforce, we may never have a clear answer to that question. As best we can tell, Exelon and Mr. Goetz sit high upon the Security 500, volleying cyber and physical security threats back over the net to ensure that at the end of each endless day, nothing has happened.

Of course, Exelon is not the only enterprise guilty of spending a lot of time and money on nothing. Major League Baseball has taken nothing to the next level, being invisible too. Dan Mullin, Vice President of Investigations for the League, shares that,“The most important thing is that our security be rigorous but invisible. Law enforcement is visible but security should be invisible. Baseball is entertainment and our role is to ensure that the fan experience is safe and secure without having to interact with us unless necessary.”

Come to think of it, I had the opportunity to go to a Yankees game this summer, and beyond the nice weather, Yankee win and expensive beer, well, nothing happened there, either. Maybe this is becoming a trend? Seems to be. Getting out in front of risks from cybercrime to weather; political unrest to contagions; compliance to business resilience; executives leading their enterprise’s security function are mitigating risks and making sure that nothing happens.

This has been an intriguing year for security, because there is a downside to this nothing: Complacency. It was mentioned often in conversation during this year’s discussions. The events of 9/11 are 11 years removed. Katrina is seven years in the rearview mirror. Data breach and cyber crimes seem to have a 100-percent impact on the victim enterprise and zero on everyone else, so they often go unnoticed and unheeded. Keeping the C-suite and all stakeholders engaged in their personal security is a challenge. Because, while these Security 500 leaders are working to ensure nothing happens, no one should be so arrogant to believe nothing will.

 

Executive Leaders Profiled

Each year I am fortunate to meet and interview a number of the business-minded leaders of the Security 500. They generously share their knowledge, experience and time, so that we can share their expertise with you. The profiles offer an interesting look at how the best in the business contribute to enterprise success while achieving their own. 

 

•  Larry Atteberry, Manager, Emergent BioSolutions

•  Ron Boyd, Port of Los Angeles

•  Russell Cancilla, Baker Hughes, Inc.

•  Jeff Chisholm, Deere & Company

•  Mark Farrell, Comcast Corporation

•  Bryan Fort, McCormick & Company, Inc.

•  Walt Fountain, Schneider International

•  Ed Goetz, Exelon Corp.

•  Jeff Hauk, El Paso Water Utilities

•  Eric Levine, WellPoint

•  Joe McDonald, Switch

•  Dan Mullin, Major League Baseball

•  Stephen Morrill, Charles River Labs

•  Duane Ritter, Cox Communications

•  Alan Robinson, Atlantic Health System

 

Coaching

The 2012 Security 500 Coaches greatly improve our process and resultant benchmark reports that all participants receive. They let us know which key data points to collect within each of 18 unique sectors, enabling us to provide a meaningful benchmark tool. We thank them for their gracious investment of time, direction and intelligence to the Security 500 Survey.

 

            Couldn’t make it to the Security 500 Conference on 11/1? Hear the Security 500 Webinar on 11/6. Register for free at www.securitymagazine.com/events

            Questions about the Security 500? Please email us at: S500Questions@bnpmedia.com

 

Read moreTrends at
SecurityMagazine.com/Columns/Trends

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Mark McCourt

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+