Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

2012 Security 500 Leader Profiles

Duane RitterDuane Ritter, Vice President, Corporate Security

 

The Multi-Tasker

 

“Last monthin Las Vegas, I hosted a conference for the CSOs of the largest multiple cable systems in the U.S. While our companies compete in many areas of the country, in certain areas we do not. We all face the same security threats. By sharing information and discussing how to eliminate vulnerabilities, all of our stakeholders benefit and are more secure,” shares Duane Ritter, Vice President, Corporate Security for Cox Enterprises, who contributes to both his company and the industry at large with great enthusiasm.

Cox Enterprises is a $15 billion dollar privately held diversified company that includes Cox Communications, the third-largest cable TV provider and one of the largest broadband communications companies in the U.S., Manheim, AutoTrader.com and Cox Media Group, an integrated broadcasting, publishing and digital media company.

“The security organization is structured to be the trusted advisor to our business units. Their goal and ours is the same; to create a safe and secure environment for employees, their important information and our infrastructure and facilities,” notes Ritter. Working across a diverse organization requires coordination. “We are currently consolidating disparate physical security systems. We have also taken on the challenge of standardizing our security practices across diverse organizations. But our greatest threat, like many other organizations, is cyber.”

Among other initiatives, the company is creating a comprehensive Cyber Crisis Management program. “We aligned it to our critical response program and it is based on data privacy breach notification requirements, and industry standards such as PCI DSS,” explains Ritter. The program has been well received and as a result, he will be briefing company leadership about the program.

Ritter and his team have also revamped their third party due diligence process for any organization or vendor that touches the company’s network or accesses non-public, sensitive business information. “We deliberately changed from an ad hoc to formal process with our business stakeholders. Our goal is to evaluate third-party risk to ensure their security controls are adequate during the duration of the contract. The question is simply, ‘Who are we doing business with and what is the relative risk the relationship poses to our organization?’ and by answering that question, we ensure adequate due diligence on our third-parties,” says Ritter.

Business resilience is another focus area at Cox. “Anticipating potential business interruptions and working to mitigate those threats from happening supports the business organizations to remain operational and reach their goals. Resilience and strategies and preparedness drills are critical for success. Accurate risk assessment and being prepared are the biggest contributions we can make to the organization and our people,” he shares.

Examples of the risk and security strategies include travel programs, mass notification and workforce protection. “During and after Katrina, employees were our top concern. We worked around the clock to contact them and ensure their safety. Since then, we’ve improved our technology and emergency systems, so we can support our employees at an even higher level in the event of a business disruption. We have a 24 hour watch center capable of supporting all of our employees worldwide,” explains Ritter.           

“Our leadership expects us to provide professional and consistent security to the business owners we serve. The Security Department has a role in recognizing risk, understanding the effects it has on the business and identifying the means to mitigate it. Collaboration among departments and the diverse business units we support is key to our success as well as emphasis we place on mutual respect. Cox expects us to have a broad range of quality services that support the corporation in addition to providing resolution to issues and/or incidents that enable business growth.”

Ritter notes how the entire security field has changed from a law enforcement response mentality to a business risk and prevention expectation and expertise. “This is no longer seen as a post retirement job after a law enforcement career. The change to corporate security can be a challenge for many with career government and/or law enforcement backgrounds. The entire security field has changed, requiring different types of education, maturity and leadership skills.”

Ritter enjoys the variety he experiences in his job. “There are so many fields to work in, from IT forensics to physical security to complex investigations and threat assessments. This is an exciting profession because there is always something different coming in the door. This is a job where if you expect to be successful you should check your ego at the door, communicate, interact and solve problems.” Having amassed a lot of experience and expertise, he is motivated by the very talented, young people in his department who have chosen security as a profession.

When not at work, Duane likes to spend time with family and friends. Originally from Nebraska, he likes hunting, the outdoors and of course Cornhusker football.

If Ritter were not a CSO, then he would have pursued a career in law.

 

Security Scorecard

•           Revenue/Budget: $ 15,000,000,000

•           Security Budget: Confidential

•           Critical Issues:

            –          Cyber Threats

            –          Consolidation of Disparate Physical Security Systems

            –           Emergency/Crisis Management Preparedness

 

 

Security Mission

•           Asset Protection/Loss Prevention

•           Brand/Product Protection

•           Business Continuity

•           Corporate Security

•           Cyber Security/IT Security

•           Disaster Recovery

•           Emergency Management/Crisis Management

•           Investigations

•           Physical Security/Facilities

•           Regulatory Compliance

•           Risk Management

•           Workforce/Executive/Personnel Protection

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+