2012 Security 500 Leader Profiles

Russell J. CancillaRussell J. Cancilla, Vice President & Chief Security Officer Health, Safety, Environment & Security, Baker Hughes Incorporated

 

The Business Leader

 

“I would arguethat as a CSO, if we haven’t convinced the CEO that he could not successfully run his/her company without security support, we have not done our jobs,” begins Russ Cancilla, Vice President and Chief Security Officer for Baker Hughes Incorporated.

Baker Hughes is a global oilfield service company that has $19.83 billion in annual revenues and more than 58,000 employees operating in more than 80 countries with nearly 1,500 facilities. Security and crisis management fall under the remit of the Vice President & Chief Security Officer and the department is named the Enterprise Security & Crisis Management Team (ESCM).

“Security is competing for resources as organizations reduce general and administrative allocations. Business leaders are using a more rigorous process, looking for the cost/benefit value not just the risk/reward scenarios and want to talk to a business-minded person – not merely a security person. It is the CSO’s responsibility to break the mold and communicate the business case,” explains Cancilla.

Oilfield services is a high technology business that has similarities with NASA. “NASA technology goes up, into outer space. Our technology goes deep into the core of the earth. Both are out of reach and depend on technology to work. We spend roughly $500 million annually on technology, research and development and we have to protect the investment,” he says. 

As a result, Cancilla is most focused on the critical risks generated by geopolitical instability, industrial and state sponsored espionage targeting  Baker Hughes’ intellectual property. The business also must be protected from cyber terrorism, theft, corruption and fraud.  “The industry is seeing an increase in IP theft attempts and loss. We have strong programs in place, invest in our technology and have sophisticated, special procedures in place when it comes to  handling and shipping equipment to  protect our IP and demonstrate a duty of care to our stakeholders,” notes Cancilla.

Second, his organization is focused on the execution of the programs that protect the company’s people, assets/critical infrastructure and investments.

Cancilla has a simple mantra: “We proactively stay aligned with the business and explain that enterprise security does not manage risks for them, but that we help them manage those risks. We ask the business unit presidents to ask: ‘What risks do we need to manage with this money?’ If we can start with that business question, then we succeed,” he shares. 

By restructuring from the traditional security programs to a more risk-based, business-aligned approach,  his team has been able to contribute to business growth and profit by setting targets for assessing and managing risks versus simply responding to incidents. 

“Perhaps to the surprise of most security professionals, the biggest contribution to our organization’s success is not a security feature, per se.  Instead, there are two areas that have resulted in major contributions: a) security becoming a respected business partner and b) our positive impact on profitability and identification of emerging markets,” he says.   

“We have metrics in place that range from cost of security as a percent of revenue and cost per employee to the amount of proactive vs. response time the team spends,” he explains. “In less empirical terms, we measure the value of security spending in how satisfied management and the workforce are with our performance. Our ESCM leadership team constantly asks the global leadership of the company for satisfaction checks on security support and performance.”

These programs enable security to meet the board’s high expectations, which are to operate with the utmost integrity and to protect the assets and security exposures that the company confronts. These programs are expected to be aligned with the business and for those involved to understand the operations and financial aspects of running the business, including revenue generation, improvement of margins and the impact of Security’s costs to the bottom line.

It is important for CSOs and their teams to be considered business professionals who are experts in security. Once CEOs and other decision makers make that mental transition away from seeing the security team as a “necessary cost” or a group that merely provides security for their facilities and people, to a team that enables the profitability of the company, the proverbial “seat at the table” becomes more permanent. 

Cancilla most enjoys being a business leader who happens to manage security and having an impact on the company’s overall performance by working directly with the CEO as a member of the Senior Executive Team. Cancilla has been married for 40 years. He has two sons and enjoys spending time with his grandchildren when not golfing, riding motorcycles or cooking.

If Cancilla were not a CSO, he says he would work as a management and security consultant focused on transitioning poorly performing functions and activities into more successful organizations.

 

Security Scorecard

•           Revenue/Budget: $20,000,000,000

•           Security Budget: $17,000,000

•           Critical Issues:

            – IP Security

            – Global Issues, such as the Arab Spring

            – Competition for Resources to Run Security Programs

 

Security Mission

•           Business Continuity

•           Corporate Security

•           Disaster Recovery

•           Emergency Management/Crisis Management

•           Geopolitical Intelligence & Corporate Espionage

•           Intellectual Property

•           Investigations

•           Physical Security/Facilities

•           Regulatory Compliance

•           Risk Management

•           Supply Chain/Vendor

•           Workforce/Executive/Personnel Protection

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security December 2014 issue cover

2014 December

This issue of Security Magazine covers our 12th annual Top Guarding Firms list. Check out the best of the best as of December 2014. The 21st century has brought with it new types of security threats. Read how to combat and protect against these threats.

Table Of Contents Subscribe

Security Emergency Preparedness Training

Which security personnel emergency preparedness training is the top priority to you and your enterprise?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.