Trends Column / Security Leadership and Management / Columns

Lessons Learned from Security 500 Palo Alto

How little opex can you spend and still get the job done

Opening his keynote by presenting a gap that needs to be successfully closed, Tim Dillon, Vice President of Global Physical Security for Oracle said, “What is the job? The job is to protect assets, protect shareholder value and align with the corporate culture. And answer the question: How little opex can you spend and still get the job done?”

“Making Security’s Brand Mean Business” was the perfect title to kick off the third Security 500 West Conference. Tim’s focus on the basic issues of brand management resonated with attendees. Simple, but not easy, questions to answer included:

  • “Do you understand what you stand for?”
  • “What are you selling?”
  • “What does your product or marketing brochure look like?”

“These are the answers that take a security program from guards and cards to answering how security helps customers meet their revenue opportunities. And building this plan should include a three to five year outlook,” shared Tim.

Indeed, the goal to assure and enable business (this publication’s purpose statement) is front and center at Oracle. He is part of a three-person risk and security team that reports into the chief software architect, ensuring that all security programs are aimed at supporting business goals. Meeting the Oracle culture to ensure that customer service and policy enforcement are balanced, understood and motivated to actively participate (become a customer) in the security program.

“A key element in our planning is our ‘de-invest/re-invest’ program. We realize that each year, some in place programs are no longer necessary,” Tim said. “To avoid resourcing legacy programs that have reduced or no ROI, we review existing programs and make changes. That frees up budget dollars to invest in new ones.”

Oracle is well on its way to supporting business goals and protecting people, IP and assets through its security roadmap. More about Oracle and enabling security’s brand can be found in this month’s cover story.

In addition to Tim, three panel discussions addressed top of mind risk issues for our attendees:

  • Cyber Security
  • Big Data and Analytics
  • Sourcing: Single v Multiple vendor strategies

Joshua Belk, CSO, FBI moderated the cyber security panel and was joined by Brent Conran, McAfee/Intel and Neil Rerup, Enterprise CyberSecurity Architects. The panelists noted that the unfortunate news is that the cyber criminals are outstripping the enterprise’s ability to defend itself.

“We look for the right attitude and aptitude when we hire. Having intellectual curiosity is very important for understanding and identifying vulnerabilities and anomalies. The people who are the best at cyber security are not always the ones you would expect,” shared Brent.

Neil noted that you have to create a defense that matches your culture. “Law enforcement, like the FBI, is focused on reputation and retaining the public’s confidence. Government is focused on politics and electability, while the private sector is about brand and money.”  For more on this talent gap, check out Security’s May cover story.

 The Big Data and Analytics panel, moderated by George Booth of EBay, started with defining the topic. About a week prior to the conference, John McClurg, CSO of Dell, sent me a note suggesting that if we were going to tackle this topic, we first read, “Big Data: A Revolution” by Viktor Mayer-Schonberger; so we did (thank goodness for that Amazon one-click/two-day delivery). 

 While misunderstood by most, the definition is straightforward. Big data is just that. The interesting example in the book that was discussed at the conference was Google’s ability in 2009 to identify where the H1N1 flu outbreaks by geographic area ahead of the medical community. No understanding of medicine or flu was required to follow the searches for flu like symptoms, remedies and treatments.

Duane Ritter of Cox Enterprises led our discussion on the plusses and minuses of both single and multi-vendor sourcing for both systems integration and guarding. He was joined by Jim Mercurio of the San Francisco 49ers, Drew Levine of G4S and Wesley Bull of NVIDIA. Perhaps the most valuable learning from this panel was that there is not and may never be a “one size fits all” solution for our industry. While there are many economic and operational advantages to a single provider, there are also some risks associated with this model.

As the Levi’s  Stadium (new home of the 49ers) nears completion, Jim shared, “We have tried it both ways. With a single guard provider we felt like the first 100 guards were superior to the last 100 guards. So we split the contract and now we believe each company is sending the first 100. They are competing and the quality is better. It costs a bit more, but we feel that it is important to maintain quality.”

The 2014 Security 500 Survey will be out later this month, so please watch out for it and plan to participate. And we are pleased to announce that this year, the Security 500 Conference will be held in partnership with OSAC week. Please mark your calendars for November 17 in Washington, D.C.   

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security magazine February 2015 issue cover

2015 February

In the February 2015 issue of Security Magazine, see what other companies have learned from the massive data breach and what they are doing in the now and in the future. Also, what could adding thermal cameras to your operation do for you? and Mohegan Sun at Pocono Downs prepares for the future with security decisions.
Table Of Contents Subscribe

Tougher Cybersecurity Legislation

On January 20, President Barack Obama called for tougher cybersecurity legislation in his 2015 State of the Union address. Which of the following points do you feel is most needed today?
View Results Poll Archive

THE SECURITY STORE

Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.