Wendy Bashnan’s robust global security experience matches her level of humility and down-to-earth personality. Bashnan spent decades with the Diplomatic Security Service, having spent time in Belgium, Iraq, China, Venezuela, Egypt and Eritrea. In addition to working across the globe, Bashnan also held senior leadership roles with the Diplomatic Security Service (DSS), ranging from leading more than 900 employees as a Deputy Assistant Secretary for Training to serving as Deputy Assistant Secretary General for Security for NATO in Belgium.
It was no surprise that Bashnan made a smooth transition from government leadership to corporate leadership, first as the Chief Security Officer (CSO) for Nielsen. More recently, Bashnan has taken the helm as Director of Security and Fire Protection at Scout Motors, where she has the opportunity to put her creative and innovative skills to a “greenfield” of work on a daily basis.
How would you describe your transition process going from federal law enforcement into the private sector? Was there anything about that transition that surprised you?
For me the transition was easy, but I also didn’t initially go into it thinking about it in a phased element. And I think there is a phased approach to the transition — it’s not just as simple as saying, “Here’s my resume. Here’s the experience I would bring. Interview me. Hire me.” There’s a learning process to the difference between the government and the private sector. The nomenclature is different. Security is the same, but they talk about it differently. And they use it differently. When I first started, I didn’t get this right. I thought you just did one resume and sent it out. But, I learned that you need to have multiple resumes that line up to what the business is that you’re focusing on, using the language that they use in the job descriptions.
You’ve recently transitioned into a new role with Scout Motors. How do you adjust your security leadership approach based on the differences in the industry itself, in this case being automotive?
The importance of communication to me continues to exponentially increase as the world is evolving around us. Our necessity to be able to communicate with the business, who are our customers, is vital. Not everyone thinks with a security brain. Some people think with a finance brain. Some people think with a compliance brain. We need to be able to talk with them in a way that makes sense to them. You need that empathy, and you need to be able to listen and build trust. Learn the business and learn what they want or need to do. Communication is not about me talking “at them,” it’s about listening, and then being able to bridge the brains.
Then, the goal is to build security empowerment into the DNA of the business. Many times people will say, “We just need more security.” I think for me, I prefer being a small team, because we’ve built champions within the business, and we’ve put security into the DNA of the business. I don’t have to be this huge security team that’s constantly looking over everyone’s shoulders if everyone understands their role.
What is your strategy as a Chief Security Officer when it comes to gaining trust and access to non-security senior leaders of the business?
First, you need to be resilient and you need to work your angles and opportunities when they come. You need to be organized, and have your elevator pitches. You need to be prepared and seize the opportunity when the opportunity is there. The other element is, leaders have many other things going on, and their focus isn’t always going to be on us. Sometimes, you may need to take it down a notch or two or three in the pecking order.
At my previous company, I noticed that they had a very vibrant and engaged employee resource group. I became very active in a lot of those groups, because I wanted to understand what their issues and problems were so that I could help make them feel empowered to what they can do for security and for themselves. In doing that, that message gets louder without actually having to go to the CEO. I looked at it as a top and bottom approach, so that everyone can hear and understand the message.
Also, it’s important to recognize that sometimes, it’s not as important for me to talk directly to the CEO, but it’s very important for my boss or another executive to understand the issue, and for them to use the opportunity to bring it up in an executive committee meeting. Sometimes, it needs another champion to help prioritize or bring up the issue, and sometimes that’s enough. It’s not always about me getting direct access. It’s more about who is the right person who can champion the cause.
From your perspective, where do you see the corporate security, risk and resilience function going in the next five years? What do you see as some of the most important priorities?
I think technology and artificial intelligence (AI) and how we use these are going to be critical for our success now, five and 10 years down the road. There is a frantic pace of evolution that is happening. This shouldn’t be catching anyone off guard. I think we have to make it clear that we aren’t trying to replace humans. I think our message should be that we are trying to optimize human beings. I want to be agile, lean and adaptable. It’s better for me to operate with 10 optimized people who can use technology and AI in a smart, effective, impactful way than to have 100 who just stand there in a very myopic way, thinking this is my job, this is my role. For decades, we have been creeping away from guns and guards. We have to move into the mindset that we are not an add-on to the business, but we are part of the DNA of the business. We have to show people the value and impact that we are bringing to them. The challenge will be how we message that, and how many champions do we build in that process.
What advice would you give to someone who aspires to one day be a Chief Security Officer?
Being a security professional is not just black and white. You need to understand security principles, but you also need to understand business principles. You want to be a CSO? Get a minor in business administration because you need to be able to speak business when you’re communicating. The other thing is, get a minor in communications. Focus on your knowledge of business and your knowledge of communications to blend them in with your desire to be an expert in the field of security. Security will continue to evolve, and will be less and less about the “perimeter.” We need to understand security is not just the hardware. It’s also the brain behind what we use as humans. If you can do that, you become a better partner within the business and will be able to communicate the value that you bring.