Chief Linda Stump, University of Florida Education

It's a Community Mindset!

Hurricane Gustav has just missed to the left. Hurricane Hannah is about to miss to the right. Game Day is here and the Miami Hurricanes are about to hit head on.

 
It’s a Friday afternoon, and the University of Florida is about to welcome the Miami football team plus over 90,000 guests, fans, alumni and students to “The Swamp” for a nationally televised game on ESPN. While providing security for a celebrity coach, a Heisman Trophy-winning quarterback and the “The Gator Nation’s” 2,000 acre-plus campus may seem overwhelming, Chief Linda Stump (who has just briefed UF’s Board of Trustees on game preparations) and her team have matters well in hand.

   
“The greater the buy-in by the administration, the students, the fans and the community at large about appropriate and acceptable behavior, the greater the team mentality and the fewer the security problems,” says Linda.  Coordinating with the FBI, local police, state police, the U.S. Marshall’s and Secret Service combined with flawless execution delivered The Gators a safe and secure 26-3 win. “With three national championships in recent years, I wouldn’t say it is easy, but the problems become predictable and identifiable and we are able to address them,” continues Linda.  “We are fortunate to have great fans here at UF and overall, they know what behavior is expected of them, and that makes our job just a little bit easier”.

   
The has 16 colleges educating nearly 50,000 students and is one of the five largest universities in the nation. The main campus has over 900 buildings, including a major research hospital with trauma center as well as a historic district listed on the National Register of Historic Places. Security is designed to be part of the community. “We recognize the importance of each piece and give each piece equal value,” explains Linda. The security program focuses on prevention through environmental design, target hardening, appropriate and fast response and educational programs.

   
“One great aspect of our program is being part of an educational institution and playing a part in the education of students, faculty, staff and the public. We work to create awareness through teaching programs, enforcing rules and regulations and providing appropriate information to our judicial affairs process. I get to go to class and teach, to be a part of the process and to make the University the best that it can be,” says Linda. Our community services division delivers over 700 educational programs each year. They create new programs as needed and will visit off-campus apartments and provide a risk assessments and safety information.

   
Linda’s unique view is powerful. She knows the best way for success is to partner with the students who have a vested interest in their own future. They will be at the University for a relatively short four years, and their focus and goals are long term. “We have a responsibility to represent the institution proudly as an ambassador and as both police and security officers. The more you project customer service, the better off you will be when it comes to delivering security. We teach and encourage their responsibility for the greater good of the community. We get buy-in when they take ownership. That makes security everyone’s role. We consider the students, staff, faculty, and visitors, all stakeholders as part of our team to help assess a threat and communicate that to us. Internally, we have a well established assessment team, collaborating with student services and the department of human resources to analyze workplace violence threats or any other type of abnormal behavior presented to us.  The earlier we can recognize the threat and take action, the safer the situation.

   
“And the experience the undergraduates have sets an expectation of service. For example, when they return as alumni, they expect the same high levels of service from security that they experienced when they attended.”

   
One example is the SNAP escort program to meet and escort any campus visitor who is concerned about their safety. is unique because most of the funding for SNAP comes from student government, and the students have a significant voice in how their fees are spent. SNAP is well funded, pointing to its visibility and value. During the past year, over 58,900 individuals were escorted via the SNAP program.

   
Using a holistic strategy of community participation and behavior modification, the campus safety program is getting greater cooperation from all stakeholders and increasing visibility about security and safety goals. “If you are in our territory and not participating in security programs (such as using ID cards) for your own benefit, then you are not part of the ‘society,’” explains Linda, “Making this ‘your’ home and joining ‘Gator Nation’ with specific behavioral expectations and rules has been very successful. Behavior changes for the positive.”

   
They also partner with local, state and federal law enforcement. “You cannot do it by yourself. You need to collaborate and create the big picture. We consider the area ‘our home’ and share information. All of our crime analysts are connected. We communicate and trade information so we know what is happening on their boundaries,” says Linda. For example, Florida relies on good crime analysis information and  on the LINX System (Law Enforcement Information Exchange-to develop a regional law enforcement plan detailing areas of concern and how to leverage information sharing for the desired impact) to increase knowledge and improve security.

   
Leading the security initiative is not without its challenges, and Linda explains three of hers. First, is a big, public institution and has an open environment accessible by design to the public. Plus, UF has extensions and facilities across the state. Providing security constantly and consistently in such an open and fluid environment is always challenging. “We are fortunate to have a supportive administration and athletic association, both of which understand our role and provide us the resources we need. Second, the post-Virginia Tech environment has created new expectations for both security prevention and response, but also for communications. Today’s students have grown up with instant gratification and expect accurate and immediate information. We are constantly testing the best ways to communicate and what to communicate. What do you convey through the emergency system and how do you decide what information to send out? Too many messages about minor or ultimately non-events might cause complacency,” explains Linda.

   
And third, it is hurricane season. And while has withstood Gustav, Hannah and the Miami Hurricanes, more are on their way. “We need to identify and find the right emergency communication system and layered approach to messaging,” says Linda.

   
Florida benchmarks with other leading institutions including , “We are always looking for new ideas, new solutions in strategy, best practices, technology and systems. We work to avoid complacency. It is easy to spend money in certain ways year to year and not critically review that spending. We review situational risk, identify the best ways for mitigation and plan ahead to make sure we are funding the most effective programs and maximizing our value to the University,” says Linda.

   
Sometimes it’s an evolution, not a revolution. For example, as students have migrated from paper to electronic communications, the University of Florida Police Department has migrated its safety brochures to electronic delivery, meeting both the school's sustainability goals and the need to communicate effectively with the students.

   
Linda became the first female Police Chief at a State of public university when she joined UFPD in July 2003. A native of , Linda holds a bachelor's degree in Criminal Justice and Corrections from , a Master's Degree in Higher Education Administration from

   
“I am very lucky to have a great place to work and live and to touch so many people’s lives in a positive way. And the environment here is the best. It allows me to be outside all year long. I love kayaking and biking, and is a wonderful place for an active outdoor lifestyle. I also enjoy working at a University with such a strong sports program and being a fan,” says Linda.

John Petruzzi, VP Corporate Security & Emergency Management, Simon Property Group

Dave Homolka, Director, Corporate Asset Protection, Cabela’s

Retail

It’s All About the Culture!

To understand David Homolka and Cabela’s successful security organization, you have to first understand this multi-channel retailer’s unique culture and dynamic business model. For avid outdoorsmen (and women) there is no substitute for the high touch and open retail shopping experience and environment Cabela’s “ World’s Foremost Outfitter” offers. It is Cabela’s famous Outfitters (sales personnel) who live the Cabela’s lifestyle, are experts in their field and create the company’s spirit for great service that attracts customers. Cabela’s is as much a destination as it is a store with the average customer visit lasting over three hours. 

   
“Cabela’s has a real family feel to it,” shares Dave Homolka, “And what makes our stores inviting also makes them susceptible to shrink.”

   
At the same time, Cabela’s is a dynamic company with $2.3 billion in annual sales and is evolving from being a catalog/retailer to a multi-channel retailer and from a family run to a publicly traded corporation. Today, Cabela’s has 29 stores, three distribution centers and five customer relations call centers.   Cabela’s wholly owned bank manages their very popular Cabela’s Club Card with over one million members.

   
The very strengths that make Cabela’s uniquely successful were a challenge to asset protection programs for physical and logical security expertise and execution.

   
It would have been only human for Dave Homolka to approach his new role as Director of Corporate Asset Protection with a command and control mentality. Rather, Dave did not attempt to change Cabela’s culture but aligned with its unique culture to get results.

   
Dave focused his team on core opportunities: 

• The employee’s strong sense of ownership who take  ownership of the business personally
• Teaching security to senior management
• Implementing new  technology to increase awareness and understanding
• Focusing on the “Good Customer” first in all discussions

Cabela’s Outfitters care about their customers and the merchandise they recommend and sell. They pride themselves on their expertise and have a very protective attitude about Cabela’s brand and reputation. Through training and education at stores and distribution centers, policy shifts were presented in “the right way” and well received by employees. By pointing out that these changes were not an issue for the “Good Customer,” Outfitters and management have been highly supportive.

   
At the executive level, Dave worked to educate senior management on the reality of where shrink occurred by using facts and statistics to create an understanding of the problem and the opportunity to reduce loss.

   
Through this process and the discussion of the “Good Customer,” the status quo was challenged and discussions around employee theft and a liberal return policy were welcomed. For example, the return policy was changed due to non-customers taking advantage through fraud or abuse.

   
The introduction of video and surveillance, card access, loss prevention systems, audit and strong PCI adherence has also increased access to metrics and the ability to show real results to both store level personnel and corporate management.

   
Shrinkage has been reduced in a very challenging environment and is below the industry norm. By focusing on employee awareness, internal and external investigative efforts, Cabela’s Corporate Asset Protection Team has found its stride.

   
Dave focuses directly on his responsibility to the leaders, employees and shareholders to make a real tangible difference and ensure that the return on investment is measurable. He sees his role as, “All about driving progress and change through people, primarily at a distance. Ultimately we are really working to exceed expectations and it is this vision that keeps me up at night thinking about enhancements that can make it a reality.”

   
Dave’s experience as a human resources executive helped him understand how to best drive change and execution through his team.. By defining performance as “behavior plus results,” he was able to educate and get buy in and do so in a way that aligned with the company culture. Prior to joining Cabela’s in 2004, Dave worked for ShopKo Stores where he held executive leadership positions in store operations, human resources and loss prevention. Dave lives in with his wife and two daughters. True to the Cabela’s culture, he and his family enjoy the outdoors, especially fishing and camping.

Timothy J. Rigg, Director, Corporate Security, Progress Energy

Utility

Changing Roles:
The Traditionalist and Futurist Security Leader!

As Tim Rigg begins our discussion, he is at the Progress Energy office calculating the impact of Gustav that has just passed through and is assessing Hannah, Ike and Josephine as they approach the

   
“Our investments since Katrina have paid off,” says Tim. “The systems and processes that were put in place worked well and this was a tremendous test. Since 9/11 and Katrina, the concept of critical infrastructure and the new spectrum of threats and security programs to mitigate those threats changed dramatically.

   
Tim has a clear vision of the changing role of the security executive and has done an exceptional job of understanding and managing security. “There is the traditional security role which includes employee safety, workplace violence prevention, securing assets from theft as a utility or company to protect the core business. Copper wire theft is one example, our field employees being attacked by angry customers is another.

   
“Utilities are part of the community and we interact with them in many ways. As a service company we must provide security on our properties for our employees, customers, visitors and assets,” says Tim. “In addition to our security programs, we use education and training to create awareness and provide a safe and secure environment.

   
“And there is the post 9/11futurist security role to protect critical infrastructure against terror, well coordinated attacks and large scale events that would change the landscape forever in terms of life and freedoms. This mix of roles and possibilities keeps me up at night. It is key that complacency does not set back in to security programs.”

   
Tim is responsible for the administration of the Corporate Security function at Progress Energy including investigations, physical and electronic security, business continuity, crisis management, pre-employment background investigations, drug and alcohol testing, workplace violence prevention and response, and executive protection.  He has been with Progress Energy since 2001.

   
Progress Energy is headquartered in and is a Fortune 250 energy company with more than 21,000 megawatts of generation capacity and $9 billion in annual revenues. The company will observe its 100th anniversary in 2008. Progress Energy includes two major utilities that serve more than 3.1 million customers in the Carolinas and .

   
Tim’s responsibilities are broad including disaster recovery, emergency management and regulatory compliance. Security is required to navigate through the increasing volume of security related regulations including MTSA, CFATS, NERC CIP and others. “At a minimum, we have to evaluate a regulation’s applicability and then create a compliance effort if indicated. For example, the Chemical Facility Anti-terror Standards may or may not have applied to us, but it is our responsibility to determine this and take action,” states Tim. “We also plan for the unforeseen including emergencies involving employees during international and domestic travel. Disaster recovery and emergency management is also core to our role. In many situations, we take the lead in planning and preparing for emergency response. Which we have been doing here as a result of Gustav this past week.”

   
Tim is active in the utility and security industry as well. “I think there are exciting challenges in this dynamic profession. Keeping up with the change, becoming an enterprise-wide, high value part of the company, setting strategy for security as well as business continuity and emergency management. The operational challenge is having the ability to effectively evaluate and monitor risks on a continuous basis. The executive challenge is to show how security fits into the business and present yourself as a prudent leader in the company.”

   
Progress Energy’s security department measures value through benchmarking with other like utilities against industry guidelines. They ensure regulatory compliance and site examples where security transcends the business. “Our CCTV system is utilized for an operational view of critical equipment or gauges without having to physically go to a facility.”

   
Tim appreciates the value he gains by participating on the Edison Electric Institute’s Security Committee, which addresses impactful issues facing security leaders at utilities. “We discuss best practices, concerns and core issues. I find the exchange of information to be very helpful,” says Tim. He also knows that the learning process never stops for security professionals.

   
Tim received his Baccalaureate Degree from in 1991 and his Masters Degree in Business Administration from Rigg Argosy University Sarasota in 2003.  He has also graduated from the Executive Security Leadership program at and Corporate Leadership programs at both North Carolina Chapel Hill.  

   
He is Board Certified in Security Management, a Certified Protection Professional. He is a member of the International Security Management Association, ASIS International, and represents the interests of Progress Energy on the Edison Electric Institute Security Committee and the North American Electric Reliability Council Critical Infrastructure Protection Committee.  

   
“I love my job. There is something new to do everyday. It is evolving and changing daily with a high degree of accountability,” shares Tim, as he turns his attention back to The Weather Channel and the current security emergency.

Bob Moraca CPP, CFE, Director of Security and Business Continuity, Sunoco Inc

Energy

Thinking like a Wolf to Protect the Sheep!

From protecting critical infrastructure at the world’s largest refineries to preventing shoplifting at the most rural Sunoco A-Plus Stores to creating TWIC credentials for over 5,000 employees, Sunoco’s Corporate Security mission and program, led by Bob Moraca, is challenging and exciting, 365/24/7.

   
As Bob and I sit down to meet he is preparing to meet with Sunoco’s new CEO, and introduce her to Sunoco security. “I know and am well prepared to start all over again. Who I am. What security does. How do we create value for the business units?” shares Bob. “We are organized to support and provide security for our “customers” and measure the value we contribute.”

   
Sunoco is a complex organization with five business units and annual revenue near $45 billion. Headquartered in , Sunoco’s five business units include:

• Refining and Marketing Petroleum and Petrochemicals
• Retail and Marketing at over 4,700 sites including over 650 A-plus stores
• Pipelines (Over 5,500 miles) and 38 Product Terminals
• Chemical Plants manufacturing intermediates for fibers, plastics, film and resins
• Cokemaking Facilities in the using Sunoco’s patented technology     

“We recognize each business unit as a unique customer and also identify the constituents within those business units as our customers including employees, consumers, visitors, our executive team and the public in general,” says Bob. “We had a great opportunity two years ago when Sunoco moved its corporate headquarters into a new building.” Security was able to leverage new technologies, implement new systems, develop an emergency video and issue Personal Evacuation Kits that include mask, water and flashlight as part of their emergency management training education.

   
At their refineries, chemical and coke plants, security has created a matrix that works well. Corporate security sets the standards and policies with a dotted line to each facility. Local security professionals report to facilities management enabling a more productive and integrated relationship with the business units; it is a true team effort.

   
Bob also works closely with government authorities and joint-terrorism task forces including the local Infragard chapter. As a major energy company, Sunoco is beholden to many government regulatory policies as well as non-government programs. “Before 9/11 we were well down the road with the American Chemical Council’s Responsible Care Program conducting risk assessment, auditing our programs and providing a voluntary layer of security. Enter DHS and regs such as the Maritime Transportation Security Act requiring, ‘sites adjacent to a navigable waterway’ to be regulated which impacted thirteen Sunoco facilities. Parts of the regulation mirrored the American Chemical Council program but raised the question, Do these new regulations make us more secure or just cost us more money?

   
Bob took the initiative to work within his industry and directly with government organizations to educate government and affect the outcome. “Partnering with the government to make regulatory policy practical is the right way to go,” says Bob.

   
”It’s been a good relationship between the American Chemistry Council, Sunoco and the government.”

   
For example, during Hurricane Gustav, DHS and FEMA provided daily briefings to Energy Critical Infrastructure member companies and held Q&A sessions. “This was a great benefit for Sunoco to have their eyes and ears share information with us each day,” says Bob. “Another example of cooperation was during Hurricane Rita in . The Public Safety Commission created a ‘letter of passage’ that enabled our company representatives to get to critical infrastructure without being held up by local authorities or other red tape.

   
“My team and I are the law enforcement liaison for Sunoco with DHS and other entities. It is my responsibility to have these networks in hand, know the people, build relationships and be prepared well before emergency response is indicated,” states Bob.

   
Another example is the Transportation Worker Identification Card (TWIC), which impacts over 5,000 Sunoco employees. Working closely with DHS, the TWIC center was moved onto Sunoco premises speeding the process.

   
At the heart of Sunoco’s security program is its and Central Monitoring Facility. “After 9/11 we moved the center from our high-rise office tower to a secure remote location. That was one of the lessons learned from 9/11 when both EOCs were destroyed. Sunoco’s EOC includes a retail intervention system featuring electronic first responders who can observe in store activity and intervene. Over 10,000 retail employees are trained on the systems and the use of remote panic pendants. The electronic first responder system enables corporate security “Intervention Specialists” to come on over the audio system and announce their presence. This has been a huge deterrent to criminal and negative behavior.

   
The intervention system has had direct business value, too. Regional managers typically supervise and visit ten stores. Using the video system, they are able to visit stores remotely which has contributed both bottom line cost savings and increased productivity. The system also views shopper behavior and was used for a study to improve ergonomics and increase point of sale revenue at a fraction of the cost of an onsite study.

   
Security also secures employees during overseas travel, especially near their coke plants where crime risks may be elevated. Sunoco’s contract with ControlledRisk24 who provides current information to traveling employees and enables them to get emergency assistance. Bob also relies on educational programs at all levels to increase awareness about protecting personal safety, corporate facilities, intellectual property and other at risk assets.

   
Bob started in law enforcement and earned his MBA after which he joined the private sector. He joined Sunoco twenty years ago and loves his job. “Everyday is different. I don’t know what will happen next. The challenge is a rush and I love doing this 24/7,” says Bob. He is the Chair of Sunoco’s Workplace Violence Committee and represents Sunoco as the Chairman for the local Citizens Crime Commission.

   
Among Bob’s concerns are industrial espionage firms that are now calling themselves competitive intelligence organizations. “Since they are reaching out to us, I assume they are contacting our competitors,” says Bob. “And this opens a whole new set of issues. If we hold a meeting at a hotel and the meeting room is bugged, is that illegal? It’s high-tech dumpster diving and we need to protect against it.”

   
Sunoco security’s greatest challenge is that each of the five business units has diverse and unique security requirements. He needs to manage each while seeking economies of scale. “There is an old saying that in order to protect the sheep, you need to think like a wolf,” says Bob. “That is still true today. We ask ourselves what would the criminals, terrorists, disloyal employee, etc., do? We identify risk and prioritize what to protect. We build the onion skin around those at risk areas and secure them.” 

Lori Hennon-Bell, Vice President, CSO, Prudential

Financial

The Great Balancing Act: Preemption, Response, Business Continuity and Crisis Management

For a person who has a world-class track record having made a difference in the state of , Lori Hennon-Bell is well suited as Prudential’s Global CSO. Since she joined Prudential in August 2005, the only constant in Prudential’s security program has been change for the better.

   
“The first initiative was to change security’s focus toward preemption. While we continue to have excellent response capabilities, our goal is to assess risk and then proactively mitigate it,” says Lori. There are many pieces to Prudential’s strategy to make this vision a reality and Lori and her team are putting the pieces together and achieving their goals. Complexity recently was added to the program when disaster recovery and an extensive revision of the crisis management program were added to Lori’s role.

   
While the security team’s big picture changed to get out in front of risk and prevent events from happening altogether, Lori implemented numerous other programs to complement the preemption strategy.

   
“We support vendor due diligence and we provide background investigations. We have programs to prevent violence in the workplace. Prudential corporate security also acts as a consultant to the field offices that are operated outside of our company. They use our procedures and guidelines to ensure proper levels of security are maintained enterprise wide. And we have total responsibility for Prudential owned worldwide properties as well as our home office employees.” says Lori.

   
Lori considers all the associates at Prudential among her “customers” including the executive team, investors and the public at large. “We work to create an environment for someone to either invest in Prudential or become a client by reducing risk and ensuring security,” explains Lori.

   
Most of Prudential’s security resources are focused in . However, the company’s  first international regional security director was hired in December 2006 in . “Adding this position taught us a lot about operating security in an international locale. We learned about the regional culture through a person familiar with it, and that was powerful for us. In an environment where either higher risk or lesser security is normal and tolerated, we were able to understand that culture and work with it to reach our security policy goals,” says Lori.

   
Her background in the New Jersey State Police as a Lieutenant Colonel in the Homeland Security Branch exposed Lori to complex matrices and politics. “What is important is knowing how to get things done. You learn that in a large organization like the state and that enabled me to manage well in my new role and environment,” says Lori. “Prudential is a great place to work and there is strong support for security’s role to protect the organization and its stakeholders.”

   
Managing global security at Prudential has its challenges and Lori will be the first to share that the work is never done and the threats are never gone. Changing security’s vision toward preemption required constant risk/threat assessments and global analysis. Lori and her team constantly ask, “Does this information have any impact on Prudential’s associates and stakeholders?” They have balanced their security resources to support and ensure business operations and be certain the mitigation programs are working.

   
A core part of the new effort’s success is collaboration with peer departments including IT and facilities, for example, and initiating public/private partnerships within where they are headquartered and with expansion plans in other locations where they do business. “We have a technology team in security that works with a team in IT that is dedicated to corporate security to bring corporate security’s objectives together with the Prudential platform,” says Lori.

   
The goal of their investment and strategy is to push danger out to the farthest perimeter and create a security culture. “We are focusing on preemption but also continue our work to be excellent at response,” explains Lori. “ The change in our focus forced our team to go back and realign our resources with our goals to meet risks. It also gave us the opportunity to measure our performance. We get customer satisfaction surveys from our associates and make changes based on their feedback.”

   
Lori is both visionary and extremely detail oriented. While her vision to improve Prudential’s global security through preemption is executed, her focus on the steps to get there is impressive. “We changed the security officers’  uniforms, which doesn’t sound like a big deal, but as a result of the change to new uniforms, our officers presented themselves more professionally and our associates had a stronger buy-in to our security culture,” explains Lori. The uniforms were not the only change made. Their officer standards were increased and the training program was redesigned. Officers are focused on a full spectrum of skills from meet and greet customer services to evaluating risks presented to responding with appropriateness and excellence to events.

   
“Security can be fearful, but when you bring the attributes of customer service to it, you receive information. You can never minimize the value of that information. It is vital that it is brought to our attention and we are able to analyze it. The customer service oriented program is designed to gain buy-in and receive more information,” explains Lori.

   
She also changed to environmentally friendly patrol vehicles to align with Prudential’s green program and reduce costs. Prudential uses hybrids, bicycles and three-wheel scooters for its security program.

   
Her current challenge and integration program is to bring the significant investments in technology and people together to maximize efficiency and security. “Our video analytics can provide critical information to officers, allow us to better allocate resources and alert us when we need to be alerted,” says Lori. “By taking a holistic approach to security and leveraging technology, we are able to achieve our goals and better allocate our resources.”

   
Prudential’s public/private partnership outreach is creating synergy in with emergency services focusing on both prevention and response. “Knowing the people that you need to work effectively with during an emergency beforehand is invaluable,” shares Lori. “Having these relationships allows all of us to communicate and expand security.”

   
During Lori’s tenure at the New Jersey State Police, she was responsible for building The Rock (Please see Security June 2008 “New Rocks”) from a planned EOC into the broader intelligence-sharing center it is today. At Prudential, she oversees the company’s EOC and considers it one additional tool for delivering security 365/24/7.

   
Married with two children, Lori believes parenthood has also prepared her well for her career. “Being a parent requires you to take a leadership role. That experience is important and helps to balance both family life and a very demanding executive role,” says Lori.

Dennis Treece, Colonel, US Army (Ret), Director of Corporate Security, Massachusetts Port Authority

Government
 

Meet The Director of Corporate Security, Emergency Manager, COOP Manager and Director of the of

Everyone who visits or works at the many air and seagoing facilities is a customer of this department. Approximately 62 million people, including those that go back and forth on the bridge daily, are considered our ‘customers,’” explains Dennis Treece of Massport. “We have the responsibility to ensure that Massport’s $8.7 billion annual economic impact to this region and the people are not at risk. That neither commerce nor life is interrupted.”

   
Dennis is a former Army Intelligence Officer where he spent 30 years, embraced technology and wrote the Army’s first Information Assurance Procedure manual for Internet security. As Director of Special Operations at Internet Security Systems he defended F1000 networks. Since joining Massport in 2002, he has used his expertise in both physical and logical security to harden Massport through improved communications, policy and procedures and technology and security systems. Dennis wears many hats including Director of Corporate Security; he is also the Emergency Manager, the COOP Manager, and the Director of the

   
“9/11 and Richard Reid the shoe bomber raised the bar considerably. Everything has changed. Threats are taken more seriously. Regulatory policies and agencies including MTSA, ATSA, DHS and TSA have been created. The impact on airport operations requires more time and energy securing both physical and logical property,” says Dennis. As a result, Massport has invested over $210 million in capital security upgrades since 911 and has a $75 million annual operating budget.

   
The impressive Department of Corporate Security at Massport’s Enterprise Security Program includes both physical and virtual. The security team consists of 340 security, law enforcement and fire-rescue personnel, with each business line (aviation, maritime, bridge) responsible for its own security under the staff supervision of Dennis. The Department runs the Transportation Security Technology Center of Excellence, a high-tech test bed that seeks to find and improve on promising new security technologies by observing their use in active sea and airports.

   
Massport includes over $10 billion in critical infrastructure including three airports, three container terminals, three city parks, over 53 miles of perimeter and 162 major buildings. “As a result, Massport has made a huge commitment to security. Over 14 percent of gross revenue is invested in security,” says Dennis.

   
“We have received and tested over 78 new technologies in the past six years. We test for 30-90 days, give feedback to the manufacturer and tell them how to make their solutions better,” explains Dennis. “One common and expensive problem is when people leave the secured terminal, realize they forgot something and turn around and walk back in creating a breach. The whole terminal has to be closed. Planes held at their gates risk missed connections and adding to tarmac congestion as planes land and wait for those gates. It’s a very expensive problem.

   
“For example, we are testing two innovative solutions. One is a camera system from Cognex that detects and follows the person so security can find and stop them. The other is a door system from Gunnebo that does not slow passengers as they leave but does prevent them from reentering the secure area,” Says Dennis. The goal is to eliminate breaches entirely to save time, money and better apply resources.

   
“There is no silver bullet for solving security risks and issues. But we continually work to harden Massport as a target,” says Dennis. “We want those considering illegal and/or terrorist activities at Massport to be stopped by using the Teflon defense: We work to drive the bad guys elsewhere.” Since 9/11, Massport now has a 10-foot high cement, crash resistant fence, which replaced a chain link fence. Their 6.5-mile waterside perimeter is protected by an infrared protection system that cost over $7 million. And the 148 state police (paid for by Massport) carry submachine guns.

   
“When you ask what keeps me up at night, I think it is a reflection of the security programs we have put in place,” explains Dennis. “We have no visibility into the next attack. We don’t know what it looks like. Where it will come from. How it will be conducted. So we have to defend against all possible attacks all of the time. In fact, every day that passes safely means we are one day closer to the next attack.”

   
Massport measures both the cost and the revenue generated by the security program. Using Generally Accepted Accounting Practices they access their financial database with predetermined, formulated queries that report exactly how much the security program is costing. They understand the actions taken by the security team whether it be in response to criminal activity, an exercise, a major fire, etc. and to translate activity metrics into performance evaluations. Massport Corporate Security analyzes in detail the 200+ metrics lines for year over year and month over month expenses, equipment reliability, response times, and the like.

   
Those 200+ metrics are critical for success. “Personal analysis of the metrics is key to understand what is changing and if that change an improvement or a detriment. If the change is for the worse, then we decide what to do about it. Having reliable and consistent metrics year over year allows us to make sure our stakeholders understand and are satisfied with our performance,” says Dennis.

   
“We recognize that security is volumetric making measurement a challenge. For example, counting how many people use a facility each day is necessary to measure performance. We need this information for insurance and exposure purposes. We have engaged the stakeholders to collect and report it so that we can measure activity against performance,” says Dennis. “I call it the Lighthouse Paradox. As ships safely navigate past the lighthouse that does not mean you don’t need the lighthouse. It means the lighthouse did a great job.”

   
Communication is also a critical component of Massport’s highly successful security program. Dennis chairs a daily meeting with all stakeholders including police agencies, government bodies and private companies. “This is a great forum with 80-100 people to address security issues and communicate,” says Dennis. The meeting begins with a structured agenda with reports from the FBI, airport directors, airlines, TSA, legal, FAA and even baggage handling. The meeting includes an open forum and Q&A to cover any and all security issues. Massport also engages employees to be security players. “We recognize employees that contribute to security via a poster with their picture and noting their contribution in making Massport a safer environment.  Everyone is trained to take ownership and be responsible for a secure environment,” explains Dennis.

   
Wearing many hats, having 365/24/7 responsibility and managing a $75 million operating budget is challenging, but Dennis enjoys it. “In the army we changed roles every two years at the most. I had 15 different careers in the army. In the private sector you might do the same job for 30 years. This is the best of both worlds. Everyday is different and the role is always evolving. I love that I can make a difference in helping key transportation infrastructure become safer and more resilient. Our passengers, employees, visitors and our economy benefits because we remain open for business,” shares Dennis.

   
Dennis clearly sees the industry’s biggest challenges. “We have a generation of security directors from physical security that do not know technology such as frame rates and bandwidth and network security. Security executives cannot survive today without understanding the ins and outs of security technology.  I am eager to see the profession become equally comfortable at locking down a file server as a parking lot,” concludes Dennis.