In a moment of weakness, some of us naturally rise to the challenge, while others see a vacancy in something they deem important and strive to fill. Whichever type, leaders initiate communication, create partnerships and guide his or her team toward success.
Our industry’s leaders are those we read about, hear about or speak about. This is Security Magazine’s third annual Top 25 Most Influential People in the Security Industry list for 2008, which includes government leaders, industry authors, CSOs and research pioneers, to name a few.
Many of this year’s Top 25 emphasize communication as the key to a successful security outfit, while others insist on partnering within the industry. But all of those listed here have brought something to the table that has spurred his or her team on as a necessary portion of the entire picture. Read on to see who you should partner with in the coming years.
#1: Robert W. Bastida, Senior Director Corporate Security, Oracle USAAs Senior Director Corporate Security, Robert (Bob) Bastida’s focus is physical security in the protection of critical infrastructure, assets and personnel for Oracle Corporation.
In his time at Oracle, Bastida has expanded Oracle’s corporate security program from a corporate headquarters security program to a global program. He propelled Oracle’s background screening initiative as well as Oracle’s travel and security assistance program. Bastida has also established a global security standard for access control and security video.
“The corporate security professional of today must be a facilitator of security solutions that lend to stockholder value. Not just with the return on the investment (ROI) equation, but also to draw a picture of security risk, compliance and to move the company forward. Examples are the convergence of your physical and logical systems and the reduction of manual processes and operations for automated possesses.
“The convergence of your physical access control systems (PACS) and your logical or network access provisioning systems ensures a single identification for employees and contingent workers. This identification can be granted physical and network clearances based on job description, position in the company or location.
“To get there your company needs to consolidate systems through an organic process and/or place a rule-based engine on top of your enterprise to connect those disparate systems.
“The need to move from manual processes to automated processes for on boarding and off boarding employees in your PACS and your logical account systems goes to ensure proper provisioning.
Assigning clearances and network accounts manually by multiple persons in multiple countries is risky. Reducing headcount is your ROI, reducing manual strokes and assuring global automated processes reduces your company risk. Reporting for compliance regulations becomes globally possible, accurate and performed at a reduced cost.
#2: Norman Bates, Founder, Liability Consultants
Almost single-handedly, Norm Bates defined
premises security liability for thousands of enterprises, their security
organizations, risk management, in-
surance companies and courts of law.
“The fear of liability has long been one of the strongest motivators for business to improve their security programs. But, that’s not necessarily a bad thing.
“I feel that it’s most important for security professionals at all levels to understand what these lawsuits are saying about their security programs. It is essential that security professionals learn from these court opinions and use that information to improve, adjust and alter the approach they take to address the risk of crime at their properties.
“One of the most significant changes in the security industry has been the development of security standards and guidelines, which more clearly delineate the scope of a business owner’s responsibilities. And although there were those who fought the effort to establish standards, the security profession has been upgraded into a more viable and respected industry.”
#3: Bruce H. Bonsall, VP and Chief Information Security Officer, MassMutual Financial Group
With more than 20 years of experience in information security, Bonsall is VP and Chief Information Security Officer for Mass Mutual Financial Group, a global diversified Fortune 100 financial services company. He is responsible for all aspects of information security, including establishing vision, strategy and policy setting, security infrastructure, education, awareness and identity and roles management.
“The security leaders of tomorrow must capitalize on the experience of those who have gone before them. They need to build on that experience, while at the same time, prepare for transformational technologies and new business models. They need to not only be open to change, but also need to embrace and gear up for it. People who lead security functions should blend business acumen with a deep understanding of risk management methodologies and a solid understanding of the technologies that enable and drive businesses. Security leaders today need to operate in an interconnected world and a global economy.
“The pace of change will only increase as will the variety of threats facing businesses, agencies and institutions. Security leaders need to work together and leverage each other’s knowledge and experience for their own sake and that of the greater good. There’s far too much at stake to try going it alone. The days of teenage pranksters are behind us. Our adversaries today are well organized, well equipped and motivated by financial gain and, in some cases, extreme ideology.”
#4: Roy Bordes, President, The Bordes Group
Roy Bordes, who died early this year, gave three decades to the industry as he spread his knowledge and integrity and mentored scores of individuals.
As Steve Hunt, Security Magazine’s columnist and author of the SecurityDreamer blog, said, “He taught us how to apply innovation to traditional problem solving. The security industry lost a giant with the passing of Roy Bordes. His work as a narcotics agent followed by 30 years in the security industry is enough reason to highly regard Roy's work. But his real mark was left by the clarity he brought to all of us.
“His efforts to analyze, organize and demystify new security technologies each year at the ASIS show – an annual speaking event – showed us how to think about innovation. He looked at innovation with a critical eye, never letting us lose sight of the problems we were here to solve. For Roy Bordes, security was not just a job; it was an important service making the world a better place. We'll miss you Roy."
The M.D. Anderson Cancer Center is accepting donations in his memory. Send checks to M.D. Anderson, 1400 South Orange Ave, MP700, Orlando, FL, 32806, attention Mike Mangan.
#5: Jerry Brennan, Managing Director and Founder, Security Management Resources
Jerry J. Brennan is the Managing Director and Founder of Security Management Resources (SMR), an international recruitment firm focused exclusively on professional and executive-level corporate security positions. In addition to his success at finding and placing the most significant security positions at all levels, Brennan himself was a very accomplished security practitioner.
“For more than 30 years I have worked to change the traditional expectations of a corporate security function and how organizational management perceives it. I further believe that by recruiting, selecting and placing high-quality, forward-thinking security leaders, we can more tightly integrate the future of the role of corporate security with the organization’s business processes.
“I would first emphasize the importance of recognizing the difference between management and executive leadership. A leader is a visionary, someone who can drive strategy and who understands the levers of power in the corporation, and someone who can clearly articulate his or her vision. There’s a lot of marketing involved in that. A manager has to think strategically as well, but there you’re dealing with people leadership, results and personal leadership, effective delegation, rewarding performance, developing employees. Many executive positions today ask for a combination of leadership and management skills, but it’s important for the security professional to clearly understand the differences between them.
“In my view, the security leader is in a unique position to learn the entire workings of an organization. As a part of the analysis and assessment process to measure risks and vulnerabilities, the CSO can touch and develop relationships in every corner of an enterprise.
“Transparency, trust and relationships coupled with the open sharing of knowledge will aid in the advancement of the profession.”
#6: William Bratton, Chief of Police, Los AngelesChief Bratton oversees the third largest police department in the United States, managing just over 9,700 sworn officers, nearly 3,300 civilian employees and an annual budget of well over $1 billion. The Department has also developed one of the most comprehensive and effective counter-terrorism operations in the country.
The only person ever to serve as chief executive of the LAPD and the NYPD, Bratton led the development of COMPSTAT, the internationally acclaimed command accountability metric system that uses computer-mapping technology and timely crime analysis to target emerging crime patterns and coordinate police response. The concept has been adopted across the country.
“The concepts and systems that now serve police agencies around the world evolved first an insatiable appetite to understand crime, fear of crime, reduction strategies and measures of police effectiveness.
“I inherited a police department largely isolated from its counterparts in the security industry. Even in a post-9/11 world, the critical infrastructure protection plan was merely a confidential list of high value and vulnerable locations in the region. In short, there was no plan. If the flow of communications between police agencies was inefficient, communication between police and private security was practically non-existent. From my first day to the present, I have continued to advance the concept of critical infrastructure protection. ‘Archangel,’ as the operation is known, is vitally dependent upon public and private entities that are on speaking terms. There can be no, ‘us versus them.’
#7: Jeanne Clery, Inspiration, Security On CampusHer tragic dorm room murder set in motion the most influential security-focused not-for-profit Security On Campus (SOC), started by her parents, led to the first ever federal law that mandates open college crime reporting.
According to SOC’s Executive Director Jonathan Kassa, “Security On Campus has made a dramatic and far reaching impact on college campus crime reporting, campus crime victim rights and prevention initiatives to reduce campus crime over the past 21 years. Today, it remains the first and only nonprofit organization dedicated to the prevention of criminal violence at colleges and universities nationwide through educational, awareness and policy initiatives.
“At the core of efforts is the groundbreaking 1990 legislation originally known as the Campus Security Act. Renamed the Jeanne Clery Act in 1998, in memory of the 19 year-old student, this federal law requires institutions of higher education to release campus crime statistics and security policies to their current and prospective students and employees. Prior to this time, only 4 percent of colleges publicized this information; today, over 6,000 institutions of post-secondary education report crime statistics annually and are held accountable by the U.S. Department of Education for doing so. SOC’s Web site provides access to a comprehensive database of these crime statistics and other pertinent information.
“Guided by the principle that crime awareness can prevent campus victimization, SOC has continued to advocate for more stringent campus security measures and has been the driving force behind several amendments to the Clery Act. Through continuing bipartisanship support and the efforts of partners, in August 2008, Jeanne Clery Act Amendments were signed into law, including better emergency response and notification planning, as well as additional refinements to better address campus safety challenges.”
#8: Chuck Collins, Senior Manager Assets Protection, The Cheesecake Factory Inc.According to restaurant store colleagues and others, Chuck Collins has created the pattern for the new security leader in today’s economic times. As a department of one, he encourages local non-security managers to be part of the security team, and has been a visionary in implementing software as a service.
“I have responsibility for 158 restaurants with annual sales in excess of $1.6 billion dollars. Throughout my career, I’ve used technology to improve security, manage risk, reduce costs and improve efficiency. A big fan of exception based reporting systems, I’ve developed and implemented a ‘Security Risk Factors Report’ that identifies potential threats to the corporation’s financial assets and rely on the e-services from my alarm provider to manage all of his alarm systems.”
He has set the pace for security at restaurant chains nationwide. “My philosophy of being a business professional and working closely with all departments within the organization has resulted in the implementation of technology which has significantly increased the security of the guests, employees and corporations.”
#9: William Crowell, Retired Deputy Director of the NSA and Industry AuthorWilliam Crowell retired as the Deputy Director of the National Security Agency, where he held a series of senior positions in operations, strategic planning, research and development, and finance. Crowell was also involved in the establishment of the National Encryption Policy, which sought to balance personal privacy with national security.
“For the last 11 years, I’ve been an expert in a large number of security technologies – particularly, in the physical security world, in the areas of video surveillance and automated detection of events in video surveillance systems; and in the network world, in identity management, encryption, network intelligence and software assurance. Because of this expertise, I have had the opportunity to be influential in the development of the Comprehensive National Cyber Initiative (CNCI), which was approved by the President in an executive order earlier this year and which will considerably magnify the U.S. government’s involvement in and attention to security, particularly of networked systems.
“Another area of note is my service as Chairman of the Senior Advisory Group to the Director of National Intelligence. Another skill I feel is useful to the industry is my background in attacking complex networks and systems. I did that for a living for a large portion of my life, sanctioned, of course, as part of the intelligence community. But that gives me a unique perspective on just how secure various technologies actually may end up being. A lot of these technologies have holes or other flaws, waiting to be discovered by the attackers, and without the experience that comes with having attacked such systems; you tend to simply believe in the technology instead of testing it.
“Despite the increasing threats to the network infrastructure that underlies our businesses, military and government operations, the security industry remains largely a fragmented set of technologies and systems that are not highly integrated nor thoroughly tested in the myriad environments in which they have to operate.
“Our security industry needs to build more complete solutions that offer customers the ability to protect valuable information whether in transit or at rest, and from attackers who may be international criminals, state-sponsored aggressors, terrorists or insiders who may have all sorts of motives for their actions. Like the transportation industry in the past, it will take time, consolidation and standards to achieve these advances.”
Crowell has recently co-authored a book called Physical and Logical Security Convergence.
#10: William (Bill) Cunningham, Author, Hallcrest Report and Hallcrest Report IIThe founder of Hallcrest Systems, Bill Cunningham authored two of the most influential books to impact the security profession. For the first time in a definitive manner, he drew a detailed picture of private security operations, technology, trends and comparison to law enforcement. The prestigious International Security Management Association honored Cunningham with its Distinguished Achievement Award. More recently, he has been a national leader spurring private security and law enforcement collaborations, working closely with the Department of Justice’s Office of Community Oriented Policing Services.
“When security and police organizations work together, pooling their technology and strengths, the result exceeds what either group can accomplish alone. Such partnerships pay rich dividends.
“Security works in certain critical areas that police simply cannot cover because of a lack of human resources, a mandate and/or technology; and security is a growth industry, whereas local and state law enforcement is not projected to grow significantly in the future.
“The combination of increased demands and stagnant or declining police resources makes it clear that, now more than ever, law enforcement agencies must pursue all avenues for collaboration with the security industry, as well as with each other.”
#11: Park Dietz, M.D., M.P.H., Ph.D., President, Threat Assessment Group, Inc.; President, Park Dietz & Associates, Inc.; Clinical Professor of Psychiatry and Biobehavioral Sciences, UCLA School of Medicine
Dr. Park Dietz has been a pioneering researcher and consultant on threats, stalking, workplace violence prevention, product tampering, kidnapping and executive protection. Uniquely educated in medicine, forensic psychiatry, criminology, public health and criminal behavior analysis, Dietz brought all of these fields to bear on solving the problems corporate security executives face with product tampering, extortion and threats of violence.
“The challenges facing us in the coming years stem from global economic forces and the universal failings of mankind. The recession is going to increase rates of property crimes, robbery, and homicide, as has every recession of the last 60 years, and this is going to be a big one. It may take another two or three quarters before these effects become obvious, but make no mistake about it: increasing rates of unemployment, poverty, and homelessness are going to coincide with increasing strain on public budgets, and this combination is going to bring us more crime than we’ve seen in a long time in this country.
“To make our challenges even more interesting, we’re long overdue to stem the uncompensated drain of ideas, technologies and products from the electronic drawing boards of innovative American companies to the new pirates of developing economies, who for years have been committing some of the biggest property crimes in history through their looting of American intellectual property. From small businesses to the largest defense contractors, the ‘internal threat’ of espionage will need to be managed as effectively as we’ve learned to manage threats of violence.
“All forms of workplace misconduct are inter-related, and the good news is that they all respond to the same systematic program of early recognition and respectful management. If you want better attendance, lower turnover, less misuse of disability and worker compensation claims, less bullying and harassment, fewer threats, and no violence, you’ll be glad to know they can all be achieved with the same set of management strategies.
“Misconduct is a process that grows from the little things to the big things. Some employees are malignant: the earlier they are excised, the better the chances of an organization surviving and thriving.”
#12: Jeff Dingle, Director of Security Training, LSI – Lockmasters Security InstituteThere is no one in America who has trained more men and women in government, law enforcement, corporate and commercial areas about security technologies. Jeff Dingle created teaching tools at the Federal Law Enforcement Training Center (FLETC) that have been replicated at scores of public and private sites.
“I started my career as a contract security officer in 1979. In the late 1980s, I was assigned to FLETC and was tasked with helping to design and implement a physical security training program for what was then the Department of the Treasury. The program, now a part of the Department of Homeland Security, has since been updated, but has run continuously since 1988 and has helped train thousands of security specialists through the past 20 years.
“I spent almost 13 years as a corporate security director before returning to a full-time security training position. I recently developed and delivered a much needed physical security training program for over 350 TSA aviation inspectors.”
While many of Jeff Dingle’s students are new to the security field, he has influenced thousands of security professionals through the years by being in the classroom and teaching security techniques and ideas.
“Security is an ever changing and ever evolving industry – it’s hard to keep up, especially with the technology. Security training has always been difficult to fund. One of my training programs was described to me as ‘the training that nobody wants to pay for but everybody needs.’ There is a current push to get security training back into law enforcement – given today’s threat, crime prevention training is needed much more than anti-terrorism training. Yet much of the focus (and the money) is still on anti-terrorism issues. The fact of the matter is that a good security/crime prevention program is the cornerstone of a good anti-terrorism program.
#13: Frances Fragos Townsend, Homeland Security Advisor, U.S. Chamber of CommerceFrances Fragos Townsend currently is the Homeland Security Advisor to the U.S. Chamber of Commerce and manages a consulting business to the private sector and governments. She is actively working to expand the influence of the role of corporate security in American business. Townsend is a special advisor to CNN as well.
“Regarding the anticipation of threats, the President had me work on and write the national strategy to deal with the pandemic influenza. History tells us that some time in the next century, probably in this century frankly, there will be a pandemic influenza. Just the economics of it alone, not to mention the death toll, will dwarf the tragedy of 9/11. The President wanted to be sure that even if it didn’t happen on his watch that the government had thought about it, anticipated the problem and was prepared for it when he left office – that whoever succeeded him and Presidents after him would at least have the basis of a plan.
“Coming up through public service and having held positions in law enforcement and intelligence, civilian and military planning and operations, I know very well in a specific way what it means to have enterprise risk management. The government can’t protect the American people against every possible threat; so just like businesses, we had to make choices. What was most likely to occur? What was the highest potential consequence? And it meant we were going to have to make hard choices about investments because government resources are limited.
“It really impressed upon me the whole theory of enterprise risk management, which includes risks to people, information and physical assets. As the Homeland Security and Counterterrorism Advisor to the President, I was very focused on the threat here at home. What I found when I was on the job was you couldn’t wait until the threat materialized here on our shores.
“I believe that over the long term not only will CSOs work more with chief technology officers, but also will
become part of the core responsibilities. We’ve seen the enormous thefts of information in the banking and credit card industries and even retail stores, thus reducing consumer confidence, badly damaging reputational risk, which ultimately is a huge potential liability.
“Over time, I see CSOs as a necessary part of the C-suite, because of the broad array of expertise, knowledge and experience they bring to an increasingly complicated set of issues that the C-suite confronts.”
#14: Marlon C. Lynch, Assistant Vice Chancellor and Chief of Police, Vanderbilt UniversityMarlon C. Lynch is the Assistant Vice Chancellor and Chief of Police at Vanderbilt University and is the president-elect of the International Association of Campus Law Enforcement Administrators (IACLEA). Lynch is responsible for leading the University’s safety and security initiatives for the campus and medical center.
Chief Lynch oversees planning and research, emergency preparedness, budget, personnel, public information, community relations and general direction of the department.
“My management philosophy involves identifying the needs of the community to incorporate its needs into the vision of the department, providing career development opportunities for my staff and displaying consistent leadership. Managing a police department not only requires job knowledge, but also requires the manager to know his or her community.
“Policing in a complex university and medical center requires a service area to be fluid in its operations due to the diversity of the population and the different characteristics of the community. Allowing your staff to continue to develop within their profession is essential to the overall growth of the department.
Providing opportunities for career development is a key for job satisfaction, retention and succession planning. Allowing officers to have the ability to have professional development enhances their career and ultimately will be an asset to the community. Managing as a consistent leader stabilizes the department and creates confidence in the ability of the department. This consistency is evident in the daily operations of the department, as well as in its image.”
#15: Stan Martin, Executive Director, Security Industry Alarm CoalitionStan Martin is the Executive Director for the Security Industry Alarm Coalition (SIAC, Inc.), a non-profit association formed by the major North American associations to be the one-voice of the alarm industry on alarm management issues. Stan has worked in the alarm industry for 30 years and the alarm dispatch reduction issue for over 20 years.
Martin believes working together as a unified industry will create a more effective profession. “We are a small professional industry tasked with the enormous responsibility of protecting the infrastructure of this country. We must be united in our efforts to raise the bar on self-education, develop standards that benefit our customers and this country, put aside petty issues and egos for the sake of our profession.
“My mission is to continue to promote our industry to law enforcement, municipal governments and the consumer by proving that we do take alarm management seriously, that we do operate at a high level of professionalism with impeccable ethics and morals, that highest priority is the protection of individual homes, businesses and government facilities that are the backbone of this great country. To help me accomplish my mission, I believe we must all adhere to industry recommendations to utilize our own best practices.
#16: Rob McKenna, Attorney General, State of WashingtonRob McKenna is Attorney General for the state of Washington. McKenna has passed many bills and laws to create a stronger force against identity theft and the prosecution of identity thieves.
“Data security and protecting personal information are among the biggest business and legal challenges that private and public entities face today. As Attorney General, I’ve made it a priority to protect Washington residents and businesses from identity theft and high-tech fraud and to battle a root cause of these and other crimes: methamphetamine addiction.
“Early on, rapid changes in the nature of crime and technology created almost unwitting partnerships between citizens, business, government and law enforcement as they struggled to find ways to combat these new threats.
“Today, everyone recognizes that coordination is vital to reach our goals. Washington’s Law Enforcement Group Against Identity Theft (LEGIT), a policy-advising task force I created, has been a catalyst for many new initiatives and laws and is a model for successful collaboration between the public and private sectors.
“We also bring our enforcement powers to bear when appropriate. Washington was the second attorney general’s office in the nation to develop a unit specifically focused on high-tech consumer protection cases.”
#17: Dwaine Nichol, Manager of Security and Life Safety, City of TorontoDwaine Nichol has been the Manager of Security and Life Safety for the City of Toronto for past 10 years. Toronto is the largest city in Canada and the 5th largest City in North America. Seeing a gap in the security of the city, Nichol founded the City of Toronto's Corporate Security Unit, and has been pushing a strong agenda of training/certification ever since.
The role of security within the city has expanded from just a few buildings to all 1,500 city properties with an in-house staff of 150. Nichol has also developed a multi-year citywide security plan to better plan for security. In order to ensure the most up-to-date training, Nichol requires supervisory security staff and security audit staff to earn security certifications.
Nichol never forgets who his true bosses are. “Working in municipal government is very challenging. One can never overlook that the money being spent belongs to the taxpayer. There is a finite amount of money and great amount of work to do. My professional goal is to build a security program that can serve as a role model to other similar organizations.
“To that end, one of the ways I have tried to help the industry is through sharing. I maintain a network of security managers and directors from other cities and organizations, and frequently share information, best practices and benchmarks.
#18: William R. Ramsey, Director of Security, McCormick and Company, Inc.William Ramsey is the Corporate Director of Security of McCormick & Company, Inc., a global leader in the manufacture, marketing and distribution of spices, flavors and seasonings. Ramsey is responsible for planning, developing and implementing systems and practices for the security of the company’s facilities, products and personnel worldwide.
Ramsey was recently part of the study group that worked on the National Infrastructure Advisory Council (NIAC) Subcommittee on Insider Threats resulting in a report published earlier this year. Through DHS and the Secretary of the Department of Homeland Security, NIAC provides the President with advice on the security of the critical infrastructure sectors and their information systems. These critical infrastructures support vital sectors of the economy, including banking and finance, transportation, water, energy, manufacturing and emergency services.
“Considering the size and diversity of the entire food and agriculture industry in the United States, it should be surprising that there are so few security professionals in it.
“Immediately after September 11, 2001, the food and agriculture industry in the United States and throughout the world began to look very carefully at the integrity of the food supply and especially at any vulnerability the supply might have to terrorist events. In the United States, the two primary food regulatory agencies, the Food and Drug Administration and the United States Department of Agriculture, came to the industry for both knowledge and guidance. The food and agriculture industry itself, though very large and very diverse, had relatively few security professionals. Most food companies were not large enough to have a dedicated security professional position. But focus groups led to the creation of the Food and Agriculture Sector Coordinating Council (FASCC), which brings all of those agencies to the table with representatives of industry sharing a common goal to protect this critical infrastructure. This cooperative leadership effort from government and industry has been crucial to not only the protection of the food supply of the United States, but also to the public confidence in the safety of food products.”
#19: Bruce Schneier, Influential Security TechnologistBruce Schneier is an internationally renowned security technologist, referred to by The Economist as a "security guru." He is the author of eight books – including the best sellers Beyond Fear: Thinking Sensibly about Security in an Uncertain World; Secrets and Lies; and Applied Cryptography – as well as hundreds of articles and essays in national and international publications, and many more academic papers. His influential newsletter Crypto-Gram, and his blog Schneier on Security, are read by over 250,000 people. “I consider myself a synthesist and a communicator. My biggest accomplishments involve understanding complex ideas and explaining them simply, as well as finding connections and patterns and commonalities among diverse ideas. I write, I speak, I write more. The single thing that fans say to me that makes me the most proud of my work is: ‘You’ve changed the way I think.’ That's what I want to do: change the way people think about security.
“Throughout this all, I have attempted to explain security simply, through words and metaphors and concepts. James Madison once famously said: ‘If men were angels, no government would be necessary.’ Similarly, if all men were honest, no security would be necessary. Most people are honest – otherwise society would collapse – but there will always be dishonest minority. Security is a tax on the honest majority, and I feel my job is to explain how that tax works, and how effective different ways to spend it are.”
#20: Winn Schwartau, Founder, SCIPP International and InfowarCon; Founder and CEO, Trusted Learning Corporation; Industry Author
“In the way-olden days of vacuum tubes, I learned engineering from my father who produced Bob Dylan and Peter Paul & Mary. My mother made me read the dictionary and all 26 volumes of the Encyclopedia Britannica. They both taught me to not accept (almost) anything on face value, question conventional wisdom and examine problems (opportunities) from every angle except straight on. (Everyone else has already done that.)
“Who knew that a no-name like me would get umpteen visits from spooks and spies Information Warfare in 1992? They thought the book was classified information, written by the he-devil.
“I quickly discovered that the military, senior brass, executives and “People in Charge” are the biggest security leaks. In 1996, I was speaking about the security integration of private sector and the government. At one point, I referenced some security details about North Korea, NSA-encryption agendas and French intrusions into Boeing. One general, a two-star, literally slid out of his chair, hollering at his two Colonel-grade aides, “How the hell did he know that?” I smiled to myself: “DATA CONFIRMED.”
“Security is really about people and the technology should be absolutely incidental.”
“My Bucket List would include the following:
- Assist in creating a national cyber-corps, focused on using the innate untapped talents of kids from middle through high school. Mom and pop and family are mission critical to the security of enterprise and country.
- Imbue IT manufacturers with the mindset that product simplicity is good, enhances personal and national security and operational reliability.
- Get ISC2, SANS, MCSE, etc. courses and certifications to teach failure rather than success."
#21: Jeffrey Sedgwick, Former Bureau of Justice Statistics Director, Current Assistant Attorney General for the Department of Justice’s Office of Justice ProgramsJeffrey L. Sedgwick was nominated by President George W. Bush to be Director of the Bureau of Justice Statistics in January 2006 and confirmed by the United States Senate in March. He previously served as Deputy Director of the Bureau in the Reagan Administration.
While at the Bureau of Justice Statistics (BJS), he continued to impact private security, law enforcement, criminal justice, businesses and citizens as the recognized generator and reporter of crime statistics to the nation. BJS issues scores of studies, reports and services every year. Two of the better recognized are the FBI Uniform Crime Report (UCR) and the National Crime Victimization Study (NCVS).
This year, BJS will interview citizens in nearly 42,000 households about any experiences they may have had as crime victims; describe characteristics and consequences of over 24 million criminal victimizations; and analyze operations of some 50,000 agencies, offices, courts and institutions that together comprise the justice system.
Traditionally, crime reports consist of monthly counts of offenses and arrests for certain offense categories. State and local agencies report these summary data to the FBI’s Uniform Crime Reporting (UCR) Program. More recently, the FBI launched the National Incident-based Reporting System, which collects more details on more categories of crime, including concurrent offenses, weapons, injury, location, property loss and characteristics of the victims, offenders and arrestees.
BJS also pioneered a helpful but different view of crime in the United States as compared to the UCR. The Victimization Study presents estimates of rates and levels of personal and property victimization beyond reported incidents.
#22: Randy Vanderhoof , Executive Director, Smart Card AllianceWhat better way to impact the security industry worldwide than to encourage collaboration between end-users and providers of emerging technology such as smart cards? Randy Vanderhoof has transformed the Alliance thanks to a common end-user focus – to stimulate the rapid adoption of smart card technology in any form, from USB tokens and ePassports to NFC-equipped mobile handsets or contactless payment cards for electronic payments and digital security applications.
“Over the coming three years it will become commonplace for individuals to use microprocessor-based smart cards as personal security devices to identify themselves and access information and applications at work.
“Enterprises have relied on employees ID badges that offer visual means of identity, low-tech access cards and weak user name and password schemes to gain entry into corporate facilities and sensitive corporate networks. Now with the high risk of security breaches in data systems and new regulatory requirements to better protect sensitive personal information, many organizations are reevaluating their identity management practices and converging physical and logical access control onto a single credential.
“Smart card technology figures strongly in this scenario. Its built-in computer and software can be used to strongly authenticate individuals to networks, as well as networks to individuals to prevent redirection attacks. Support for smart cards in network infrastructure systems and applications is already pervasive among leading vendors like Microsoft, Sun, IBM, Citrix and Adobe, to name a few.
“Momentum for this converged path is well established. All federal government employees are getting smart card-based identity credentials. Many blue chip corporations in different industries, like Pfizer, Boeing, Chevron and Northrop Grumman have already issued converged credentials. Many more are planning deployments, and new card management solutions make implementation affordable for any size organization.
“As we have seen with the steady drumbeat of reports on massive data breaches in recent years, criminals are much more likely to mount an information system attack through a network than by walking into a facility. That fact has changed enterprise security forever, and ensures that smart card technology will be an ever-more present and necessary component for protecting information and systems in any enterprise.”
#23: Judge William H. Webster, Chair, Homeland Security Advisory CouncilJudge William H. Webster was named in 2006 as the Chair of the Homeland Security Advisory Council (HSAC), previously serving as vice chair. In this role, he has been instrumental in shaping national policy that has tremendous impact on corporate security at every level. The HSAC’s latest initiative was the report to the President on the most strategic issues facing DHS and the next President. These initiatives will have significant impact in shaping future DHS initiatives and federal security regulations.
Judge Webster’s career has placed him in positions where the economic security of the country has been visible and a priority. His knowledge of the role of corporate security in America is extensive and he recognizes the criticality of corporate security and its role in protecting America’s critical infrastructure and economic viability.
“I added terrorism to the top priorities of the FBI when I became its director. At that time we were experiencing about 100 terrorist incidents a year. These were not, of course, of the size of the catastrophe of 9/11, but they were lethal, and they had the public concerned and undermined. It was clear to me that in order to reduce those numbers, we had to have intelligence that would allow us to get there before the bomb went off rather than simply chasing crimes that had already occurred. So I focused very hard on improving our intelligence capabilities.
“We were able to use lawful undercover techniques that became a part of FBI procedures, carefully managed and consistent with our Constitution and laws, and we were able to get inside terrorist organizations and break them up. When I left to go to the CIA nine years later, the number of terrorist incidents per year had been reduced to six, and the following year there were none.
“I made sure that in more sensitive areas, my own conduct and that of my executive subordinates was such that no one could question whether we were trying to influence foreign policies by spinning the intelligence to support our own positions. We separated policy from intelligence collection, and I think that required a fair amount of skill.”
#24: Darrell R. Wilson, Director of Security, Truliant Federal Credit UnionAs Director of Security for Truliant Federal Credit Union, Darrell Wilson manages two departments and twenty-five locations in four states.
One major accomplishment in Wilson’s security career was to accept the challenge of setting up the original security department for a Federal Credit Union from the ground up.
“My eagerness for knowledge in the field of security was secondary to attitude that I wanted to ‘know all and be the best’. My strength is in knowing that anything can be done if you just ask the right people and continue to seek the information. I am a firm believer that if you ask the right people, ask enough questions, and never take no for an answer you will excel in your role as a security employee.”
#25: Richard Yamamoto, Senior Director of Corporate Security and Safety, Fannie MaeA former U.S. Army Military Police Colonel and former director for security at the U.S. Department of Commerce, Richard Yamamoto has been a positive influence for other military officers seeking to move into the highest enterprise security leadership ranks. At Fannie Mae, he leads the organization’s business resiliency, security and safety efforts.
“Early in my Federal career, I was responsible for developing the White House Drug Policy Office’s High Intensity Drug Trafficking Areas Program, which supported over 250 federal, state and local law enforcement task forces.
“We have some dedicated leaders within the security industry who are raising the level of professionalism in their organizations and are simultaneously making significant strides in moving the industry into the future. I join many others in supporting them.
“You don’t need to be the chief security officer to increase the professionalism in the industry. Anyone can, and should, do this by increasing the percentage of individuals in their organizations who hold world-class certifications. As a member of the ASIS Professional Certification Board, I have had the opportunity to assist individuals who were seeking to build outstanding organizations; in part by increasing the number of employees that hold ASIS certifications.
“Strategically, we need to institutionalize the way the industry adds value to the companies we protect. There are quite a few value-added innovations that are being captured and discussed in forums such as Security Magazine, the Security Executive Council and the CSO Roundtable. I have benefited from these innovations and have contributed to the advancement of the profession by leading cross-functional, security-related risk management areas such as enterprise incident management, business continuity and life safety. A lesson learned: The greater the contribution to enterprise risk management, the greater the value added to the business.”