Measure Twice, Cut Once generates 5,620,000 results on Bing, Microsoft’s new answer to Google (Google found 676,000 results). Everything from carpentry books to hedge fund management to data warehouse and embedded systems design. But nary a mention related to security. Those in the security profession are left to finding your own measures and metrics. The business-minded professionals who can see beyond security for security’s sake, get buy-in for their metrics and lead their organization with an eye on results, are the winners in today’s economic environment.
Providing “security” expertly, seamlessly, constantly and consistently is expected. The C-suite considers operational excellence so, well, yesterday. That has become the easy part of the job. Managing security is the road to success (or to avoid dismissal). And as I paraphrased CFOs everywhere in the first Security 500 Report in 2006: “If you can’t measure it, you can’t manage it.” But with programs like the Security 500, we are making great progress at addressing the business and economic impact of security programs and the value they create for their organizations.
Among the best leaders, thinkers and measurers in our midst is John McClurg, vice president and CSO of Honeywell’s Global Security Organization. John is in this month's feature story, New Math: Security Means Business Performance, with other security executives, and was among our first profiles in the 2007 Security 500 Report. He also keynoted the Security 500 Conference in November 2008. A week later, he was among the few CSOs available for press interviews at OSAC.
John’s keynote presentation was outstanding and powerful. It documented his management expertise and leadership skills, as well as his global security operational knowledge. And it was full of the methods and tools used at Honeywell, with board-level buy-in, to document the value of their security programs.
This month, Bill Zalud collaborates with John and other thought leaders on how security is being measured, valued and viewed among both security professionals and the organizational leaders they report to and depend upon for budget approval. In the article, John points out that metrics, performance measurement and benchmarking are not new. “They are ways to relate to the business,” he says. “And today, it’s the perfect method to show your indispensability to the enterprise.” For David Axt, in charge of security at Xcel Energy’s Prairie Island Nuclear Generating Plant, external measurements (OSHA, DOE, Nuclear Regulatory Commission, among others) must meld with internal metrics. In addition to customer satisfaction measures, Mike Cummings, director, loss prevention services at Aurora Health Care, observes that “relative to ‘activity’ or productivity performance, we use activity tracking software whereby we simply count the numbers of each service task that we do so that we can see empirically measure ourselves.” Check out this valuable cover story.
2009 Security 500 Survey and Benchmarking Report – Please Complete by 8/17
Among the leading efforts in our industry to help you identify how your program compares to others in your market sector is the Security 500 Report. Now in its fourth year, the survey has been updated and is available online for you at:
The purpose of this program is to provide a resource for your organization to compare with others through a benchmarking program. The report will enable you to answer the question, “Where Do I Stand?” as a basis of an ongoing peer review process.
As a participant, you will receive a detailed report containing metrics within your particular market sector. The published report in our November issue will not disclose your specific data.
  • Metrics only you receive will include:
  • Security Spending/Employee     
  • Number of IT Security Staff/Dollar Amount of Revenue
  • Number of Security Officers/Employee
  • Security Spending/Revenue
  • Number of Security Officers/Square Footage of Facilities
2009 Security 500 Conference is November 11 in NYC – Please Join Us
In concert with The Security Executive Council, this is an outstanding enterprise security management and networking event, including presentations by:
  • Keynote: Francis D'Addario
          Former Security Director for Starbucks and Faculty, Security Executive Council
  • Michael Balboni
          Principal - Navigators Global
  • Steve Lindsey
         Director of Security Services – Walmart Stores Inc.
Please visit for conference and registration details. 
If you have any questions or concerns regarding the Security 500 program, please contact me directly at or 610-662-5477. We appreciate your participation and interest in Security Magazine’s goal of providing management and leadership solutions for you and your organization.