The Threat Picture

Is a Threat Analyst a part of your team? It’s a large part of Baker Hughes, one of the world’s largest oilfield services companies, with 55,000 employees, facilities in 72 countries and operations in more than 90 countries. Brian Hogan, regional security director (Latin America) & director, strategic analysis, leads the company’s threat analysis team.

How did your career in security begin?

I spent 15 years in the U.S. Foreign Service with long-term assignments in Algeria, India and Iraq along with a number of domestic postings. In 2005 I joined the Department of Energy’s Lawrence Livermore National Laboratory and spent three years working mainly on counter-terrorism and counter-proliferation issues. In 2008 I was hired to design and develop a Threat Analysis program within the Enterprise Security and Crisis Management function of Baker Hughes.

How does your role as a Threat Analyst play into the success of your organization’s corporate security team?

I view the Threat Analysis function as a strategic resource. Separate and distinct from the more traditional components of a security program, Threat Analysis paints a picture of the overall operating environment and allows our security team to better focus our resources against the most credible and high-impact risks to our business. Just as important, it also allows us to have a greater influence in the decision-making process at the highest levels of our company. Threat Analysis helps us tailor a fit-for-purpose security program by collecting relevant intelligence from multiple sources, assessing it, determining the specific business impact to our company and then communicating it in the right form to the right leaders at the right time.

What will be your greatest challenge this year in your role and why?

The greatest ongoing challenge always seems to be integrating Threat Analysis into the business at the strategic planning level. In my opinion, there are essentially four phases in the developmental life cycle of a Threat Analysis capability. First, introduce the business to Threat Analysis at its most fundamental level by identifying current and near-term risks to your employees and operations. This is where you develop credibility and prove yourself a differentiator from the more generic threat warnings offered by third party vendors. Second, you need to move beyond just identifying threats to also seeing opportunities. In order to demonstrate true value to the business, it’s not enough to simply identify problems. You have to be able to recognize areas of the world where your company can obtain a competitive advantage through facilitating operations in unstable environments. A risk-based and intelligence-led Threat Analysis program can help you do this. Third, transform Threat Analysis into Strategic Analysis – this is where we are now at Baker Hughes. We are formally integrating with elements of the business that have P&L responsibilities and ensuring we’re providing the type of tailored, strategic guidance necessary for them to maximize profits and minimize loss. The fourth phase is to truly fold this analytical capability into long-term strategic planning – the kind of forward-looking, make-or-break decisions which will determine the future competiveness of your company. To succeed at this level, you need to have established both a strong track record of credibility at all levels of your business and have the buy-in of the senior-most levels of your company.

Who in your organization do you take time to interact with and why?

Our Vice President - Health, Safety, Environment and Security and Chief Security Officer, Russ Cancilla, has been crucial for me both in terms of supporting the evolution of our Threat Analysis capability as well as my own professional development. Coming to the private sector after 18 years in government service, I think I was initially surprised at the difference between which of my skills I thought would bring immediate value to the business and the ones which really did. Russ was an important part of guiding me through that and also giving me regular interaction with our most senior leaders. Dealing with the highest levels of our company – and also seeing how they deal with each other – has been live-fire training and also helped me to shape our analytical program to ensure maximum relevancy. Finally, I don’t think the importance of daily interaction with the business leaders you’re supporting can be overstated. I don’t mean simply a weekly or monthly conference call, but rather sitting with them on a day to day basis, understanding the issues that are keeping them awake at night and truly grasping what the security team can do to help them achieve their goals and, perhaps just as important, how and when to stay out of their way.

What do you like to do in your free time?

There’s not a lot of it. But, when I do get some time off, I spend as much of it as I can with my family. I enjoy golf and reading and I especially love to cook. Leave me to my own devices in a kitchen for a few hours and I’m a happy man.

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.