Really, Security 500 Members, when we add up all of the leadership, subject matter expertise and business acumen you bring to your enterprises, what happens? Absolutely Nothing. Well, it is my turn, with the publication of the Security 500, to say to each of the 500 who have been ranked on this year’s prestigious list: “Thanks for Nothing.”

You need only to read this year’s Report and Profiles to understand how this significant investment, estimated at more than $10 billion, by enterprises in people, processes and technology will get you nothing. As Ed Goetz, CSO at Exelon asks, “When nothing happens, is it because you did a good job? Or was it because the threat never materialized?”

Since Exelon is proactively identifying and mitigating risks, ensuring compliance and delivering 24/7/365 operational support to their global workforce, we may never have a clear answer to that question. As best we can tell, Exelon and Mr. Goetz sit high upon the Security 500, volleying cyber and physical security threats back over the net to ensure that at the end of each endless day, nothing has happened.

Of course, Exelon is not the only enterprise guilty of spending a lot of time and money on nothing. Major League Baseball has taken nothing to the next level, being invisible too. Dan Mullin, Vice President of Investigations for the League, shares that,“The most important thing is that our security be rigorous but invisible. Law enforcement is visible but security should be invisible. Baseball is entertainment and our role is to ensure that the fan experience is safe and secure without having to interact with us unless necessary.”

Come to think of it, I had the opportunity to go to a Yankees game this summer, and beyond the nice weather, Yankee win and expensive beer, well, nothing happened there, either. Maybe this is becoming a trend? Seems to be. Getting out in front of risks from cybercrime to weather; political unrest to contagions; compliance to business resilience; executives leading their enterprise’s security function are mitigating risks and making sure that nothing happens.

This has been an intriguing year for security, because there is a downside to this nothing: Complacency. It was mentioned often in conversation during this year’s discussions. The events of 9/11 are 11 years removed. Katrina is seven years in the rearview mirror. Data breach and cyber crimes seem to have a 100-percent impact on the victim enterprise and zero on everyone else, so they often go unnoticed and unheeded. Keeping the C-suite and all stakeholders engaged in their personal security is a challenge. Because, while these Security 500 leaders are working to ensure nothing happens, no one should be so arrogant to believe nothing will.


Executive Leaders Profiled

Each year I am fortunate to meet and interview a number of the business-minded leaders of the Security 500. They generously share their knowledge, experience and time, so that we can share their expertise with you. The profiles offer an interesting look at how the best in the business contribute to enterprise success while achieving their own. 


•  Larry Atteberry, Manager, Emergent BioSolutions

•  Ron Boyd, Port of Los Angeles

•  Russell Cancilla, Baker Hughes, Inc.

•  Jeff Chisholm, Deere & Company

•  Mark Farrell, Comcast Corporation

•  Bryan Fort, McCormick & Company, Inc.

•  Walt Fountain, Schneider International

•  Ed Goetz, Exelon Corp.

•  Jeff Hauk, El Paso Water Utilities

•  Eric Levine, WellPoint

•  Joe McDonald, Switch

•  Dan Mullin, Major League Baseball

•  Stephen Morrill, Charles River Labs

•  Duane Ritter, Cox Communications

•  Alan Robinson, Atlantic Health System



The 2012 Security 500 Coaches greatly improve our process and resultant benchmark reports that all participants receive. They let us know which key data points to collect within each of 18 unique sectors, enabling us to provide a meaningful benchmark tool. We thank them for their gracious investment of time, direction and intelligence to the Security 500 Survey.


            Couldn’t make it to the Security 500 Conference on 11/1? Hear the Security 500 Webinar on 11/6. Register for free at

            Questions about the Security 500? Please email us at:


Read moreTrends at