2012 Security 500 Leader Profiles

Duane Ritter, Vice President, Corporate Security

The Multi-Tasker

“Last monthin Las Vegas, I hosted a conference for the CSOs of the largest multiple cable systems in the U.S. While our companies compete in many areas of the country, in certain areas we do not. We all face the same security threats. By sharing information and discussing how to eliminate vulnerabilities, all of our stakeholders benefit and are more secure,” shares Duane Ritter, Vice President, Corporate Security for Cox Enterprises, who contributes to both his company and the industry at large with great enthusiasm.

Cox Enterprises is a $15 billion dollar privately held diversified company that includes Cox Communications, the third-largest cable TV provider and one of the largest broadband communications companies in the U.S., Manheim, AutoTrader.com and Cox Media Group, an integrated broadcasting, publishing and digital media company.

“The security organization is structured to be the trusted advisor to our business units. Their goal and ours is the same; to create a safe and secure environment for employees, their important information and our infrastructure and facilities,” notes Ritter. Working across a diverse organization requires coordination. “We are currently consolidating disparate physical security systems. We have also taken on the challenge of standardizing our security practices across diverse organizations. But our greatest threat, like many other organizations, is cyber.”

Among other initiatives, the company is creating a comprehensive Cyber Crisis Management program. “We aligned it to our critical response program and it is based on data privacy breach notification requirements, and industry standards such as PCI DSS,” explains Ritter. The program has been well received and as a result, he will be briefing company leadership about the program.

Ritter and his team have also revamped their third party due diligence process for any organization or vendor that touches the company’s network or accesses non-public, sensitive business information. “We deliberately changed from an ad hoc to formal process with our business stakeholders. Our goal is to evaluate third-party risk to ensure their security controls are adequate during the duration of the contract. The question is simply, ‘Who are we doing business with and what is the relative risk the relationship poses to our organization?’ and by answering that question, we ensure adequate due diligence on our third-parties,” says Ritter.

Business resilience is another focus area at Cox. “Anticipating potential business interruptions and working to mitigate those threats from happening supports the business organizations to remain operational and reach their goals. Resilience and strategies and preparedness drills are critical for success. Accurate risk assessment and being prepared are the biggest contributions we can make to the organization and our people,” he shares.

Examples of the risk and security strategies include travel programs, mass notification and workforce protection. “During and after Katrina, employees were our top concern. We worked around the clock to contact them and ensure their safety. Since then, we’ve improved our technology and emergency systems, so we can support our employees at an even higher level in the event of a business disruption. We have a 24 hour watch center capable of supporting all of our employees worldwide,” explains Ritter.

“Our leadership expects us to provide professional and consistent security to the business owners we serve. The Security Department has a role in recognizing risk, understanding the effects it has on the business and identifying the means to mitigate it. Collaboration among departments and the diverse business units we support is key to our success as well as emphasis we place on mutual respect. Cox expects us to have a broad range of quality services that support the corporation in addition to providing resolution to issues and/or incidents that enable business growth.”

Ritter notes how the entire security field has changed from a law enforcement response mentality to a business risk and prevention expectation and expertise. “This is no longer seen as a post retirement job after a law enforcement career. The change to corporate security can be a challenge for many with career government and/or law enforcement backgrounds. The entire security field has changed, requiring different types of education, maturity and leadership skills.”

Ritter enjoys the variety he experiences in his job. “There are so many fields to work in, from IT forensics to physical security to complex investigations and threat assessments. This is an exciting profession because there is always something different coming in the door. This is a job where if you expect to be successful you should check your ego at the door, communicate, interact and solve problems.” Having amassed a lot of experience and expertise, he is motivated by the very talented, young people in his department who have chosen security as a profession.

When not at work, Duane likes to spend time with family and friends. Originally from Nebraska, he likes hunting, the outdoors and of course Cornhusker football.

If Ritter were not a CSO, then he would have pursued a career in law.