Baker Hughes CSO's Lessons on Being a Better Business Enabler

Baker Hughes provides technology- and service-based solutions that enable oil and gas companies to bring safe, affordable energy to the world. With a market capital of $22.7 billion, the company operates in more than 80 countries and employs approximately 61,000 employees.

Baker Hughes has been recognized as having one of the leading, engaging and most progressive security functions in the Energy and Utilities sector of this magazine’s annual Security 500 Survey, having been ranked #1 in 2012, #2 in 2013 and #1 in 2014. Baker Hughes’Enterprise Security function has also been awarded a CSO 50 Award for business value and thought leadership. In this article, I share some of my insights on how security functions may “break through” and achieve outstanding results and performance.

Every security team aspires to deliver outstanding results and enable its business to achieve its goals. Transitioning from being viewed as the traditional security function, a costly overhead and occasional hindrance within the company, to being regarded as a security team, a critical business partner and an enabler in helping driving the business to delivering record breaking performance requires a commitment to sustainable change. Growing expectations are that security functions are moving from being reactive to proactive, but even more so, with the challenging world in which we live in, increasingly predictive. Persisting with current practices and procedures invariably delivers the same results and, typically, change is only triggered in response to some form of crisis. Consistently delivering high standards and achieving outstanding results require fundamental changes to the approach and mind-set of the security function if they are to be forthcoming.

Engagement and communication are critical. Enterprise security professionals are invariably strong leaders and manage their teams effectively, but sometimes fail to manage upwards and thereby lose support. Taking time to build affinity with key partners and leaders enables lasting relationships and helps to build confidence, trust and support. An effective communication strategy ensures relationships are maintained and provides an opportunity to keep the flow of information open. Highlighting successes ensures the team receives the recognition it deserves, boosts morale and reinforces the purpose.

Understanding the audience and business is fundamental. The traditional language of security can switch an audience off, influence whether or not the message is heard and determine how well the professional is accepted as a business leader. It is essential to understand and be able to communicate about key business elements such as cash flow, margins, revenue, risk, productivity, the customer, market penetration and return on investment. Security’s contribution should not be confined to security, but should also provide solutions to problems in other business areas. The security function should be a preferred partner for other business segments and product lines. Furthermore, taking ownership of the success of the product lines and other functions will lead to reciprocation and help create an interdependent security culture whereby the employees actively “own” their security and that of their colleagues.

Adopting a winning mind-set is necessary and critical to any team and with a relentless focus on continual improvement, execution, quality and performance. Creating a sense of purpose and clearly articulating how the security team will support the business is equally important in ensuring alignment and consistency.

Developing short-term plans (or roadmaps) that set out how the security team’s goals will evolve over a three-year (or more) timeframe and linking these directly to the business’ goals demonstrates alignment and helps justify investment. Many companies set Specific, Measured, Achievable, Realistic and Timely (SMART) goals, but these often lack the “stretch” element and as a consequence, the full potential of an individual or team may not be realized. Setting stretch or unthinkable targets necessitates a fundamental change to the way we approach our work and breeds innovation and creativity. It’s having the courage to take on greater risk while making a strong commitment can inspire others. Committing to deliver the unthinkable is uncomfortable and can make someone question their reasoning behind it, but reaching the goal can be very rewarding and motivating to others. Achieving the unthinkable and delivering extraordinary results requires a new approach and a willingness to make changes. The results can be impressive, especially when there are direct impacts on the business such as reducing margins, growing the business, and optimizing technology. Having the right foundation to build on is essential for success.

Aligning the structure of the security function with that of the business and clearly defining reporting lines provides clarity, accountability and ensures responsibilities are understood. Building a team with the right people is critical for success: a blend of backgrounds is invaluable, and diversity helps to foster creativity and innovation. Investing in the team ensures continuous learning and development and improves retention. It is important to develop local content as this invariably comes with a network, acceptance, access, the local language, cultural awareness and an appreciation of community issues. It also demonstrates a commitment and investment in the host nation.

At Baker Hughes, there is an emphasis on developing the Security Management System and embedding this within the company’s overall Operating System. This helps drive consistency in how security programs are managed across the business while ensuring the same standards, procedures and response measures are applied globally. The Baker Hughes security programs are proactive, predictive, risk-based and intelligence-led.

Ensuring the physical security infrastructure and technology at all operational locations can be integrated, is scalable and optimizes the most cost-effective solutions provides opportunities to drive operational efficiencies and reduce costs across the board. Our security team has been recognized for their ability to impact business margins. Establishing strategic partnerships with core vendors and agreeing on Master Service Agreements (MSAs) with them is mutually beneficial. The company’s vendor relationships go beyond the simply delivery of products, but have evolved into a partnership working towards a common goal. In this sense, they provide added value beyond the contract.

To establish credibility and to fully understand the challenges of the business it is both essential and advisable to spend time learning the business and to visit different operational areas to see how security may differ from location to the next.

Creating and Adding Value

Business leaders are looking for more ways that security can add value to the organization. At Baker Hughes, the security function aims to be business professionals first, with an expertise in security. Adding value depends very much upon the foundations that have been built and the opportunities they offer. Within a security function this may extend to the remote management of operations through Security Operations Centers, development of a data analytics capability to identify fraud, business intelligence to create a competitive advantage, forward looking assessments of the security and business environment and an optimized security infrastructure for other applications and functions.

Seeking out opportunities beyond security builds support, shows a commitment to the success of others and demonstrates a willingness to take on more for the betterment of the company.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.