Raymond Kelly served twice as the New York City Police Commissioner, between 1992 and 1994 and from 2002 to 2013.  In that time, he faced the aftermath of both attacks on the World Trade Center, and in his second term, he led the police force through the changed landscape of post-9/11 New York City.

In November 2017, he addressed security industry professionals and enterprise security leaders at the ISC East tradeshow in New York City. He discussed public-private partnerships, community involvement, the changing nature of terrorism, and the need for business continuity and preparedness training with the audience and, later, in an interview with Security magazine.

In the aftermath of 9/11, Ray Kelly was brought on as Police Commissioner by Mayor Michael Bloomberg, and immediately they began efforts to supplement – not supplant – what the Federal government was doing for counterterrorism at the time. The NYPD started assigning officers overseas in cities that had experienced terrorist attacks to improve threat intelligence and determine if there was any connection from those threats to the security of New York.

Kelly followed a three-tiered approach to refocusing the NYPD: Counterterrorism, Crime Prevention and Community Relations. Regarding community involvement, Kelly says that New York “is the most diverse city in the world. We had to strengthen community relations with many of the communities in New York because there were problems in the previous administration with community concerns. We had to focus on that as well. We expanded the department, in terms of diversity, to the point where there are police officers now in the NYPD who were born in 176 countries. We recruited for diversity.”

He also remarked that leaders, in his view, are made and not born. This counts both for law enforcement and private security for Kelly, adding that he worked closely with many private-sector individuals during his tenure, both in formal public-private partnerships like NYPD SHIELD and informal information-sharing.

“I found that the [security directors] I really appreciated and admired the most to be very much engaged and sort of had a sense that they were on a mission. I think that comes from the fact that this is New York. 9/11 had an impact and still has an impact on the city, and people in the security field feel that it’s all on the part of the team – the partnership between public and private – to help protect the city. That sense of mission and energy is pretty much abroad in the security field. I don’t know if I expected it or not, but I definitely saw it.”

Earlier in November, Kelly had warned that the U.S. should prepare for more terrorist attacks, adding that “This is the reality that we are going to have to live with.”

When asked what private-sector businesses should be doing proactively to prepare, Kelly says: “Most companies probably have rules and procedures on their shelves and policies that should be followed, but sometimes that drifts. I think at this juncture, it behooves everyone to pay attention to threat risks, to security risks, and to follow those procedures. What you see is that ‘it could never happen to us’ mentality, and they’ve got their books, their policies, but they don’t practice it. It would be a good time to pay attention to those policies, test them.

“There’s nothing like exercising [business continuity planning and crisis management] to help a company focus on security. You’d be surprised – we looked at [business continuity plans], they’re 15-20 years old, there are names in there of people who are dead… Those plans are good to have, but they’re almost useless if you’re not practicing, not experimenting with them.”

He adds that he used to orchestrate tabletop exercises in the NYPD that were designed to fail. He would assign a scribe to each event who would write down issues, challenges, successes and pitfalls. Someone would be assigned to follow up on those issues, and the team would have another meeting a month later to see what had changed. “The follow-up is so important; it’s exercise plus follow-up. And people enjoy doing it – I won’t say it’s fun, but it can be very exciting and enlightening.”

He also recommends taking an inventory of the enterprise’s key assets and how they’re being protected. “Your key assets may not necessarily be in your company,” he reminds. “We have so many alliances with different companies. A key asset is one that you cannot operate your company without; it could be another corporation, it could be in another company… you need to think broadly when you’re looking to mitigate the dangers toward your top assets.”

And apart from being more prepared, Kelly remarked that companies that in security find themselves more marketable, especially in a security-conscious city like New York. When New Yorkers look at renting buildings or office spaces, they’re specifically asking about access control, fire plans, bombing or active shooter incident preparedness. “Questions like these weren’t really asked before 9/11,” he says, “but they’re being asked now.”