The Road to 2020

The Road to 2020

As leaders, we sometimes are so immersed in the day to day grind of running our programs we miss the strategic opportunities that will define our success or even our legacy. .Sometimes we need to make time for a conversation that can help us see and think more clearly. The Great Conversation is on a Path to four forums in 2020 that will feed your mind, possibly change your heart, and impact your performance.

The Future is Ours to Create


Two CSOs. Two perspectives. Both in a Great Conversation on May 21, 2019 at The Great Conversation in Security™

Their interest and their passion? The future of the ‘art of security’

Garrett Petraia, Levi Strauss and Tyson Aiken, Nike, started their conversation with a simple logic statement.

·Art often refers to the past: the value of what has been accomplished.

· State of the art implies more of an active present tense or emergent standard of conduct.

· Should we refer to the Future of Art as the process we use to revise or disrupt a standard based on a new way of thinking?

For example, we all practice “Risk Management”. But the term itself is limiting. It is only one side of a coin. The other side represents the opportunities that would arise if we had knowledge of the risks and leveraged them. This is an opportunistic mindset our industry must adapt to if they are going to become true business advisors and leaders.

And for business leaders, this strategic intelligence might move them from business enablement to business acceleration.

Tyson asked us: “How do we get to that place?”

And both speakers suggested we need to hire more business talent and train them in risk principles. “We need to move from hiring a resume that fits our current ‘state of the art’, to hiring based on intellect and values”, said Garrett. “I cannot allow my lack of perspective and knowledge to blind me to the risks or the opportunities. I must hire to support my blind spots.

But they acknowledged that it is easier to hire for security subject matter expertise then it is to find business talent that wants to join the security industry. The talent pipelines from the government, intelligent community, the military and the law enforcement community are crowded. So, our search for diversity will be more difficult. But it is desperately needed.

As Garrett said we need to understand why people fail. It usually comes down to the culture and the degree of collaboration they can foster with the community; the value intersection of their wants and needs with your own.

And both agreed, we need to learn how to gather, analyze, and leverage data that will allow business leaders to better comprehend their own risks and their opportunities by collaborating with our people and programs.

And it just might start with re-writing our own job descriptions to better represent the future of our art.

The Technology World is Evolving, Are You?

Steven Antoine, one of our Great Conversation faculty, had an article posted on Enterprise Security that is well worth the read. Written by Steven Antoine, Director, Global Assets Protection, Yum! Brands we have provided a starting point for the article and a link to read it here.

With the digitization of business, security often finds itself in the familiar, yet uncomfortable space of being reactionary; again. GTRM and the security of data typically are found in bifurcated skill sets, CISO vs. CSO. With the evolution and internet of things, everything is more connected. In the restaurant space, for example, predictive and prevention techniques are being refined as apps and gift, and credit cards are now the focus of the digital criminal enterprise. Camera and alarm vulnerabilities have to be (re)addressed as savvy hackers seek to become more criminally creative and less physically confrontational. The development of new tools such as facial recognition and artificial intelligence and the availability on consumer data make it such that “Where there’s a will, there’s a way” is being acted out in ways that five years ago couldn’t have been anticipated.

Read More

Leveraging the Differences: A Recipe for Innovation and Change

Last week we profiled the keynote that Greg Creed, the CEO of Yum! Brands provided to the executive community in The Great Conversation in Security. As you remember, he talked about the power of culture and the necessity to create a self-correcting culture focused on the vision, mission and goals of the organization. Engagement is key. If fosters trust.

Understanding what you are engaged to do is critical. The “Why” of your work. To Greg, that means you need to be RED. Relevant, Easy and Distinctive. To the degree he can create a culture that is continuously moving in that direction, he believes they can be successful. Every security executive was asking themselves, how they could bring RED into their program.

We were also privileged to listen to a cross functional industry panel discussing the strategic imperative of of diversity. We brought members of Greg’s team together that came from different backgrounds and departments to understand how they defined diversity, leveraged it, and are creating a force multiplier in value generation as a result.


The executives included the following:

James Fripp
Chief Diversity and Inclusion Officer
Yum! Brands, Inc.

Erika Burkhardt
Vice President of Brand Protection
Pizza Hut LLC

Steven Antoine
Global Assets Protection Director
Yum! Brands, Inc.

We also included a medical doctor, Dr Robert Genzel, who had become the Chief Security Officer for Texas Motor Speedway, proving to all of us, that intelligent minds can absorb critical risk indicators and use their skills to create a strategy and a plan. Dr. Genzel is now providing services to the security community as CEO of Overwatch, a company dedicated to providing Medical, EMS, Fire and Security support services to Corporations, High Net-worth individuals and governmental agencies around the world. Through this experience he has become a sought-after speaker and consultant on Emergency Preparedness and Mass Casualty preparation and response for corporate campuses and large spectator venues. That would not have happened without a recognition that another perspective could be a game-changer.

The discussion was poignant. We walked away with a number of nuggets of wisdom that we believe can add to our leadership and our value.

  1. Diversity is the foundation of ideation and innovation. By intentionally identifying, including and listening to people from different experiences, cultural backgrounds, and racial or gender identities, we have the opportunity to expand our imagination and sharpen our ideas.

  2. Diversity demands empathy and care. If fostered, it strengthens the ties that bind us to one another.

  3. Diversity opens our eyes. It is the enemy of scotomas; the dysfunctional blindness of ignorance.

  4. Diversity leverages the differences in us. It does not fight them or critique them. It seeks to understand them.

So, as we left the conversation, each of us were thinking who is on my team and, more importantly, who is not. And what can I do about it?

Focus Will Drive Your Value

When Greg Creed, the CEO of Yum! Brands addressed the Great Conversation community of senior risk, resilience and security executives on May 21, 2019, he left them with several take-aways that, if leveraged and implemented, may change the way our programs are designed, managed and measured.

One of his first remarks would put the rest of his time with us in perspective. He asked us whether we could find the key to the value of Yum! on his balance sheet.

Before we answered he shared some of Yum! Brands public information.

Yum! Brands performance has certainly been impressive.

Based in Louisville, Kentucky, they have over 48,000 restaurants in more than 145 countries and territories primarily operating the company’s restaurant brands – KFC, Pizza Hut and Taco Bell – global leaders of the chicken, pizza and Mexican-style food categories. Worldwide, the Yum! Brands system opens over eight new restaurants per day on average, making it a leader in global retail development. In 2018, Yum! Brands was named to the Dow Jones Sustainability North America Index and ranked among the top 100 Best Corporate Citizens by Corporate Responsibility Magazine. In 2019, Yum! Brands was named to the Bloomberg Gender-Equality Index for the second consecutive year.

The Great Conversation in Security was held in Plano, Texas at the Yum! Brands Center of Excellence. And Greg flew in for the forum.

“No”, Greg would answer his own question. “You will not find Yum! Brands key to corporate value on the balance sheet.” It could be culture, or reputation, or customer care or even the brands themselves. But all of those are overshadowed by the impact of engaged people creating the culture that results in outstanding business performance and brand.

How do you connect the business strategies to the people? According to Greg, they must care. To care they must understand the vision, mission and core values of the organization and how it applies to them. That creates trust.

Can trust be measured? Greg would say “Yes”. He has implemented a program that teaches his employees what it means to be at Yum! Brands, how it applies to them, and how it will be measured.

“Our strength is in how we recognize the uniqueness of each person at Yum! Brands” said Greg. “For a global company, this is critical. We cannot be devaluing one another according to our differences.”

Yum! has a 4-level measurement ranking system for every employee. It promotes a self-correcting culture. You may be first introduced to Yum! and/or the training and begin your assimilation into the culture. That would be a “Learner”. Grace is given. Mentoring is paramount. If you need more training or remediation, you would be “Lacking”. Once you get it and achieved a baseline of culture assimilation you would be “Living” the culture. And for those who go the extra mile, proactively, to advance the culture, the brand and the measures of performance that make the brand what it intends to be, they would be lauded as “Leaders”. Note, at Yum! leaders do not need a title.

With this cultural baseline, Greg has also created a strategy that energizes the culture, the franchisees, and the investors. He calls it “Being RED”.

RED is an acronym that strategically aligns the entire ecosystem.

R: is for Relevant. Whatever category you choose, is your value proposition relevant to your target audience?

E: is for Easy. Your offering should be intuitively easy to identify, access and purchase. Frictionless.

D: is for Distinctive. Your target audience should see you as highly differentiated. Your value proposition compelling. The Customer Experience outstanding.

With his cultural focus and his precise definition of how to create value, he helped the security executives in the room and their vendors imagine a path to value. A path that included their unique role in creating an engaged culture, that was safe and secure, and a shared understanding of their role in “Being RED”.

His final message was to ensure they understood their role in teaching the employees to be culture keepers of their own security and safety.

“We must instill a culture of trust. That is our strength. But it must be tempered with their ownership over the security and safety of our intellectual property, our people and our food safety process.”

The feedback we received underlined the need for more leadership lessons and perspective from the CEO in helping our community position their own organizations on a path to value.

The Future is Ours to Define

I have been speaking with our faculty over the last few weeks and the conversations are taking on a level of urgency I have not seen in awhile.

We are an industry in transition. Many of us feel like we are trying to run in mud, but, for some of us, we are starting to see changes that will radically redefine our value proposition. Here are a few of the conversations I have recently had.

Today, two senior executives underlined the fact that vendors must wake up to the new reality of uberization. Our internal customers live in the age of plug and play. Facebook just works. Uber just works. The complexity is hidden from us. The “contract model” is front-loaded with a license fee and services. A new contract model must emerge that provides a shared risk model for delivery of outcomes (the customer experience).

We keep hearing of the intelligent building. But what is it and why do we need it? If we need it, what is the return on investment? What is security’s role in the strategy and execution of an intelligent building? Will this help us leverage a new and more compelling value proposition?

What is the role of communication in today’s security program? We tend to think in linear terms. But what if it was more dynamic, leveraging all forms of communication? How would that change the optimization of our people, processes and technology?

Is Loss Prevention becoming a powerful organizational example of convergence?

Is video surveillance a business tool and a risk tool?

Can security help an organization scale rapidly while mitigating risks?

Diversity is and is not what you think. Learn from a powerful panel of leaders on their experiences creating value over the differences.

Culture is at once a powerful weapon. It can be good, bad, even ugly, based on leadership casting a vision that can be intuitively grasped by the stakeholders.

All of these ideas can begin to contribute to a CEO’s conversation with their company, their board and their investors. We will pick the brain of a CEO who is in the process of doing just that.

Each of our faculty deeply believe that the conversation matters. Each expect to go back to their organizations with take-aways that make a difference. They are action-oriented and driven by the need to continuously advance their proficiency in creating organizational value and mitigating the risks to people, the business and the community.

Connecting with the CTO of LenelS2

As part of the discipline around The Great Conversation, we seek true case studies of our executive community. A case study to us communicates a problem or opportunity the executive is facing, how they mustered internal and external teams to assess it, and then how they approached rectifying it, including the performance measures that supported the effort. This can be thought provoking and meaningful to our community. How our peers are addressing issues may give us guidance on our own core processes.

After each case study, we like to have a technology discussion. There are two parts to this which can be very helpful. One is to understand how others are evaluating the technology against similar problems. Two is to understand the roadmap for the category. For example: How is the access control technology category evolving? What can we expect to see and how will it change the way we manage our future program?

Ewa Pigna, the CTO LenelS2, will represent the access control category for us this year. She will follow a case study by Jason Veiock, who leads a converged security team at GoDaddy.

We asked Ewa several questions before she meets with us on March 4 & 5 in Seattle.

Why Do you participate in the Great Conversation?

I would love to share my perspective on the state of the security industry and specifically as it relates to access control. I also see it as a great opportunity to hear other industry professionals on this topic, interact with various security influencers and help to shape the future of the industry.

What do you hope to learn?

I hope to learn how existing solutions are applied to help customers solve real world problems, what gaps still exist that industry manufacturers can focus on, and how to better connect security to the overall business value.

What was your presentation about?

My presentation touches on the Enterprise Security Platform, it’s current state, roadmap, future trends, and key points that end-users should be aware of when evaluating the state of their overall security risk management strategy.

What is the most common constraint you hear from end users?

The most common constraint I hear form end-users is how to justify security funding as part of the overall risk management budget. I believe that as we connect security and business processes together, we will be much more successful in opening up more funding for those types of projects.

How are they addressing this constraint today?

End users are looking at various ways to overcome the funding obstacle. They are embracing multi-generational approach towards introduction of newer security models into their environments. They are also leveraging the solutions interoperability capabilities to drive greater business reward from security investments, and they are introducing more self-service capabilities to their users in order to drive increased productivity with their security staff.

It Takes a Village: An Interview with Fallon Long, Security Manager at Grant County PUD

Fallon Long is the Security Manager with Grant County PUD.

Established by local residents over 75 years ago, Grant PUD generates and delivers energy to millions of customers throughout the Pacific Northwest. What began as a grassroots movement of public power has evolved into one of the premiere providers of renewable energy at some of the most affordable rates in the nation.

Security and safety is a critical part of any utility. And the scope of the effort requires a team approach.

Fallon has demonstrated that team approach not only with her previous work at Seattle Cancer Care Alliance, but also with her volunteer time as the past Vice Chair for the Regional ASIS group, her current position as Assistant Area Regional Vice President for ASIS, .and the Co-Chair of the Puget Sound Chapter of Women in Security.

We were able to catch up with her and have a small, but great conversation.

Why do leaders need a great conversation with their peers?

Leaders need a great conversation to keep from becoming stagnate. Everything needs to evolve or it gets eliminated. They say it takes a village to raise a child. I agree that that it takes a village to develop your program. My network of professionals has supported the program I have designed within my organization and my professional development.

What have you learned from the other conversations you have participated in?

I have learned that it is ok to not know it all. People fear the exposure of not knowing the answers. So they minimize their ability to learn. When you can speak openly and freely in a conversation, you get to hear real and raw information. Who knew we all experienced the same challenges? Who knew that so and so at this organization went through the same trials I have had and found something that works? Who knew that people would utilize the methods I put in place because I shared it with them.?

It is important to know you do not need to know everything and be willing to ask and receive what others are doing.

What are the front of mind issues you have been dealing with as a security leader?

I think I have learned the secret weapon needed to be successful. I stopped telling department leaders what I wanted them to hear and I started listening.

I let the frontline staff help me build my program. I asked them to help me with the budget. I asked them to help me improve the plan that protects what is important to them. In return we have developed trust. I get their buy-in which shifts their behaviors regarding security. They see value in the partnership and services.

As a woman leader in security, what advice do you have for other women in our industry?

I don’t let being a woman hold me back or influence the way I respond.

I do my best to approach each situation with confidence and not arrogance. I can’t change the way people behave or think but I can set boundaries for respect. I address issues as they arise and let people know when boundaries have been crossed.

I look at myself as a leader in my profession first. I will be defined by my performance, my leadership, and my willingness to respect other stakeholders in my organization and in the industry. Of course I am proud to be a woman but I am more proud of my leadership capabilities.

Editor’s Note: Fallon will be a panelist on a panel that asks a very unsettling question: Are you being disrupted? The Uberization of Security. She will be joined by security leaders from Microsoft, Seattle Children’s, ASG’s Enterprise Security Risk Group, and ADT’s Enterprise Solutions Group.

Creating the Future through a Great Conversation


Are you confident that your risk, resilience and security program is fully optimized? Are you satisfied with your value proposition to your organization’s senior leaders? Are you sure you know where the hidden costs of your program are and how you might leverage those costs to improve your situational awareness and actionable response?

If any of these questions give you pause, you deserve a great conversation with thought leaders and your peers.

A guiding coalition of senior risk and security executives helped shape what was an intense one-day forum designed for busy leaders and their teams on May 21 at Yum! Brands Center of Restaurant Excellence.

What is the promise based on past Great Conversations forums? You walk away with nuggets of wisdom from one or more of the speakers or panelists that you will want to activate before the end of the year.

The forum is based on educational tracks such as: Leadership, Strategy and Innovation, Organizational Strength, Enterprise Security Risk Management, Intelligence acquisition and planning and, of course, the track that can disrupt any best practice: Technology.

Our guest faculty is compelling:

  • CEO of Yum! Brands, Greg Creed, addressing the security executive community with an articulation of value that may become a manifesto for future leaders

  • Former Amazon Security Executive Ed Bacco, who leads a group of senior risk, resilience and security leaders known as the Enterprise Security Risk Group (eSRG), moderating a panel on the Uberization of Security and how it might be disrupting best practices for better practices.

  • Jonathan Shimp, the Vice President of Risk Management at Louis Vuitton discussing his journey on creating a new model of identifying, acquiring, measuring and maintaining his security technology infrastructure.

  • Transparent industry case studies on the business problems security executives face at their organization and how they assess it, quantify the cost, muster internal and external teams to address it and the solutions they begin to implement.

  • The Security Leader of Yum! Brands, Steven Antoine, assembles a cross functional panel to uncover the ROI of creating a leadership culture of diversity.

  • A security executive from Seattle Children’s Hospital describes his journey in uncovering the unique value in creating a intelligent communication strategy. Three leading vendors provide a current and future roadmap that can be described as Communication-as-a-Service featuring intelligibility, interoperability, and IT’s need for enterprise scale provisioning.

  • In this sensor driven world, or what many are calling IoT, we no longer have an option to disregard the needs of the business and the environment that the business functions within: a building, a campus and a city. We bring a team together that has constructed an intelligent building to discuss how leaders can begin to use the lessons learned to shape their digital transformation strategy.

  • If “Culture Eats Strategy for Breakfast,” then the polar opposite is culture’s ability to create a highly leveraged model for security and safety. Two great leaders, Tyson Aiken, Senior Director for Global Safety & Security for Nike Inc. and Garrett Petraia, Vice President of Global Security for Levi Strauss & Co. describe their journey in a transparent and intimate dialogue.

An Interview with William Plante: Disrupting Security

William Plante, Senior Principal in the Enterprise Security Risk Group (eSRG), moderated a panel on the “Uberization” of Security at the Great Conversation in Seattle. No, we are not talking about a mobile app to run everything. We are talking about the increasing dilution of the security executive’s impact on the organization’s value because of the hidden costs of the security infrastructure including the shortage of subject matter expertise to run it. It is a sign that you are about to get disrupted when you are not attentive to the customer experience which includes the value proposition of time, money and value. Let’s learn more about William.

What is your background?

I was a CSO at Symantec. I was also Director of Enterprise Resiliency at Intuit. I ran a boutique security consultancy for programs and systems. And I have been a security practitioner for 39 years.

As a Risk, Resilience and Security leader, why is it important to have a great conversation with the security ecosystem?

The security ecosystem is rich with knowledge, experience, and perspective. Any security practitioner looking for guidance and advice can turn to all segements of the security industry – manufacturers, consultants, integrators, distribution, publishers, and other endusers – to gain a full perspective of issues and trends within the industry and that impact our world.

What are the key learnings you have experienced in past conversations?

I am impressed with the level of leadership sophistication and practical advice that we get from our conversations. We are an industry with some very smart people, both as practitioners and as business managers. Provocative, and sometimes contentious conversations, bring better meaning and understanding regarding issues and problems that we (as a collective of practitioners) can solve.

Describe the objective of your panel?

The IT world continues to impact how we manage and operate our systems. And the enterprise continues to demand the best bang for the buck challenging security leaders to remain focused on core competency and bring best value to the table. This conversation is focused on understanding how that is translating as an outcome in security departments and within the market. As leaders contine to grasp the true total cost of security while simultaneously adapting to new business and operating challenges, they are now pushing the “standard” paradigm of hosting and managing systems. The outsource model of consumption-based (or “pay-per-sip”) managed security services is becoming financially and technically viable. This panel explores this new paradigm.

Why is this important to the conversation?

Our Conversations often concern themselves with identifying significant trends and interpreting their impact. Providing a Managed Security Service isn’t a new idea within the IT and business community, and it isn’t new to corporate security either. With new advances in Cloud infrastructure and deployment, coupled with businesses that focus on providing core services and adding best value, the time to reexamine 3rd party hosted infrastructure and services is now. This trend will gain more momentum in the next several years and should be understood by every organization concerned with providing the best programs for the best value.

Based on the agenda, what do you hope to learn this year?

I am keen to learn how Scott Klososky is going to address the Integrated Security Model. Security is a very dynamic program, and I do think there’s a continual disruption in our space. I’m keen to hear what he has to say. The smart building discussion is also an especially interesting topic and I’d like to learn what others are thing about in terms of challenges and opportunities to integrate smart buildings into security system services.

Why Do You Do What You Do?

Why does Jeff Bezos start his senior leadership team meetings in silence?

Why does Tom Brady spend voluminous hours studying film of his opponents?

Why does world-renowned violinist Itzhak Perlman continue to practice eight hours per day after playing professionally for 50 + years?

Why does Taylor Swift still take voice lessons?

We each do what we do because we believe that something beneficial will happen. Jeff Bezos starts his meetings in silence to create an environment that fosters laser focus and critical thinking. Tom Brady studies film to find one weakness in his opponent to win the game. For Itzhak Perlman and Taylor Swift it is to be the absolute best musicians they can be.

Why do you do what you do? That question was asked of me recently by a friend after I mentioned that I was asked to speak at an event in Seattle called The Great Conversation in Security. My friend knows I’m not an expert in security and wanted to know what I would say to an audience of Chief Security Officers.

I told my friend that the reason why I speak is simple. I speak in the hopes of making a positive difference in a leader’s success at work and satisfaction at home. I also paraphrased Chicago Evening Post journalist and humorist Finley Peter Dunne who said, “I speak to comfort the afflicted and afflict the comfortable.” In other words, I speak to help an audience think in ways that are both uncomfortable and rewarding.

Why do you do what you do? Can you clearly articulate why you do what you do professionally or personally? If that question seems cumbersome or unwieldy, here’s a suggestion about how to get to your answer.

Read More

An Interview with Dr. Zafar Choudry

Zafar's Picture.jpg

We interviewed the visionary CIO leader of Seattle Children’s in preparation for his presentation on March 4 at The Great Conversation in Security. It was clear when we first met him, that he is not a man to just keep the lights on, provisioning IT systems that help the hospital. He also wants to make the entire business of the hospital intelligent so that it anticipates and serves to create a unique experience for the stakeholders.

Why do leaders need a Great Conversation with their peers?

This is the best opportunity to learn from peers, share best practices and just have time to brainstorm and strategize with different industries

How does the mission and vision of your organization impact how you develop your security program?

Our mission is to take care of Kiddos, help them remain healthy, at the same time we have to keep them safe, as well as their caregivers.

What is the greatest constraint you have today, that if you overcame it, would take your program to an exponential level of performance?

There continues to be a disconnect between IT in healthcare and Facilities Management, such that the amalgamation of technology and physical security is still too far apart

What Did you share with your peers at the March forum?

I’m talked about the Real Time Healthcare System – the amalgamation of Cloud, Social, Mobile and Analytics in healthcare to make it more responsive. How the concept of situational awareness will impact business strategy, safety and security.

What DID YOU learn in this year’s great conversation?

I learned what other sectors are doing in the field of physical, logical and network security and how they are linking it directly to their business strategy

An Interview with CSO Steven Antoine


The Great Conversation interviewed Steven Antoine, the Chief Security Officer and Director of Global Assets Protection for Yum! Brands, Inc., a world leading franchisor and Fortune 500 company.

Steven spent 15 years in the U.S. State Department before joining Yum! Brands.

Steven attended the last Great Conversation in March 2018. Since that time, we have been working with him (or should we say “for him”) to bring the peer to peer executive forum to their Center for Restaurant Excellence in Plano, Texas.

Why do we need a Great Conversation in Security?

Thought leadership. You are in a room where the conversation is askew from the normal conversations we tend to have. It is a space where people can be creative; hear ideas and explore avenues that may not be comfortable or safe but, because we are all being transparent under Chatham House rules, it becomes energizing.

The bottom line: The Great Conversation allows you to be comfortable with being uncomfortable.

Many of our executives leave the conference with ‘learnings’ that they activate when they return to their organization. What was yours?

I found validation and confidence in my direction. For some time, I have been on a mission to redefine the terms and understanding of ‘security’.

For example: here are some traditional notions or terms we use in our profession everyday and my alternative rendering to my organizational leaders and my team:

  • Safety=Prevention, guards and policy. What if we redefined this to mean the absence of acceptable risk?

  • Risk=Danger, geo-politics, violence and hardship. But what if we redefined this as constraints and obstruction to strategic objectives?

  • Loss=Theft and/or slippage. What if we redefined this as an efficiency metric where time, money and opportunity are the measures of performance?

All our professional domains are evolving along with the risk and business landscape. If we stay in our silos, we have a hard time seeing the whole picture. Then you add the technology domain that is digitally transforming our organizations and it becomes an imperative. Tapping into all these ‘silos’ creates a force multiplier in understanding, perspective, knowledge and wisdom.

Why did you decide to host The Great Conversation in Security in Plano, Texas within your facility?

Yum! Brands appears to be a franchisor of fast food brands like Kentucky Fried Chicken and Pizza Hut. That is true. But there is so much more. We have become an information management company. We are being digitally transformed. It is essential that we transform risk, resilience and security within this evolving business landscape.

As well, I am a member of a profession. All the security professionals should be lending their voice to our community. For me, I am selfish. I wanted to help drive the conversation. What better way to do that then to help host it!

You are right! Not only are you hosting it, but your CEO felt compelled to kick off the day with a keynote of his own. What can we expect from him?

Without ruining the surprise, let me ask you a question: “What does every CSO want out of his CEO?” I think you will have an answer on May 21.

Self-Assess Your Current Safety Strategy

The Great Conversation caught up with Shawn Galloway, one of our forum faculty members for March 4 & 5 in Seattle, Washington. We asked him if there might be an opportunity to have our community take a self-assessment before they arrive for the forum.

Shawn gave us a link to his website that you can use to read and then take the assessment. You can find it here as well as at the end of this short prelude to the full blog.

You also can find his books, including a special bundle price here.

Shawn 8x10.jpg

Self-Assess Your Current Safety Strategy

How complete and comprehensive is your safety strategy? Does it have the right ingredients? Do you even have a safety strategy? "Not paying attention to strategy is expensive. Each year organizations waste millions of dollars in time, resources, and effort. In our consulting practice we continue to see confusion: misunderstanding of strategy, real problems not addressed, misdirected effort, lack of personnel alignment, directionless short-term fixes, forgettable training, over-complexity, poor communication, cookie-cutter programs in place of strategic thinking, muddled motivation, poor incentives, not understanding what an existing organizational culture will tolerate or accept, misinterpretation of data, and attention to results without a clear understanding of how they came about. And these are just a few of the unproductive situations we encounter in our work. But most of all we see a lack of focus on generating and measuring ongoing contribution to value throughout the organization." (Inside Strategy: Value Creation from Within Your Organization, Galloway & Mathis, 2016).

After reviewing countless corporate, division and location-specific safety strategies, ten essential considerations were frequently excluded.

Read More

The End of Intercom?

The following is an excerpt from an interview with Jim Hoffpauir, President of the Americas for the Zenitel Group. (Vingtor-Stentofon).

Is your market changing?

The intercom market’s value has been diminished by encouraging end users and integrators to look at the technology as only a standalone mass communications or emergency stanchion solution. Essentially an afterthought. But if you study the core processes inside a security department, as well as their evolving need to become relevant in meeting the rest of the organization’s goals, you suddenly realize the need for an order of magnitude difference in intelligibility and interoperability that cannot be achieved by the standard “API” approach.


The scorecard for intelligent communications will be the absolute mandate for clarity in all circumstances; to hear, be heard and be understood. We call this ‘intelligibility’. Secondly, the need for a formal program of interoperability with the key systems that are deployed in the security market like access control, video management systems, and multi-modal communications. And finally, the need to translate what is happening in the IoT world that is driving the platform suppliers like Microsoft. This means we need to drive a new topology that will support the Infrastructure-as-a-Service (IaaS) model that Ed Bacco, the CSO for the Enterprise Security Risk Group is talking about.

Is the end user and the integrator prepared for this? Some are. You have to realize, the integrator is often at a disadvantage. They are not necessarily called upon to study the workflows of their prospects and clients. It is within these workflows that true process and budget optimization occurs. More often they have RFPs that force them to act on a perception of value that is tied to pricing. In many cases, they turn to something they know, instead of investigating the root cause of the organization’s motivation behind communications.

You mentioned IaaS. Do you believe organizations will begin to outsource management, maintenance and measurement of their security infrastructure?

Many will have to. First, it is not the core of what they do. And secondly, they are not solving their core issues around process and budget optimization. That is why we work so hard to create a higher level of interoperability through an established program with core, strategic partners and are changing the topology of our implementations. We have shed the need for a separate server, for example. You can start with one station that has server functions embedded in it. You can exponentially scale without ever buying a stand-alone server. We will continue this intelligence at the edge strategy within a company or outside a company with a virtual SOC or a managed services vendor.

What is the one thing that is always mentioned about your suite of communication devices?

Everyone knows us as the “Rolls Royce” of audio. But little do they know, that applies not only to the clarity of our audio, our interoperability and our cyber defensibility, but also to our value equation. We have been told by integrators and consultants that have really dug into how their clients are attempting to communicate operationally or in an emergency, that we are the best value in the market.

The Great Conversation in Security - March 2019: Summary of the Congress


The Great Conversation in Security has a very clear mission: To create personal, professional and organizational value in the risk, resilience and security industry. It starts with the customer experience: The leaders and their teams that assess the risk, understand their organization’s mission, and create the strategy, planning and performance metrics to mitigate risk and create value. It takes leadership, execution and technology to make that happen.

The Great Conversation is not an event. It is a collective; a congress of best practices that are evolving with the times. Throughout the year we attempt to have as many conversations as we can with the ecosystem, studying their transactions of value, their constraints and the emerging threats that are creating their sense of urgency.

We would like to provide a short summary of this year’s congress. We hope this will help the executives and their teams anchor their thoughts and inspire their actions.

We used a mobile engagement platform to provide a virtual conversation with our forum leaders and faculty. One of our core performance metrics is whether any of our faculty were able to provide ideas that were actionable. The good news:

  • 100% of the attendees intend to activate one or more ideas from the forum with 51% saying this will be immediately

  • 89% believe the way they manage their program was impacted by the content

We believe from our attendees’ feedback we know why this is happening:

  • The research

  • Which informs the content

  • Which sources the faculty (i.e., the subject matter experts)

  • Which align with the educational tracks that form the backbone of the conversation.

Some of the highest rated content revolved around the following:

Your Security Program is a Business Model and it is being disrupted.

This hit home with many executives since it painted a picture of a rapidly changing landscape that challenges our current notions of how we organize people within roles in our core processes using technology. It also challenges our definition of our value and promises a bright opportunity for those who can adapt and change.

The State of the Industry

An industry panel that included two former CSOs, a current CSO and a Risk Management Services Organization, provided a global perspective of leadership and a response to the shifting landscape that was articulated in the opening keynote. That is, it was a grounding experience to hear how these executives were “re-balancing” their leadership competency and capability to respond to change.

The Uberization of Security: Customer Experience, complexity and cost drive disruption – where is this hidden cost?

A panel of Security Executives talked about the increasing complexity, cost, customer experience and skill shortage driving a new security business model

Lessons Learned from an Active Shooter

This was a riveting step by step story of a small university that had prepared their people and their culture for an incident. As well, they had created a technology infrastructure and process that most larger companies have never achieved. The result: saving lives, creating resilience and, most importantly, anchoring the trust in the process they had spent years developing, training and measuring.

Industry Case Studies followed by Technology Roadmaps

We featured 3 on the first day that were some of the highest rated in the conversation:

Creating the Enterprise Security Intelligent Platform

GoDaddy’s security executive and LenelS2’s CTO worked together to provide insights into how to construct an information management platform and how we might think about the roadmap over the months ahead.

Video Management: A Path to a Service Architecture

A Security Executive from a high-profile airport provided his insights into the highly leveraged implementation of video for operational performance and for risk mitigation. It was followed by an educational primer on how executives can begin to evolve their video management platform into a service architecture to streamline operational, budget and risk performance.

Intelligent Communications in the Intelligent Organization

A Security Executive provided a roadmap on how to construct a Security Operations Center that can provide situation awareness and actionable intelligence and can trigger multi-modal (voice, public address, text, digital signage and desktop alerts) with a push of a button. It was followed by a roadmap on the age of voice and how to create intelligent outcomes through intelligent communications.

Creating a Safety and Security Mindset

This was a strong reminder that culture will be the key to long term success in our security and safety program. The ability to get great results, the ability to repeat great results, the ability to gain insights into what led to those results will be impacted by the cultural mindset leaders establish around continuous improvement. An Excellence Evolution Model was broken down into discrete elements that provided a roadmap to best practices in security, safety and leadership.

The Need for a New Learning Model for Security

Our academic partner, the University of Washington, provided a thought leader in disrupting how we prepare our next generation knowledge workers and leaders for the changing landscape of risk. It stimulated a lively discussion around how to get started and created valuable touch points from the entire ecosystem.

A Case Study on Mercedes Benz Stadium: Home of the 2018 Super Bowl

The executive leader of security described the venue and the challenge, and his trusted partner described the unique security technology infrastructure that keeps the attendees, the players and the media safe.

A Case Study on the Power of a Cloud Managed Security Solution at Gonzaga University.

The security leader described the risk and the opportunity and the trusted advisor the deployment with a focus on the evolution to a cloud-based video management architecture.

A Case Study on High Definition Situational Awareness

This study featured the trusted advisor and the manufacturer, that illuminated the force multiplier of a high definition video camera implementation.

Smart Buildings

We featured three specific segments on the evolving smart building trend which reinforces an integrated security model:

Smart Company, Smart Building: Security’s Value Proposition is Changing.

A CIO of a major hospital is leveraging domain expertise in physical security to leverage and augment his smart hospital vision and mission. The stakes are high. The customer experience and the mitigation of risk will dictate the performance measures of one of the best brands in the industry.

Revolutionizing the Future of Smart Buildings

An industry panel including a CEO of a “smart switch” organization and a subject matter expert in the deployment of smart buildings, provided detailed view of the elements of the smart building approach

Securing the Potential of Smart Buildings

A building that was designed from the ground up to be intelligent was the subject of a case study that detailed phenomenal metrics for security, safety and competitive advantage. The cost savings were also compelling.

Path to Digital Transformation

We turned to one of the largest software manufacturers in the world, Microsoft, to show us how to create a digital transformation roadmap and, most importantly, why. It was an excellent conversation to end the congress

Final Thoughts

What I heard over and over as we networked over a hosted bar and appetizers, is how intense but productive the conversation was, with many of the new attendees essentially admitting they “had no idea how important and valuable this was”.

Many also acknowledged the insights we have after 16 years of facilitating these conversations. One of the insights was when our emcee, Ron Worman, noted that in 2003, there were no women in the audience. He asked for all the women to stand and be recognized to the applause of the industry stakeholders in the room.

We are now headed to Plano, Texas on May 21. Urge your peers to lend their voice to leadership, innovation and change by attending.

Then we are headed to Washington DC for the Executive Summit Series, an invitation only leadership forum held during OSAC week. The date is Monday, November 18 at The Boeing Company in Crystal City. It is a great launching point for OSAC and the other associations holding events that week.

An Interview with Dylan Hayes of Seattle Children's

Dylan Hayes Headshot.jpg

Dylan Hayes, Manager, IT Security | Enterprise Security Technology at Seattle Children's Hospital – Research - Foundation, has been part of The Great Conversation community for some time. He has contributed his lessons learned willingly, and is an attentive student of his peers as they share as well.

This year, he will be joining a discussion around the current budgeting model of security and how it might be changing, as well as contributing his lessons learned in creating an information management platform that will serve the needs of the business now and into the future.

Dylan recently took a role under the CIO of Seattle Children’s

Why do leaders need a Great Conversation?

Leaders need a Great Conversation to continue to evolve synergy throughout the business, the community and the industry eco-system. Through challenge, collaboration, analysis, sharing of successes and mistakes and new ideas, this leadership forum is crucial to drive strategy, improvement, innovation and efficiency. The sharing of wisdom, concepts and skills is necessary to fine tune and perfect outcomes, operations and experience. Liken this to becoming a master of an art or professional athlete.

How does the mission and vision of your organization impact how you develop your security program?

Our security program must align with our value-based culture (specific values) and the fundamental objectives that directly impact the mission and vision initiatives.

What is the greatest constraint you have today, that if you overcame it, would take your program to an exponential level of performance?

Internally managing the performance, service and health of our system and components.

Why did the CIO want a physical security professional like you in his organization?

Technology, information and integration aligns with IT. It is a natural alignment of enterprise technology, strategy, service and support.

What do you hope to learn in this year’s great conversation?

The roadmap of the industry and the forward thinking strategy to manage the evolving technology landscape, provide exceptional customer service, and drive value to the business.

Tackling the Challenges

Morgan Harris is the senior director of Enterprise Solutions for ADT Commercial. He is a certified technology professional with extensive experience in managed services. His certifications cover infrastructure solutions from a variety of IT and Physical Security technology vendors.

Fundamentally, Morgan must be adept at gathering, analyzing, and defining business and functional requirements that inform and infuse the engineered design that will replace or augment the core processes of his clients.

With this background, he will be attending The Great Conversation and providing his insights into new models of outsourcing and managing physical and logical infrastructures.

At the end of the day, he is trying to help us move beyond what we will not see, hear or even mention because we feel stuck with budget constraints, people constraints, and organizational denial.

Below are some excerpts from a recent article he wrote for the January/February issue of Security Today. You can read the entire article through the link provided.

Tackling the Challenges

It should come as no surprise that cybercrime is one of the biggest threats organizations of all shapes and sizes face today. There were purportedly 918 data breaches compromising nearly 2 Billion data records in just the first six months of 2017. No organization, be it a Fortune 500 company or small business, is beyond the reach of today’s sophisticated hacker.


With the constantly evolving campaign strategies cybercriminals are adopting like ransomware-as-a-service, it’s no wonder that 87% of board members and C-Level Executives state they lack confidence in their organization’s level of cybersecurity preparedness.


Back in the late 1990s and early 2000s, there was much talk about the convergence of physical and digital security as IP-enabled devices started to come into the scene. That convergence was never fully realized in the manner that the industry experts thought should or would come to fruition.

As we fast approach the 2020s, cybercrime may prove to be the catalyst that reignites the drie to bring the two sides together, redefining convergence.


Let’s look at the various resources that are available to you. It is safe to say that firewalls and anti-virus software are fairly well known and understood, but have you considered embracing a managed and monitored firewall and anti-virus program? Engaging a third party provider to deliver these services can help ensure that your solutions are always up to date, communicating with each other and monitored for potential breaches 24/7/365.

Relatively new on the scene are managed detection and response (MDR) services. General characteristics of MDR services are:

  • Vendor provided technology for threat detection

  • Monitoring and analysis by human security analysts

  • Using threat intelligence or data analytics

Read more at Security Today

An Interview with Joe Fairchild, Microsoft’s Global Security Lead in the Center of innovation

Joe Fairchild Headshot June 2015 with Coat.jpg

We like to profile our faculty through interviews and their thought leadership. Joe Fairchild has been active in The Great Conversation for years and will be addressing the forum community on Tuesday, March 5. He also will be part of a panel discussing the hidden costs of security and new models that can address this increasingly burdensome issue.

Joe joined Microsoft Global Security as a contractor in 2008. In 2010, Joe was hired by Microsoft as the Regional Security Manager for Global Security Operations in the US and Canada. Since that time, he has held a myriad of roles within the Global Security team including; Event Security, Access Management, Security Consulting, Technology, and has overseen a Project Management Office (PMO).

 In recent years, Joe has been tasked with the execution of the Digital Transformation vision for Microsoft Global Security. In September 2018, Microsoft Global Security merged with the Microsoft Real Estate & Facilities team, creating the Real Estate and Security Center of Innovation. Joe currently has the role of Technology Lead and Solution Development for this new organization.

 Joe is a veteran of the US Army, worked as Police Officer for the city of Redmond. Joe has a Bachelor’s degree in Psychology and a Master’s degree in Organizational Studies degree from Stanford University, where he also played for the football team.

Here is a short interview we had with him recently.

Why do leaders need a Great Conversation?

A safe place to learn, exchange ideas, and to compare ideas is critical to staying on top of the latest risks and to continuing to drive innovation around security people and assets.

How does the mission and vision of your organization impact how you develop your security program?

Our mission at Microsoft Is to enable every person and every organization on the planet to achieve more. Fundamentally this is a mindset where success frequently means you are not being recognized for all the hard work it takes. This is a mindset that is very similar to being in a protective role. Whether it be as a football player or as a successful security professional.

What is the greatest constraint you have today, that if you overcame it, would take your program to an exponential level of performance?

Distractions and time. Each distraction brings with it a moment of stepping out of flow and producing my best work.

What will you be sharing with your peers at the March forum?

Physical security has traditionally been rooted in a paper culture, employing a reactive approach to security threats where the norm is to respond to events after they have occurred. In these responses, much of the action taken is focused on adding safeguards to infrastructure such as additional walls or badges in an effort to reduce risks. However, digital transformation challenges the status quo of physical security, enabling the shift from a reactive, paper culture to a data-led, predictive physical risk model. Digital transformation will help physical security focus on how to obtain data and utilize that data correctly in order to mitigate the impact before a threat occurs, including cyber security threats in addition to physical ones.

What do you hope to learn in this year’s great conversation?

More about what is happening in the security industry at large and how people are thinking about physical logical convergence and the intelligent cloud.

Editor’s note: We will be providing a digital white paper to attendees at the conference entitled: “The Digital Transformation Playbook” from Microsoft Global Security.

A Complete View of Security

Our technology partners in The Great Conversation supply us information that extends our imagination on how we might apply technology to today’s problems. We felt this was an interesting story that was published in Security Today and is provided by permission of the publisher. It profiles two technologies and vendors that came together in a holistic solution that will be featured at The Great Conversation.

Bigger is Getting Better

SMG/The Moscone Center undertaking complete security renovation

By Ralph C. Jensen, Editor, Security Today

There are a handful of amazing things that set San Francisco apart from other world class cities. Notably, there is the Golden Gate Bridge, Alcatraz Island, Fisherman’s Wharf and Chinatown; the Twin Peaks overlooking the city, San Francisco Bay, and yes: The Moscone Center.

Just how does a convention center fit into the list of places to see in beautiful San Francisco? It is the largest convention and exhibition complex in San Francisco. It includes three main halls spread out across three blocks and 87 acres in the South of Market neighborhood. The convention center originally opened in 1981 and has gone through several renovations. It is currently upgrading its security system to reflect a best-of-breed, state-of-the-art solution.

Securing the Facility

Security at the SMG/Moscone Center is handled similar to the security at a Tier 1 airport; however, clients who use the facility are required to provide their own inside security. When the doors are open to the public it plays host to people who want to come in and look around.

“We are responsible for facility security inside and on the perimeter outside. This is considered a soft target, so we do everything possible to harden the security,” said Damion Ellis, director of security at the SMG/Moscone Center. “The time is right for us to take out the old security system, including the old analog camera system. Our new security system will provide analytics, and the ability to look at the images in real time.”

Like any major metropolitan area, there are issues that have to be dealt with that aren’t pleasant and keeping track of the homeless population and what they are doing is one such issue.

“We are able to place the new IP cameras in places where the homeless population congregates on the outside, in dark corners of the facility,” Ellis said.

The Moscone Center complex consists of three main halls. Moscone South is located to the south of Howard Street and is three stories tall.

Read More at: Security Today