Leadership Solutions

inside_gsoc.gif

Next Generation Security Leader Forum: Driving Unified Risk Oversight through Global Security Operations Centers Executive Summary

Created by the Security Executive Council

Introduction

In April 2017, The Boeing Company hosted a Security Executive Council (SEC) Next Generation Security Leader (NGSL) forum on three campuses in the United States. The all-hazards executive development curriculum was also offered worldwide via video conferencing. One hundred and sixty vetted security leaders took part from 16 industry sectors.

The NGSL program is a "living" program that is continuously refreshed. It's improved by competent practitioners who manage capable teams that are intelligently informed, developed, equipped and prepared to manage Unified Risk Oversight™ (read the SEC's guide entitled Making the Case for an Operational Risk Leadership Advisory Council).

Pre-Event Survey Results

Attendees were asked to participate in a survey before the NGSL forum convened. Following are selected results.









Please briefly describe your three most impactful metrics (representative selection of answers):

  • We have not yet begun to generate meaningful metrics but have a plan to do so once we become fully operational.
  • We are currently building metrics which track cycle time of event notification to actual action to mitigate the risk. Others are in work.
  • 1) Incident/Activity levels 2) Impact to BU and Company Travelers 3) Risk levels to BU's
  • Alarm/Security Response Medical Response Significant Events
  • Cost Savings/ROI; Key Accomplishments/Wins; Risk Alerts

Session Highlights

Selected session synopses and audience/panelist take-aways are listed below. To view the entire agenda, speakers and represented companies, see this page

Session 1: Aligning Operational Risk Oversight Considerations with Strategic Leadership Imperatives

Session 1 Synopsis:


Bob Hayes introduced the audience to fundamental SEC and SLRI Collective Knowledge research findings for Board-level Risk and Unified Risk Oversight. Alan Borntrager and Tom Mahlik, respectively, informed next generation leaders with proven practices for program business, culture, and program alignment. Operational excellence and protection-in-depth oversight models provided several strategic information sharing opportunities for global security risk operations centers. Material content also included collateral from the Institute of Internal Auditors.

Session 1 Selected Takeaways:

  • Survey your key stakeholders on how they want to be communicated to.
  • The work must get done and be seen to be done by senior management.
  • Continually strive for innovative and collaborative ways to partner and deliver value.

Keynote I: Critical Facility Dependencies for All-hazard, Unified Risk Oversight

Keynote I Synopsis:


NGSL host, Dave Komendat, introduced keynote speaker Kim Smith, Vice President of Attack Helicopters and Mesa Senior Site Executive, who detailed the depth and breadth of running a critical site for the world’s largest aerospace company and defense contractor. She shared some of the dependencies that she and her team relied on for protecting personnel and assets, both on-site and in-transit across the globe.

Keynote I Selected Takeaways:

  • Global Security Operations Center return-on-investment value, to enable global business, is obvious.
  • There are a lot of great ideas out there. Be prepared to compete for funding with a persuasive business case.

Session 2: Operationalizing All-hazard Unified Risk Oversight (URO) GSOC Services

Session 2 Synopsis:


Sean Dettloff led the session. Panelists, Jeremy Rodrigues, Tim Williams and Richard Chambers of Boeing, Corning and Starbucks Coffee, respectively, detailed physical platform design and service transformation opportunities that were diverse, new, and evolving approaches to unified risk oversight; ranging from consolidation of multiple communications centers to modernizing older platforms to scale for organizations of the future.

Session 2 Selected Takeaways:

  • Intelligence led capabilities enable just-in-time situational risk communications (alerts, warnings and advisories) .
  • Communication back to all stakeholders is critical (associates, contractors, employees, management, and partners). They need to really know what occurs at the GSOC and how it works.
  • Creative services and communications teams are good partners to accomplish better awareness.

Session 3: Examining Continuous URO Improvement Opportunities: How Do We Get to Nimble and Resilient?

Session 3 Synopsis:


Dean Correia revisited SEC/SLRI GSOC Benchmark findings that identified influencing technologies and solutions providers who provided incremental success for unified risk oversight integration. Panelists Darren Myers, Josh Massey and Alex Rodrigues continued the business case for business, culture and leadership alignment from the three diverse lenses of Banking, Federally Funded Research Development Center and Entertainment.

Session 3 Selected Takeaways:

  • Do we really understand risk? Business leaders thought the enterprise risk framework would be a drag on innovation. But we explained it enables more innovation if you understand the risks.
  • Talent development is critical.
  • Like security metrics, GSOC development is an iterative process.

Session 4: Anticipating Global Risks, Threats, and Enterprise Vulnerabilities for 2020 and Beyond

Session 4 Synopsis:


SEC Subject Matter Expert Faculty John Slattery, formerly of the FBI, led diverse sector representatives, Angela Cheng, Steve Baker, Charles Sitkoff and Derek Howe on a compelling discussion of future state. Long term focus, interdisciplinary risk considerations, compliance complexity, terror, cyber and third party risks were contemplated; along with current and future solution providers and services.

Session 4 Selected Takeaways:

  • If the threat exists now, you are playing catch up.
  • Three lines of defense: Risk oversight and committee structures; enhanced reporting and use of key risk indicators; and continuous assurance and testing.

Key Note II: Building All Hazards Risk Resilience for The Next 100 Years

Key Note II Synopsis:


Tom Shinner shared Boeing Security and Fire’s lens for protecting the brand for the next 100 years. Boeing’s recent 100th birthday elicited leadership calls for long range resilience. Not coincidentally, GSOC and Unified Risk Oversight will take center stage as next generation solutions, talent and ingenuity are marshalled against future, risks threats and vulnerabilities. In particular, GSOC will hub risk intelligence communications now and in the future.

Key Note II Selected Takeaways:
  • If your metrics represent counting activities, so what? Make the connection to how Security is enabling the business.
  • Resilience means simultaneously managing an incident and planning how to keep the business going.

Session 5: Making the GSOC URO Business Case Value Proposition

Session 5 Synopsis:


Francis D’Addario and Heather Obrien set up panelists Tom Shinner, Ed Schubert and Mark Lex for dialogue regarding Unified Risk Oversight business case. Benchmarking and State of the Industry research including this forum’s finding depict fast changing protocols and technology that will inform and optimize brand protection-in-depth strategies.

Session 5 Selected Takeaways:
  • GSOCs are valuable tools to utilize to continually assess, prepare, respond, and recover from risks and threats.
  • Tie your GSOC services to your organization`s mission and its Board level-risks.

Interactive Sessions Summary

During the event there were 2 “breakout” sessions in which each location locally engaged their attendees in some exercises and discussions. Each session started by asking a poll question and taking a count of answers by way of a show of hands. These quick-poll outcomes are listed below.

Breakout Session 1 Communicating GSOC’s Value:

Attendees discussed reliable key metrics and the best methodology to communicate GSOC value to the organization.

Poll question from breakout session 1:
Which of the following is the most important concept you need to communicate about security to management today?

Poll results:
An overwhelming majority of attendees felt the most important concept was communicating the business value of security to senior management. Other responses, although selected infrequently, are worthy to list for reference purposes in order by frequency: Demonstrating measurable operational excellence, cost savings through security risk mitigation, security’s current responsibilities/activities, where security’s resources are going, (e.g., budget/FTE) and security resources used by each business function.

Breakout Session 2: GSOC Innovations

The groups re-gathered to discuss the future of GSOCs (e.g., processes or technologies), ways to collaborate across the organization and engaging senior management in the vision of the GSOC.

Poll question from breakout session 2:
Select from the given list 1 or 2 new or improved GSOC services you feel are important to add (and that are hypothetically attainable within your organization)?

Poll results:
Similar to the question in breakout session 1, one response stood out – attendees want to initiate or improve emergency communications, traveler tracking and reporting incidents using smart devices. Out of the choices provided the next highest ranking responses were cargo tracking and program management. The remining options, artificial intelligence, drones and robotics, were rarely selected.<

The Next NGSL

Information will be posted on the SEC website.

Global Security Operations Center (GSOC) Best Practices Working Group

Work group members meet quarterly to discuss proven practices. Upcoming meeting are slated to take deeper dives on Analytic Audio/Video, Biometrics, Drones (defense, governance, and management), Innovation Incubation, Robotics and Social Media as an Intelligence Tool. Contact Dean Correia, Emeritus Faculty SEC, contact@secleader.com, for more information.

The SEC’s Security Leadership Research Institute (SLRI)

The Security Leadership Research Institute (SLRI) provides independent and actionable research to the security and risk community. The SLRI was formed because of the need by the security industry to document the entire spectrum of corporate security risk mitigation through research. The SLRI conducts benchmarks like this one and many other forms of research such as practitioner quick polls, state of the industry and trend reports, and custom research for individual companies and security leaders.

Learn more about SLRI:
https://www.securityexecutivecouncil.com/about/research_institute.html

The Coles College of Business

The Michael J. Coles College of Business at Kennesaw State University is the second-largest business school in Georgia, with more than 6,000 students, 160 faculty members and a powerful alumni network. At Coles, we’re dedicated to the success of our students, our university and the business community. We are accredited by the Association to Advance Collegiate Schools of Business (AACSB) in both business and accounting, and hold many national and global rankings.

For more information on this topic see Program Best Practices: Global Security Operations Centers (GSOC)

Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.

Copyright Security Executive Council. Last Updated: November 28, 2018

You can download a PDF of this resource below.

NGSL_Findings_Report_Boeing_Executive_Summary.pdf
Click to download PDF file
356KB