5 Secrets to Building a Great Security Team

Page 2 of 2

3. Demand proven business skills. Karen Frank remembers the day, early in Williams' tenure as CSO, when he called an all-staff meeting to tell everyone they should seriously consider getting an MBA if they had not already done so. "I had never thought of it," says Frank, brand protection and investigations manager.

She decided to take advantage of Caterpillar's tuition reimbursement policy and pursue the degree. Williams' emphasis on personal growth and development "made me feel important," she says. "You can support the business much better if you understand the principles of business decision-making."

Williams himself has an MBA, which made him a huge believer in its value. "I really saw the benefit and the ability to talk in depth with business leaders and get it from a business standpoint," he says. And it drives him to distraction when people suggest sending employees to take a course that only teaches the "language of business."

[Read How to get an MBA without losing your mind, family or job]

"Spouting catchphrases can get you into more trouble than it is worth. It's better to take the time to really understand business principles through in-depth coursework. You need that immersion so you can put all the pieces together," he says. It's fine to refer to internal rates of return in a presentation, but you better know where that number comes from and the thresholds set by your company.

The new generation of security leaders understand business as well as they understand security. Many would prefer a business person as their deputy rather than a security person--security is easier to pick up. Says Williams, "I'm proud to be someone rooted in both worlds--I simply couldn't have succeeded as CSO of a Fortune 100 company if I weren't."

4. Create a communications czar for security. As noted, Williams made some sweeping changes when he came to Caterpillar--changes that shook up the old regime. In addition to asking for help from HR, he pulled in Ashley Hunt from the corporate public affairs office to be his communicator for security. Unusual? Yes, but invaluable, as it turned out.

Hunt helped communicate the reorganization of the security team to both affected employees and the broader group. "She has helped all the employees understand the real risks they face," says Williams. "Ashley is a force multiplier for us."

Now her role is much more proactive. She publishes a monthly security bulletin on the intranet--basically a newsletter with a variety of awareness information on topics such as travel security, scams and fraud. She includes some general awareness articles, too. "We help people understand the real security risks at Caterpillar. We want to change that perception of security and [of] the role each employee plays in creating a safe and secure environment," says Hunt. She believes employees view security as having a higher value within the organization now, and they have a better understanding of the role they play in enterprise risk management.

For example, the Global Security function offers several educational resources concerning travel security. It's part of Hunt's job to help the team inform employees that this material is available. "Every traveling employee has an opportunity to participate in online security awareness training, receive security alerts while they travel and have access to 24/7 travel security advice," says Hunt.

Other teachable topics include terrorism, workplace violence, crisis preparedness, and information security.

Hunt spends roughly half her time on security matters and the other half on general corporate affairs. She has not yet encountered anyone who performs her role at another company. Williams hasn't either. "[The security department] is one of the best internal clients I have ever had. You know what you're going to get when you work with them," she says. Williams is a straightforward guy, pleasant to work for, requiring little second guessing on strategy or tactics. "He values communication, which makes my work more effective for Caterpillar and more fulfilling for me personally," says Hunt.

5. Nurture dissent. File this one under easy to say, hard to do. Williams encourages his staff to bring honest disagreement to the table--respectfully, of course--whenever it comes up. "He's very open," says Frank. "He is open to the opinions of others."

"On our teams, we have direct, crucial conversations," says Williams.

"We have respect, but we get the conversations on the table. I solicit people to challenge management. That is so critical. It creates much better decisions when people can respectfully and openly challenge assumptions, thinking and decisions." Giblin, for example, may disagree on how certain processes and protocols are implemented in his region, and he feels comfortable letting Williams and the rest of the team know. Like Williams, he encourages his staff to bring up differing points of view.

[Read How to build a security management team]

It's not just disagreeing; anyone can say they don't agree. "People should point out if they think we should look at something from a different perspective. It's healthy to have differing opinions on issues--it keeps us away from the traps of groupthink--and keeps all of us focused. It happens every week."

At Caterpillar, the voice of the individual is important--maybe moreso than at most companies--though in some regions, that can be tricky. In most countries, "there still is a gap between what people think and what they feel comfortable saying," says Williams. "What they do want is the opportunity to influence decisions."

No matter where Caterpillar employees are located, they have at least one thing in common: the knowledge that the company's whole is more important than its individual members. Williams learned this the hard way when he praised one of his regional security directors for a job well done. The executive almost resigned because he felt the credit should go to his team.

It's an odd lesson for Williams to have to learn anew, given his own unshakable devotion to teamwork. He is immensely proud of the team he has assembled. As he works on his security plan for the next five years, he trusts they will be at his side, helping to carry the ball. "They excel daily. I am very proud of this team," he says. "Each person is mutually supportive and doing a great job."

This story, "5 Secrets to Building a Great Security Team" was originally published by CSO.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
| 1 2 Page 2
Shop Tech Products at Amazon