Everyone’s in security for Direct Energy’s CSO

“Corporate security interacts with all the business units and we want
them to know that we have better insight into who to call for help and
say look I know we know we need to contact somebody so let’s contact
security. It may be an HR issue or something somebody doesn’t know what
to do with. It’ s not about thinking outside the box; it’s about
thinking inside the circle of everyone in the company,” he says. “In
corporate security we’re not just securing our facilities and employees
and properties, we’re also securing the brand and that includes our
employees and their families as well.”

That means Weir’s realm of responsibility will often extend beyond the
immediate employee group of Direct Energy. Most people know Direct
Energy from the services they provide to their homes. The company’s
core businesses range from gas exploration and power generation to
energy pricing and protection plans to a full line of energy-related
services.

From a consumer point of view, most people may know Direct Energy
because they have been approached by a door-to-door marketer selling
Direct Energy products. These individuals are independent agents
representing Direct Energy and not employees. To try and mitigate any
risk, Weir decided the company would pay to have each one of them
undergo a background check before knocking on any doors representing
Direct Energy.

“It’s something we feel necessary for our customers for their
protection — we don’t really advertise it. My job is to secure the
brand so every marketer that comes to your door from Direct Energy to
sell you a gas plan has had a criminal background check — not many
companies do that. My job is not just to secure the company, but to
secure the customers as well and in saying that, some may have a
criminal record from years ago — perhaps possession of a narcotic — but
are now in their 40s and is not relevant. With criminal background
checks the thought process is they should be objective not subjective
because there are a lot of things that change in people’s lives.”

Weir came to corporate security somewhat by chance. After the adoption of
their son eight years ago, Weir and his wife, also a police officer in
the fraud investigation unit, decided one of them should leave the job
to pursue something different. He was with the Toronto Police Service for 17 years before joining
Direct Energy in 2002.

“I was on Monster.ca one day looking up something for my wife and I saw
there was a company looking for a Chief Security Officer for overall
duties and I decided to throw my name in. I said I had been a police
officer for 17 years in the Toronto area and if interested to call my
cell,” recalls Weir.

 Five days later, six headhunters called him.

“I was happy on the police force and not really keen to leave so I
said, ”˜Tell me what the company is?’ Typically headhunters won’t tell
you right away but this but this one did, saying it was Centrica — a
British company. “I hadn’t had a job interview in a while and thought
it could be a good exercise.”

Weir landed the job and hasn’t looked back. He has a small team of four
— two fraud investigators based in Toronto and one security manager
based in Houston, Tex. He says it was those years of walking beats in
Toronto’s diverse neighbourhoods that gave him a skill he never thought
would become so valuable in corporate security — the ability to communicate with people on many levels.

He reports to the senior vice-president of human resources and CEO of
Centrica North America, Deryk King. He sits on Direct Energy’s risk
committee and works closely with all business units within Centrica
North America, including executive levels.

---

“The leadership of this organization makes it easy for me to do my job.
They are extremely supportive and of the highest moral character and
because of that they understand security and know that we need to
protect our employees. It’s easy working for and with the executive
team because of their compassion for what we do. I know many others who
don’t have that endorsement. It makes it easy for me to walk up to
(Centrica CEO) Deryk King’s door and say ”˜Have you got a minute?’ and
give him the heads up about something and he will thank me for it,”
says Weir.

He manages much of the operation with the assistance of networked
security technology — a good deal of it is accessible from his laptop.

“Because of the geographical size of what we have to deal with ”“ our
operations go from Newfoundland to California — and for us to
physically see these place we have to use technology. Our access
control systems are also centralized whether it’s in Toronto or
Houston. In a global economy, technology has to be used,” he says.

Weir is a big fan of PPM 2000’s Perspective Premium for reporting — all
incidents in the company flow through there and employees are educated
to report incidents through the company intranet and they then flow
through Perspective.

“We started using PPM’s product five years ago and graduated to
Perspective Premium last year. I do quarterly reports to the
operational committees and it allows you to qualify what you’re doing,”
he says. “Not long after I joined the company our CEO joked to me,
”˜Well, we didn’t have these problems before you joined the company.’

“It’s great because I can assign a problem to another business unit,
for example to IT security or to HR, or I can accept it as one of my
own and then assign it to a team member or place it in pending because
it needs more information.”

And by creating a one-stop portal for employees to file their concerns
about security-related incidents, it means there are far more eyes
watching out for the corporate brand.

During an employee’s first day at Direct Energy, whether it is
Pittsburgh, New York or Toronto, there is an online introduction to
company policies such as code of conduct, brand values, information
security and physical security.

“Any employee at Direct Energy can go into the portal and report an
incident,” he says. “If a service technician on the road has something
stolen from their van they can report it to their line manager who
would then submit it.”

He also uses NetVu Connected from Dedicated Micros to view camera feeds
from remote locations, such as a power plant located one mile from the
Mexican border.

“The controller for the camera is in the control room at the power
plant, but if someone is moving in the landscape it will pick up and
follow it if there is something there that is not normally there. If
there is an alert, the control centre at the power plant will get the
alert — if needed they notify us. I don’t normally dial-in unless
someone at the site has contacted me to say, ”˜Take a look at the
cameras in this location. The cameras are a great tool for
investigating after something is happening, but it’s also an essential
tool for the power plant workers,” says Weir.

When it comes to security issues related to Direct Energy’s critical
infrastructure Weir has reached out to N-Dimension Solutions of
Richmond Hill, Ont., which assists critical infrastructure
organizations with the protection of their control systems and
information systems by providing them with cyber security solutions
that facilitate compliance with industry-specific security standards
such as NERC CIP, IEEE P1711 (AGA12), and other directives, including
those proposed by the U.S. Department of Energy and the U.S. Department
of Homeland Security.

“They do the evaluation on NERC and critical infrastructure and they
are probably the best in the world right now — a lot of U.S. companies
are using them.”