Security Director of the Year winners share lessons learned

When Canadian Security launched the Security Director of the Year award in 2006, that relationship was further solidified. In total, 12 directors have received the award (with a 13th to be named later this year). We asked previous winners to share their thoughts once again and answer this question: What is the most important lesson you have learned in your security career and the one you impart most often to co-workers and colleagues?

James Armstrong
Vice-president, Security, Ottawa International Airport Authority, 2017

Over the course of a 25 year career within the military, security and intelligence fields, I have learned a key lesson that has applied in every environment that I have worked in — threat streams are constantly evolving and adapting to your security measures. No matter how strong your security measures, you will always be at a knowledge disadvantage against a threat, while invariably trying to catch up to the situation as it unfolds. The threats we face today are vastly different than the ones from just a few years ago. Cyber security used to be something the IT department managed, but today the Internet of Things has pushed cyber threats into every realm of security. As society has embraced technology, so have criminals. At the same time, threats are quick to employ low-tech attacks, such as lone wolf vehicle attacks, that are challenging to counter. This has created a wide spectrum of threats with the added challenge that they quickly evolve and work around security measures.

Simply preparing physical security measures is not good enough anymore. Security professionals need to lean forward with threat intelligence capabilities, develop enterprise risk management systems, maximize every asset to help detect threats, integrate with other assets and agencies, and train core mitigation skills that can be applied during any threat. This requires security staff to be critical thinkers with the ability to quickly observe and orientate to an evolving situation, analyze it and make appropriate decisions. This can only be achieved with a strong training foundation, understanding evolving threats, experience, having a complete understanding of the security assets in your toolbox, and the recognition that the threat also has a vote on whether your security plan will work or not.

Todd Milne
Director of Security Operations, University Health Network, 2015

The success of any organization is premised on the strength and ability of your team.

People are your most important asset. This strategic pillar is a critical component, if not the most important for a successful program. (African Proverb: If you want to go fast, go alone. If you want to go far, go together.)

Security has come a long way over the years, particularly with associated regulations. We are accountable to various acts: Private Security and Investigations, Workplace Violence and Harassment, Privacy, just to name a few. Standards such as IAHSS and ASIS security design guidelines are strong principles that assist with decision-making ventures and ultimately make us better equipped leaders.

Management and supervision is a vital element to ensuring compliance, implementation of effective security standards, operating guidelines and the oversight of staff and their performance against measurable results.

It’s imperative not to work in silos, but rather to embrace the many subject matter experts across all verticals that will ultimately support decision-making when structuring a sound security plan.

Thomas Gerstenecker
Chief of Corporate Security, UNOPS, 2011 (Now: Founder and CEO, 3|Sixty Secure Corp.)

An essential component of success is communication.

In the field of security, it can often be difficult to achieve buy-in from staff and management on why a certain strategy is required.  We cannot simply dismiss the viewpoint of our staff and/or clients who are the actual stakeholders. Instead, we should learn to see how they view security and safety so we can adjust our messaging and policies to achieve our goals. We need to facilitate and encourage two-way communication in order to receive feedback from stakeholders at all levels who are impacted by policy, rather than simply providing top down direction. Think of how many times you have questioned a security measure at an airport, event centre or office complex. Your stakeholders are likely doing the same.

Through two-way communication, we can open a continuous dialogue, which should result in greater buy-in and co-operation.

Of course, with this strategy, the security manager needs to adopt a good level of humility in order to accept identified shortfalls and be willing to adapt when and where necessary.

Patricia Patton
Director of Security and Operations, University of Regina, 2016

The most important lesson I have learned over my career is that communication is at the heart of every issue. Things that go well or not so well have all come down to how positive or negative the communication was. Email and texting, in my opinion, have changed how we talk to each other. It is very important to remember there are a lot of pieces of our communication with others that get lost in email/texting. Picking up the phone or talking face-to-face adds elements to a conversation that we should not forget.

Another very key element to communication is our willingness and ability to listen. Listening with the intent to understand is a skill I constantly remind myself to work on. Often we can catch ourselves listening while formulating our response, when in fact we need to listen with an open mind.

The work that many of us do is about the people we work with more than the technical skill we possess. How we get along with and communicate with people will dictate our success, in my opinion. It is through those relationships and communicating needs and challenges that we can work with others to help accomplish our collective goals.

Don MacAlister
Executive Director, Lower Mainland Integrated Protection Services, Fraser Health Authority, 2010 (Now: Chief Operating Officer, Paladin Security)

From a security-related career path that began before Canadian Security magazine was born, I have a thousand stories, have learned countless lessons and have truly experienced the thrill of success and the pain of loss along the way. I would not trade it for the world.

Asked to name the most important lesson learned, I find myself not thinking about some aspect of security from my experiences in corrections, campus security or health-care security, or even from my current role at Paladin Security. What I would say is that, at every stage of my career, I learned the importance of being genuine, of being myself, of respecting and listening to others and of staying humble.

My parents taught me that. As poor, working class immigrants from Scotland who left behind the family and friends and life that they knew and took a chance that they could build a better life for their children, they taught my brother and I that everyone matters and we should never stop learning to be better people.

This approach to people, taking the time to listen to them, to learn what’s important to them and to genuinely care about them has been a key to any success I may have had in the security industry. Combine that with a work ethic, a thirst for knowledge and a passionate approach to your work — that people not only see but feel — and you cannot go wrong.

I’ve been privileged to have been mentored by some tremendous leaders and I think even more privileged to have played a role in mentoring some wonderful current leaders in this industry. I still do so working with a people-centric company at Paladin. For me this is where the real joy, the real satisfaction comes.

Make time for others in this industry. Even if you can’t imagine finding an extra hour in a week, find it. Spend time with your staff, colleagues and clients. Don’t just attend networking events, immerse yourself in them. Be a contributor, be a leader, really get to know people, and don’t be superficial.

At the end of the day, of course, technical skills and knowledge are important, but I’d trade them all in a blink of an eye for character and leadership abilities that can positively impact others.

Sean Sportun
Manager of Security and Loss Prevention, Mac’s Convenience Stores, 2013 (Now: Manager, security and loss prevention, Circle K Stores)

The security industry is a dynamic and diverse career with endless opportunities to achieve a high level of personal and professional success. What I have found and now believe to be 100 per cent true is: Everyone will tell you how things worked out for them, good or bad. Remember, it worked for them that way — not for you.

At times, people will try to place their fears on you by saying “That won’t work” or “You can’t do that.” As an individual, you have to say to yourself, “It didn’t work for you” or “No, you couldn’t do that.” Believe in your abilities and have the confidence to try new things in achieving your goals; don’t let the fears of others influence what you do.

In order for the security industry to grow, it is important to remember how you started out and remember those who helped you advance in your career. This will be a constant reminder that you have a responsibility to develop a new generation to be a better version of yourself for the future success of our industry.

Always remain a student of the game and know that you can make a difference. Don’t be scared to reinvent the wheel when the wheel needs to be reinvented!

Gene McLean
Vice-president and Chief Security Officer, Telus Communications, 2006 (Now: Managing director, Cytelligence)

On this 13th year of The Security Director of the Year award I find myself in the unique position of being the first such recipient of this highly recognized award.

At the time I was recommended for the award I was vice-president and chief security officer, Telus Communications. Truly it was a pleasant surprise to be nominated and ultimately named winner — to be recognized by security professionals and peers alike in the security world.

Security is more than guns and guards. I was an early adopter of metrics in the information security sphere and believed that the logical and physical aspects of security could and should be integrated into a single role of responsibility within an organization. Only by integration of the various roles of security can the corporate executive(s) be assured there is an actual handle on risk to the enterprise.

As I related at the time to my then president and CEO, “You have one neck to choke.” It should be noted that I brought this integration model into deployment more than a decade ago and not many have followed suit since. In fact, you can look about in various public/private organizations and few have arrived at the integrated state.

I believe the most important lesson I have learned in my security career would be to:

• Disrupt the status quo;
• Think long term;
• Get out of that comfortable zone; and
• Add real value to the organization you are fortunate enough to be with.

I share my general professional philosophy with people I mentor directly or indirectly and to always ensure that risks are quantified and evaluated accordingly.

I also wish to congratulate Canadian Security magazine and offer a heartfelt appreciation for their continued pursuit of excellence in security coverage.

Dave Tyson
CSO, City of Vancouver, 2007 (Now: CEO, CISO Insights)

Understanding that I was responsible for my own career, from start to finish, that I owned it, its successes or limitations, has been crucial in my development as a security professional and a leader.

In my career, I have invested in my own success, whether that was paying my own way to ASIS or other conferences for development opportunities or volunteering for training to get ahead.

In 1991, as a security officer at Robson Square in Vancouver, I volunteered to double shift for free to get training for a role I wanted to be promoted into.

The next time a spot opened, I was promoted because the company did not have to pay to train someone; that led to a site supervisor role and then an operations manager role within the year.

Later in my career, I paid to attend my first ASIS International conference. It was a lot of money, but it set learning, volunteering, mentorship and professional relationship opportunities in motion that gave me the career I have today.

Ask for employer support, for sure, but do not wait for an employer or supervisor to recognize your talent or commitment. Drive your career, make a plan, stretch yourself, seek out learning and growth opportunities, and invest in your professional career.

Don’t be afraid to dream a little. I grew from security officer through the ranks to learn cybersecurity and became a chief information security officer.

I never thought something like that would have been possible when I started, but courage, tenacity and authenticity can help you get there. It did for me.

Tom Rousseau
Vice-president, enterprise corporate security & loss prevention, Canadian Tire, 2014

I am hard pressed to come up with the “most important” lesson, as I feel that within our own ecosystem we constantly deal with new risks and are constantly learning new important lessons from those new risks. As most of you know, we are now living in a world where things are becoming more intricate and are moving at a much faster speed. Although technology is helping us to keep up, it is also helping the criminal minds and allowing them to move faster and hide in better places. It seems that not only are we dealing with better scams, we are also seeing more of them.

Complacency is one of our worst enemies and I think if I was asked to pick my most important lesson it would be to never become complacent. Always be open to new ideas and new ways of doing things and always update yourself on trending or new technology. I guess it sounds like I am stating the obvious here but you would be surprised how many folks fall into this trap and learn the hard way. I would also add that sharing information amongst colleagues/police agencies, etc. is one of the most valuable tools we have as security professionals and is one of the best ways to help all of us stay ahead of the game. The old days of not wanting to share data or information because of fears of divulging “company secrets” are long gone. I strongly believe that there are multiple ways to achieve this without hurting the integrity of your company’s brands.

This article originally appeared in the July/August 2018 issue of Canadian Security.