Steve Chupa, CPP, former president of ASIS International and currently director of security for Johnson & Johnson, talks about the demons lurking in security directors' nightmares.
In anticipation of Seminar, Security Management has been interviewing some of the exciting presenters attendees will have the opportunity to hear speak on topics ranging from what stirs security professionals from their sleep to the nitty gritty economic issues facing businesses and organizations as they try to provide security in tough times.
Here's presenter Steve Chupa, CPP, former president of ASIS International and currently director of security for Johnson & Johnson, talking about the demons lurking in security director’s nightmares.
So Steve, what keeps you up at night as a security director?
One of them is terrorism. We refer to it as “the new normal.” From our perspective, when you’re operating in a global environment, terrorism has become, as a result of recent world events, the new normal that we operate within. If you think about what happened at the Marriott Hotel in Karachi, Pakistan, last year and the most recent, yet identical, occurrence at the Pearl Continental, global concerns are operating under this premise of the New Normal. To help us walk through this new thinking at Seminar will be Alan Orlob, VP Corporate Security, Marriott International Lodging. He will speak to us about his experiences in this regard, “How to protect a hotel that has an American name on it?” The big issue here that must be considered is that Western companies that are global in scope for whatever reason, are targets of extremists and, as such, must take every precaution in protecting their facilities and people.
Have threats to Western corporations overseas gone up since 9-11 or is it just more on our radar screen because of what happened on 9-11?
I believe the risk has gone up. I think it will become worse before it gets better. I think extremists look at us as a target because we are a symbol of an economic engine and they feel that if they can interrupt that process in some way, they’re going to bring us down to our knees. If you play this game a little further, take any global industry and the fact that extremist organizations can be well funded. If they were to establish themselves as producers of a particular product and that product caused harm to someone, then people generally would panic and stop using that product. It would affect the company involved financially and possibly for the long term. The group doing this would make money and at the same time have the ability to cause havoc in the affected industry not to mention the possible elimination of a brand.
If you have a single-line corporation and thus only make one product, like chicken processing, you have no other products to sell, you can bring this company down to their knees in a matter of months.
Think of the more mundane. You have an operating plant that has your name sitting on the front lawn in some high-risk country in which terrorism is commonplace. It could be anywhere. A car could go through the front gate laden with explosive material. Who’s going to stop that—a guard standing there? The gate guard is not going to stop that car. That car is going to keep going unless you have bollards or some other substantial barrier to stop that car before it gets close to the building.
So you’re talking about suicide car bombings?
Yes. What happened at the Marriott in Pakistan was a suicide bombing, but it was so large that although the guards and barriers actually stopped it before it got next to the building, the enormity of the explosion still caused extensive damage from a distance. So even with great security you can lessen the impact but still suffer damage. The question is how much of what you do can save lives and keep most of the structure intact.
So terrorism really is the new normal. We have to be prepared for it. We continue our work each day; however, we have to be prepared to for the consequences of operating in some of these environments. Every environment is a little different. For example, in some parts of the world our offices border a public street. Unlike here in the United States where at night everybody goes home and goes to sleep, you actually have bodies sleeping along the wall line next to the building. Then as morning arrives, they get up and leave.
This is an environment that’s really different than what you may be used to. So taking this example, how then does security control someone arriving in the evening strapped with a bomb on his body to blow up people leaving work? Possibly taking steps to protect that part of the building from an explosion is one solution. Still you may have some injuries, but you have acted for the greater good.
Do you ever think about decreasing your visibility when investing in high-risk areas when hailing from a Western country makes you a target?
Not really. We do not arrive in a country any different than we do here in the United States. When we arrive in a country, we put up our sign, we advertise just like everyone else does about the products and services we deliver. The one difference in our company is that we strongly believe that the people who work and live within the frame work of that country should be the people leading and working within the framework of that company. They understand the social and economic implications of operating in their country and are best equipped to do the job.
We have an IDP program, or International Development People. We take the brightest and the best out of their country. We bring them to the United States. We put them through the rigors of our system and then we send them forth to conquer the marketplace in their country. We send them back into their country and we say, “Now that you learned and understand what we’re all about, go out there and do a great job for us.”
How does protecting the upstream and downstream supply chain intersect with terrorism concerns?
It could. You don’t want to become a victim like some companies recently in the news who were not watching what raw materials they were sourcing. On the other hand, you certainly don’t want al Qaeda or a similar organization to become your raw materials supplier and you unknowingly buy from them. Two things can happen to at least prevent this from becoming a problem. First thing, you should have processes in place that perform a strong due diligence on your suppliers.
Know who you are buying this material from and their reputation within the community in which they operate. Second, there should be strong processes in place that test any raw material coming into the plant to ensure that what you’ve bought is in fact what you wanted. This should be accomplished before the entry of this material into your process stream. In that way, you protect the upstream supply into your facility and the downstream supply of finished goods to your customers. Naturally you have the other protective issues around transportation of goods to ensure that they arrive safe and free from any tampering.
Is there any intelligence that a terrorist organization is trying to do this?
I don’t think so; however, vigilance is important when dealing with global sourcing of materials.
These are the things you’re planning ahead for?
That’s correct. We have these conversations on a regular basis with management and say, “Are we careful enough? Are we doing the right things? Are the processes in place to preclude this from happening to us?”
How much does imagination play into the role of being a good security official?
A tremendous amount. You have to think about the unthinkable and then you have to sell that concept to management in a common sense sort of way. We’re dealing with business people and they are driven by a different focus than ours. You have to be rational. You can’t sell too much security. It costs money and people don’t want it. But you can sell enough security in a logical and common sense fashion. That really is the important and critical key to allowing for the protection of your products and people.
We are relegated to sourcing materials from various parts of the world, because, like anything else, we’re in competition with our competition and have to obtain materials at the best possible price. Your competition is doing the same thing. The cheaper that they can get their materials, the more they will be able to compete against us. We’re all in that same global world called competition. In the end, the critical component to this is when you source the material, “Is it tested? Do you trust the source of the product based on your due diligence? Is the company reputable? Have you visited the site? Do they seem open during the visit? I believe in ‘Trust but Verify.’”
How often do private corporations share information on threats to their supply chain?
We do. If we find there are problems on a specific company, we share it with our colleagues. When one company is hurt as a result of this kind of problem, then the fallout usually affects others as well. Organizations like ASIS and others that are involved in our respective industries, help us in this regard with contacts so the news can travel quickly and efficiently. I’ll give you an example. I hold a monthly conference call with other security directors, many of whom are in the food industry. They are as concerned about raw materials as we are. They source from various parts of the world as well.
The last thing we want is for someone to call and say, “My child just ate some of your product, and they’re ill as a result.”
You’re confronted with an ethical and practical decision regarding safety then, right?
Yes in a way the ethical part really plays hard on business. If you’re in the industry that provides ingestible products you are duty bound to deliver a product that performs as advertised and is absolutely safe. When you fail in that regard, your good name suffers dramatically. You have to earn that reputation each and every day. This is what it’s all about. This is what keeps you up, so you better be 100 percent successful every time. And if you’re not, you better handle that problem quickly, with a lot of caring, and efficiently.
How hard has the economic crisis affected your ability to deliver security services?
You have to be smarter in the delivery. You have to articulate your case that much better. Smarter being, “What do we have in place today?” How can we change what we have in place with the resources we have today to make it more effective?”
You start to sharpen your pencil in this kind of environment. You start to look at things with a critical eye and you start to say, “Maybe we don’t need additional resources. That we can take what we have today and reconstitute it and make it work a little bit better.” In tight markets, we go back to the drawing board at each one of our locations and we say, “What can we do to make it better and not spend more money today and save the bigger projects for tomorrow.”
Systems, for example, have life cycles. Say it’s at the point where normally you would have gone in and you’ve gotten bids and you’re ready to move ahead to change this whole system, but it’s a $200,000 project for this particular location. You may hold off and say you know what, it’s functioning. Leave it alone, and we can do this next year or two years from now. Naturally , if it fails between now and then, we have to bite the bullet and we need to change it.
When things do get tight, how often do security departments have to make a decision that creates a vulnerability?
Here’s the bottom line. There’s always money there, even in a tight market. If you really, truly need the money, we’re going to find the money. We’ll pull it from someplace else and put it here. We’re all operating on that premise. But it has to have the justification to make your project more critical today than the other one the money is coming from. And again, when you appear before business people, there always has to be a business impact on what you are proposing. You have to speak the business language and form your presentation in that regard. If you don’t understand how to present a business case or you happen to articulate your case more in a security fashion, you’re going to lose your audience. People sitting in the boardroom aren’t security people generally, and they really do not understand security details and frankly probably do not want to hear them. Be specific, to the point, detail the benefits, the impact to the location, and the cost. Thank them for their time and attention and take your leave.
For full coverage of the ASIS International 55th Annual Seminar and Exhibits, click here .