Skip to content

Introduction to Enterprise Security Risk Management

location_on Chicago, IL
$250 Member Price
$400 Nonmember Price

Earn up to 7 CPES

This one-day program introduces you to the basics of ESRM and how to integrate security as a true business partner to their enterprise executives. You’ll acquire an overview of the new ASIS Enterprise Security Risk Management Guideline and learn how ESRM can be applied in any type of organization. You'll hear from an interactive panel of ESRM "evangelists" about their successes and failures along the ESRM path, gain tangible knowledge and examples for successfully communicating ESRM to your executives, and then practice what you've learned in a collaborative ESRM Cycle exercise. Join us for a collaborative and engaging session designed to advance you and your organization along the ESRM path.  

Learning Outcomes:

  • Using globally established and accepted risk management practices, understand how to align your organization’s security practices to your company’s overall strategy.
  • Understand the context and foundation of ESRM and the ESRM Cycle
  • Understand the newly published ESRM guideline.
  • Hear case studies that will give you the knowledge to put your own implementation plan in place, managed through the business goals of your organization.
  • Through participation in interactive sessions, gain confidence to return to your organization prepared to implement ESRM strategy.


  • 8:30am – 10:15am Guideline Review
    • ESRM in Context
    • The ESRM Cycle
    • Foundation of ESRM
    • Putting the Guideline to Work
  • 10:15 am – 10:30 am Break
  • 10:30 am – 12:00 pm Panel
  • 12:00 pm – 1:00 pm Networking Lunch (all pre-con classes eating together)
  • 1:00 pm – 1:15 pm Recap
  • 1:15 pm – 2:30 pm Executive Presentations
  • 2:30 pm – 2:45 pm Break
  • 2:45 pm – 4:00 pm ESRM Cycle Exercise
  • 4:00 pm – 5:00 pm Questions & Closing

Location and Housing

McCormick Place
2301 South Prairie Avenue
Chicago, IL 60616


The review class will be held immediately prior to GSX. Make your housing arrangements through MCI, the official housing provider for GSX 2019.

Hotel Information



David Feeney, CPP, PMP

David Feeney has 18 years of security industry experience, assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 10 years of experience with service providers and eight years of experience as a practitioner within the enterprise. Specific areas of focus include GSOC design and operations, enterprise security risk management, physical security technology, and data protection and privacy. Feeney is currently the chair of the ASIS Physical Security Council and the ASIS Enterprise Security Risk Management Guideline Committee, and is a participating member of ISACA, ISSA, the PMI, and InfraGard. Feeney holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.

Amy Poole

Amy Poole has 5 years of experience in managing corporate security programs and projects. With a background in audit and compliance prior to her security career, Amy brings a history of risk-based work to her security approach, tailoring enterprise security programs to an ESRM model. Amy is the co-chair of the Communications Committee within the ASIS Women in Security Council and a member of the ASIS Leadership and Management Practices Council. She is the board secretary for the Global Security Risk Management Alliance, and a certified Project Management Professional (PMP) through the Project Management Institute (PMI).

Timothy Wenzel, CPP

Tim Wenzel leads the Global Security Special Projects program at Facebook. In this role, he focuses on managing the privacy risk to Facebook’s Intellectual Property globally. Over the years, he has become a builder of boutique security programs which creatively manage risk while demonstrating business value. Some of his latest projects include building global security risk management programs, post-Benghazi training design for the Diplomatic Security Service, and protective strategist for domestic violence education and intervention. By properly identifying the true sources of risk and vulnerability, Tim and his teams provide clarity to the business and vision to security strategy.

Guest Panelists

Tim McCreight, CISSP, CPP, CISA

Tim is the Manager, Corporate Security - Cyber for the City of Calgary. He brings over 35 years of experience in the security industry and is recognized as one of North America’s leading Enterprise Security Risk Management (ESRM) evangelists. Throughout his career Tim has held executive positions at several organizations, notably as the Chief Information Security Officer (CISO) for the Government of Alberta, and as the Director, Enterprise Information Security for Suncor Energy Services Inc. Recently Tim was the owner of Risk Rebels, a global security consulting practice, and a Principal Consultant at Online Business Systems.

Rachelle Loyear

Now the VP of Integrated Security Solutions at G4S Americas, Rachelle Loyear has spent over a decade managing programs in corporate security organizations. Focusing strongly on security risk management, she has been responsible for ensuring enterprise resilience in the face of many different types of risks, both physical and cyber. In 2016 she co-authored The Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security, in 2017, she released the book The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity, and is a co-author of the 2018 book, Enterprise Security Risk Management: Concepts and Applications.

John Petruzzi, CPP

John Petruzzi, Jr. CBCP, CISM, CPP, currently holds the position Executive Vice President of the Northeast Region of G4S Secure Solutions NA, and Head of Integrated Security Solutions for G4S Americas. John has extensive security industry experience with in-depth expertise in implementing risk-based security programs, deploying technology enhancements, and managing organizational resiliency programs within Fortune 500 companies. John’s career in senior corporate security leadership spans the financial services, energy, commercial real estate, and telecommunications sectors.

William Phillips

Bill Phillips, P. E., is Managing Consultant and CEO of New Source Security, a multi-risk consulting group with emphasis on business strategies and processes for security, liability, and safety including workplace violence prevention.  He has a broad professional background in corporate security as both a safety officer and an independent consultant. Bill has been active with the ESRM initiative helping to develop the initial draft, serving on the current technical and review committees, and as part of the ESRM program management team. He has consulted with and served on the advisory councils for several security industry companies.




If confirmation of registration and payment has not been received three days prior to the event, please email

Certificates of Attendance

ASIS reserves the right to withhold certificates, if attendance requirements are not met.

Last-Minute Registrations

While we welcome all registrations, including those on-site, the availability of handout materials cannot be guaranteed.


Business casual is recommended.

Continuing Professional Education (CPE)

Each 50-minutes of instruction is worth one CPE. 

Alternate Registration Methods

If you prefer, you can register by phone +1.703.519.6200, fax+1.703.519.6299, or mail.

Cancellation and Transfer Policy

For a full refund or transfer credit, written requests must be received at least 10 days before the start date of the program. Those received less than 10 days prior will be charged a $100 cancellation/transfer fee.

Transfers will be limited to a maximum of two per original registration. No refunds or transfers are made for requests received on or after the start date. Contact us at +1.703.519.6200 or fax your request to ASIS Member Services at +1.703.519.6298.

Tours of Third-Party Sites

When a program includes a visit to or a tour of a third-party site, the host organization may require the use of non-disclosure agreements. Subject to the requirements of the host organization, the agreements offered to nationals and non-nationals of the host country may differ.

Team Discount

Receive a 10% discount when three to five attendees register from the same organization, 15% for six or more. Email for details.​