A Strategic View

​

TIMOTHY L. WILLIAMS, CPP, director of global security for Caterpillar, Inc., sees “greater velocity in change coming about in the next ten years than at any other time in human history.”

As the Society’s 2008 president, Williams will have a role in helping ASIS International steer a steady course through the many changes ahead. But that’s business as usual for Williams, who is an old hand at helping to guide a global company safely into the future.

The ASIS board has already been attentive to the need of future planning. With the help of the Wharton School of the University of Pennsylvania, it recently completed a study of “where we are, where we’re heading, and how we’re organized against future possibilities, and how we need to align with the various scenarios that might develop,” Williams notes, adding: “We’ll need to stay as true to the outcome of the report as we can and to align our strategy astutely to keep the Society as healthy and viable as it is today.”

The report of those findings will be released later this month at the Annual Meeting of the Membership at the Volunteer Leadership Conference in Arlington, Virginia.

Williams is not new to leadership at ASIS. He held a place on the ASIS board in the 1990s. He was reelected five years ago, and progressed from the Society’s secretary to its treasurer to its president-elect.

While serving over the past few years, he says, “I came to realize—and the board as a whole did—that one of the things it must do is to move from being a ceremonial board to becoming a business-related board. ASIS is now a business—a $30-plus million business.”

Everyone serving on the board has to remember as well that while members cycle in and out of volunteer leadership positions, the decisions they make will have ramifications long past their terms, says Williams.

Calling the Society “an organization with an extremely broad impact on the security industry,” he says that there are multiple constituencies that ASIS is dealing with, which makes it far more complex than a similar-sized corporation. “We have to make sure that we honor the process, as we would in any company, and that the board doesn’t get involved operationally but focuses on governance and on strategy.”

Path to Protection

Williams was born in central Ohio and then moved with his family to Elyria, southwest of Cleveland, in northern Ohio. “My father worked for Western Union and then for U.S. Steel,” he says. “It was a pretty typical Midwest experience, my growing up.”

When asked what propelled him toward a career in security, Williams explains, “I became, at a young age, involved in the martial arts. This imbued me with a whole consciousness about protecting people, being aware of risks, and developing a more disciplined approach to life.”

Williams was more than just good at martial arts. He taught various forms of self-defense to put himself through the undergraduate program at the University of Cincinnati. He also won a number of national championships and was a member of the U.S. team sent to the first world Tae Kwon Do championships in 1973 in Seoul, South Korea. This six-week trip, undertaken at age 22, “Opened my eyes to international travel,” he says.

After Williams completed his bachelor’s degree in criminal justice, he became a police officer in the Cincinnati area. “I started taking training on crimes against women,” he recalls. “I also got involved in the development of the first domestic violence law in Ohio.”

In addition, Williams developed a proclivity for financial-crime investigations and for crime prevention. He attended the National Crime Prevention Institute in Louisville, Kentucky, a four-to-six-week program that dealt with the behavior of people who commit crimes and how to prevent them from doing so.

“I found that to be not only fascinating but hugely ahead of its time,” says Williams. “It was a turning point for me in terms of prevention over reaction, and it taught me that there was a science—a budding science at the time—that could be very, very beneficial across the wide spectrum of criminal justice issues, but also from a corporate security point of view.”

Driven to expand his understanding of business, Williams began coursework toward an M.B.A. “I really wanted to finish it and then maybe go to law school,” he says. However, in 1979, I heard about this job in this new function called ‘corporate security’ at Procter & Gamble (P&G),” he says.

P&G. Williams was interviewed at P&G by the man who would become his mentor—James D. Jessee, CPP, a security professional who served as president of ASIS in 1984. “Jim apparently saw something in me—some talent he thought could be developed. He really took me under his wing, brought me into P&G, and gave me great opportunities with a company that is foremost in process management and just exceptionally well-managed,” he remembers.

As P&G’s security coordinator, Williams was involved in crisis management, as well as investigations into product tampering, gray markets, fraud, conflict of interest, and what has to be one of the strangest cases of industrial sabotage—a widely circulated rumor, possibly begun by a competitor, that the president of P&G was a devil worshipper and part of the company’s profits were donated to the Church of Satan. Williams’ job also took him to P&G sites around the world in countries such as the Philippines, China, and Germany, thus indulging his love of travel.

“The only downside of working for Jim Jessee was that he was a former English teacher and carried a red pen,” Williams jokes. But even that “was a good thing for me, as I got into writing about issues in the field pretty extensively, and having someone who helped me out with my writing skills at that stage was very fortunate,” he says.

Boise Cascade. Williams stayed with P&G for five years, leaving in 1984 to become director of security services for forest products giant Boise Cascade. The position had been created to “more or less start the security function at the company, and I thought that it was just too compelling to not go there.”

“There” was Boise, Idaho—a world away, it seemed, from bustling Cincinnati. “It really was God’s country,” says Williams. “A beautiful area to live and a wonderful opportunity with a Fortune 100 company that was growing internationally.”

At Boise Cascade, Williams worked for the chief strategy officer. “I learned a lot about the application of strategy to the business…. If you don’t have a strategy, it’s just activity, you are not able to gauge your progress over time, and people shouldn’t confuse activity with progress,” he states.

With more than 40,000 employees and facilities in countries around the world, Williams visited sites as diverse as forest logging camps, huge paper plants, office product warehouses, and retail venues. Just one of the many issues that his department focused on was sabotage by extreme environmentalists who, to stop the cutting of timber, were using techniques such as tree spiking, which results in broken equipment and possible harm to workers.

Another issue that Williams personally tackled was fraud. “I noticed that there were a number of incidents where the internal auditors didn’t understand the phenomenon of fraud. I began doing research to find training for these auditors.”

His efforts led him to one of the leading academics in white-collar crime, Steve Albrecht of Brigham Young University. Williams and Albrecht struck up a friendship and working partnership, developing a training program and writing a number of articles on the psychology of fraud, and they eventually wrote a book (along with a third coauthor, Gerald W. Wernz) titled Fraud: Bringing Light to the Dark Side of Business, published in 1994.

Nortel. After four years with Boise Cascade, he states, “I felt that the program we had put in place was maturing nicely. About that time, another company called Nortel Networks came knocking at my door.” Accepting Nortel’s offer, Williams and his wife, Teresa Kitson, whom he had married in 1981, left bucolic Idaho for the Canadian city of Toronto.

At that time, 1987, the company for which he was becoming vice president of corporate and systems security was on an upward arc, eventually becoming a behemoth with about 100,000 employees. It produced central office switches, optical transmission devices, wireless mobile stations, and a range of other products, with large operations in Europe and Asia, as well as penetration into Latin America.

“Part of the agreement with Nortel was for me to go to the University of Toronto to finish my M.B.A., so I was starting off at a new job and going to a very prestigious school,” says Williams.

At Nortel, he says, “[I found a] more or less decentralized business-related security program that needed to be moved to one that was integrated and global. Once again, I took time to learn the company, learn the business, and develop a strategy that put forth the types of skill sets required, the types of people who would need to be engaged, and what milestones would occur over a three-to-five-year horizon.”

In addition, Williams notes, “I was fortunate to have chosen some very good people to work for me who are leaders in the field. I still have a strong friendship with those at Nortel because they did such a superb job and are some of the finest security professionals I have met.”

In 1990, after several years with the company, the CEO tasked Williams with starting an ethics function for Nortel. After that three-year assignment he returned to his previous position, where “we started looking into the integration of IT security and standard, or typical, corporate security. That was an epiphany—bringing those functions together, and it started us off toward the concept of convergence,” he recalls.

When asked if Nortel was the frontrunner of convergence, Williams replies, “I would say Nortel was on the forefront of this concept of convergence with one or two other corporations, but at Nortel it was driven by the Chief Information Officer Nick DeRoma—now retired—and General Counsel Albert Hitchcock—now the chief information officer for Vodafone—who firmly believed in the concept of working together and bringing together these disparate security functions in an effort to mitigate the broad security risks facing Nortel.”

Williams elaborates, saying: “They felt that without having that converged working relationship not only would the company be spending its money in an illfocused manner, but certainly it would miss some of the interdependent risks that exist between functions and businesses that wouldn’t otherwise have been identified.”

But all was not well at Nortel. In the late 1990s, stock market speculators began pushing up the price of the company’s shares. When the dot-com bubble burst, Nortel suffered, eventually shrinking to a mere 30,000 employees.

“It was a very difficult time to manage through. There was a lot of personal pain, layoffs, and cutbacks that were tough. A number of product lines were shut down,” Williams says. He notes that many of those corporations are still struggling.

Caterpillar. Through all the turmoil, Williams remained with Nortel until he was recruited by yet another large business—Caterpillar, Inc.—to globalize its security organization.

The change brought Williams and his wife, as well as his half-dozen dogs, whom he refers to as his “children,” back to where he began—the Midwest. Now living in Peoria, Illinois, about three hours’ drive southwest of Chicago, where the company is headquartered, Williams has spent the last year putting together a “security strategy with a two-year horizon and identifying the resources needed and the changes that the security function needs to undergo,” he states.

Caterpillar has about 100,000 employees located in North America, Asia, China, and Europe. The company is about more than moving earth—its product line includes solar turbines and engines for container ships, as well as the building machinery for which is it is renowned. “I think the future here is bright. We’re building out the global security program and also rebuilding the basics around travel, personnel security, crisis management, and other aspects,” Williams says.

Smart Society

Williams joined ASIS in 1978, having heard about the opportunities it offered for networking. However, because of the amount of international travel he undertook, he says, “I was never able to regularly attend chapter meetings in places where I lived. So, I got involved on the council side, instead.”

Williams, with his interest in fraud training and prevention, joined the Society’s Council on Economic Crime (then known as the White-collar Crime Committee) in the late 1970s. “It was very dynamic, with good people like Mark Geraci, Regis Becker, Mary Rawle, Don Walker, and Timothy Walsh [all Certified Protection Professionals ® (CPPs) and past ASIS presidents], who became good friends throughout my professional career and who encouraged me to get into more senior leadership positions within ASIS,” he says.

During Williams’ first stint on the board, big issues were addressed, including finding a new executive director, the purchase of land for, and the building of, the ASIS headquarters building in Alexandria, Virginia, and the debate over whether to allow suppliers and vendors full membership. At that time, Williams served in executive leadership positions, but he did not go on to serve as the Society’s president because of the troubles at Nortel.

“The company couldn’t sponsor me any longer,” he explains. “I was disappointed that I could not follow [John F. Mallon, CPP, as president] but he was very encouraging and supportive.”

Today, back on the board and at last assuming the mantle of the presidency, Williams says convergence will be one issue on his agenda. He praises the continuing work of board compatriot Raymond T. O’Hara, CPP, as chair of the Alliance for Enterprise Security Risk Management, which is a partnership between ASIS and the Information Systems Audit and Control Association.

Another agenda item is planning for the future. Williams provides a preview of the Wharton future planning report, mentioned earlier. “It finds ASIS well-positioned for the future but notes that we have to create communities of interest, as well as recognize that people are going to be gaining their information from the Internet, downloads to iPods, and the rest. ASIS needs to move into that arena to transfer information and knowledge,” he explains, adding that the Society is already responding with virtual educational programs, Web sites, and more.

Improving the prominence of ASIS around the world is another goal. “The board is determined to keep extending the ASIS global footprint to take advantage of the huge Asian and Latin American markets that are still growing. Business is expanding in that direction, and so it follows that we need to be heading in that direction from an association standpoint as well,” Williams says. He adds that the Society must do as good a job in positioning itself in Asia and Latin America as it has in establishing a presence in Europe.

Williams talks about the role of ASIS with regard to standards. “I’m a strong advocate of producing them. They will lead to better understanding of security risks, as well as spell out the risks in the context of the people and the economy of a business,” he says.

Williams especially points to the need to address enterprise risk. “If we miss this opportunity, others will take advantage of it for us,” he says, adding, “We’re at a fork in the road, we need to take the path that leads to setting standards that help increase the business acuity of the membership so that they can better express the security risks in a context understood in a corporate world. We have to be the leaders in that regard.”

Finally, Williams highlights another important need: much better-defined protocols for the ethical investigation of issues in the corporate world, including the use of advanced technologies in the area of surveillance and other techniques that impact employee privacy, an issue Williams has addressed in published writings and presentations.

“The security industry must also be a leader in developing best practices regarding the appropriate use of these technologies and techniques in today’s workplace. We must work closely with our peers in human resources, corporate legal departments, and line management to ensure [that] we are always operating within the values and in strict conformance with their codes of conduct with the organizations with whom we work,” he says.

Williams believes the majority of problems can be avoided if security professionals regard themselves as business leaders first, with security specialization second. “Therefore security issues are first and foremost regarded as business issues, second as possible violations of law or security-related incidents. At the end of the day, we are here to add value by protecting the people and profitability of the corporations we serve.”

Ann Longmore-Etheridge is an associate editor of Security Management and editor of ASIS Dynamics.