Building a New Corporate Security Strategy

By Laura Spadanuta

01 May 2010

Print Issue: May 2010

CATERPILLAR, a Peoria, Illinois-based Fortune 500 company that makes mining equipment, engines, and turbines, and generates annual revenues in the neighborhood of $50 billion, needs a security department able to handle the demands of protecting worldwide operations.

Timothy L. Williams, CPP, who served as the 2008 ASIS International president, became the director of global security at Caterpillar in 2006. He and other members of the company’s security strategy team spoke with Security Management about how they have addressed challenges.

A central concern for the team, say members, is keeping security staff focused on strategies and core competencies, making sure staff can handle the needs of multiple cultural environments, and ensuring that they remain nimble in the face of constant change. But first and foremost, Williams had to form the right team.

One of the most important challenges in putting together the strategy team was ensuring that the individuals who were hired represented diverse backgrounds. If the individuals are too similar, says Williams, you “run the risk of recycling the same perspective of issues and solutions.”

Steven Seitz, the security contract manager and a strategy team member, elaborates: “In most security organizations, you’ll find a bias towards a certain discipline. It may be a police discipline, a military discipline, or a fire and safety discipline…. I think that the balance as a team really is the true value.”

The Caterpillar strategy team includes members with medical, military, and law enforcement backgrounds.

Team members must also be individuals who are not afraid to challenge the boss, says Williams. It’s important to “have people tell you what they’re thinking about the direction versus what they think you want to know about your direction,” he explains.

Williams admits it’s difficult to hire for that trait, but says, “what I try to do is reward the people who have the courage of conviction to point out a different way of looking at an issue or a different solution. And that tends to reinforce people’s ability to want to take that opportunity to speak up.”

With the right balance of talents assembled, the strategy team proceeded. Among their objectives was to focus the entire security staff on strategy.

That included 20 people on the global security staff and about another hundred in 500 locations who spend at least 50 percent of their time on security.

“A lot of times, people became so close to the processes and the projects that they were working on, they couldn’t truly understand... the new security approach,” says Timothy N. Strunk, a strategy team member. “They saw, here’s my process, here’s what I’m trying to do. And they couldn’t get out of that box. So, it was very difficult for people to say, how does my project relate to strategy.”

To change that mind-set, Williams’ team developed a communications plan that kept everyone focused on the overarching security goals and aligning those goals globally with the business goals.

The team also sought to shift the company’s security operations from an Illinois-centric mind-set to a more global one. To do this, the company hired security professionals with specific regional, cultural, and language expertise, and acclimated them to the Caterpillar environment, rather than trying to acclimate Caterpillar people to various new cultural environments, explains Karen A. Frank, global security manager, and the third member of the strategy team.

The security strategy team also helped by working with the new hires out in the field, says Frank. The team worked on recruiting security professionals who had good reputations in the part of the world they would be working in, according to Williams. He adds, “When we develop [policies] here in Peoria, through the functional planning team, we pass it over to each regional director who customizes it for their culture and application in their particular part of the world.”

Another major undertaking for the team, according to Frank, was assessment of which security components were core versus unnecessary and value-added elements. The team focused on four core areas: establishing a risk-based security program as opposed to a one-size-fits-all approach; outlining investigative protocols; aiding the company’s new crisis management program; and development of an employee-awareness component.

The new risk-based approach changed the way security is managed at the company. Williams says facility security coordinators in the field have been given back some physical security responsibilities, but they must use risk-based security guidelines developed by the global security team.

The team also engaged in “change management,” so that the team’s effectiveness would not diminish as individual members left over the years. Toward that end, Williams worked closely with HR personnel, who are experts on change management, as well as with the communications department.

Companies like Caterpillar must also ensure that they are in line with the industry, by benchmarking regularly to ensure that best-in-class security procedures are applied where needed. And of course, the team must always be ready to adapt policies and procedures to any changes in threats and risks for the company and its employees.