Global Management: How Security Is Changing in Asia
Security management is truly a global profession. Every region of the world has threats that need mitigation; every organization has people and assets that need protection. But the practice of the profession is also influenced by local conditions—culture, business practices, economic conditions, type and severity of threats—that differ from region to region.
With that in mind, this ongoing Global Management series from Security Management highlights security managers from different regions of the world to learn about the challenges they face and the management strategies that help them succeed.
In this installment, we turn to Asia. The world’s largest continent cannot be addressed in one article because Asia’s diverse cultures and risk profiles vary widely from nation to nation. In this issue, we focus on Shanghai, Hong Kong, and Taiwan.
Qing (Alan) Liu is regional security director for East Asia at multinational pharmaceutical, medical device, and consumer product manufacturer Johnson & Johnson. There, he leads the regional-level brand protection function, combating illicit trade across all Johnson & Johnson business segments.
So far, his career has included seven years in law enforcement and six years in brand protection, anticounterfeiting, and supply chain security for multinational companies. He is currently the chairman of the ASIS Shanghai Chapter and co-chairman for BASCAP (Business Action to Stop Counterfeiting and Piracy) China with the International Chamber of Commerce.
What is it about your life experience, your personality, and your background that helps make you an effective security manager?
QL. My law enforcement background gives me a strong sense of integrity, intensive experience to effectively manage multiple tasks and priorities, efficient cross-functional communication skills, and a can-do attitude. My experience in the private sector working at multinational companies enables me to understand better what controls are in place to mitigate previously identified risks and how those controls tie back to the overall strategic plan of the business.
What are a few of the common challenges that a security manager may face working in Asia?
QL. One is diversified culture. When working in an international work environment, you need to stay cautious as some of your remarks could be taken lightly in one culture but offend in another culture.
Another challenge that comes to mind is the different risk profile in Asian countries, so security standards that are well applicable in one country may need to be revised to adapt well in another country.
The last but most challenging one is to understand your company and its business strategies. The commercial environment differs from country to country, and it’s very dynamic. Be a quick learner and identify the completely different risks in start-up markets, emerging markets, and mature markets. We have all of them in Asia.
In terms of threats, what is day-to-day life like for security managers working in Shanghai? What challenges do you face on a regular basis, and which threats are growing?
QL. Basically, my day-to-day life in Shanghai is mostly incident management based. For example, I can have a discussion with internal stakeholders to assess the counterfeiting risk of our prioritized brands and liaise with law enforcement agencies to file a case; perform a physical security risk assessment to our manufacturing sites and inventory warehouse; conduct an audit of our product destruction vendors to avoid any leakage; communicate with corporate travelers in a high-risk area and provide options for their evacuation; or participate in a trade secret or compliance investigation, including site visits and interviews.
Product security, supply chain security, compliance investigations, physical security, guarding services, and risk management are the common challenges on a regular basis. But with flexible importation and exportation, the online risk is growing.
Online, the connection from upstream and downstream is outsourced and anonymous. Protecting brand reputation and business priorities is becoming more difficult.
In your view, is the relationship between manager and employee changing in Shanghai and China more broadly? How does the current workplace culture compare with years past?
QL. The current workplace culture compared with 20 years ago has changed drastically thanks to the influence of corporate culture of multinational corporations. Nowadays in Shanghai, most of the international companies that I know of advocate and adopt “open workplace” practices, so managers and employees are more equal than before.
Given your experience as a business and security industry leader, do you see the role of the security department changing within some Chinese companies?
QL. Yes. More Chinese companies are poised to tap into overseas markets, and also more security managers in international companies are moving to Chinese companies than before. As a result, one can see that the role of the security department in Chinese companies has been changing—mainly in two aspects.
First, the scope of work for Chinese companies’ security departments has evolved from physical security to broader operations, including investigations, travel security, and crisis management. This change reflects the scope of security counterparts in international companies.
Secondly, the function of Chinese companies’ security departments has also changed from a tactical level—working under administration or facility management and focusing mainly on response—to a strategic level, focusing on prevention through working independently with internal and external business partners to build up a corporate security framework.
Paul Haley, CPP, is regional security, safety, and health manager at Human Applications Limited, and he is based in Hong Kong. His career has spanned a variety of policing, regional security, safety, and health risk management functions, and he has worked on sensitive investigations, organized crime and triad money laundering, aviation security, and infectious disease crisis management before the SARS epidemic of 2003.
What is it about your life experience, your personality, and your background that helps make you an effective security manager?
PH. I have always enjoyed sport. Rugby, that cousin of American Football, was my game, but after suffering a C4 fracture during a match against the Royal Malaysian Police, I took up refereeing and made it through the ranks to officiate at the international level.
What I learned through refereeing is also transferable to effective management. Even top players, like colleagues, are drawn from a variety of shapes, sizes, skills, and abilities, and their behaviors, understanding, and application of rules vary. Therefore, each phase of play has its unique characteristics and independent potential for both positive or negative impacts on planned outcomes.
My approach to effective security management and refereeing are the same: having a clear understanding of context, stakeholder and technical issues, the nature of uncertainties affecting outcomes, and an ability to persuade, influence, and nudge people in the right direction to change behaviors and deliver positive outcomes.
You hold a CPP certification—how has this credential affected your security management career?
PH. The CPP qualification has helped me often to be the best choice for many of the roles and projects I have worked on. For example, selection to lead and deliver specialist security advice on more than 400 government and commercial regional projects that cover cross-functional teams and multisite operations, some with big budgets of $20+ million USD. Also, roles requiring analytical skills to identify new, emerging, and interconnected risk profiles, and then come up with mitigation strategies that align with the client’s corporate strategic, operational, and commercial imperatives.
In your view, is recognition of security credentials growing in Asia?
PH. Definitely. The security industry in Asia is leading the way in raising the security credentials bar. Within national and multinational operations, credentials confirm experience in security functions and underpin a manager’s credibility, knowledge, skills, and ability.
For 20 years the CPP qualification underpinned the Hong Kong Police Crime Prevention Bureau’s security advice provided to clients, but oddly it was dropped recently by newly promoted senior officers in favor of “general police knowledge” as sufficient credentials for providing professional and competent security advice in property and critical infrastructure sectors. I believe a U-turn in this binary thinking is inevitable, or else they risk undermining the credibility of the security advice.
What are a few of the common challenges that a security manager may face in Asia?
PH. Common challenges a security manager may face working in Asia will include adapting to cultural diversity and language differences, responding to evolving geopolitical threats, as well as the more familiar challenges of protection of people, assets, and information. Overcoming challenges involves working with local business units to set the context to attain desired outcomes. But this has to be done within a cultural environment that may be very different from what you are familiar with—and is even possibly hostile.
For a better understanding of cultural business etiquette differences and the importance of cultural diversity and inclusiveness, I recommend Kiss, Bow, or Shake Hands by Terri Morrison, Wayne Conaway, and George Borden. For more on geopolitical threats, a new book by David Kilcullen, The Dragons and the Snakes, reads very well.
If I am a security manager for an international firm being transferred to the Hong Kong office, what advice would you give me about how I can avoid making mistakes when it comes to cultural issues that influence employee relations and the workplace?
PH. Hong Kong is a mixture of traditional Cantonese, British, and Western culture, and mixes Confucian and British ethics and values, including fairness, honesty, personal freedom, free speech, and open political discourse. Living under these ideals, the city has developed a unique and proud tradition of laissez-faire business and arguably the freest economy in the world. Understanding the history and present circumstances and becoming familiar with the language, customs, ideals, ethics, diet, and business practices will help a new security manager from an international firm avoid making mistakes.
Social interactions are very important in Hong Kong and key to understanding how people feel. I would strongly advise taking time to dine with colleagues (breakfast, lunch, and dinner are all okay) to engage with the workforce and recognize that in Hong Kong, as much happens outside the office as in it. Hong Kongers love to dine in groups and most dishes are shared rather than eaten à la carte—except breakfast—and it’s fun.
To avoid other faux pas, understanding the status of feng shui, appreciating that juniors are reluctant to question seniors within the company, knowing that no one likes to lose face particularly by being blamed and humiliated for a mistake, and avoiding jingoism are also good places to start.
Moreover, gambling is common in Hong Kong but can lead to excessive debt, resulting in staff vulnerability; whereas the pressure to succeed is intense—which means that Hong Kong is a hotbed of creativity but can be an unhappy place for the less successful.
How are you addressing mass protests, civil unrest, and political instability in your role?
PH. Open source monitoring, collaboration with peer groups, protective intelligence collection, and consulting line managers on their concerns about vulnerability of business units has played a big part in my role.
The output is a variety of communications to keep staff informed about threats and preventative action to take delivered through security bulletins, mobile phone alerts, intranet tips, and guidance. Another big part is support to corporate incident management teams in planning for and formulating appropriate responses to events.
Executive protection security programs have also had to be beefed up to manage senior executive concerns, preferences, lifestyle, privacy, and protection needs.
Collaboration with building management and in-house security teams helps mitigate facility vulnerabilities. Increased access control, CCTV coverage, perimeter security, and additional security guards help step up security.
Feelings are running pretty high and the potential threat of workplace violence between colleagues that hold strong views on either “blue” (pro-government) or “yellow” (those who believe civil liberties are under attack in Hong Kong) meant we needed to come up with risk mitigation strategies.
Given your experience as a business leader, do you see the role of the security department changing with some Hong Kong or Chinese companies?
PH. The National Security Law (NSL), which targets offences vaguely defined as secession, terrorism, subversion, and collusion with foreign forces, has been imposed to stamp out mass protests for greater freedoms.
In its early days, the NSL has alarmed some Hong Kong, Chinese, and international businesses as it potentially threatens investment windows into China and for the Chinese companies listed on the Hong Kong platform for access to international investment and markets.
The potential impact on the role of a security department could be to ensure a transition to greater compliance with the NSL through monitoring of staff social media, coaching, and increased protection of data sovereignty to head off mistakes that breach the NSL and the resulting reputational and commercial damage.
YuChen (Claire) Chiang is regional security manager for Dell Technologies, covering operations in Taiwan and South Korea. She is also responsible for a security training program in the Asia Pacific with Japan. Previously, Chiang worked for the Taiwan Air Force for 11 years as a military liaison, intelligence officer, and military instructor, which sparked her interest in joining the security industry. She is currently studying the Protection of Assets (POA) manuals in anticipation of taking the CPP exam early next year.
What are a few of the common challenges that a security manager may face working in Taiwan?
YC. Taiwan is a relatively low-risk country in terms of its security operating environment. We may not face as many security and risk issues related to violence as some other countries; however, we do have our own challenges to deal with.
Corporate leaders usually regard security as a cost center and are opposed to accept security as a business partner. It is not surprising to see conflicts between business growth and security demands in various industries in Taiwan. For security managers, we need to make considerable efforts to communicate with the leadership team on the necessity of security and risk management to get them to buy in. Meanwhile, we also need to promote security awareness among the employees. After all, security is everyone’s responsibility.
In terms of threats, what is day-to-day life like for security managers working in Taiwan? Can potential political or social instability be considered a possible risk?
YC. Despite the political instability that may cause increased tension on cross-strait relations between Taiwan and China, the society remains stable for business growth. However, we still need to take the possible political, military, and economic conflict with China into consideration. For business continuity, we work with the leadership team and our stakeholders on backup plans.
Natural disasters, such as typhoons and earthquakes, are the major threats in Taiwan. In response to that, we have established a phone tree and crisis management team.
Other than that, a security manager still has the chance to encounter threats in his or her day-to-day operations, including external intruders, theft, information security issues, business espionage, and insider risk. To reduce risk, I am not only taking responsive action but also holding ongoing training for my team and sending security advisories to our employees to promote their security awareness.
If I am a security manager for an international firm being transferred to the Taipei office, what advice would you give me about how I can avoid making mistakes when it comes to cultural issues that influence employee relations and the workplace?
YC. Do your best to comply with the ethical code in your company and understand the do’s and don’ts of local culture in terms of word choice and body language. The same words and behaviors could be interpreted differently amongst different cultures. For example, hugging is regarded as a greeting in some Western cultures; however, in Oriental society, I would suggest you take a more conservative approach when meeting others for
the first time. A gentle handshake will do the job. Although, because of the COVID-19 pandemic, it’s suggested to avoid physical contact as much
If you are uncertain whether a message should be delivered or not, hold back and observe the work environment first. Seeking senior colleagues’ advice is also a good way to deal with cultural differences.
Taiwan has been largely praised for its swift response to COVID-19. How has the pandemic affected your role as a security manager?
YC. In response to COVID-19, Taiwan has put lots of effort toward preventing and tackling the global pandemic. My company is no exception.
To reduce any possible physical contact, employees are encouraged to work from home and keep social distancing to 2 meters (6 feet) while in the office.
These new practices have more or less changed the traditional security role and responsibility: in the past, we were attentive to employees’ access control, asset protection, etc. Now, besides our daily operations, we collaborate with our stakeholders and the company leadership team to better implement the work-from-home policy.
In your view, is the relationship between manager and employee changing in Taiwan? How does workplace culture today compare with years past?
YC. Yes, it’s changing gradually these years. In Eastern culture, the relationship between managers and employees used to be authoritative, especially in local companies. Nowadays, it’s moving in a direction where a more harmonious manager and employee relationship is expected as the government pays more attention to labor’s welfare, benefits, and human rights. This also brings some change to workplace culture; the manager’s role is becoming more supportive and collaborative rather than authoritative.
Do you see the role of the security department changing with some Taiwanese companies?
YC. The overall perception of security’s role is changing among companies. In the past, security held a more authoritative image and was usually regarded as placing constraints on business operations. In recent years, security’s role is changing into a more collaborative function. As information security and trade secret protection become more preeminent to business, business leaders pay more attention to security. Now our role is not just to protect assets and people, but also to take care of information security and leverage how we can help to optimize the business growth.
Claire Meyer is managing editor at Security Management. Want to share insights into security management in your region? Connect with her on LinkedIn or email her at [email protected].