Security Executive Blog: enterprise

Showing posts with label enterprise. Show all posts

Wednesday, November 14, 2012

2 Obstacles Every Facility Security Officer Must Overcome

Security policy is just as good as the paper that it is written on. However, those professionals who want to incorporate sound policy with demonstrated good procedures understand that a written document is just part of the solution. Success rests on the entire enterprise accepting and incorporating the policy as a normal part of doing business. The road to that success can be quite bumpy, but I’ll lead the way.

There two kinds of challenges facing security professionals; self-Inflicted and the second, institutional.

1. Self-Inflicted challenges are the ones that we place in our own way. They are perceptions about our capabilities (or lack there) that professionals form about us. The perceptions manifest two different ways; lack of vision and lack of initiative.

a. Lack of Vision - The Dr. No Syndrome- “No, you can’t do this or have that.” “The NISPOM says blah blah blah!!!” “The answer is NO, now frame your questions accordingly.”

In my early days as a facility security officer (FSO), I once told a program manager that we couldn’t do what he wanted. However, later research indicated that his solution was definitely a possibility. Unfortunately, he did the research himself and pointed out my error. I was lucky that he approached me professionally and I was able to maintain a good reputation and not that of a “Dr. No”. As part of an enterprise team, we should help with solutions that help the organization perform while complying with National Industrial Security Program Operating Manual (NISPOM), national, or corporate regulations and policies.

b. Lack of initiative – “If people thought security could do better they would come talk to me.” I remember as an export compliance officer an incident where one of our business developers proceeded to form a business plan with International Traffic in Arms Regulations (ITAR) controlled implications. A colleague of mine expressed remorse that he had not been contacted. “They know I’m here,” he said. “It’s their responsibility to find me and start the licensing process.”

Though he was technically correct, where’s the motivation and initiative? I learned from that initiative and made it my business to attend every program and business development and contract meeting I could find. Taking such initiative allows the security manager to anticipate program needs ahead of time. In this capacity you can implement and direct policy as issues arise and not after the issue gets ugly.

2. Institutional Perceptions

a. Lack of understanding - “You’ll interrupt cost, schedule and performance.”

The statement above is a well expressed perception that security provides no value added. Many times, it’s a direct result of self imposed obstacles. Recall the earlier example where I began attending all program, engineering and business development meetings. As a brand new FSO, I invited myself to one of my first security meetings. I was able to demonstrate the impact of security requirements to the enterprise should we win an engineering contract. The value added was the identification of storage and classified work requirements and what it would take to meet those requirements.

After the meeting, I headed back to my office. The phone rang.

“Hello”, I answered.

“Who did you charge the meeting to?” replied the no nonsense contracts manager.

“Huh?” I replied, obviously not understanding.

“What line item, did you charge to? I can’t afford to pay everyone’s way to any meetings they want to attend.

“Oh, now I’m following. Don’t worry, I’m free; indirect charge. I hope you liked the direction the meeting went.”

The phone was silent for a moment.

“Sure, you’re welcome to attend anytime,” she relented before hanging up.

Demonstrate that security is a value added when applied early and effectively. Proper procedure can help programs to reduce costs, improve schedule and enhance performance.

b. Limited expectations - “Just take care of the clearances.”

I remember sitting in an FSO’s office while she lamented her lack of effectiveness. She explained that she was not involved in her company in any other way than taking care of security clearances and annual security refresher training. She wanted to offer so much more and she did have many years of valuable experience.

Expand expectations by demonstrating incredible value. Contribute to contracts discussions, help the HR department protect personal identifiable information, consult business development on possible impacts of the classified contracts they are pursuing. Think of ways beyond the NISPOM or other requirements and assist the enterprise.

In most cases security is an indirect charge, capable of contributing to the entire organization without impacting individual program costs. However, FSOs and security specialists have to overcome self imposed and institutional perceptions. It takes work and initiative to do so, but the entire enterprise benefits.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing. Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook". See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Monday, September 3, 2012

4 Outstanding and Beyond NISPOM Ways to Add Value to the Cleared Defense Contractor Enterprise

One way to be a world class Facility Security Officer at a cleared defense contractor facility is to provide value to the enterprise. The National Industrial Security Program Operating Manual (NISPOM) describes the FSO as responsible for developing and implementing a security program to protect classified information. But is that all FSOs are supposed to do? How about providing more value to the enterprise by assisting other business units based on skills FSOs develop and demonstrate beyond NISPOM.

FSOs are highly trained through FSO and NISPOM training. FSOs can better their bonefides with the Industrial Security Professional (ISP) Certification

For example, in fortune 500 companies, the Chief Security Officer or other similar title is responsible for IT security, physical security, loss prevention and etc. So, are these roles covered adequately in your enterprise? It’s not so clear cut at defense contractor facilities. There is so much more that can be done and the enterprise will be grateful for the assistance.

So, how do FSOs get to the point where the enterprise respects critical skills and desire their service, advice and assistance?

First of all, FSO responsibilities should be part of enterprise DNA. In other words, the FSO is part of the winning team that is the enterprise and not just another stove piped department. For example, what skills do FSOs possess that can assist HR in protecting personal identifiable information? How can FSOs advise business development in getting foreign business or partnering with uncleared defense contractors?

To function effectively in the corporate culture the FSO should implement policies that are championed or accepted by other departments. Human resources may include in their policy the progressing levels of discipline that NISPOM requires. Safety may put into policy the care and maintenance of egress and entry doors that are also used to protect classified information. Likewise, security policy could include areas that impact other business units.

NISPOM and security clearances? They’ve got it. Cleared employees know how to protect classified information. What about the other stuff?

Other areas that concern the enterprise are the protection of unclassified efforts. High value items, trade secrets, proprietary information, and research and development efforts. Where the FSO understands NISPOM, ITAR and other regulations, there is little guidance on protecting raw data and other proprietary information.

Here are three ways FSOs can provide more value outside of NISPOM:

Help HR develop program to protect PII and be compliant with the Health Insurance Portability and Accountability Act of 1996 -HIPAA
Put controls in place to enforce need to know of company trade secrets, intellectual property and proprietary information
Develop a public release process to prevent accidental spillage of technical information
Assist business development with protecting company information while presenting capabilities briefings.

FSOs are highly trained through FSO certification and NISPOM training to protect classified information. However as such, they should use transferable skills and initiative and look for ways to contribute to the enterprise that go outside of NISPOM. Doing so adds value and protects the enterprise.

For more information on adding value to your organization, read DoD Security Clearance and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Subscribe to: Posts (Atom)

Sponsor us.

We offer advertising space on our Podcast, newsletter, website and blog, for $700.00 per year. Our products are targeted directly to your market; only those who are providing defense industry security subscribe to our newsletter.

Effective advertising positions your company for success. You’ll get:

Advertisement on our sites marketing exclusively to defense contractors

Announcement in Podcast http://dodsecure.buzzsprout.com and on podcast page. Podcasts are available on Apple, Amazon, Buzzsprout and more.

Linked banner @ http://www.dodsecurity.blogspot.com/

Linked banner in sponsor section of home page https://www.redbikepublishing.com/sponsors/

Linked banner in monthly email newsletter dedicated to training cleared contractors on protecting classified information.

Consider allowing us to provide a 1000 word article about your product to feature on our blog and newsletter for $500.00

If you would like more information, please contact us editor@redbikepublishing.com

Here is a wrap up of what we were able to do in 2020

We've outsourced a few tasks to provide better customer service. To provide better content for our security professional customers, we've funded the following efforts just for our newsletter and Podcast considerations:

• Upgraded email functionality for better newsletter distribution

• Upgraded website content

• Purchased high quality microphones and mixers for podcasts

• Purchased high quality cameras for YouTube videos and course content

• Upgraded to video conference capability with paid subscriptions

• Purchased software packages for better formatting

• Attended Podcast 2020 and brought back some tremendous lessons learned

• and much more.

We’ve completed the following milestones this year:

• 25% more newsletter subscribers with your services listed.

• Provided referrals to sponsors

• Released 36 articles in more than 24 newsletter editions

• Over 40 blog posts with thousands of visitors with your services listed

• Interviewed multiple people to provide over 20 podcast episodes. We've reached over 2000 downloads, which is huge considering our small niche. I hope you've had a chance to listen to Ray DICE Man Semko. Getting him on podcast was a huge success.

You will also be able to provide any articles, white papers or messages personalized to our audience. We could also include you or other employees in some strategic podcasts as well. Always looking for great guests.

Pages

Wednesday, November 14, 2012

2 Obstacles Every Facility Security Officer Must Overcome

Monday, September 3, 2012

4 Outstanding and Beyond NISPOM Ways to Add Value to the Cleared Defense Contractor Enterprise