City Security magazine interview with Michael J. Stack, CEO of ASIS International
Michael J. Stack, Chief Executive Officer (CEO) of ASIS for more than twenty years, discusses the current threats and priorities for business, the impact of the latest international events on security and tells us more about ASIS and his role.
What do you see as the main threats to the security of business today?
Research from the ASIS Foundation on the top five enterprise security risks confirms what we’ve heard from our members. Cybersecurity is one of the most frequently stated concerns. This includes data breaches that can cost a company millions and damage its reputation.
Mobile technologies provide workers with the ability to work anywhere and everywhere, but this convenience comes with an increasing risk – malicious software aimed at mobile technology is on the rise, which again could lead to compromises of confidential and proprietary data.
The globalisation of enterprise functions – for example, outsourcing data management – raises the risk of loss of intellectual property. An international supply chain is exposed to global conflicts or other unexpected or unforeseen situations that can harm a company’s competitiveness or reputation. Natural disasters similarly threaten global supply chains and require strong organisational resilience plans that can help ensure the company’s post-disaster existence.
And crime in its various forms – from fraud and theft to workplace violence – remains a serious security threat.
In your view, what are the main priorities for those developing security strategies?
The safety and security of people is paramount. Ultimately, security professionals are responsible for people, property, and other corporate assets (both tangible and intangible), and, of course, the environments in which the organisation operates. That means that security executives must understand the business as well as any other C-suite executive so that they can identify and prioritise global risks and then work to mitigate these.
Security professionals – particularly those working with multinational organisations – are ever mindful of current international events. They are concerned with the safety of those who are working in dangerous, unstable, or otherwise unsafe environments. International conflicts can affect the ability of travellers, expatriate employees, and local employees to travel or commute safely.
Security professionals are constantly updating their evacuation plans based on breaking news; for example, the Arab Spring unrest made clear the complexity of evacuating multinational staff from a threatened location, and then reinserting those staff members once the conflict was over. Health threats, from hazardous air quality to outbreaks of Ebola, pose another challenge to security professionals.
How do you believe the security function within a business organisation should be evolving to meet the challenges and threats of today’s world?
Security professionals have sometimes been seen as reactive elements within an organisation – they respond when there’s a problem. But security has evolved into a professional and proactive corporate function that works across an organisation to help every business unit understand and mitigate its risks. That means that security professionals must have the same level of business understanding that their peers across the organisation have.
Critical thinking, leadership and communication skills, and a solid understanding of business and financial management are more important skills than ever in a complex and global business environment. Since so many of the threats facing multinational companies come from digital sources, it’s also important that security professionals understand the basics of cybersecurity and are able to understand what their peers in IT are saying when describing a cyber-threat. Physical and cyber security threats don’t exist in silos and that underscores the importance of security professionals having a good working relationship with their IT colleagues.
How do you think the world of security has evolved over the period of your career?
The security function has evolved somewhat dramatically, to come from a narrow silo that had few communications, or interactions with other elements of a business enterprise, to a partner with value-added credentials contributing to the success of same. Substantial integration of all disciplines involved with the protection of people, property and information has become an essential objective. Good progress has been made with regard to the above and I see a bright future going forward. Worldwide circumstances post-9/11 have dictated that the industry develop standards for operation.
How does ASIS support the security professional?
ASIS is a global resource for security management professionals, developing and disseminating high quality current education on best practices, and providing peer networking opportunities that permit professional development essential for the protection of people, property and information.
We have 38,000 members in over 136 countries and over 28% of our members are outside of the United States. We currently are conducting educational and networking programming in Europe, Middle East, Asia Pacific, Mexico, South America, and many locally-generated programs conducted through our over 94 Chapters situated outside of the United States.
What have been your highlights as CEO of ASIS to-date?
I am proud of many of the improvements to the security world that ASIS has contributed to and my role in these. In particular, my considerable involvement in the development of the Chief Security Officer position, as a substantive participant in the business enterprise. Alongside this, the expanded recognition of the security profession as a business discipline. A significant component of these advances has been the development of programming for security professionals to achieve the necessary expertise in the business community of practice.
In terms of how ASIS has developed as an organisation, I am especially proud of the growth of our membership and the participation in our educational and networking programming. It is pleasing to see the global expansion of ASIS well beyond its roots in the United States.
What advice would you give to someone developing a career in security?
Understand that security is a business discipline, impacting your employer’s bottom line, and your contribution to that financial aspect, coupled with the substantial importance of remaining up-to-date with your education and interaction with your peers globally, given the ever-changing global challenges you have to confront.