Country Security Profile: Brazil

By Francisco Mateo

As the sun once again shines brightly over Brasília and its brand in the concert of nations continues to grow, Security Beyond Borders turns its focus on Brazil, on the eve of a presidential election runoff, which would determine how its course is charted for an undoubted prominent future.  Despite its eminence (economic ascendance) as one of the BRIC (fastest growing emerging markets comprised of Brazil, Russia, India and China) countries, Brazil has deeply rooted security issues driven my social-economic disintegration, which it must confront before the spot light of international events is shown upon it.

Brazil’s population hovers at just under 200 million people. Approximately 88% of the population is concentrated in its urban centers, which in itself explains the dynamics that drive inequality and crime problems. Although this phenomenon is a fixture of all overcrowded cities, it appears to have magnified and galvanized over time.

Economic Overview

To better understand Brazil’s meteoric rise onto the world stage we must look at the key elements that characterize its economy. First off, a large and well-developed agricultural, mining, manufacturing, and service sectors set them apart in the region. Brazil’s economy outweighs that of all other South American countries and it’s expanding its presence in world markets. Since 2003, Brazil has steadily improved macroeconomic stability, building up foreign reserves, reducing its debt profile by shifting its debt burden toward real denominated and domestically held instruments. It has adhered to an inflation target, and committing to fiscal responsibility. To illustrate its economic prowess, Brazil was one of the first emerging markets to begin a recovery. By exploiting vast natural resources and a large labor pool, it has become South America’s leading economic power and a regional leader.

Brazil has in part enjoyed stellar economic growth over last ten years due to its adherence to continuity of economic policy despite political transition from right leaning to clearly leftist political leadership. President Lula Da Silva’s enormous popularity derives from his pragmatic approach to economic policy.

But all the notoriety has far reaching consequences. Its newly minted economic reputation and its maturing role as a regional powerhouse have landed Brazil in thorny world issues recently. Most notable of all have been its mediation of the Honduran political crisis in 2009 and its willingness to establish diplomatic ties with unpopular regimes like Cuba, Iran, and Venezuela, as well as to pursue economic exchange with China and Russia. It is clear that Brazil has aimed at charting an independent path and becoming a geopolitical counterforce in the region and beyond.

Geopolitical Overview

A review of Brazil’s security profile would not be complete without drilling down on the country’s most notable transnational crime problem, which is for the most part concentrated in the unruly region at convergence of Argentina-Brazil-Paraguay borders. This area is a locus of money laundering, smuggling, arms and illegal narcotics trafficking, as well as fundraising for extremist organizations. Other border areas including the States of Amazonas, Acre, Rondônia and Mato Grosso, are high risk due to drug trafficking. Its sheer size (bordering 10 countries) and deep forest areas provide natural defense, but also serve as incubator for the worst of the global illicit economic activities. It would explain why despite government drug control efforts, it remains the second-largest consumer of cocaine in the world. It is also an important transshipment country for Bolivian, Colombian, and Peruvian cocaine headed for Europe.

The International Maritime Bureau reports that the territorial and offshore waters in the Atlantic Ocean present a significant risk for piracy and armed robbery against ships; numerous commercial vessels have been attacked and hijacked both at anchor and while underway; crews have been robbed and stores or cargoes stolen.  Similar socioeconomic factors driving piracy in the Gulf of Aden are at play for the most part in Brazil’s Atlantic coastal waters.

Crime Overview

Serious crime, often involving violence, is high in a number of urban centers, including Rio de Janeiro, São Paulo, Recife, and Salvador. The recent reports of armed drug gang members setting up roadblocks and robbing drivers en masse in the Rio de Janeiro area, prompting the firing of 19 police battalion, is certainly a notable reminder of what lurks just beneath the pristine surface. As the country sets out to host the World Cup in 2014 and the 2016 Olympics it should ponder the right strategy to avoid the Mexicanization of its crime problem.

Crimes and violence in São Paulo can be attributed to street gangs and organized crime groups.  São Paulo is notorious for the brazenness of certain high profile crimes and violent crimes such as murder, rape, and kidnappings.  The most concerning crimes in São Paulo are express kidnappings, carjackings, virtual kidnappings and home invasions.

Crime while on the road remains a problem for both visitors and local residents alike, especially during evening travel and traffic jams. Violent crimes committed in heavily congested roadways is the motivating factor for companies like Truffi or Master Blindagens to produce over 25 bulletproof cars a month, and they’re just 2 of 45 companies in São Paulo by far the biggest market, with Rio de Janeiro a close second.  Brazilians would “much rather trim their appetites for appliances and electronics in the recession, but bulletproofing is one expense they are not giving up easily”. This is an outgrowth of the overall sense of insecurity felt by everyday people.  The general consensus is that if the government can’t keep them safe than they will use their recently acquired prosperity to buy their own security.  As a nation it can certainly do much better than that and there are obvious compelling reasons for doing so.

Other Risk Pressure Points

Natural disasters, mainly flashfloods, remain a considerable risk of social disturbance.  That is because the large communities still living in favelas are most susceptible to these unpredictable events.  Last year’s deadly floods are but an example of the infrastructural fragility of overpopulated cities to deal with large magnitude emergency incidents.

Flooding over several recent years has continued to plague São Paulo State and many other parts of the country. Severe rainstorms in 2006, 2007, 2008 and 2009 resulted in some of the worst flooding in years for São Paulo. Bridges and highways were closed due to flooding and some major roads and highways were submerged underwater. In December 2008, floods in São Paulo left 20,000 residents without potable water, numerous motorists were stranded, and 70 flights were canceled at Congonhas Airport (one of three airports in greater São Paulo). In November 2008, flooding in the southern state of Santa Catarina left nearly 100,000 homeless and claimed over 100 lives. The disaster was one of the worst in the country’s history. In December 2009, the eastside of greater São Paulo was under water due to severe rain storms.  Flooding brought traffic in São Paulo to a standstill, resulting in deaths, destruction of infrastructure and millions of dollars in financial losses for businesses. During a one day period the city received more rain than it would normally see during the entire month.

In closing, it is clear that Brazil is poised to confront its internal security risks head-on.  Its success in creating continuity of economic policy to spur growth should be emulated by the new political leadership, during their transition into power, to bring cohesive socioeconomic growth that would undermine its security shortcomings and continue to drive a downward trend to its most vexing crime problems. It must remain steadfast in this direction as focus on everything Brazil will only spike during the World Cup in 2014 and the 2016 Olympics. They have a short window of time if it aims to capitalize on its successes in eradicating the security weaknesses highlighted herewith.


Corporate Espionage Follow-up

It appears that the State-sanctioned corporate espionage issue has become a hot topic this week.  If the subject peaks your interest enjoy this few follow-up articles to my post last week.  They may be worth reading:

Western firms face growing spy threat

Do Western states spy for corporate ends?

Spycraft, contacts still key in espionage world

Who is Looking Out for Corporate Spies?

“There is a lot of information available out there…the key is to match a client who understands the value of information and an intelligence firm that has the wherewithal to go out and get it.” – Mike Baker

Societies have always played catch-up to sophisticated criminal enterprises. This has been the norm from the industrial to the information revolutions. From the days when Allan Pinkerton revolutionized the detective role in business, as he became the first practitioner to help major companies protect their assets and information through an extensive civil intelligence network. Today the protection of information is crucial to all companies participating in the global economy. The effective application of information in its many variations can increase or destroy value for a company.  Sophisticated criminal networks are in a constant prowl for information that can be effectively applied in schemes from counterfeiting to stock manipulation. A whole industry has also sprouted around the acquisition and protection of business critical information. A high stakes game is played around the world as teams of spy attempt to steal information that would give then an advantage on the market while the adversaries attempt to keep it from falling in their hands.  The lines are so blurred that even criminal actions are difficult to decipher. It is quite easy, however to see the impact the theft of proprietary have on the market valuation for many companies at the loosing end on this trend.  That is the reason why many internal and contract intelligence units have taken afoot inside many of the most recognized names in global business.

The risk of being targeted by espionage campaigns is very real for companies leveraging market dynamics by outsourcing critical business operations around the world. They are not only the targets of government sponsored intelligence collection campaigns, but  also by private intelligence operators who are also busy at work with operations of their own. There are countermeasures to espionage and information theft. Companies can start by evaluating how vulnerable the physical protection to their information sources really is. Start by limiting access to your facilities and information networks. Also recognizing and classifying proprietary information and placing vulnerable data in protected areas are good practices to implement.  The more mature organizations also conduct information theft exercises to test their readiness and information theft prevention plans.  If you suspect your company may be the target of espionage, I urge you to adapt some of these strategies; your shareholders would be grateful.

Corporate Security Is a Force for Good

By Francisco Mateo

As a security manager at a major multinational organization, I’ve learned to embrace my profound responsibility to provide assistance in an extremely important mission; that of protecting staff and clients from a growing list of perils. However, convincing people you barely know to accept protection measures, that at face value may appear to run counter to their well-being, is no walk in the park. I can assure you of that, and that is what we must do every day. Yes, it’s a thank-less job, as many of my colleague would affirm; which is why we command pay equal to executives of the same level. At a profound level some of us also aspire to more lofty rewards, mainly knowing that we have direct input into keeping people safe while they travel; work in hostile environments and leverage the supply chain to bring safe products to consumers.  As I stated initially this is a task that gets evermore complex. It is one area of our daily duties that requires our focus and recognition of seemingly unknown threats as well as the know how to device swift countermeasures.

The evidence is plain to see.  Just think back to the tainted milk crisis in China which began in 2008.  After thousands of babies were hospitalized with kidney failure, the Chinese government declared a public health crisis that sparked a global recall of all powder milk products produced in China. The initial response understated the far reaching impact that the use of melamine, a carcinogenic substance, would have on food products.  China is to remain the world’s manufacturing hub, but their lack of controls over the use of dangerous raw materials is bound to continue as long as demand outstrips production output. For that reason consumer product companies have a duty of care to remain vigilant when sourcing raw materials or outsourcing manufacturing of consumer products.  We in the corporate security function can contribute our investigation skills by applying this know how to the due diligence process. We should not accept a third-party manufacturer’s claims of having the capacity to deliver products in time and to our quality specifications at face value. We must dig deeper into their safety records, production methods, compliance with international regulatory standards and even the moral compass that drives the operation to determine the likelihood that sham methods and corner-cutting could lead to tainted products that would put consumer’s health at risk.

Another area of concern to which corporate security has been active participant is combating counterfeit products. An off-shoot of the global economic growth, these seedy illicit business practices are the underbelly of globalization.  Aided by improved communications link, cheap transport and flexible (or simply corrupt) customs organizations, counterfeiters have blanketed many major markets with their cheap products. In some areas counterfeit products compete head to head with legitimate brands, eroding market share at fast clips. Beyond the downright theft of intellectual property, we know that counterfeiter’s illicit practices put the public safety and security at risk. Simply put they’re not in the business of delivering safe products to market, neither do they respond to the sovereign need of controlling which products cross national borders as well as paying the tariffs that should go to ensuring consumer safety. Furthermore, profits from counterfeit product sales have been known to go to terrorist organizations in furtherance of their deadly operations all over the world. Here too corporate security has a prime role to play liaising with law enforcement and customs official to disrupt the flow of counterfeit products in the supply chain. We are also educating our internal constituents to adopt unique marking and packaging technology to facilitate awareness among consumers to easily identify knockoff products. In a nutshell we can be the catalyst that makes this entire process come full circle.

Sometimes our advance risk scenario planning would project us into obscure areas, often only discussed in academic circles. Such is the case of bio-hacking, or the tinkering with the basic building blocks of life by many biology students and enthusiast worldwide—using cheap synthetic DNA and lab equipment bought inexpensively on the internet. Five years ago this wasn’t even on our radars, but the advent of cheap technology, the decoding of the genome, disposable lab equipment being bought and sold freely and bit of crowd-sourcing could lead to accidental or intentional development and release of deadly toxins.  In the past biological testing and engineering was conducted in heavily regulated and controlled government and university labs, thus bio-security (Biosecurity denotes policies and procedures designed to prevent the deliberate theft, diversion, or malicious use of high-consequence pathogens and toxins) remained the sole purview of government agencies.  Today with the growing DIY crowd experimenting with DNA from labs at home and other non-regulated facilities, there has been an increase emphasis on tracking this activity in order to keep people with nefarious intent away from these technologies. But there is also a high risk that gone-hoe hobbyists (even with benign purpose in mind) in the process of mixing or swapping genes would create deadly toxins without regards to obvious hazards to themselves and others.  Many of us are responsible for the protection of lab facilities, which is why we should be concerned about both the potential unauthorized removal of equipment and substances to further these independent (clandestine) research activities. Likewise, we should be concerned about the unauthorized used of these lab facilities in the same way. Corporate security should assist setting strict access control systems and procedures to ensure only authorized use of labs and equipment. Beyond this we should be considering sensors that would detect and alert us to the introduction or use of dangerous substances. All in all this is an emerging area of research we should remain aware of.

Some areas of business life have become difficult to manage especially when changes could come as fast as lighting, of course, I’m talking about business travel. To be specific I’m talking about disruption to travel due to natural or man-made disasters. It is often unpredictable and its impact could be widespread. Recently we’ve seen an increase in these Black Swan events, the winter storm and ash clouds in Europe as well as a number of high profile airline employee union strikes come to mind. All these events have in common the fact that hundreds of thousands of travelers were left stranded far from their final destinations. This in effect has also thrown a monkey wrench on company’s ability to make business travel plan on the fly.  Many in the corporate security function already track business traveler destinations as part of our value added service. Besides the jurisprudence that has been chiseled out around the issue of a company’s duty of care to guarantee employee safety while on business travel, there are no set standards of what companies should do. In the absence of such guidelines many practices have been developed. Employee tracking has become invaluable in light of the growing perils. Traveler destination data is often overlaid with open source intelligence to get early warning, which allows the security officer to alert travelers in a potential hot-zone. Furthermore, if the employee travel plans are disrupted due to any of the aforementioned hazards, alternative plans are arranged. If travel crisis strikes, emergency evacuations could be also be arranged. Advances in computing technology have also allowed us to tap quantitative models of both natural and man-made incident data to provide more predictive incident monitoring, which we can use to leverage prevention. In essence, the more we know about a particular destination the best prepared we are to guide travelers whether to go or not.  It is a task we take extremely serious, since a wrong call means that lives could be at stake.

From Antiquity to the Contemporary periods, works of art make up an important part of our shared human experience. The sum trust of our humanities, elegantly displayed in museums, galleries and private collections the world over. But in our modern times it is not this human genius that is in vogue. No, what we’ve experienced is the opposite, the dark side of our humanity that only sees value, summed up in monetary profits, when they lay eyes on the greatest work of arts known to human kind.  The trend in art theft is truly appalling. Art thieves have become more brazen in their hits, striking in broad daylight. In the past we’ve witnessed certain sophistication in the schemes employed by art thieves. Today, they’ve mostly exploited holes in museums and art gallery’s physical security array. A quick cost/benefit analysis comparing the value of paintings and other work of arts versus the security measures available at the time of the thefts would reveal the pyrrhic victory of the latter. Yes, it is true that many of the endowments that financially anchor these institutions have been reeling, with lower contributions due to the global financial crisis.  It’s likely that many essential services have been scaled back in cost cutting measures. Security practitioners can play a decisive role here, volunteering time and contributing our know how by conducting risk assessment (Analyzing foot-traffic flow data, behavioral analysis, contractor and employee screening, etc.) to determine vulnerabilities and recommending security countermeasures that can be delivered at lower cost. The same “lean security” principles applied to corporate security operations can add tremendous value to keeping art works safe and sound for all to enjoy.

As we look over the horizon, the perils would continue to get more complex. A recent commentator put it this way “”we are living in a world of cascading and intertwined threats…” in reference to the way risk is compounded and overlaps, paving the way to catastrophic failures. Whether man-made or natural, our risk scenarios are evolving, thus it is time for trained professionals to step up to plate and help organized solutions for the good of our society. In the age of corporate social responsibility, we security practitioners within major industries should be doing more to contribute our knowledge and leveraging resources to make our societies more resilient to shocks.

Fraud & Corruption Around the World

A selection of fraud and corruption news article from around the world. I do suspect that fraud reports are more prevalent from countries where there is greater scrutiny of white collar crimes, of course there are exceptions.  For instance I have spent time in the Dominican Republic, where fraud and corruption are endemic at all levels in this small island country in Latin America (Caribbean) yet you rarely see any reports of such public and private corruption anywhere except the Transparency International or the Economist Intelligence Unit reports.  Impunity leads to censorship and you know how the rest of the story goes. Despite how many people perceive fraud and corruption (White Collar Crimes), it is not a victimless crime.  For proof just look at the strips of poverty that skirt the otherwise ever growing patches of opulence around the city of Santo Domingo. Not very different from any other LatAm city.  The root causes are there in plain site, but life in these impunity laden cities goes on as normal.   

New Zealand‘s ‘Madoff’ jailed after stealing millions to spend on prostitutes  

First major banking arrest under fraud Act

Bad debts and fraud drive Bradford & Bingley’s £196m loss

British directors arrested in bribery inquiry  

UPDATE 2-Innospec to pay $40.2 mln to end bribery probes

CFO Sink’s Staged Accident Sweep Results in 19 Arrests Statewide  

Verdict on China Rio trial on Monday, Australia says

Russian bribes nearly tripled despite economic crisis – official report

Russian officials involved in multimillion-dollar bribery scandal with Daimler

Ex-IKEA Boss Bares Russia’s ‘Chaotic Reality’

Pfizer Told to Pay $142.1 Million for Neurontin Marketing Fraud

New Fraud Cases Point to Lapses in Iraq Projects

Lie to Me – If You Can!!!

Has anybody told you a bold face lie so convincing it could almost refute hard evidence?  As any investigator would tell you deciphering truth from fiction is no easy feat. The investigator must not only gather clues and evidence on a mark/subject, but he/she has to also be able to extract the truth from the fraud. Luckily the folks of Howstuffworks have put together a nifty set of documents that explains how verbal and nonverbal signs of lying combine to give you a roadmap to prying the truth out.    

Deception Detection – How Lying Works:

The 21st Century Security Strategist

By Francisco Mateo, CPP, CFE

Many classic works on strategy deal with conflict management and resolution….  Perhaps the two best known and often quoted among security professionals, whether we recognize it or not, are Sun Tzu and Niccolò Machiavelli through their classic works The Art of War.  Even though they come from different areas, they combined deep thoughts about the meaning of conflict and their ever revolving spheres of influence from all walks of life.  As security practitioners we seek to resolve many conflicts in our efforts to protect people, assets, reputation, and brand (PARB).  The context gets evermore complex, and so must our protection strategies. Through the concepts gleaned from these strategists par excellence we can develop our own style suited to our cause.

If we look at the security problems we face today, fraud, theft, hijackings, labor disputes, workplace violence, extortion, blackmail, commercial espionage, counterfeit, demonstrations, political unrest, crisis (natural or man-made) just to name a few, all share a comment current in a socioeconomic context.  The motivations that influence the ebb and flow of crime trends are rooted on a need for survival and dominance of our human species.  As globalization and access to information became more entrenched, so did the diffusion of creative criminal ideas of how to resolve the age old problem of survival through snatching property of those perceived to have more.

The success of these deviant actors hinges on their ability to study and know our weaknesses, equally or better than we know them ourselves.  This gives them tremendous advantage of selecting the time and place for the attack.   If we stand a chance of either deterring or detecting the attack, than our security risk assessments must be in tune to the universe of possible enemies of protection that we would face.  Whether it is internal or external we should know: who they are? What are their motivations? When and where are they most likely to act? What benefits would they derive from their actions? How would they go about obtaining the fruits of their deviant actions?, etc.  Analysis like this would move us to the best strategy to counteract our enemies’ actions.

For example if we decide deterrence is the best course of action, we should consider the options available; as Mark Willoughby once mentioned “Successfully managing risk is a delicate balance between probability and impact. If we choose more security, we must strengthen countermeasures to make the probability of a successful attack unattractive. The bad guys will look elsewhere for lower-hanging fruit — and a skilled and determined foe will always find lower-hanging fruit.”  Knowing our enemy allows us to not only know their threshold for risk, but to also make a sound determination of how much resources are needed to simple deflect their attacks.

 The basic tenet of prevention would not be possible without first knowing the operating environment.  Before we can set forth strategies we must first properly evaluate the risk conditions through security assessments.  Our assessments should be design to take a deep look into internal and external factors that would give rise to risk. Our internal assessment may include how staffing and budget levels, hierarchical status fit the business operation we’re tasked to protect.  External factors for the most part turn on the particular industry axis your company finds itself. For the must part security risk depends on weather you’re in the manufacturing, oil, mining, financial, hi-tech or other industries.  

In order to remain focus on the protection mission the security practitioner must know how to differentiate between strategy and tactics. Think of strategy as the web that links all decisions of when, how and if tactics are used.  Therefore no matter how clever the tactic it should not represent your overarching security strategy.  An example of how this dynamic plays out on the field is the case of supply chain security.  Deciding whether to lay down GPS tracking on your transport fleet or use armed guards to protect cargo from theft is a tactical disposition.  Your overall strategy must include route risk assessment; analyzing crime trends; filtering all supply chain staff (direct and third-party); protecting cargo information from leaks; physical security at all idle/transfer points; guaranteeing cargo integrity through the use of security seals; procedures for managing emergencies on the road; ensuring trucks in your fleet are mechanically fit for transport.  Your strategy would tie-in all these strands in a cohesive and executable plan.

Security practitioners like many other strategy professionals have a window of opportunity to obtain maximum impact for our security programs. For that reason we must ensure error-free execution. When people’s lives are in your hand, mistakes are unacceptable. Picture a critical fraud investigation you have spent weeks on field work; countless hours researching documents in search of solid evidence that would link your suspect to the matter at hand.  Yet, the case so far lacks solid factual evidence. Just the type of factual evidence an eyewitness or person with first hand knowledge can provide. Time is of the essence in these types of investigations, but you must have a sense of proper timing to improve and strengthen your position. Your strategy is to go in with as much information as possible into the initial interview with the suspects and for that reason you must wait to interview all witnesses with knowledge of the case or the suspects. Your aim should be to get it right the first time; therefore a wealth of information would give you the superabundance of strength to keep the snake in business suit from slithering away even when tactical errors are made during the interview process.

Nestle’s Chairman, Peter Brabeck once announced to the organization that in order to maintain the high ground of competitiveness the organization alignment must go from “Supertanker to fleets of swift and agile ships” an excellent analogy reflect on how an organization with a global footprint must remain malleable to change in order to maintain the advantage.  The security strategist must remain focus on major external and internal developments and changes influencing the organization they protect.  The reason is simple when we design our security mitigation strategy we make major assumptions about the risk (based on past and present events) the organization is exposed to. 

The structural alignment in an organization is a major influence on how internal and external threat vectors play out.  For that matter any changes in the functional configuration should trigger an automatic redefinition of the risk scenarios. Almost all major global organizations are evolving from traditional to flexible and dynamic networks.  A Bain & Co. study of 37 companies in industries ranging from consumer products to financial services to energy shows that strategically trimming and reconfiguring support functions such as HR, finance and security is often smarter than making wholesale cuts. Done right, it can actually improve effectiveness as it reins in costs. The security practitioner must analyze the intrinsic strengths and weaknesses of these restructuring initiatives and stay at the forefront by making strategic changes before they are imposed on them.  It would show a willingness to be in lockstep with major business innovations, as well as, a superior level of understanding of risk can be leveraged and controlled.    

Now more than ever before the security practitioner needs to learn important lessons about change.  We must not only adapt to change, but we must embrace it.  Our turbulent world demands a level of comprehension about change which at times seem uncomfortable even unbearable and traumatic.  An example of such change can occur during the merger and acquisitions (M&A) between two organizations.  The security strategist must not only participate in the due diligence process to ensure minimal risk to the acquiring company, it must go beyond to determine how the new structure would affect the security organization at all levels.  My own change management ritual involves the study of the different industries that impact my employer to ensure that I have the least blind spots possible about potential risks.  It ensures that I can manage possible change scenarios, which in turn minimizes their impact since having awareness automatically triggers strategic plans to mitigate undesirable effects. It also increases internal and external understanding of the forces that influence my environment increasing my effectiveness and as my role becomes more significant I become a change agent which helps influence transformation.

To the basic level of operation we always preach that habits are our worst enemy.  Whether it is conducting patrol routes around a compound or supervising staff in remote locations there is a simple maxim “don’t be predictable”.  In essence strategy encompasses the use of stratagem to obtain results without alerting our enemies.  As the “Lord Fabrizio Colonna”, Niccolò Machiavelli’s alter ego in his classic work “The Art of War”, which details how an army ought to be raised, trained, organized, deployed and employed; a security practitioner should be able to postulate and articulate a cohesive security strategy and structure. For that purpose the security strategist should actively recruit talent, design and developed industry/company appropriate training and subsequently position staff to tackle the company’s toughest PARB protection challenges.  It is in Machiavelli’s concept of “Virtù”, whereby he describes the “strategic prowess of the general who adapts to different battlefield conditions as the situation dictates”; that I draw upon to lend credence to the fact that the security practitioners must possess many layers of knowledge and personality to succeed.       

It is incumbent upon the 21st Century Security Strategist to learn how this skill can be used to set strategic plans, which “At its core, strategic planning is nothing more than a formalized process for setting goals based on business objectives and then mapping out how to accomplish those goals—over the coming years, not months.” It would require that you’re in line with business “big picture thinking” or its long term over-the-horizon plans to get to know which direction the business is going.  This would enable you to develop roadmaps and compass to guide through the right development path.  This is followed by conducting risk assessments; whereby you identify the weaknesses and strengths of your operation in light of your gaps and exposures.  The risk assessments are a good opportunity to test the vulnerability present in existing countermeasures as well as gage what is needed to close those gaps. Next you need to make your team part of both the strategic, but also the tactical plans.  For that reason you need to “Set measurable goals” that would anchored you plans on solid business grounds.  Remember that information generated by security efforts that is not “measurable, doable and repeatable” would blunt your impact. In other words security metrics must be collected, analyzed, applied and disseminated to the business leadership. 

In conclusion both classic works “The Art of War” from Sun Tzu and Niccolò Machiavelli are instrumental for the 21st Century Security Strategist to develop and implement protection theories today.  Whether we’re applying tactical dispositions to tackle specific protection issues or implementing an overarching security strategy we have a wide range of knowledge to draw upon to enrich and improve our protection efforts.