In 2001, Nick Santillo, CPP, PCI, PSP, worked as a field service representative for a water utility while taking criminal justice courses in preparation for a law enforcement career. Following the terror attacks of September 11, a security coordinator position was posted at his office, and he shifted his plans from public service to private security management.
"There were hardly any tasks more important for those of us in the utility sector following 9/11 than the protection of our critical infrastructure," says Santillo. "It's something that I enjoy and am proud to be able to do. Working to protect people and assets is an incredibly rewarding career."
Once onboard, his boss—an engineer—tasked him with developing the utility's security program from the ground up. "I asked my boss what I should be working on," Santillo notes, "and he told me, 'I don't know. That's why I hired you.'"
Still participating in college courses, he asked a professor for resources related to building a physical security program, and the professor directed him to ASIS International. A new ASIS member, he attended that year's annual conference, and he hasn't missed a year since.
"I used the relationships and resources available through ASIS to build my security program. Having access to standards, white papers, and other members over the years has been invaluable to my career," he adds.
He studied to attain his Physical Security Professional (PSP®) certification in 2003, asserting, "I gained a significant amount of experience and was a high performer, but without a formal physical security education, I recognized the need for my knowledge to be validated."
During exam preparations, he was introduced to standards of security practice that he'd never encountered before. Identifying areas where there were gaps in his knowledge, he studied further to fill those gaps—not only increasing his ability to pass the exam, but fundamentally improving his security practice.
"After earning my PSP, I worked to attain my Certified Protection Professional (CPP®) and Professional Certified Investigator (PCI®) certifications to further grow and substantiate my knowledge," Santillo says. He achieved the ASIS certification triple crown in 2006.
Shortly thereafter, he joined the ASIS Utilities Security Council—dedicated to the establishment of sector best practices, educational opportunities, and information sharing in critical infrastructure protection. He now serves as the council's chair.
Having built the utility's security program from scratch, Santillo now serves as its vice president and chief digital infrastructure and security officer. Responsible for technology operations, physical security, cybersecurity, information technology compliance. and data privacy, he works collaboratively with a group of dedicated professionals, providing feedback and guidance to solve problems as a team.
"I encourage all security professionals at our organization to attain ASIS certification, and it is a requirement for our senior level positions," he adds. "We pay for the certification exam and preparations because it is that important. Working through the certifications myself, I gained a significant amount of information that I was able to put into practice to validate ideas, develop programs, and implement best practices in my role."