CSO/Leadership

 

 

https://adminsm.asisonline.org/Pages/Certification-profile-Rose-Miller-CPP.aspxCertification Profile: Rose Miller, CPPGP0|#68cd7623-cf23-49f8-9b16-7610e085f76c;L0|#068cd7623-cf23-49f8-9b16-7610e085f76c|ASIS;GTSet|#8accba12-4830-47cd-9299-2b34a4344465;GPP|#28ae3eb9-d865-484b-ac9f-3dfacb4ce9972019-04-01T04:00:00Z<p>​As a military police officer in the U.S. Army for 27 years, Rose Miller, CPP, led hundreds of law enforcement and security professionals in meeting global security challenges. When seeking a second career, her objective was to share her experience and skills and continue to grow as a security professional. </p><p>“An Army colleague introduced me to ASIS International,” she says, “and I found that the association’s networking and education opportunities would significantly assist my transition to the private sector.”</p><p>When searching for positions in corporate security, she encountered several roles that listed security certification as a required qualification—and she promptly launched her pursuit of the Certified Protection Professional (CPP®) credential.</p><p>She gathered study materials and spent six months preparing for the exam. Using the practice exams, she identified areas where she needed additional study—and she successfully passed the CPP exam in 2011.</p><p>Within 90 days after earning her certification, she was offered a position as a director of security in a large hospital in Washington, D.C. </p><p>“My CPP certification made the difference in the successful translation of my military experience to the security management profession,” she notes. “As a military security professional, the CPP helped define my level of competence to private sector employers.”</p><p>“The healthcare industry under­stands, recognizes, and encourages certifications,” she adds. “Respecting my commitment to certification, C-suite executives comfortably rely on my recommendations and actions in all security functional areas. It is very satisfying for me to be able to relieve senior executives of security concerns and allow them to focus on taking care of patients and running the business.”</p><p>One of her most memorable moments was the day the vice president of the United States paid her hospital a visit—on only two hours’ notice. </p><p>“Our security team, established programs, collaborative relationships, technology, and senior leader support all came together for a flawless execution of the mission,” she reflects.</p><p>After more than three years in the position, Miller made the leap to security consulting—looking to diversify her expertise and expand opportunities to share her knowledge. As a consultant, she continues to reap the rewards of her CPP. Potential clients seeking security consultants not only respect ASIS certifications, but often require them. She routinely leverages both the network and educational resources of ASIS. </p><p>She now gives back to the Society by volunteering with the ASIS International Military Liaison Council. She is active in her local chapter and serves as a Women in Security Council liaison.  </p><p>“A career in security is honorable and rewarding,” she offers. “When I served my nation in the military, I was honored every day that because of our efforts, citizens were able to feel safe and secure while enjoying the freedoms of family, work, and play. Embarking on a career in the security profession allows me to continue to help protect those freedoms.”  </p><p><em>Profile by Steven Barnett, ASIS communications coordinator</em><em></em></p>

CSO/Leadership

 

 

https://adminsm.asisonline.org/Pages/Certification-profile-Rose-Miller-CPP.aspx2019-04-01T04:00:00ZCertification Profile: Rose Miller, CPP
https://adminsm.asisonline.org/Pages/April-2019-ASIS-News.aspx2019-04-01T04:00:00ZApril 2019 ASIS News
https://adminsm.asisonline.org/Pages/Certification-profile-James-Morris-CPP.aspx2019-03-01T05:00:00ZCertification profile: James Morris, CPP
https://adminsm.asisonline.org/Pages/Book-Review-Security-Management.aspx2019-03-01T05:00:00ZBook Review: Security Management
https://adminsm.asisonline.org/Pages/Certification-Profile-Courtney-Klein,-PSP.aspx2019-02-01T05:00:00ZCertification Profile: Courtney Klein, PSP
https://adminsm.asisonline.org/Pages/The-Hard-Truth-About-Soft-Skills.aspx2019-02-01T05:00:00ZThe Hard Truth About Soft Skills
https://adminsm.asisonline.org/Pages/Certification-Profile-Nikhilesh-Sharma-CPP-PCI-PSP-.aspx2019-01-01T05:00:00ZCertification Profile: Nikhilesh Sharma, CPP, PCI, PSP
https://adminsm.asisonline.org/Pages/Christina-Duffey-Serving-the-New-Generation.aspx2019-01-01T05:00:00ZChristina Duffey: Serving the New Generation
https://adminsm.asisonline.org/Pages/Seek-Joy.aspx2019-01-01T05:00:00ZSeek Joy
https://adminsm.asisonline.org/Pages/Dancing-With-Yourself.aspx2018-12-01T05:00:00ZDancing With Yourself
https://adminsm.asisonline.org/Pages/Book-Review-IT-Policies.aspx2018-12-01T05:00:00ZBook Review: IT Policies
https://adminsm.asisonline.org/Pages/Certification Profile Jeffrey A Slotnick CPP PSP.aspx2018-12-01T05:00:00ZCertification Profile: Jeffrey A. Slotnick, CPP, PSP
https://adminsm.asisonline.org/Pages/Editors-Note---Supply-and-Demand.aspx2018-11-01T04:00:00ZSupply and Demand
https://adminsm.asisonline.org/Pages/Federal-Misconduct.aspx2018-11-01T04:00:00ZFederal Misconduct
https://adminsm.asisonline.org/Pages/Career-in-Security-Pathways.aspx2018-11-01T04:00:00ZCareer Pathways in Security
https://adminsm.asisonline.org/Pages/Building-a-Hostility-Free-Work-Place.aspx2018-11-01T04:00:00ZBuilding a Hostility-Free Workplace
https://adminsm.asisonline.org/Pages/How-to-Foster-A-Safety-Culture.aspx2018-10-01T04:00:00ZHow to Foster A Safety Culture
https://adminsm.asisonline.org/Pages/An-Investment-in-Employees.aspx2018-10-01T04:00:00ZAn Investment in Employees
https://adminsm.asisonline.org/Pages/Editors-Note---Code-Talkers.aspx2018-10-01T04:00:00ZCode Talkers
https://adminsm.asisonline.org/Pages/Employees-Lead,-Managers-Facilitate.aspx2018-09-26T04:00:00ZEmployees Lead, Managers Facilitate

 You May Also Like...

 

 

https://adminsm.asisonline.org/Pages/Five-Insights-on-ESRM.aspxFive Insights on ESRM<p>​There are five overall concepts that provide guidance about the nature of enterprise security risk management (ESRM). These concepts describe what ESRM is, what it can do for security managers, how security can gain C-suite approval for it, and how to implement a vibrant ESRM program for the enterprise. </p><h4>ESRM Is a Philosophy</h4><p>ESRM is not a standard, nor is it a rigid set of rules to follow. ESRM is a philosophy of managing security. It is based on standard risk management practices, the same ones that guide most of the other business decisions made by the enterprise. It requires partnership with the business leaders in the organization.</p><p>This philosophy gives the security leader the ability to manage security risks. This ability is not based on the latest incident or scare in the news, nor is it based simply on the manager’s own ideas of what is most important to protect. Instead, it is based on a shared understanding of what the business deems critical for risk mitigation, and what level of risk the business is willing to accept in different areas. This ability also requires that the business fully understand why the security risk mitigation tactics have been put in place, and what the impact of not having those mitigations might be. </p><p>The emphasis here is on business. ESRM philosophy recognizes that security risk does not belong to security. It is a business risk, like any other financial, operational, or regulatory risk, and final decisions on managing that risk must belong to the business leaders. That shift in understanding sets a security program up for a greater level of success because security leaders are delivering only what the business needs, and, more important, what the C-suite understands that it needs.​</p><h4>ESRM Is a Process </h4><p>ESRM is not merely an academic philosophy. A general approach for setting up and running a security program can be derived from it. Under that approach, ESRM in action is a cyclical program, and the cycle of risk management is ongoing:</p><p>1. Identify and prioritize the assets of an organization that need to be protected.</p><p>2. Identify and prioritize the security threats that the enterprise and its assets face—both existing and emerging—and the risks associated with those threats.</p><p>3. Take the necessary, appropriate, and realistic steps to protect and mitigate the most serious security threats and risks.</p><p>4. Conduct incident monitoring, incident response, and post–incident review, and apply the lessons learned to advance the program. ​</p><h4>ESRM Aligns with the Business</h4><p>Aligning the security program with business requirements is the most critical component of the ESRM philosophy. This means that the security program must receive governance and guidance from the business. We recommend the formation of a security council to ensure this alignment. </p><p>There are several ways to implement a council. It could be a loose, informal group that provides input as needed, or it could be a board-level initiative that has formal roles, meetings, charters, and documented responsibilities for ensuring security compliance. The council can be a venue for discussing security topics and risk management strategies, and it can host resolution attempts for conflicts in the process. </p><h4>ESRM Covers All Security </h4><p>There is no aspect of security that cannot be managed in alignment with the ESRM philosophy.  Many security professionals already practice much of the ESRM philosophy without thinking of it that way. For example, performing a physical security risk assessment on a facility is equivalent to the ESRM steps of identifying and prioritizing assets and risk. And setting up a crisis management plan can be considered an aspect of ESRM risk mitigation, as well as incident response.</p><p>The critical difference between programs that do these activities as part of a traditional security program versus an ESRM program is the consistency of approach in ESRM. In ESRM, these activities are not performed on an ad hoc basis but consistently across all areas of security risk. They are not applied to one area of the organization and not to another. And, vitally, they are not performed in a vacuum by security and for security, but in full partnership with the business leaders driving the decision making process for all risk mitigation.​</p><h4>ESRM Is Possible</h4><p>Implementing ESRM cannot be done overnight.  It’s an iterative process that allows your security program to evolve over time into a pure risk management approach. For the security manager, the first step to fully understanding the ESRM philosophy is to communicate it to the executives and business leaders in the enterprise.  </p><p>When implemented thoughtfully and practiced consistently, ESRM can completely change the view of the security function in any organization. The old view of security as “the department of no” will shift when business leaders understand that security is a partner in ensuring that the assets and functions of the enterprise most critical to the business are protected in accordance with exactly how much risk the business is willing to tolerate.  </p><p><strong><em>Rachelle Loyear i</em></strong><em>s ESRM Program Manager for G4S and chair of the ASIS Crime Management and Business Continuity Council. </em><strong><em>Brian J. Allen, Esq., CPP,</em></strong><em> is a member of the ASIS ESRM Commission. Allen and Loyear are coauthors of </em>The Manager's Guide to Enterprise Security Risk Management <em>and the forthcoming book </em>Enterprise Security Risk Management: Concepts and Applications.</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465