Starting From Scratch

Strategic Security

​​​Illustration by Eva Vázquez​​

Starting From Scratch
 

​Defining and introducing functional security improvements into a 90-year-old company with worldwide operations and a well-established organizational culture is, at best, a challenging task. 

This was the reality that presented itself when I was hired as global security director for Land O’Lakes, Inc., in 2012 and given a clear mandate to design and implement an enterprisewide security program from scratch.

Over the past few years, the business had transitioned from a holding company to an operational enterprise. In the past, each operating entity was responsible for its own security. But under the new model, security would become a centralized support function—along with other headquarter functions that would become standardized across the enterprise.

This new approach would make Land O’Lakes better prepared to protect itself and its employees, and to respond adaptively to the dynamic environment of a 21st century organization. As security risks become ever more complex, threats like terrorism, crime, and cyberattacks are asymmetric and networked, making them more difficult to manage. 

I considered it a once-in-a-lifetime opportunity to go into a Fortune 500 company with a clean slate to establish a corporate security function—without inheriting dated policies or overcoming a predecessor’s established vision. 

Founded in 1921 by 320 dairy farmers in St. Paul, Minnesota, the Minnesota Cooperative Creameries would eventually become what is known today as Land O’Lakes, Inc. 

Since 1981, Land O’Lakes, Inc., has supported Land O’Lakes International Development, a 501(c)(3) nonprofit that has led nearly 300 programs in almost 80 countries that help communities around the world build economies by strengthening agriculture from farm to fork. These initiatives are designed to improve farmers’ agricultural productivity and food security while also creating stable market systems. 

Land O’Lakes has approximately 10,000 employees and does business in more than 50 countries and in every U.S. state. The organization has 3,963 members, including 1,959 dairy producers, and had $14 billion in 2017 net sales.

In 2012, Land O’Lakes was looking to hire a security leader. I understood the company to be an agricultural enterprise that in a few years grew from $7 billion to $15 billion in sales. With this growth, there were acquisitions, mergers, and joint ventures—both domestic and internationally.

With increased global business activity, a fast-expanding international workforce, and a diverse international development portfolio in higher threat locations such as Yemen, Lebanon, and Egypt, the company leadership was well aware of the risks. 

During the interview process, I quickly discovered that leaders at the senior level of the enterprise genuinely understood the need for a new skill set to help them manage the day-to-day threats that they were not equipped to handle. Leadership was receptive to allowing for adjustments to what the function of the position would embody, and what it would not. 

Before accepting the position, I was able to negotiate a rewrite of the position description of a security manager to that of a global director of security to embrace the following responsibilities: physical security, investigations, international risk management, travel risk management, liaison with law enforcement and the U.S. Department of State, as well as other ancillary functions, such as event security and executive protection.

My new job would be to create a security program that would be standardized across the enterprise from headquarters across the globe. It would involve building a program that would make the company better prepared to protect itself and ​​its employees.

First Ste​​​ps

When I reported for duty in February 2012, I was given a simple direction: learn the business and meet the leaders. So, I did. I started with conducting research on Land O’Lakes and spoke to a senior sales manager, who gave me an insider’s perspective about what it is like to work for one of the most recognizable branded companies in America. 

I discovered that, in addition to dairy foods, Land O’Lakes is a major player in agriculture, primarily through its Purina Animal Nutrition and WinField United divisions—both domestically and internationally. However, the riskiest undertakings for the company were with its International Development group.

Land O’Lakes International Development has applied an integrated approach to international economic development, with funding from USAID, the U.S. Department of Agriculture, and the Bill and Melinda Gates Foundation. 

The employees associated with this nonprofit segment use their practical experience and in-depth knowledge to facilitate market-driven business solutions that generate economic growth, improve health and nutrition, and alleviate poverty. They live and operate in some of the riskiest places in the world—meaning security is at the forefront.

During my learning phase, I quickly identified my many principal business partners within the company. The most significant ones included human resources, the legal department, internal auditors, the risk management team, and the real estate and facilities group. Early on, I realized that the security function could not succeed without support from those and other key leaders.

I got to know the many partners and made certain that they understood what the security function would do and how I intended to integrate security into their day-to-day operations. For example, it was essential to meet with other leaders to review existing practices on how facilities are leased or built, then partnering to reshape or tweak those procedures to include security in the internal planning process. Establishing early mutual respect, and learning about how each function adds value, was a critical step.

I also traveled to meet with as many company leaders as possible, from plant shift leaders to plant managers to members of the C-suite. 

This process included several meetings with the CEO, board members, and the chairman of the board. I asked detailed questions about what each one considered to be important from a security perspective, and also took the opportunity to present my vision for the future of the security function at Land O’Lakes.

Knowing my communication had to be direct, simple, and memorable, I developed an elevator speech for these interactions. I gave a quick introduction of myself—what I do, where I report within Land O’Lakes—and used my parting tag line: “Asset protection equals bottom line on the balance sheet.” I then followed up with, “Can we meet for 30 minutes so I can learn more about you and your team?”

This approach was generally successful. And one of my first indispensable early partners was the director of internal audit. During my first year, through collaborative investigative effort, we discovered internal control weaknesses that allowed us to implement new process controls and enhancements to prevent future fraud.

For example, we cross-referenced the company’s employee database against its accounts payable, which revealed that employees were receiving illicit payments at their home addresses. 
We then took action to address this fraud that took advantage of our formerly weak internal controls. Where appropriate, we had dishonest employees prosecuted and recouped stolen funds through restitution.

This incident taught me that if I do not know the corporate and supply chain business leaders, I will never learn the business. And if I do not know the business, I cannot hope to effectively prevent losses. 

Strategic Planning

Besides learning the business and the prevailing culture, my other initial task was to develop and communicate an effective strategic plan that could be accepted by key leaders. The early priorities were to pinpoint clear objectives for the new global security function, to ensure alignment with various broader corporate objectives, and to execute the plan to achieve those objectives. 

The strategic plan became the ultimate guide to decision making within the team. It helped with several decisions, guided me in implementing my vision, and influenced senior management’s expectations. 

To create the strategic plan, I started with setting internal benchmarks within several areas. I identified key initiatives (policies, processes, and people); costs and timelines for these initiatives; an alignment matrix with other functional areas (touch points with internal audit, communications, human resources, real estate and facilities, the legal department, and regulatory compliance); and identified domestic versus international priorities derived from discussions with C-suite leaders. 

Using those considerations, I was able to work with other stakeholders to direct effort and resources towards initial operating challenges the security function needed to address. These included being unable to determine the total security expenditure within the company; the lack of uniform enterprise technology standards for access control and monitoring; decentralized guard operations; lack of understanding about what security does; the absence of centralized reporting of security-related incidents; lack of insight into who was traveling globally; a scarcity of professional competence for fraud, theft, and workplace violence incidents; and no defined jurisdiction or strategy for preventing or responding to workplace violence concerns. 

With my energy focused on people, process, and relationships, I assessed what could be adjusted, improved, fixed, or otherwise put into action quickly and at a low or no cost. 

Contracting. For example, streamlining guard contracting by centralizing the decision making was a necessary improvement. Previously, each location contracted for security guards, and other related services, autonomously with disparate providers with varying degrees of success. The local agreements were not properly examined by security professionals, which hampered the company’s ability to implement operational standards, hold service providers accountable, and provide for an appropriate level of oversight. 

Under the new policy, business units and plants were no longer permitted to contract for security service. All contracts would be made through the Global Security Department, which would own the relationship with the vendor to maintain operational control.

This change in management process required consultations with stakeholders throughout Land O’Lakes to review and modify the prevailing policies. Then, the company moved to implementation with a single nationwide contract to a vetted security provider that would be managed locally. 

Standards. I used a similar process to establish uniform security technology standards for the enterprise. 

The past practice had multifarious legacy systems that could not be interconnected. To replace them, we selected a single security technology platform for all new access control and video systems. 

As a result, in 2016 the company approved funding for the construction of a Global Security Operations Center (GSOC), which became fully functional in the summer of 2018. It operates on a 24/7 basis with two contract employees at all times. Future staffing levels will expand as Land O’Lakes grows.

In addition to live monitoring our enterprise access control system, the GSOC operators can access security video feeds at any location by calling up a respective IP address for any camera at any company location. This move to a fully integrated modern security technology system will support Land O’Lakes’ operations across the globe.

Investigations. The investigation function was another area where the Global Security Department was able to add value, early on, by solving complex cases that sometimes resulted in prosecutions.

For instance, by partnering with the internal audit team, we were able to detect unexplained inventory shortages. Further investigation uncovered a sophisticated conspiracy by several employees to divert premium Purina animal feed. The employees were fired, and the information was turned over to local authorities, who prosecuted the thieves. They were convicted and sentenced to six years in prison.

We also added to the investigation function by developing an in-house investigative database used to track all losses and investigations. The database is kept on a shared drive where it can be accessed by security team members to easily cross reference prior cases going back to 2012. 

Travel. Another quick-fix action was the early adoption of a risk-based system to centrally account for international travelers and expatriate employees who travel or live in locations around the globe. To start the process, we reviewed past practices and compared them against new and competing technologies to deliberately improve our capabilities to track our domestic and internation­al travelers.

Based on this review, we com­mun­icated that the security function could advance existing processes to protect employees from travel-related risks by communicating and interacting regularly with colleagues in other departments, such as legal, travel, communications, risk management, and others.

For example, we leveraged the Passenger Name Record (PNR), a computer reservation system database that contains personal information for passengers and travel itineraries. Land O’Lakes was already paying for it, but not exploiting its potential. 

We also selected a new duty of care vendor to help us implement changes and asked our travel agent to begin relaying PNRs to the duty of care vendor.

 As a result, we have a nimble and responsive means to actively track and account for all of our travelers. And, when needed, we can quickly respond to employees who find themselves in harm’s way or need medical, personal security, or emergency assistance.

In July 2013, for instance, after the new protocols were established, gunmen attacked the Westgate Mall in Nairobi, Kenya. Land O’Lakes’ African headquarters are adjacent to the mall. Using the new system, we were able to account for all affected staff and manage any resulting impact to our African operations.

More recently, in January 2017, during an active shooter incident at the Fort Lauderdale Airport, 56 Land O’Lakes employees were in or around the airport. They were traveling home following a previous day’s company marketing event when shots rang out in a baggage terminal.

Instantly, we went into crisis mode and were able to quickly account for all employees and update leadership that everyone was safe. However, it took longer than desired to find contact phone numbers for all employees who were traveling.

After both incidents, we reviewed our response protocols and made appropriate adjustments to our internal processes. 

One change made after the Fort Lauderdale shooting was to require that employees provide a cell phone number when they are issued an airplane ticket for travel. This is so that employees can be contacted—in the event of an emergency—while traveling. We also established a 1-800 informational number for employees to call in to during an emergency.

Getting Fe​edback

Throughout the process of creating a Global Security Department, I’ve received valuable feedback. The most significant feedback, however, has come during the budget planning cycle in the form of authority to hire security staff as full-time employees. 

By this measurement, the security function at Land O’Lakes is clearly up-and-coming because the security budget has trended up each year since it came into existence in 2012 with the addition of three full-time security professionals on staff and prospects to hire more. When scarce resources are allocated, security has a seat at the table alongside other business functions. This type of feedback demonstrates that the function is adding value to the company.

My intent from the beginning was to use a “baby steps” approach while building a well-integrated security program. This was best accomplished by depending on my personal credibility, while always remembering that security must have the support of management at all levels of the business.

 It is not sufficient to understand the technical aspects of security; I must also be well versed in the business aspects of operating within a global enterprise and appreciate that security, like other business functions, contributes to the bottom line.

At Land O’Lakes, there is now a greater appreciation of the inter­dependence between the company’s risk appetite and the way it does business. It’s recognized that a flawed strategy can undermine our ability to operate, and, in some cases, can generate risks that would not otherwise be present.

As a result, security has a higher profile within the company today than it did six years ago. Land O’Lakes is constantly looking for new ways to manage both domestic and international risks, and the portfolio of the Global Security Department has widened to include shared responsibility for corporate reputation, governance and regulation, social responsibility, and information assurance as a result.

Don Taussig, CPP, is director, global security services, at Land O’Lakes, Inc. He was previously the senior manager of global security at Harsco Corporation, CSO at the U.S. Bureau of  Reclamation, director of security for the U.S. Executive Office of the President, and retired from the U.S. Army’s Military Police Corps. 

__

Guiding Principles

To better prepare Land O’Lakes to protect itself and its employees, its security program was designed around these guiding principles:

Protect your House
Achieve a safe and secure workplace with innovative management and actionable solutions.

Empower your People
Embolden operating business units and sites to safeguard their own assets within a realized risk-based framework. 

Aim to Influence
Adopt a philosophy where the Global Security Department’s primary role is to influence business partners to deliver security through their everyday actions and decisions.

Be a Changemaker 
Recognize that security is in the business of change management, rather than enforcement. 

Look Forward
Understand that the security function cannot stand still or become a fixed entity because its responsibilities will change over time.

Narrow the Vision
Focus more on overall corporate resilience and less on traditional security.

Unify the Scope
Recognize that security is both a strategic and an operational activity.

Communicate Effectively
Security delivers influence and legitimacy derived not from professional knowledge, but from business acumen, people skills, and the ability to communicate security principles.