The 2011 CSO Compass Award winners discuss prioritizing investments, learning lessons the hard way, and much more
As Manager of security and life safety for the City of Toronto, Dwaine Nichol is responsible for securing the diverse operations of the largest municipality in Canada and the fifth-largest city in North America. These operations include 1,500 facilities, including water resources, social-assistance offices, recreation centers, day care facilities, City Hall, and Union Station, the busiest transportation hub in Canada. Under Nichol's 12 years of management, Toronto has implemented a citywide strategic security plan--a key document that Nichol says the organization relies on heavily--and video-surveillance policy that brought all 1,000-plus cameras used in the city under the Corporate Security Unit.
Nichol has been qualified by ASIS International as a Certified Protection Professional and has extensive knowledge of workplace violence.
CSO: What is unique about the security challenges you face in Toronto?
Nichol: Because Toronto is a large and very diverse multicultural city, the challenges are also very diverse. In one day, we could have a protest at City Hall, security-system issues at a number of water facilities, and a major incident at Union Station.
It's also very political--the city has 44 councilors and a mayor, and we need to always be in response mode. What they say publicly can always affect security in some fashion.
What was the most difficult or rewarding accomplishment of your career?
I'm most proud of that fact that we've been able to retain for a number of years an outstanding security-management team who could easily be stars in another organization but are very dedicated to the City of Toronto. To see their energy and enthusiasm in the face of challenges on a daily basis is, I find, a great reward.
What has been the biggest change to the CSO role in the past few years?
There's been a push to see security as a value enhancer versus a cost center and to practice what we preach in terms of showing clients how security contributes to the business, using metrics and showing ROI. One of our priorities is developing metrics that are important to the different divisions and giving them monthly reports: number of security occurrences, year-over-year change, how many alarm responses, how many major events.
Can you name one of the biggest mistakes you've made during your security career and what you learned from it?
Underestimating [the importance of] my work-life balance. A few years ago, I got to a point where I couldn't enjoy downtime at all. I remember being at one of my son's ballgames, and I was working, and I saw the other parents just enjoying their time. That was the moment I said, I've got to do something about this. I started reading everything I could about time management and began really picking up on those principles that are often said but not often done--work smarter not harder, have a realistic plan of what you want to accomplish each day, delegate authority, block off time to do things that are incredibly important but that can get lost in the everyday shuffle.
It's something many of my colleagues face, especially in the security profession, where a myriad of issues can happen at any time and the next big thing is always waiting around the corner. But a key to leadership is maintaining a very good work-life balance.
What are three fail-proof principles of security leadership?
The first is aligning your unit's goals to the organization's goals. In municipal government, the goals might change every four years, so you better be aligned with how you fit into those new goals and how you support and enhance those new goals.
Second, security needs to be seen as value-adding. People talk about this a lot, but it needs to be lived and breathed as a core value. With anything we do, we're looking at how can we support and enhance the safe delivery of city services.
Third is the power of benchmarking. It's a great opportunity to learn from the successes and failures of others and show senior management what other cities have in place. You can also benchmark against yourself to see how you're set up in one area and standardize across the organization.
What are two things about security or security leadership you wish you'd known 10 years ago?
Focus on opportunities that come along and don't be afraid to experiment or take risks. There's so much day-to-day stuff to do, but certain opportunities come along that can really enhance the delivery of security, and they have short windows of time in which they present themselves, so you need to prioritize them.
Second is the power of a good story. We can talk to employees and hang up posters to increase security awareness. But a good story has a personal aspect to it that gets people to really listen. For instance, if I had an area in the organization where there were lots of problems with people letting other employees enter into a secure area using their access card, if we can tell them about an actual incident that has happened--say, a workplace violence story--then it becomes something they value. It holds much more weight than any other initiatives.
What will be (or do you think should be) the next big topic in the security field?
I'm concerned about sustaining security systems. After 9/11, many security grants became available and all kinds of organizations and governments upgraded security, so a great deal of physical security infrastructure was and continues to be installed. I worry greatly about whether enough thought has been put into the total cost of ownership of that equipment and keeping it highly functioning and operating through times of limited budgets and cuts. What's worse than not having a security device is having one installed that doesn't work.
What is the most over-hyped topic in the security field?
You can have the highest-definition video, but if it's not capturing enough data for a recognizable view, then your super-high-priced system isn't doing too much. After people watch CSI, they start believing your system can do these things and do them rapidly, with the push of a button. Everyone faces these myths, where people don't understand the intricacies of what's involved in completing an investigation.
If a CSO could get budget approval for one security investment, what should it be?
A master security plan. Every painter has a vision--he doesn't start randomly throwing paint on a canvas. Security is like that. You need a road map of where you are now, what the end result will be and the strategic details of how you're going to get there in a phased, multi-year process. It's a key document for getting buy-in from management for approval and budget to support your goals and objectives. If I were new at an organization, the very first thing I would ask for is approval for a master security plan.