Bob Littlejohn is in the middle of a day that most people would consider tumultuous. Hair-raising, even. First, there's that evacuation drill he's planning for the New York City headquarters of his company, Avon Products. He's taking rapid-fire calls from Guatemala, Brazil and the Philippines, just a few of the 140 countries in which Avon operates. He worries about them all. And he's headed to Greece tonight to handle a situation in person. For Littlejohn, this is just business as usual.
He fine-tunes the details of the evacuation drill as the phone rings. It's Avon's El Salvador office. Littlejohn's security director there is worried because the US Embassy, which is next door to Avon's regional facility, just received a bomb threat and is in the process of a lock down. Littlejohn's immediate concern is with the more than 200 Avon employees working near the embassy. When he realises the bomb threat is specific and credible, he calmly orders the employees to evacuate until the situation is resolved.
As vice president of global security for Avon, Littlejohn conducts nearly half of his professional life from his New York office and the other half travelling around the globe. He has security directors in every major region of the world who report to him on a daily basis. International employees use a 24-hour hotline for emergencies. "The phone rings from 9 pm. to midnight with calls from Asia. Then Europe starts calling around 6 am," Littlejohn says. "Most of the callers are just looking for advice, but sometimes I'll need to get on a plane." He's concerned that a lot of US companies look at security from only a national rather than international standpoint. "Security is an integral piece of the business process — it doesn't function alone," he insists. "Companies must look at security as a whole; you can't divide national and international entities."
This is Bob Littlejohn. Championing a multinational effort to keep Avon employees safe while exuding a confidence and a calm that's based in the knowledge that he's planned for just about every contingency possible. For him, that is the essence of leadership. And Bob Littlejohn is all about leadership.
Many consider Littlejohn to be a leader in the security world — as seasoned a security pro as you can find. A former vice president of investigations and consulting at security services giant Pinkerton Service, he's a retired Army colonel from West Point who became a cop with the NYPD. During his 21 years with the force, he held executive positions in narcotics and intelligence and headed the operations division. In the early '80s, Littlejohn was appointed director of the New York City mayor's emergency management office. He developed a disaster-mitigation program for the city in the event of terrorist attacks or a chemical leak, not knowing how relevant his actions would be some day. He served on the board of the American Society for Industrial Security and is currently chairman of the Overseas Advisory Council, a body overseen by the Department of State that fosters the sharing of security information between the public and private sectors.
He wants to be the role model for a future generation of CSOs and seems to be well on his way. In fact, if you ask Littlejohn about his vision for the future of security management, he'll tell you how he would like to see companies — especially international ones — hire a CSO who has the business acumen of a CEO, the respect of senior management and the voice to create company strategy.
You'd expect someone who wields such power to be a formidable presence, and he is. Tall and slim, he emanates confidence and authority without being overbearing. And his enthusiasm is contagious. Given the chance, he'll talk articulately about security for as long as he can, or at least until the phone rings again.
Littlejohn is also modest, and he makes sure the people who work for him know he's human. Even if he's on the phone, his employees know they can knock on his door for advice. Unlike what you might expect from a law enforcement veteran, he has a ready smile, and his manner is open and friendly. And it's no secret that he loves grande lattes from Starbucks.
Littlejohn's knowledge of Avon's business strategy is immense but so is his sense of perspective. For weeks after the World Trade Center towers fell, lines of people waiting to get through newly installed access controls snaked out the front door of Avon's office building and blocked the street. Jersey barriers and cement flower planters the size of elephants materialised in front of the Citicorp building two blocks away. Rather than spend money on security measures he wasn't sure were appropriate for Avon, Littlejohn held back.
"You have to ask yourself what's really necessary," he says. "You don't want to just throw money at the problem. Access controls are good, but do you need metal detectors? A lot of what's been done is overkill, and the money could have been better spent elsewhere."
In fact, Littlejohn is most concerned about the safety of Avon employees in places like Indonesia, Malaysia and the Philippines, where there's a threat of terrorism, and Mexico, Brazil and South Africa, where kidnapping and carjacking are everyday realities of which he trains executives to be aware; earlier this year, an Avon employee was shot during a carjacking in South Africa, and a manager in the Philippines was kidnapped. Both survived. To prevent such incidents, Littlejohn visits such high-risk markets on an annual basis to check in on sociopolitical and economic situations, and gather the latest safety best practices from other security executives whose companies operate there. On his last trip to South Africa, he learned that many companies are installing Plexiglas windows and emergency escape devices in business executives' cars in an effort to thwart carjackers, who tend to lie in wait at traffic lights before breaking both the driver's side and passenger windows and stashing the victim in the trunk.
He hesitates to call New York a high-risk market, but having watched the devastation of September 11 from his midtown Manhattan office window, Littlejohn is quick to tell you he wasn't surprised. He'd been helping others prepare for such a disaster for years. But he also wasn't expecting the massive breakdown in communications that followed.
"The most unnerving thing was the fact that no one could find out exactly what was going on," he recalls. Despite his network of contacts high up in the FBI and NYPD, no one had a clear bead on what was going on or who was to blame. "It was the only time in my career that I felt out of the loop."
What he didn't do was panic. Despite unreliable Internet access and phone service, Littlejohn managed to locate all Avon employees in the city and made sure they were OK. He talked continually with Avon senior management and his colleagues in the International Security Management Association (ISMA), an elite group of about 400 security executives at Fortune 500 companies, many of which are headquartered in New York.
"I wanted to know how other companies were handling the events," he says. "Were they staying open? Were they sending people home? Was it safe to close the office when bus and subway service had been suspended? Was it safer to stay at work?"
Littlejohn's next concern was for his friends at the NYPD. On September 12, he finessed his way through the barricades in Lower Manhattan and went to the police command posts around Ground Zero to check on his former colleagues. Despite the devastation, he stayed calm — eerily so, according to colleagues in ISMA who observed his stoic, measured decision making — and he remains calm still. He has to be that way, he'll tell you. It's his job. It's not that he doesn't feel the horror, but Littlejohn is acutely aware of a leader's responsibility in crisis situations, and he understands that people look to him to keep a cool head.
Littlejohn identified the breakdown in communications and the lack of information during the terrorist attacks, and he spearheaded an effort — in part by calling on his extensive contacts in the FBI, NYPD and State Department — to create MetroLink, a network connecting his ISMA colleagues with their local FBI and police departments. Every time the FBI announced a new threat of attack, ISMA members knew where to get the real skinny.
"We had this network where we could go and find out what was really going on," recalls Charlie Steadman, the partner in charge of companywide security at KPMG and a past president of ISMA. "Everyone else was running around chasing rabbits."
Rabbit-chasing epitomises everything that Littlejohn strives to avoid in his job and his professional dealings. Though he had crisis management and business continuity plans in place years before the attacks, he knows such plans cannot remain static. The annual evacuation drill for Avon's New York office is one way he and the Avon staff stay prepared.
"It's imperative that everyone understand exactly what they'll do in a crisis situation," he says. "I want people to know what it's like climbing down 26 flights of stairs. How do you plan for and anticipate the needs of employees who require special assistance? How do you account for workers once you're out of the building and at the assembly area? Do you know who was at work that day and who didn't come into the office?"
As part of his updated disaster plan, Littlejohn is working with Avon senior management to create a remote system for tallying employees. "It's not going to do you any good if it takes you 10 minutes to print out an attendance list and you have to get out of the building right now," he states. "And what if your building becomes compromised? If the list comes from another location, it's much more feasible."
The events of September 2001 focused attention on a nationwide need for strong security leadership, a need Littlejohn had seen on the horizon for some time. In 1999, Littlejohn designed the curriculum for the ISMA Leadership Program, an intensive executive development and leadership seminar for potential CSOs. The yearlong program, held at Georgetown University in Washington, DC, focuses on business skills like strategic planning in a domestic and international business environment, analysis and decision making, negotiation, persuasive communication and team building.
The ISMA program may be aimed at security executives, but it doesn't teach anything specifically about security. "The people who enroll in the ISMA program have all the necessary security skills," Littlejohn says. "But when you get up to the VP level, it's a whole different ball game.
"To be an effective security leader, you have to be able to talk the talk with the CEO, the CFO and the VP of HR," he says. "Get to the table and make your voice heard." The way to do that, Littlejohn says, is to know what you're talking about. "Or they won't take you seriously," he adds.
The recent attention on security has not only intensified the focus on it but has also highlighted the distance that Littlejohn thinks the CSO role will have to go before settling into an acceptable state of effectiveness. Ask him to elaborate and he will say that the role of the executive security officer is still in a state of flux that will require effort on the part of both companies and CSOs to resolve.
Take the issue of the job title, for instance. For most people, the CSO role is a new one, and it is still finding its place in companies that, prior to 9/11 or the Nimda virus, didn't place security high on their priority list. That's the case mostly with national companies, Littlejohn says. International companies, on the other hand, have focused on security for years, and those with the proper perspective on security have given executives the vice president title. "We are executives in the company. In Europe right now, the CSO is in charge of the guards at the front desk while the VP is directing the security operation," he says. "If you're going to talk about the title, it should be VP and CSO."
The real question for Littlejohn is whether US companies are ready to give security executives a strategic role in the organisation. Ideally, he says, the role needs to include auditing, risk management, administration and financials. In the future, the role could morph into something like a chief integrity officer.
"Right now, all these responsibilities are spread across the enterprise — integrity is under finance, audit is under operations, safety is under risk management," he says. "They could be bundled together with one person responsible for it all. That would have a stronger impact on the business." A stickler for efficiency and communication, he's adamant that IT security should be included in the CSO function's responsibilities, if not directly, then by a strong dotted line to the IT department. Many investigations overlap with IT to some extent, he says, and you need each other's support.
Underneath Littlejohn's push for more emphasis on leadership and communication lies the cold, hard reality of the world at large. You may not be able to plan for everything, he says, but if you don't try, you won't have to worry about a second chance.
"If security executives don't deliver, we'll be replaced pretty quickly," he admits. "That's just the way it is."