"Spouting catchphrases can get you into more trouble than it is worth. It's better to take the time to really understand business principles through in-depth coursework. You need that immersion so you can put all the pieces together," he says. It's fine to refer to internal rates of return in a presentation, but you better know where that number comes from and the thresholds set by your company.
The new generation of security leaders understand business as well as they understand security. Many would prefer a business person as their deputy rather than a security person--security is easier to pick up. Says Williams, "I'm proud to be someone rooted in both worlds--I simply couldn't have succeeded as CSO of a Fortune 100 company if I weren't."
4. Create a communications czar for security. As noted, Williams made some sweeping changes when he came to Caterpillar--changes that shook up the old regime. In addition to asking for help from HR, he pulled in Ashley Hunt from the corporate public affairs office to be his communicator for security. Unusual? Yes, but invaluable, as it turned out.
Hunt helped communicate the reorganization of the security team to both affected employees and the broader group. "She has helped all the employees understand the real risks they face," says Williams. "Ashley is a force multiplier for us."
Now her role is much more proactive. She publishes a monthly security bulletin on the intranet--basically a newsletter with a variety of awareness information on topics such as travel security, scams and fraud. She includes some general awareness articles, too. "We help people understand the real security risks at Caterpillar. We want to change that perception of security and [of] the role each employee plays in creating a safe and secure environment," says Hunt. She believes employees view security as having a higher value within the organization now, and they have a better understanding of the role they play in enterprise risk management.
For example, the Global Security function offers several educational resources concerning travel security. It's part of Hunt's job to help the team inform employees that this material is available. "Every traveling employee has an opportunity to participate in online security awareness training, receive security alerts while they travel and have access to 24/7 travel security advice," says Hunt.
Other teachable topics include terrorism, workplace violence, crisis preparedness, and information security.