John Martinicky has been working in the security department of Navistar International, a manufacturer of heavy trucks and engines in Illinois, since 1982. Today, as the director of global security for Navistar, Martinicky oversees the company's entire portfolio of security operations. He spoke about how the program has evolved over the years, and why it is more important now than ever before.
You've been with Navistar for more than 30 years. What were your first years like as a security practitioner in the company? And how has security evolved in the company over time?
I entered the security department with an understanding of the company and the business. I really wasn't a security practitioner nor did I have any background in that. But during the first few weeks, what I discovered was there wasn't a good understanding of what security did. My primary responsibilities were investigative and because of my business experience, I was more effective in doing investigations. That enabled me to be effective as I worked on different cases.
Through the years, the company evolved. We went through some difficult times in the late 70's and early 80's. It really gave me an opportunity to put together a very long-term strategy and plan of what I thought global security should be. It started with initially developing some policies and a road map to what I consider totally inclusive security. We weren't just about guards and investigations and systems. We were a part of the business component as far as reducing risk. That also includes information protection, computer security, security awareness for employees, continuous training and education of our security team and security managers, developing a real program that helps the company and the security be effective in terms of compliance initiatives.
I also identified some programs where we could help our customers and our dealers. I developed the first dealer security program. We worked with our warranty group so that when customers had trucks going, we could put an alert into the warranty system. Any time a customer showed up to buy a part, we required dealers to provide VIN numbers. If that number was flagged in the system, it allowed us to take some recovery action.
In 2002, we began our metrics program. We measure everything from what the guards do, to our system performance, to our provider/partner performance, and use that to show the value of what security does.
You've been through other recessions and you mentioned difficult times in the 70s and 80s. Can you draw any parallels between then and now?
There are a lot of parallels. What we saw before was an increase in incidents with people you would never expect being involved in fraud, violence, drug abuse. There was definitely an increase during those times and security's role is to make sure we are visible to minimize those losses and are able to assist people, where possible, through some programs, such as an EAP (employee assistance program).
But I see a lot of parallels in that in desperate times, people will do desperate things. What we have been able to do this time is have a much better awareness program because of the internet, and because communications are so much better today. We have been able to get our message out and exercise policies much more easily.
Has the economy impacted your security spending?
It has impacted security just as it has every department in that there is an expectation that security has to make a contribution in tough times. We had some open positions we have put on hold in terms of filling. Some of our training initiatives, especially if it involves travel, have been put on hold. Things like that.
But in difficult times, security is needed more. This is where we see an increase in incidents across the board, in tough economic times. Our incidents started trending up about eight months ago and in still in that mode, both fro external and internal people. So from that standpoint and we are busier than ever.
I think we are kind of counter cyclical to the economy. We bring value and are involved; whether it is cars being broken into in the parking lot or internal fraud, substance abuse, leaks of confidential information. Everyone understands what their responsibilities are if we have to do an investigation. I see that continuing as the economy gets worse.
When I talk to some of my peers about what is happening in their companies and if certain facilities are being closed, I see it's really important to measure what security does. It's important to show the value and look at security from the business perspective, not just the security perspective. I think as long as security can show to the business team what their value is, security will be seen as a partner.
How have you made the case for security investment over the years? Particularly in tough times?
We've always had some systems in place, the track incidents, events, etc. With the very early version were using some Excel spreadsheets that allowed us to measure what we did to generate a company-wide report. We were very fortunate that it gave us the initial seeds to show what security was doing. Then, through some changes in staff within the group, we were able to identify someone who had the computer skills to really make this program what it is today. It evolved more than anything.
As we were going through this evolution, we were generating more information about what security does, the benefits, the reduced risk, and the reduced losses. We've been able to show trends and that have helped get executive support and the funds that are needed.
Your security program also has a large international component. Is it difficult to protect employees in today's world?
The risks have changed in a lot of these countries we do business with. Having a very robust program to support our ex-pats, our nationals, and our travelers has been important in making them feel comfortable carrying out their role and responsibilities
We originally put in our Travel Tracker program in prior to 9/11. We did what I think a lot of security departments did: We did briefings and training for folks. But often what we found is our more experienced travelers ignored it. It was difficult for us to reach out in the event of an emergency.
We had some people in New York during 9/11 and what that event taught us was that we didn't have a good tool to know where our people were at any one time. Travel Tracker became a tool to do that for emergency response. The way we sold that, because there was some reluctance, is we found even if people had personal emergencies we could identify where the person was. We know where people are to get the necessary response. And we know it instantly.
We can communicate to a group in a particular country if a political situation heats up. We can instantly contact then through their different communication devices, or if we have to reach out to the hotels they are in, or if we have to do an evacuation for a terrorist attack or some natural disaster.
What kind of awareness and programs do you provide to employees when it comes to international travel?
We customize that for each country. On our website we have short video training. So if someone needs a refresher, they can click on that. We do country risk ratings for just about every country in the world. When someone books a ticket to a high-risk area, we can reach out to them if there is something we need to address with them as far ground transportation.
Probably the best thing we have put in is something we call our 'Secure Ground Transportation Program.' In our high-risk countries, where we have people traveling on a regular basis, we either have our own team, or a contract team of people. We don't allow people to rent cars. We have someone who meets our travelers at the airport and handles our whole ground transportation and it works very well. There are some people who may be traveling to a country for the first time and this takes the burden off of them in terms of determining what is a good cab or a bad cab.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.