EP 155 Turning Adversity Into Advantage: Jeff Slotnick on Health, Hope & Leadership Artwork

The Security Circle

An IFPOD production for IFPO the very first security podcast called Security Circle. IFPO is the International Foundation for Protection Officers, and is an international security membership body that supports front line security professionals with learning and development, mental Health and wellbeing initiatives.

All Episodes

The Security Circle

EP 155 Turning Adversity Into Advantage: Jeff Slotnick on Health, Hope & Leadership

December 10, 2025 • Yoyo Hamblen • Season 1 • Episode 155

Send us a text

Podcast Summary

In this standout episode of The Security Circle, security legend Jeff Slotnick returns for his second appearance, bringing extraordinary depth, wisdom, and vulnerability. Fresh from a life-changing battle with cancer — which he faced with discipline, positivity, and what he jokingly calls “giving cancer a healthy body” — Jeff reflects on resilience not as a buzzword but as a daily practice grounded in body, mind, and mindset.

He shares how Hapkido, begun during his military service in Korea, shaped his entire leadership philosophy: centered thinking, controlled energy, redirecting force, and treating setbacks as fuel for future success. Jeff dives into the beauty and resilience of Korean culture, lessons from military engineering, and the strategic mindset that distinguishes good security leaders from great ones.

From enterprise risk and convergence, to the future of AI, insider threat, board-level communication, and the shift from tactical to strategic leadership, Jeff offers a masterclass in what modern security leadership truly looks like. His message is simple but profound: be kind, be collaborative, be a futurist, and always understand that security is fundamentally a business function.

This episode is rich with wisdom, humility, humour, and hard-won insight — a must-listen for anyone serious about the future of security.

https://www.linkedin.com/in/jeffrey-a-slotnick%E2%80%8F-cpp-psp-08a54a6/

Security Circle ⭕️ is an IFPOD production for IFPO the International Foundation of Protection Officers

0:01

If you enjoy the security circle podcast, please like share and comment or even better. Leave us a fab review We can be found on all podcast platforms. Be sure to subscribe. The security circle every Thursday. We love Thursdays. Hi, I'm Yolanda And welcome to the Security Circle Podcast, produced in association with IFPO, the International Foundation for Protection Officers. This podcast is all about connection, bringing you closer to the greatest minds, boldest thinkers, trailblazers, and change makers across the security industry. Whether you are here to grow your network, spark new ideas, or simply feel more connected to the world of protection and risk, you are in the right place wherever you are listening from. Thank you for being a part of the Security Circle journey..

Yoyo: 1:17

Jeff Slotnick, welcome to the Security Circle podcast. How you doing?

Jeff: 1:22

Doing well, and thank you. This is my second appearance on the podcast. I'm so excited to join you again.

Yoyo: 1:29

Listen, I was a bit worried at some point this year that we might not ever make this happen, but you've turned things around Mosly, haven't you? You had a lot of people worried.

Jeff: 1:40

Yeah. Well, you know, cancer is like that, but, uh. You know, with, with the power of prayer, the power of positivity and great medicine through the Fred Hutch Cancer Treatment Center, uh, I have a very different prognosis today than I had. Uh, when I started treatment in April, I.

Yoyo: 1:59

I loved it earlier when you said that you gave cancer a healthy body I have to say, that's become my focus this year. You know, I've become incredibly healthy after being quite unhealthy, and I kind of figured the older I get, I have to give whatever's coming down the line for me, the healthiest body. I can possibly imagine, but you also do a martial art and you're not the only security professional playing at the top of the league. That also has a very serious commitment to martial arts. How has martial arts helped you and tied in with your security profession?

Jeff: 2:33

Oh gosh, boy, that's a deep question. I started in martial arts in 1987 when I was based in Korea, uh, with US military, and I had an opportunity to attend. Uh, martial arts training in an art called Hop Keto. Uh, and it's very much a defensive art. It's not an offensive art, it's not a sport, uh, like TaeKwonDo. You basically, uh, very similar in some concepts to Aikido, where you redirect, uh, the, uh, action of your adversary and place them in, in, in a, a position of submission. To get them to relent. So, you know, when you start off at, at the beginning, it's very basic, it's little hand moves and things like that. By the time you get to be a third don black belt, it incorporates all kinds of different things and has application in military and security and law enforcement. So the, you know, from a practical application for a security officer in the field. You know, having knowledge of how to apply restraints, how to put somebody in a defensive hold, uh, how to protect yourself on the job. There's, there's direct application from a conceptual point of view, uh, being centered in your body. And, uh. You know, hop key, key being the center of your body, right? And how we breathe and how we act and how we respond, and how we take on trauma and how we take on, uh, danger is all regulated by our thoughts, by our key, by, uh, centralizing things in that center part of our body, focusing on it and then repairing it. Advanced practitioners. Can actually slow down their heartbeat. They can, uh, change their blood pressure. They can do, we can do all kinds of things once you get that level of being in tune with your body. So having a healthy body and a healthy mind, uh, and having a body that is resilient, uh, certainly helps. In, in any business practice and taking care of ourselves and being in the present moment, and being to, you know, from a philosophical standpoint, to be able to take on adversarial issues and redirect the force right, and change it into something good.

Yoyo: 5:11

So how has hotkey, helped you from a mental and disciplined kind of process, applying the, the best mind to your work?

Jeff: 5:22

Well, what it's done is it's taught me how to, it's taught me to be in touch with my body, how to be centered, how to be balanced, you know how to breathe properly. Uh, so it gives you a sense of calmness. It also because you are confident in your skills and abilities, um, gives you confidence in, in what you do and how you act. So things that used to concern me don't concern me so much anymore. Right.

Yoyo: 5:58

In fact, I was thinking then about something Max Verstappen said, I follow Formula One quite intensively. And, he was asked a silly question by journalists, as you can imagine. And the silly question was, you know, what, what would've happened if you'd lost? And he says, you know, losing isn't an option. His mental discipline is so strong that only winning is an option. And so I guess really martial arts helps the security professional. Focus on, there's always a good solution. There's always a clear outcome. There's always a pathway. Right.

Jeff: 6:29

Right. You know, I mean, look, we can't win all the time. Right. And even in business, you can't win all the time, so you have to redirect your force. Right. And that's what you know, when you look at the definition of hop, keto hop means harmony or coordination. Key is energy or internal power. And dough is way or path. So lit roughly translates into the way of coordinated energy. So even when we fail. Uh, the redirection of force, the non-resistance PR principles, the things that allow us to reset and rebuild and move forward, you know, uh, become very important in, in your thinking because, you know, we'd like to win all the time, but reality is we fail. And anybody that you know who is successful in this industry or any other industry has failed at one time or another. And we learn through that failure, right? And you know, sometimes when you're in a match against an opponent, uh, due to size differences or knowledge differences or many other things, you can even lose, uh, a martial arts match, right? But that doesn't mean that we turn around from that and we quit martial arts, right? What we do is we learn from it, we learn from our mistake, and we seek to improve and do better the next time.

Yoyo: 8:10

You like many others in the physical security space have had a military background and I can't help but notice you mentioned Korea just now and I wonder how many people that know you, Jeff, and have never really fully understood what career meant to you in that stage of your life. And I think in the uk in the eighties, I think the UK was very, very, very focused with the Falkland Islands. And so we weren't really very focused on Korea. Tell me about Korea.

Jeff: 8:40

Korea's an amazing place. Here is a people that for generations have been, you know, they're a peninsula, so, but they've been attacked by Japan. They've been attacked by China. Uh, they have a, a series of wars. And these people have every reason to be a war-like culture. Because they've had to defend their peninsula so many times. But when I got there, what I found in, in studying the culture is that these are people that are artisans. Uh, they love to tell stories, they love to eat. Uh, uh, dining is not just., means of nourishing your body. It's a means of social activity. Uh, they sing, they dance, they engage in plays and things like that., And at the community level, you know, not, and even in the military, it's part of their military life, you know, so it's, it's a very, very respectful culture where. Uh, it's a patriarchal society, but run by mom, you know, and, uh, uh, very respectful. And, and I'll give you an example. I worked in a joint organization where we had both, uh, Korean military and US military. And I had a Korean architect that I worked with very closely. I was in army engineering and we would go out to lunch regularly and, you know, Korean food is. Very high in garlic and very spicy and can give you some godawful breath, and my Korean architect would never look at me and say, Jeff, you need to go brush your teeth. What he would do is he would come out and he'd pull out a package of mint gum and he'd look at me and say, I think you'd really like a piece of this. You know, and that is Korean culture. It's very respectful. It's very human centered. And I learned so much from the, from Korean, from Korean people. You know, I, I remember, you know, we would do field exercises and, you know, of course the field exercises were near farms or whatever. And we were encamped, near this one farmer's field, and there was this giant rock in the middle of his field. And this farmer came out every morning without fail, not with a jackhammer, not with explosives. He came out there with a large hammer and a rock chisel, and every day he would pound a little bit and break off a piece of that rock. Well, we spent 30 days there. By the time we left, that rock was gone, and it just spoke to me about the resilience of these people and the culture that he knew he needed to get rid of that rock. And he just chipped, literally chipped away of it at it. Every day for 30 days until it was gone. And that was his job. That was his role. Of course, it was winter time, so there weren't many crops to plant, but uh, it was very interesting to see that, that told me so much and taught me so much about that culture.

Yoyo: 12:06

Well, let me tell you something. You talked an awful lot about the kind of respectful nature. It was actually Korea and Korea's plane crashes. They'd reached a high level and it was due to the level of plane crashes they'd had, and the investigation that subsequently followed that led to the aviation industry commanding a global English language. Did you know that?

Jeff: 12:28

No, I was not aware of that.

Yoyo: 12:30

This is because the cockpit culture was extremely hierarchical. Now I'm gonna give you an example and we're all gonna see the comedy in this, but the culture was so respectful that if a junior pilot told, saw the Wing on fire. After takeoff, he wasn't allowed to tell the captain and challenge his authority. He would totally believe that the captain had known this and was making and executing decisions for the the right reason. And so they realized that a number of different plane crashes. Could have been prevented if junior pilots were able to speak more candidly. So they told the aviation industry said to Korea, you will now speak English. All of your pilots will be trained in English. And that way English speaking gives them the power and execution to be able to be honest and open about any risks that they see whilst flying.

Jeff: 13:26

Interesting. I know in the, uh. In the 1970s, uh, late seventies, I was stationed in Italy and because I was bilingual, I was offered a temporary assignment to the Italian Air Force that was flying planes from Pisa to McGuire Air Force Base, and they needed to teach their crew English. I spent, three months. Doing English as a second language for, for Italian nationals that were gonna be flying in and out of Maguire Air Force base.

Yoyo: 13:59

Wow. I mean, imagine this, there was so, there's so much ambiguity apparently in the Korean language that instead of saying, captain, we must must abort you know, terrain ahead. The previous culture would've enabled them to only say captain, perhaps May, may, we may want to consider going around and do you see how that ambiguity can lead to, you know, hundreds of deaths? It's just a phenomenal, absolutely. I'm fascinated by, uh, accident investigations and, uh, especially the aviation industry. But look, I have to hit you up pretty hard now. You are a heavyweight when it comes to security. Jeffrey Slotnik, well-known, well-respected, and no doubt, certainly this year, you have probably felt the impact of that amazing security community behind you all the way, speeding you along to good health. But ultimately, you know, being an industry disruptor, being good at your job means that you quite often talk about resilience being more than a buzzword, don't you? It's a serious thing.

Jeff: 15:03

It is, it's a very serious thing, especially when we start looking at things like business continuity and, uh, you know, global, global organizations. Resiliency has impacts far beyond the event, uh, that occurs that, that causes us to be resilient. I mean, there's plenty of examples out there where events in another country. Uh, have global impact on the economy, global impact on supply chain, global impact on, uh, goods and services. So, yeah, I mean, it, resiliency is huge.

Yoyo: 15:41

You've trained thousands of professionals in your career. What behavior or mindset separates a good security leader from a great one? And why does so few you get there?

Jeff: 15:54

Siloed thinking. Uh, being protective of your organization. Interestingly enough, I was having a conversation with another young security professional this morning, um, about a book called Predictable Failures, uh, by Beman and Watkins, and it's why companies fail, why failure is even allowed to achieve, uh, status and why. Shortsighted thinking creates failure within an organization for political reasons. For, uh, oh gosh. Let me see if I can find this real quick, because we were just talking about it. Um, uh. It's called predictable surprises. Uh, positive solution being be believing problems are less severe than they are. Egocentric, interpretation, self-serving, allocation of blame and credit. Uh, discounting the future, avoiding action because consequences seem distant. Uh, status quo bias, resisting change even when it's necessary, right? We see that a lot in our industry. Uh, avoidance of unpalatable choices. Preferring inaction over tough decisions and failure to act without vivid acts. Uh, evidence waiting until harm is personally experienced to act. So these tend to lend folks to. Uh, being resistant to creating silos within their organization and creating barriers to progress, uh, because of these six FA factors. So understanding what these factors are and being able to come into an organization, uh, as a security leader, as an agent of change. You know, you look at some of the most successful. Senior security executives in our industry, and they all have one thing in common, and that's, they approached the security question from a business perspective. You know, we as security professionals, we can speak security all day long, but the CEO, the CIO, the CFO, the COO, the CHRO and all those other folks in the C-suite, they don't speak security. They speak business. And, and so the ability to speak business and speak about things like resiliency and how the security function contributes to strategic risk management and strategic resiliency, is where the conversation needs to be.

Yoyo: 18:31

Now you mentioned silos, and I'm particularly interested in that because I think firsthand and secondhand talking to other young professionals, I find that silos are a big block in many organizations. It's some of the feedback that I've become very much aware of, the problem is silos exist because they're being enabled to exist. How can you tell a professional that the business needs to remove its silos and have more engaged, collaborative thinking when ultimately the business might not be as open to that?

Jeff: 19:06

Well, I think that's a great place to start the conversation with organizational resiliency. You know, resiliency. And risk isn't just one aspect of an organization. All aspects of an organization are impacted by risk. And I used to do a tabletop exercise, for security professionals, but I've also done, large tabletop exercises for disaster preparedness where. We had public private participation, but the, the scenario I gave them, uh, was based on something that actually happened. Uh, a dairy has stored 5,000 gallons of anhydrous ammonia, and I gave them three different precipitators of a leak from that tank, and each table had to. Respond based on the precipitator. So in a security based incident, uh, somebody attempted to steal anhydrous ammonia and created a spill of 5,000 gallons in a human resource, uh, style event. An employee who operated a forklift came in intoxicated to work and drove his forks into the tank. And emptied the tank on the ground. And in the third scenario, somebody, a contractor who was disgruntled, breached the security control and data acquisition system, SCADA system, and, uh, did a, uh, ransomware and spilled half of it and threatened to spill the other half if they weren't paid. And we asked each how they would respond to that. And what we found is that. In each scenario, somebody became the primary responder to that event. In the case of human resources, the human resources responded as primary, but security, and it still had a supporting role. You know, security managed, uh, the law enforcement and the fire response, uh, evacuating people and all these other things. Uh, uh, and the same in the IT response and the security response, IT and human resources had a supporting role. So what changed was the person in charge of the event or the organization in charge of the event, but the other aspects of the enterprise all had a contributing role. And I think when we look at things from a resilience, uh, aspect, getting folks to realize that everybody has a role to play in resilience. Uh, is a great place to start in breaking down silos because we're more powerful together than we are apart.

Yoyo: 22:09

So you've led me into this question. Now it's your own fault, Jeff.

Jeff: 22:13

Okay.

Yoyo: 22:15

If you had to pick one, are we suffering more from cyber weaknesses that impact the physical world or physical weaknesses that could compromise cyber based on what you've just said?

Jeff: 22:28

I think, let me understand your question. Humans are always the weakest point in the chain. Alright? Um, you look at some of the recent events that have occurred. You look at NIST Standards, national Institute, NIST standards. You look at ISO 27,000 and the human factor plays a big part in that. We can be socially engineered. We can be sent phishing emails. We can click on bad links. We don't, uh, protect passwords. We don't, change our passwords frequently. You know, we write our password and tape it to the underside of our keyboard. We have, data centers that may not be fully protected against human intrusion, you know, so the human condition and human threat. And sometimes it's not even intentional, is generally the weakest link, in my opinion. Yes, there are professional hackers out there. There are folks that, look to penetrate systems and do, I mean, I'll give you an example. I have a commercial physical security camera system at my home. And I get three to 400 port scans per camera each month. But on the other hand, we have, you know, an antivirus software and we have all these other things that prevent those from getting the information they want. But it still tells me that they're attempted. I do think that the human condition plays a significant part in cyber weakness.

Yoyo: 24:12

Yep, 100%. Somebody is about to get promoted into the board and we ultimately, as security professionals, need to make sure that the board fully understand the risks to business from the, security perspective, from the security professionals' perspective. And we don't often have strong security representation in boards. What would be your guidance to anybody wanting to go that far in their journey, but needing to do it with security hearts and minds in the process?

Jeff: 24:42

Well, I think where we lead from is from strategic risk and not security risk. Security risk is strategic risk. You know, at the end of the day, the role of the security function within an enterprise is to prevent strategic risk from occurring.

Yoyo: 24:59

Mm.

Jeff: 25:00

So I don't know, and I can't speak to, to, Britain, but let me speak a little bit about the United States. We have what's called the Securities and Exchange Commission. Yep. Which is responsible for all publicly traded companies in the United States and publicly traded companies. Have to report to the SEC, information for potential investors. Uh, one is called a Form 10 q, and one is called a Form 10 K, and part of the 10 q. Or the 10 K rather, is identifying strategic risk factors that can in, uh, that can, uh, impact the success of the company so that a, you know, a potential investor can read these risks and say, well, maybe this is too risky for me to invest in. Or, Hey, they've got a great plan and this is what I'm gonna do to invest in it. Um, I work with a major global corporation and I think the company had identified about. 19 strategic risks in their form 10 K. And I went back to the leadership in that organization and I said, of these risks, how many do you directly impact? And we identified 12 that they identi, that they, they directly impacted. It, and you know everything from brand reputation to the physical security of the cyber systems to data centers. I mean, all these different things. And so I said from now on, all of your conversations with senior leadership have to relate back to one of these strategic risks because that's what you're doing. You're supporting the. Risk mitigation of these strategic risks that allow the corporation to continue. Its, its the, to allow the enterprise to continue its mission, and this is the whole concept of enterprise security. Risk management is. Elevating that conversation to the strategic risk of the organization. And the first step is to identify and prioritize assets. And the second is to identify and prioritize risks. So when you can turn that conversation, because it's not about guards, gates and guns, it's about how we as an organization are contributing to the prevention of strategic risk.

Yoyo: 27:34

But look,, you've, again opened yourself up to another question here, Jeff. Um, that's

Jeff: 27:39

usually the case.

Yoyo: 27:40

Convergence is not a word. That's a new word really in the security industry. I know it's become more popular, the word convergence, but we are looking at the intersection. Intersectionality of the cyber and physical security existing in the same space. I have to say, you told me earlier how old you are, the amount of decades you've been in this game. Now it surprises me, but I'm rather proud as the way that you've also kept you foot in the cyber space, because convergence isn't just about the internet of things, is it? Why should more physical security professionals who are not yet in this cyberspace, why should they move into the cyberspace?

Jeff: 28:29

Well, I can give you several good reasons. One, every physical security device runs on an IT backbone. That's the primary reason right there. I mean, you're connecting to the internet. You're,, every physical security device at some point in time connects to the internet. The second is the advantages that are coming in the fifth industrial revolution that we're in now, with, artificial intelligence and machine learning. And even beyond that, we're just cracking the. Tip on the tip of the iceberg on, uh, AI and machine learning within the security industry. But the rest of the world, with precious few exceptions, has moved on to connected data and, agentic ai, which is very different from where our industry is at now, you know? So yes, you need to have a. Good knowledge of the cyber side of things. What I tell people all the time, because we do a lot of risk assessments in our company, and part of the services we provide in risk assessment is looking at the physical security of logical systems. You cannot have, you know, you've got data closets, data rooms, data centers that all need to be protected. Right. So how are they protected? You know, I went to one organization and the, security professional, the cybersecurity professional, was walking with us and was very proud to show me his data room because, you know, he had this beautiful security door, had an access control card reader on, on the outside of the door, and a beautiful lock and, and plate guard over the lock. And walked me in the room and there were cameras in the room and it was all beautiful really. And then we looked at the room and the walls were made of drywall that you could literally punch through and reach to the doorknob on the other side and, and open up the door, right? Defeating all those other systems. Um, another one I went to, uh, had all the beautiful security on their data center the way it should be. But coming out of the data center, it was in a basement and there was this hatch to the, the crawlspace. And coming out of the data center and into the crawlspace was this bundle of cables, right? That was, you know, 15 inches in diameter of every data cable in the organization. So you didn't even need to get into the room. You could just access one of those cables and, and you're in. So. Those are physical security issues. Those are not, uh, cybersecurity issues, but having an understanding of cyber systems and what physical security needs to be there to protect logical systems, uh, is very important. So there's three good reasons why a security professional needs to be cognitive of cybersecurity.

Yoyo: 31:46

And do you know what? We have a lot of ASIS members listening, and I can say that the word convergence has been around for the last two decades. In fact, in my research said, in the mid two thousands, institutional recognition of convergence began to formalize. In 2005, the term became more formally promoted when A SIS International and isaka amongst others helped launch the Alliance for Enterprise Security risk management. And convergence was one of the core parts of their mission. It's nice to see that in history. You've been involved with A-S-I-S-A long time, haven't you?

Jeff: 32:23

Yes, I have. Uh, 26 years. 27, almost 27.

Yoyo: 32:28

So you started young then?

Jeff: 32:31

I was in my, late thirties, early forties.

Yoyo: 32:37

How has being an ASIS member kind of changed your perspective and your career and

Jeff: 32:44

Oh, gosh. A SIS is my career. Let's be honest, there's two pathways into this industry. There's the corporate side and there's the consultant side, and I chose the consultant side right. Volunteer leadership has given me the opportunity to meet with other professionals, to create lifelong friendships, to, uh, meet people that I wouldn't otherwise meet, uh, that have been mentors to me, that have coached me, that have given me guidance, that have provided me opportunities, both for knowledge and for business. Because when you volunteer to do something right, and you do well in your volunteer role, other people see that and they say, well, if he's doing this well here, what's he doing in his business? Right? And, and so it, it tends to lend itself towards deeper conversations. And a lot of projects that I've received over the years, excuse me, have been a direct result of my volunteer leadership role in a SIS.

Yoyo: 33:54

You said in the very beginning of the conversation that you were in the Army Engineering Corps. How has that prepared you for what you're doing now?

Jeff: 34:02

Well, it's, uh, that's an interesting question, and it's actually three things. Um, it's my formal education, which is in business management, my engineering background, which, uh. Covered project management, quality control, you know, all the things that go along with, with engineering, um, as well as organizational skills, uh, and the ability early on. Uh, the military sent me to a course called Total Quality Management, which was something in the seventies and early eighties that was important in leadership, uh, was, uh, championed by the Air Force, the, and the rest of DOD picked it up, which is all about Edwards Deming and Total Quality Management, w Edwards Deming and Total Quality Management and his principles, which today. We call Six Sigma Black Belt and another name, but it's, it's all essentially the same, the same thought process. So late in my career, I got tasked with improving physical security of nuclear devices. I know that sounds kind of. Ominous, but they sent me to this place called Sandia National Laboratories to learn all about the system that was being installed by contractors. And because I had the right clearances and was engaged in engineering, they made me the contracting officers representative, uh, for this project. Uh, because it had to be a US National and it was US companies that were doing the work. So not only did I learn at Sandia about this system, but they taught me all about physical security. So it gave me a very new perspective on physical security to the extent, uh, when, when terrorism first popped its head in, in Europe in the 1980s, uh, with the attack on General Rozen and the kidnapping of, um, of, uh, general Dozer, uh, in Italy. I was there at the time. Uh. We started looking at things like, what are we doing differently, and which we started talking about landscaping and lighting and you know, a holistic response as opposed to more guards and guns in the gates. Right, because that was the military's answer, stricter entry controls. But it didn't account for the insider threat at that time, you know? So when I got out of the military and was looking at what to do and I started looking at the security industry, I actually started as a security guard, believe it or not. Uh, and uh, I started my business as a security guard. Uh, contracting out to about four different companies and raising the funds for where I wanted to go. I remember doing my first risk assessment and, uh, uh, a friend of mine, very close friend, uh, kind of walked me through my very first one, held my hand, showed me what to look for and whatnot. But as I got to know more about this industry, when I got involved in 1999. I kept asking myself the same question, why do we do things the way we do? Because back then, talking about siloed, if I tried to hold a business conversation with a senior security executive, back then it was like, I'm security. What do I need that for? Right? And it wasn't until 2009 when A SIS International published the first organizational resilience standard. That I could start having a conversation with professionals about the language of business and how business, uh, impacts their, uh, their function. Right. So, and, and I've gotten many proofs of that, you know, through, through my career. I moved one company off of, and, well, several companies actually, off of being a line item budget right. To doing a chargeback for their services. And, you know, fix their revenue problem, uh, to support their program. But it's, it's, it's been a very interesting journey, uh, as technology has evolved. As you know, we move from organizational resilience, which by the way, we're getting ready to rewrite that standard. Uh, and moving more towards ESRM. With ESRM being a global strategy, uh, for, uh, enterprise security, risk management for, uh, uh, a SIS, uh, things are making more sense to business professionals and that's why when we started this conversation, you know, uh, you asked me a question and I said, the most successful senior executives in the industry have business acumen and are able to communicate at that level.

Yoyo: 39:06

Should we be a bit controversial, Jeff?

Jeff: 39:10

Well, one person's controversy is another person's learning experience, so let's find out.

Yoyo: 39:15

Absolutely. So what's the one? Let's look at the future vision now. Okay. What's one emerging threat that you believe the industry is massively underestimating right now?

Jeff: 39:29

I don't know so much that they're underestimating it, but. I think when we have, we need to start looking at, you know, and we have been looking at insider threat. Insider threat has been a significant, impact, through, through the past several years. Everything from corporate espionage, which is coming back to, to, you know, brand reputation and, uh, you know, insider, you know, secrets, you know, uh. Institutional institutional knowledge, are all impacted by that. And then you look at that combined with the globalization of threats, and the public private partnerships that need to occur in order for us to be successful in dealing with global threat. You know, uh, it's not, as we talked at the beginning, there's. When it comes to resilience and global threats, global threats can have impact far beyond the area where they occur and can impact globally.

Yoyo: 40:39

It's, quite possible that many people have said to me in my security career that I am a harbinger of doom. Sometimes being in the security and risk space and saying it as it is or saying it as it needs to be heard. Is difficult and it is controversial. Can you think of a conversation that you've had to have that would be considered a controversial opinion that you hold that maybe people weren't ready to hear at the time, and how did you convince them to listen?

Jeff: 41:11

Well, I think it's very difficult for people to be controversial when they're confronted with fact facts and figures. You know, um, I use a lot of graphics in my work and sometimes all I am is a facilitator guiding people to answer their own questions. And I think taking on that role of a strategic facilitator, uh, and enabling folks to have that aha moment, right, that leads them to decision. Uh, as opposed to trying to make the decision for them. You know, we talk in our industry about consequence, but we don't often talk about the impact of consequence. And it's not leading with fear. It's leading with, well, this is what can potentially happen if we ignore this. Right? And there's impacts to equipment. There's impacts to people, there's impacts to finances, there's impact to reputation. You know, those are all key factors. And when we can put the conversation around that, uh, as opposed to, you know, oh my Lord, the sky is falling, you know, and if we don't do something right now, we're gonna, you know, this is what's gonna happen. Um. Uh, being more of a facilitator and being knowledgeable of your industry. And that goes back to knowing your business, knowing your corporate function. What is it that you do? You know, what does your company provide? What services does it do? Who are their clients? Who are their customers? How is the industry perceived? I mean, so much of these business factors that, uh, impact what it is that we do, you know, and having that knowledge, um. I developed a scorecard that I use in my mentoring, uh, that asks these questions of second to third tier, uh, security professionals in an organization. And we start with, I possess executive leadership skills. Right, and we talk about, I can communicate well, I can ideate, uh, I can be in charge of planning and execution of a project. I'm well organized. I have business acumen and we define it. Individuals as business acumen, have an understanding of the various parts of a business and how they're interconnected, giving them the ability to make smart decisions in any situation. Um, I recognize my company's strengths and weaknesses. I'm competent in relationship management. I possess international business experience. I have, uh, good team building skill skills. I'm a skilled negotiator. I have good decision making skills as measured by my ability to problem solve, collaborate, display, emotional intelligence and reason logically. Um, and that's just one. Then we have, I'm knowledgeable of business factors. Uh, business awareness. Uh, internet of Things and information protection and the business of security, right? Uh, I'm, I'm knowledgeable of general business practices and their relationship to global security. I can conduct a risk assessment and risk analysis. I can create a business impact analysis and produce a business continuity plan. I can perform root cause analysis. I'm familiar with security industry standards. I understand the importance of intellectual protection. Property protection and, and on and on. But, this is a scorecard that we use for, uh, aspiring senior security executives to help them to get to the next level. And then we have them rate themselves in each area and identify any barriers to progress or, opportunities for improvement. So, yes, business acumen plays a significant part in being a. Successful security professional.

Yoyo: 45:23

Jeff, do you have time for one last question?

Jeff: 45:27

Of course.

Yoyo: 45:29

After decades shaping this profession, Jeff, what's the one lesson that you wish someone had told you from the start?

Jeff: 45:40

Gosh, I think it's a compilation of everything that we've talked about today, but I would say. Be kind and be collaborative, you know, we get too wrapped up in the heat of the moment and a lot of security professionals, you know, we do a lot of planning and we start with, you know, we go back to Six Sigma or Deming principles. Are you a level one or are you a level five? You know, and are you a strategic leader or a tactical leader? You know, most, many security professionals that I run into are very comfortable with tactical leadership. Right? Uh, when I told you about that exercise earlier, the first thing the security professional did is. Want to get their vest on, get outside and get their hands on, and I'm like, no, that's not where you need to be. You need to be dealing with law enforcement. You need to be dealing with the media. You need to be dealing with a fire department, and you can't do that when you are elbows deep in the event. Right. You need to be more strategic. And I think somebody identifying that for me earlier, the difference between tactical leadership and strategic leadership and now. Are you a strategist or a futurist? Because now with, with the fifth industrial revolution, you need to be more of a futurist. You need to be thinking about not what's going on today, but what's happening in five to six years so that you can start moving in that direction, right? So, um, those are just a few of the things that I think that I wish somebody would've shared with me. But I think being kind and being collaborative, um, and being a good listener as well as a good speaker. Are, uh, critical to being successful in our industry?

Yoyo: 47:35

Well, there's the secret to why you are loved so much. Uh, I can only say, Jeff, that the security circle wishes you all the very best for your ongoing continued good health. And thank you so much for joining us for this chat today.

Jeff: 47:48

My pleasure. And I didn't even have to jump over a barrier to get in here.

Yoyo: 47:52

Now you have to explain where that comes from. No, I'll leave

Jeff: 47:56

that to you.

Yoyo: 47:59

We were talking about a corridor, weren't we? Where there was a barrier on one half of the corridor? Is that the one? No. Yes, no. Yes, yes. And then how you sneak you, you snuck up on me in the past, haven't you? By jumping over the barrier, that's where that conversation comes from. That's

Jeff: 48:16

correct.

Yoyo: 48:17

Aha. Jeff, thank you so much for joining us.

Jeff: 48:21

My pleasure, yoyo. Have a great day and happy holidays to you and others.

Yoyo: 48:26

Awesome.