Episode 17

Risk Management and Breaking Down Silos | Andrew Peden

Instead of a single super-security specialist, is the EP firm the home of convergence because as a business any service can be bundled or offered through a partnership?

In this edition of the Circuit Magazine podcast, Shaun and Phelim speak with Andrew Peden, the founder and CEO of L5L Solutions, about the importance of breaking down silos within the risk management industry.

We delve into the idea of a 'unified protector', and ask whether professionals in the risk protection sphere should operate on a less hierarchical, more peer-level basis to work more efficiently.

Andrew underlines the significance of maintaining effective communication channels along hierarchical lines and the need to develop a strategy for achieving professional goals.

Other topics covered include:

  • The Concept of Super Service in Security and what is the Future of Risk Management
  • The Importance of Continuous Learning and Adaptability and the role of the Unified Protector
  • Where does the wider EP ecosystem end?
  • Do silos really exist, if so, what is preventing a manned guard from calling the CFO?
  • What partners does EP 'actionable' intelligence need today and will it need in five years?
  • What role could cross-functional teams have in developing the 'unified protector'?
  • What does all this mean for the specialist?

About Andrew:

LinkedIn

More about the Circuit:

The Circuit Magazine is written and produced by volunteers, most of who are operationally active, working full-time in the security industry. The magazine is a product of their combined passion and desire to give something back to the industry. By subscribing to the magazine you are helping to keep it going into the future. Find out more >

If you liked this podcast, we have an accompanying weekly newsletter called 'On the Circuit' where we take a deeper dive into the wider industry. Opt in here >

The Circuit team is:

  • Shaun West
  • Jon Moss
  • Elijah Shaw
  • Phelim Rowe

Connect with Us: 

Circuit Magazine

BBA Connect

NABA Protector

British Bodyguard Association

Transcript

Andrew-Peden-Circuit-Podcast-converted

===

[:

[:

[:

[:

[:

But we're not talking, are we, about the eradication of EP. We're talking about something different.

[:

So we interested to hear his thoughts on that, what the benefits of it are and what he sees as the downfalls of public, the traditional way of having, your, team leaders and your, different departments running as they do.

[:

One, everything is flat, and everyone is a peer, but two, there is a unified type of leader, which kind of speaks to not being flat. I don't know, I think we're going to have to work this out, because sometimes people say break down silos, but, does that mean don't value the specialism? I

[:

[:

[:

And why can't they speak to each other and you're the strategic person at the top that moves them chess pieces and has the final decision when something comes because at the end of the day there has to be someone who can take that final decision when required when speaking to management or the client, you have to have a leader who's going to take responsibility while these teams operate.

Or Tim, as he's

[:

so I think this will absolutely, be useful. It also pushes... the debate forward a bit. I think sometimes when we talk about this topic, we, say, Oh, convergence and this skill and that skill. And there's a pressure. Oh, EP, you need to learn how to code. You need to learn all about, every field, but no, I think this is a lot more.

Niche, a lot more appreciative of the EP craft whilst not, doing something we've been doing for a long time. so let's get into it with Andrew Peden and we're going to be looking at breaking down silos and unified risk management.

[:

[:

[:

[:

[:

[:

You're previously involved in with a lot of community topics. What are we going to be talking about here? Because usually with our three quickfire questions, I say, what is the problem we're trying to solve? But maybe if I broaden it this time to say, what is the topic we're going to address by breaking down silos and holistic risk management?

[:

not only the strategic mindset, the operational mindset, and the tactical frontlines mindset, because that ripple effect literally changes the world.

[:

[:

what, what wakes me up in the morning is, the ability to, I'm very blessed to have worked with and been around some phenomenal leaders and great mentors, and if I can help elevate the industry and maybe serve the community. help somebody else who's either, alongside me, behind me, in front of me, to help them get where they need to be and help reduce risk, why wouldn't you, in my opinion, right?

Absolutely.

[:

I am EP. What should they better understand about breaking down silos?

[:

There's a lot involved. we have to protect the physical asset, the principle, right? But, It's also, I would say, physical technology, people, process, there's other terms people can use, you can put supply chain in there, you can put infrastructure in there, but we have to have a kind of a holistic approach to risk management as an EP professional.

I think EP professionals, the ones that I've come across who are experts in this field, are very broad based. They're not siloed. they're have the ability to collaborate with others, inside and outside of their space, and that's what makes, a subject matter expert or professional, in the EP space or protection professional as far as I'm concerned.

[:

is that what it boils down to? Because if it's a corporation. then fine, I can see how you could attempt to restructure it. But, a lot of protectors, they're private industry, aren't they? They're third parties. How does this sort of apply to them?

[:

Whether you're in law enforcement, whether you're in emergency services, whether you're a paramedic, an EMT, or whether you're, an executive protector protecting the president or the king or queen, right? you're not just a one tool individual. first of all, your mind is the most important tool that you have on you, right?

and it's that mindset. I need to be able to be adaptable, flexible. if I come across, yeah, I just actually, you mentioned Bruce. I actually just sat down with Bruce McAdoo yesterday in New York City. I had a cup of coffee with him. When I went down there, I went to go park in a garage I'd already paid for.

The road was closed. So I had to go around the block and go backwards and the wrong way down the road to get to the garage that I paid for, right? So you need to be able to adapt. on any detail I've ever been on, some of the most important tools that I came across or that I needed was duct tape. that's, literally.

but really it's your mind, right? So there's a lot of people you're going to be dealing with in executive protection detail. there's PAs, there's assistants, there's marketing, there's different, teams, financial, whatever, HR, legal, operations, finance, auditing, many different units or divisions within an organization, they all work together.

No one goes to work in any organization, any agency, and just says, they stay in their own little cubicle and never leave. In healthcare, I have a healthcare background, every team is cross functional. Yeah, you go in a trauma setting, there's multiple cross functional individuals there. It's a trauma surgeon, it's the ER doctor, it's a nurse, it's an anesthesiologist.

There's multiple cross functional units within that team to achieve a more positive outcome for that patient. I always look at my clients as patients. my job is to educate them on, by providing actionable intelligence, to help them make more accurate, informed decisions that's obviously going to reduce risk and increase reliability, maintain a competitive advantage, agility, and viability.

But, sometimes they don't always take our advice, but my job is as a physician going in and say, look, here's my assessment. Here's my diagnosis. This is the plan that I advise to put in place. Here's how we're going to implement it. Then we're going to continuously evaluate it. They choose whether or not to.

implement that plan, or choose to transfer some of that risk off in another direction. But you need to be able to adapt and be a continuous learner moving forward, whether you're a new EP agent, or whether you're an experienced EP agent, or whether you're just a risk manager or protective and personal, protective

[:

And so this, sounds very strategic. Which, it, I get it in that I can see how the communication being open, or maybe cross functional teams, maybe, in, in, the armed forces, you got J4, J6, instead of just A and N and all of that, right? I can see how being joined up is really, beneficial, but, surely, does it send a message that being a specialist is almost not desirable, because if you're a specialist, then you're definitely not a generalist.

[:

of course, you may have a specialist, or a specialty that you're a specialist at, but your mindset and your ability to work with others is how you get things done.

[:

[:

[:

is it, I could pick up the phone to the head of cyber and go, Hey, did you know you left your door unlocked? What, more silo do you, is really there to break down?

[:

Whether you're doing CP or whether you're doing advanced, there's always going to be a PA for that, that, principle you're dealing with. Are you talking to the PA, or are you going to, maybe build a relationship with that PA? How about the people you deal with at the hotel, or people that you deal with at a conference, or any location you're going to?

You need to be able to speak to those people, right? If you're not talking outside of your team, there's a huge issue there with information sharing, and obviously it's going to affect the outcomes for your detail. Now let's think about it more strategically. in cyber security, there are definitely silos.

In physical security, there's definitely silos. In risk management, there's definitely silos. just think about the cyber side. There is, some people are doing SIMs, some people are doing identity access, some people are doing emails, some are doing Endpoint. now the big, bless you, now the big, Strategic goal or vision or keywords are single pane of glass, right?

We're going to aggregate all these disparate solutions into one single pane of glass, bring everything together. Great. Let's do it. same thing with physical. Let's aggregate all these disparate solutions, bring them all under one umbrella and work together. In order to achieve the best positive outcomes for all, whether that's for crisis management, for an organization that's a multinational corporation, could be a beverage manufacturer, could be a, a, an airline, company, could be a healthcare organization, whatever critical infrastructure sector you're in, we need to be able to collaborate with different units Cross functions in order to achieve, the strategic goals of that organization.

I always say, streamline organizational strategy to mitigate risk begins with a proactive mindset. holistically, across the enterprise, 360 degrees wide. It shouldn't be a standalone silo or division.

[:

Is that what we're calling for? head of EP is a peer of the head of, SOC.

[:

But, I've read a lot of books and I've met a lot of people, right? And Special Operations is that flat, horizontal leadership, right? And when you start to get more higher in any organization, in executive leadership, it's that flat or horizontal leadership across the organization, right?

That's how that information is shared. of course, there's hierarchies, but you need to be able, again, to have that horizontal leadership or that flat leadership where It doesn't matter that the CEO is a CEO and you're the, maybe the director of nursing or the director of EP is talking to the head of SOC.

You still need to be able to have a conversation so that way you can share information so that maybe what I'm holding, you may not know of, it may be real time information that I have that can help you achieve your strategic goals.

[:

I would feel threatened if, if a new EP, person, phones up the actuarial scientist working on whatever, right? Is that realistic?

[:

So there's channels for that communication to occur. It doesn't mean that the staff nurse is talking to the director of nursing in an organization. It doesn't mean that the, brand new EP agent is talking to the head of GSOC or the, director of EP for a multinational corporation, but there's a channel that line of communication is open.

Okay,

[:

you work, you start as a GP and then you work your way to an oncologist or, generalist to specialist, but Bruce, yeah. indicated that maybe we need a common framework and then people specialize after.

[:

There's a framework that can be built upon and there's a process that can be followed so that people actually have an end goal. They know what they're trying to achieve. I think a lot of this industry is some of the challenges that this industry faces is there's really not that roadmap or that end goal that people can see, that they can follow.

cybersecurity has the same or similar challenges as well. so let's take a profession for nursing or a doctor that you talk about. They're great, we keep going back to healthcare because it's a simple, easy example to follow, right? So yes, there's a roadmap, there's a process to follow, right?

My background, I have corporate healthcare risk management leadership experience. I left corporate America, actually went to medical school. I did two years of prereqs in less than a year and a half. I worked with a cardiothoracic surgeon performing open heart surgeries for a year and then I went away to St.

George's University Medical School in Grenada. Too much to be away from the wife and kids, came home, met some people, worked for the government, got me into risk management over a decade ago, right? Start on the physical side. Then transitioned to boardrooms with That's Where I Belong, changed that strategic mindset, goes to operational middle management, goes to tactical frontlines, that ripple effect change of the world.

Couple of years ago, I transitioned to digital, met people from the highest levels of the public sector, now in the private sector, became strategic partners with them, and then built out a complete suite of advanced cybersecurity solutions. Why do I mention that? I didn't have a roadmap to follow, but it was a lot of collaboration, a lot of education, a lot of continuous learning, a lot of research on my part.

Two things I do really well that I'm an expert at are conducting research and building strategic partnerships. so after a lot of trial and error, I'm a scientist at heart. A lot of trial and error brought me down that path, but I think a lot of challenges in this industry or that it faces is that there's really not that road map for people to follow.

Whether they're coming from a military background or a law enforcement background, they're coming from a very structured background, they have a process or they have a road map to follow. They know if they go to this training or that school, they're going to go up in rank. They're going to achieve X or Y or Z.

Law enforcement, same thing, right? But coming from a private sector background, There really is not that road map unless you talk about academia, right? So college or master's degree or a PhD or doctor. so there's that road map. But in this industry, there really isn't that road map. Sure, there's certifications, multiple associations.

I'm not going to go there. but, training is excellent and education is excellent. OJT is excellent also, you need to get, you need to get an opportunity to get OJT, which is not always, easy, right? especially coming from outside the industry, unless you know somebody to get you in.

that's, reality, or that's the reality that I face, anyway. And I was lucky enough to be brought in, and had some great opportunities. but I think a lot of challenges faced here are that there's no real road map to follow. my advice would be to, get as much OJT as you can.

Obviously go to get education and training, but just think about education and training. Everything you hear about in the EP industry is, hey, get medical training, get driver training, get this. It's cross functional training. It's not just one tool. There's a lot of tools in your toolbox to make you a more, protective professional.

we're already talking about, cross functional and cross collaboration. That is breaking down those silos and making, bringing more value as an individual protector to, yourself, your team, and your organization.

[:

Which, if I'm honest, I've never heard broken down into that acronym, but no, I'm going to use it all the time.

[:

[:

But they, they get coached. They sit down, and it's a laborious process, but they get on the job. So I can see that. Now, I take your point, EP colleagues do lots of cross functional training. TCCC or whatever type of medical training they go off and they do it because they've got a realistic chance of using it at some stage, some time.

Now I know you've had a great journey into the cyber world, but I guess maybe you can see where I'm going. What kind of cyber... work, are they going to have OJT, experience of if they're in AP? Will they take the principal's phone off them and do something to it? Will they play with their laptop in a hotel room?

what is

[:

I was taken hostage, tased, put through a gas chamber, pepper sprayed and won. Did I ever use any of that? On the job? Any detail I worked on? No. What I used a lot was my mind, right? I keep hearing soft skills for years, soft skills. So to me, I just, it makes complete sense to me of, these, you keep talking about, we're talking about breaking down silos across functions.

soft skills is how you get things done. Being able to speak to people, being able to collaborate with others, Hey, what do you need? Hey, Phelim, nice to meet you. I'm Andrew. Hey, this is what we're trying to achieve. What are you here for? Oh, this is how I can help you. Let's help each other. so I just think that moving forward, I think that the mindset.

Of the individual is just that cross collaborative mindset and being able to be adaptable and flexible, moving forward. But you asked about cyber, and my journey into it. My journey was, again, on the physical side, uh, I think I shared with you before we started. I got around some details and saw the people that not only Principal had around them, but the teams and the organizations and said, Hey, I'm a pretty smart guy.

I've done this in corporate America. I can do it just as well, if not better. I started my own business. then I started, I was blessed to get some opportunities to provide projects, or manage some projects. And then I transitioned to boardrooms, I said this before, and then I transitioned to digital a couple years back because to me it was just a natural progression.

billion devices connected, by:

but I was like an athlete, right? hanging out with them, playing Dungeons and Dragons, but, I never got into the techie side, but I know enough about computers where I can have a conversation to executive leaders about what strategic matters strategies they need to implement in order to ensure, again, competitive advantage, viability, and agility within their organization moving forward.

And then I have a large network of experts that I can leverage when needed to bring in, to, fill that scope. So you don't have to become You know, a trauma surgeon, you don't have to become a, the best shooter on the range, you don't have to become the best driver in the world, you don't have to become the best medic on a detail, and you don't have to become a developer either, but you have to have some sort of baseline knowledge of what you can do that will It doesn't matter.

It's not about you solving all the problems, but maybe not creating more problems, right? not knowing, not what to, or knowing what not to do is almost as important as knowing what to do.

[:

[:

Because I know what's going to happen. I know what the rebuttal is going to be, because I've heard it and the rebuttal is going to be, see that's impossible because it's just calling somebody else. let's think then let's take this, for example, all those people will say that they own their own businesses, right?

They're CEOs of their own business, right? They're founders, presidents, CEOs. Do they know everything about the business? Do they do their taxes? Do they know finance? Do they do marketing? Do they do digital, social media? They have somebody else that they call and help them. again, it's a mindset. Let's step back for a second and think about it.

You don't have to know everything. But if we put that perspective, or if we put that, that, if you're going to rebut what I just said and what other people say and say, see, it's not possible, you can't do that, then you have to look at the CEO that you're protecting and say, Why is he a CEO? He doesn't know everything about his business, what is he doing?

you don't have to know everything to be a CEO, or you don't have to know everything to be the EP guy, or you don't have to know everything to be that, the unified protector that you mentioned before. You just have to know how to get things done. And, who can get it done if you can't?

who who do you call?

[:

And conversely, there are some cyber MSSPs that are starting to offer, more man guarding electronic things to get access to whatever is more profitable. So are we talking about a super service? And if so, where does

[:

I saw that in the last couple years in the cyber where, and I dealt with this years ago in corporate America where everybody, wants to be a one source, one stop shop. Hey, I have, multiple solutions for you. Come to me and I can help you. And, that's, it's not a novel idea.

It's been going on for years, in business. and healthcare happens, and finance, and any industry you pick. We keep going back to healthcare, but I use it because it's a good example. and I actually think that's a good thing, that you can have that one stop shop. You can have the, both the physical and the cyber solutions.

but then you also have those smaller teams or those smaller units or divisions that are experts in those specific, fields, but work together to achieve more positive outcomes for the client, for the whole. so I actually think it's better. I think inside what I've experienced in the cyber, what I see.

or observe in cyber is there's a lot of, um, intentional, uh, there's a lot of confusion intentionally done to confuse the end user so that people will buy products, right? and I would rather see, and I'm seeing it, where there's more of that one stop shop coming together and offer multiple solutions.

It's already happening. Okay,

[:

[:

We're talking about, every room I've been in, there's, head of legal, there's, head of HR, there's head of auditing, risk management, whatever. Risk managers are usually insurance guys or girls, whatever. we're talking about risk management, right? And I stopped saying security years ago.

and again, and I'll go back to it's how people perceive it, and I'll reiterate what Bruce said. It's how people perceive that, right? and there's nothing wrong with that. I think it needs to be elevated. The industry needs to be elevated. The people deserve credit who are doing it. They're great people who are providing it, right?

But it's the mind of the receiver, the mind of the person, the individual who are looking at it or hearing it. it's that connotation, so I think the elevation of the industry can start with words. and education empowerment and, all of that, but a lot of that will occur through cross collaboration, within communities, functions, units, and breaking down those silos.

We have to come together as a, an industry in order to elevate it. If we don't come together as an industry, it's not gonna be elevated. It's really that simple. And has this,

[:

So it's a podcast of, collaboration has, this topic come up on other

[:

the organization so that everybody is working together to achieve more positive outcomes for the whole. And as far as reception, it's, very positively recepted by everybody involved and, people who have attended or participated. I think people are craving it. I think people crave it. I think people, there's people that, I'm not going to put it on the people themselves, because yeah, people got to work, right?

They got to feed their families. but I think people crave it. I think the, it's, almost like pushing a boulder up a hill, right? And there's that old, what is that, old, Greek, philosophy, about pushing the boulder up the hill? I can't remember the guy's name, who did it, but he eventually, stopped pushing the boulder up the hill, right?

it's almost like... It's, really a lot of change management and changing an entire industry, and just that mindset, that mental paradigm shift, it's not easy to do, not easy to do. Okay,

[:

but yes, but for me, this sounds like something that protectors that get higher up in their career, you This will be more relevant. The higher up they go, the more strategic they need to be. The people who have set up their own businesses suddenly need to think, Ooh, I'm offering TSCM. Ooh, now I'm offering cyber TSCM.

Ah, now I'm offering this, and this. I feel that there's still a place for the specialist, as you said, but as people progress, as people look to see, Oh, I'm a consultant now. I'm not just an operator. Suddenly, this Unified Protector, this breaking down of silos becomes, important. I do wonder about the Protector who's starting out, whether this is completely for them, beyond you should appreciate that there's loss prevention, there's gambling security, there's, people from, Special Forces, there's, and, they don't talk.

They, these people, they don't talk, even within the communities. I wonder, what about the, new professional?

[:

Where do you want to be? focus on your end goal, where you want to end up, and then, make a road map for yourself, and, plan it out, and just get it done, do it. and no one else is going to do it for you. in this industry, you need to be proactive. and the sky is, there is no limit actually.

You can do and become whatever you want to do or become. look at me, it really is, we talk about it, it's not easy, it takes a lot of work and it takes a lot of years and you need a support system behind you. I wouldn't be anywhere where I am now if it wasn't for my wife and my family. It's really that simple.

So you do need a support system in place. definitely network and build a support system, and again, put that strategic, operational, and tactical mindset into your network. So you have strategic, contacts. Think about it as associations, right? or, organizations. Operational could be, they're the people that you work with, colleagues, right?

And then tactical can be those personal contacts, whether it's mentors, friends, family. So think of it, put it in those boxes like that, and then build out your network, and then leverage it. leverage your network. and don't be afraid to give things, give your time or your knowledge or your insights.

Don't be afraid to give it away for free at some point or some time, because it, should come back to you. but yeah, it just, put a roadmap together, you have to put the roadmap together yourself, and use that strategic operational tactical mindset to build your network, and then leverage those people and organizations within that network to get where you want to be.

[:

[:

I'm very active there. And, what I'm focused on now, again, is just... helping like minded individuals, collaborating with like minded individuals to, elevate risk IQ to save lives and, help organizations do what they do best, which is, maintain their competitive advantage, agility, and viability.

[:

Andrew, thanks for coming on, it's been a great pleasure to have you on. This has been Risk Management and Breaking Down Silos. This is another fantastic edition of the Circuit Magazine podcast.

thank you very much, Andrew Peden, for coming on and talking about Breaking Down Silos and Unified Risk Management, and I think the idea of the Unified Protector is not going away, it's Is it quite how, we imagine it, a singular human, or perhaps a team, or perhaps a structure, a reporting line, I, don't know.

what did you take away from today's session, Shaun? I was interested in

[:

It depends who you're working with, how you mold that solution. And I think you can do that in many different ways. So does it work having everyone peers alongside each other? You mentioned having, working with family officers where you have the accounts team, the HR teams, the security teams. and I think he went on and said, when he's talking about bringing down the silo, it's within risk management as opposed to bringing in all of the other facets.

But, yeah, I think it all works. If you can mould it around your client, you get the right team, you get the right leader there at the top. Then that's what's going to knit it all

[:

Imagine any legal question, boom, got it. but as he said, there are limits, risk, players, risk managers, and he doesn't like the term security. same as Bruce. but, hey, no, good. I'm glad we, I'm glad we're covering this topic and it pushes the needle forward instead of the, Oh, Shaun, you've got to go and do a coding bootcamp.

Why? To appreciate some other function. No, you don't need to do that to appreciate another function. You need to be a strategic risk manager. But yeah, I really appreciate that. And you know what? Funnily enough, Andrew very kindly came to, one of, my events, this week, virtually when, we talked a lot about, data protection and privacy and, all of that.

So thanks, Andrew, for popping in there. I recently saw a lot of our, NABA community in, Phoenix. and also Atlanta, for the seventh annual Convergence Forum, where the Circuit Magazine were a media partner. That was fantastic. we had, we had several of our listeners on, and, absolutely fantastic to see so many enthusiastic people there.

Shaun, I don't think even I, told you this, but, that there were people there who said, I've been listening to the podcast since the beginning, and I was just like, wow. I didn't know. And obviously, if that's you, then thanks for, thanks for listening. We had, friends of the community that people would know and love, from Craig McKim, Christian West, Chuck Randolph, but also others like, Hernie Vendelise, Rhett Weddle, Scott Walker, we've had Scott Walker on the podcast before, Alan Sakella, we've had him on the podcast before, Natasha Ryan from North Group, she's, been on a load of things that many people, might, might appreciate.

And I, really, if I'm missing anyone else, I do apologize. But one more shout out, and I know This is me telling you my news, as well as our dear audience. A very kind, gentleman welcomed me in Atlanta, Tim Crockett, who has a big background in all things, media, security, knows, of course, Ken Perry and Co and Costain and, and all of that.

He very kindly took me around Atlanta on a Sunday morning, when he could have been doing something else, but he chose to come and help me. So anyway, there we go. lots of things to report back on, but I thought I'd do those shoutouts, Shaun.

[:

EP Technology Forum in January, which is always my favourite event

[:

What's, what's new? What, would you like people to think about as, we go forward in this week? it's

[:

I'm now stepping into the coaching space to help security business owners and security professionals. to level up their business and careers. So that's a new, exciting path that I'm embarking on, which I'm sure you'll hear about in due course over the, maybe on the Circuit Podcast. Maybe we'll do a podcast, me and you, and we can talk about it at some point down the line.

[:

[:

[:

and, and yes, be a unified protector, be a community protector, I don't know. Andrew, thanks very much for being our guest today. maybe this is a method of breaking down silos. Maybe the podcast breaks down silos. Anyway, maybe I'm going too far with the analogy, but this is great.

Thanks very much. And, This has been another fantastic edition of the Circuit Magazine podcast.

[:

You have been

[:

listening to the Circuit Magazine podcast. Be sure to subscribe and be sure to not miss an episode.

About the Podcast

Show artwork for The Circuit Magazine Podcast
The Circuit Magazine Podcast
For Security Professionals who want to stay ahead of the game.