Nearly every security leader tasked with developing a major cross-disciplinary initiative begins by looking at all the variables – the different departments with their varying aims and cultures, the contrasting personalities, the divergent levels of understanding, budgetary challenges, and more – and asking this first question:
"Where do I even start?"
Workplace violence (WPV) mitigation programs and global security operations center (GSOC) development are some of the more common security-centric programs that require a broad level of cross-functional collaboration. Getting initiatives like these off the ground with strong managerial support and cohesive team buy-in is a massive undertaking.
At the Security Executive Council’s October 2024 Security State of the Industry (SSoI) briefing, Jacob Valdez, Director of GSOC at Applied Materials, and Michael Wanik, SEC Emeritus Faculty and former Senior Director of Corporate Security for United Therapeutics Corporation, discussed how they used the SEC’s concept of operations process to undergird their cross-disciplinary initiatives, and how their programs benefited as a result.
George Campbell, SEC Emeritus Faculty, brought the concept of operations (ConOps) process to the SEC’s private sector clients from his experience in government, where ConOps is more commonly used to delineate and communicate objectives and roles for proposed integrated operational systems.
"The ConOps provides discipline and creates a drive to connect stakeholders," said Campbell. Through the ConOps process, the cross-functional team
defines the current state by finding and inventorying gaps that present a risk
draws in all required stakeholders, illustrating how those gaps affect each stakeholder’s mission and goals, and
determines the way forward with clear documentation of processes, roles and responsibilities.
While the primary goal of the ConOps is to develop and implement a strong cross-functional program, the process – which involves stakeholder interviews, socialization, and consensus building – brings a number of additional benefits, according to both Valdez and Wanik.
This image is a graphical representation of what a concept of operations can do for a GSOC project.
Provide a Methodology
Valdez used the ConOps process to implement a GSOC at a multinational technology company. Starting a project of this scope is a challenge, he said. "You've got Facilities, and Environmental Health and Safety, and Finance, and all these other business aspects that are coming in. Trying to piece that together can be overwhelming… I had a lot of great conversations with all these groups, and everybody’s nodding, but it’s possible to talk it through so much and so long that you lose the concept. Eventually you have to get in there and execute."
The ConOps offers an established methodology for identifying and engaging critical functional partners, developing agreements, and documenting results and expectations.
Build Common Understanding
Wanik first used a ConOps to build a WPV program at a large biotechnology company. "Workplace violence was on the radar, but it was not as easy to deal with as they may have thought," he said. "There was a narrow understanding of the risk. Everyone thought it was just a corporate security issue. Managers didn’t realize the first line of defense is them. They didn’t understand the link between WPV and domestic violence. They didn’t understand the collateral impacts - you may lose other employees who don't come to work; you may not be able to hire people; you may even have to leave the facility you are at and create new brick and mortar location somewhere else."
As the stakeholder team worked through the ConOps process, Wanik was able to use the interviews and the inventory of gaps to clarify how the risk of violence could impact each group - what both the risk and the response entailed. "The process itself is key," said SEC Emeritus Faculty Tom Bello. "You might conduct 10 or 20 interviews with the business line and your functional counterparts and leads, and this is a great opportunity to socialize the program. It's an opportunity to get their perspective on risk, to sharing some of their experiences. Creating an open dialogue and building those relationships gives you a way to lead even without formal authority."
Encourage Ownership
As a part of the program’s development, Wanik and his team used a RACI table to catalog the stakeholders who were Responsible, Accountable, Consulted, or Informed for each WPV mitigation task or process. Because this activity followed the earlier ConOps phases of discovery and feedback, stakeholders appreciated the opportunity to take ownership over parts of the process, rather than feeling forced to take on something they didn’t support or understand fully.
Document for Continued Value
Formally documenting agreements, roles, policies, and processes is a key element of a ConOps process. Francis D’Addario, SEC Emeritus Faculty, pointed out that the documentation that results from the process has uses beyond program development. "If the vision is to go above and beyond basic compliance – to be a culture of care - in a way that is resourced and measured, the ConOps is great for the organization's defensibility and brand reputation, because that's what people want to hear at the end of the day. And the ConOps can also inform metrics development and continuous improvement," he said. These documents can also be used to ensure process accountability and evaluate and communicate program value. Campbell added that ConOps can be used as a primary input for a business plan or a master plan as well.
The ConOps process can be used to optimize development of any cross-functional program, including WPV mitigation, GSOC, supply chain protection, or crisis management and business continuity.
Next Steps
Contact us to learn more about the ConOps process and how you can build consensus and collaborative strength for security initiatives.
Security State of the Industry briefings are a quarterly benefit of all Tier 1 Security Leader agreements. Become a Tier 1 Leader to gain access.
