In The Boardroom™ With...

Bruce McIndoe
President
McIndoe Risk Advisory LLC

Connect with Bruce McIndoe on LinkedIn

SecuritySolutionsWatch.com: Thank you for joining us today, Bruce. We read with great interest your White Paper “AGILE OPERATIONAL RESILIENCY”, “AGILE OPERATIONAL RESILIENCY (AOR) is an organization’s ability to adapt and thrive during times of stress, disruption and uncertainty. AOR is a holistic strategy that protects assets, organizational objectives and reputations by empowering multi-disciplinary stakeholders to develop a continuous 360-degree view of risk.” Before drilling down into this topic in much greater detail, please tell us more about your background.

Bruce McIndoe: I worked in the national security arena for 15 years, primarily with NSA, and supported some of the other Intelligence Community (IC) partners. In 1999, I co-founded iJET International, which was the first private sector 24x7 Indications & Warning (I&W) watch center modelled after work we had done for the IC. We developed advanced technology to support both the intelligence production cycle and near real-time, contextual dissemination to those that needed it. During my tenure with iJET/WorldAware, I had the honor to work with 100s of organizations from the Global 1000 to SMEs in envisioning and building intelligence-led, proactive operational risk management programs.

SecuritySolutionsWatch.com: It makes perfect sense to us, and the daily headlines make your point, “In an ever changing world, organizations need to embrace an integrated risk management approach and continuous risk management of their people, operations and supply.” Please tell us more about the journey clients take with you to achieve Agile Operational Resiliency and please walk us through this visual.

Bruce McIndoe: This AOR graphic is a representation of a comprehensive program, showing various elements in distinct, color-coded rings. The outer black ring represents the key drivers for the program. It is crucial as it links all efforts and investments to the organization’s value-generating objectives and strategy. These efforts are guided by overall governance while managing risk to increase the certainty of achievement, and ensuring compliance along the way. The yellow ring represents all the traditional, protective services “silos” that we work to unify into an integrated, joint team with a common mission. The blue ring reflects the continuous risk management process to continuously monitor the environment for potential threats or incidents and responds appropriately. The inner core is made up of the key asset classes we are protecting, which are People, Sites, Supply, and Information – as well as the underlying processes that enable the organization to thrive.

SecuritySolutionsWatch.com: We encourage all of our readers to tune in to your podcast here for your discussion of the need to breakdown tribal silos and cross-train protective personnel with the goal of “Creating the Unified Protector”. Please share with us here your perspective on this.

Bruce McIndoe: There are three key messages to take away from this podcast. The first is the need to shift to an objective-centric risk management (O-CRM) approach to align efforts and link investments to the organization’s objectives. This means moving away from the traditional approach of using list-based risk registers and heat maps. Instead, the O-CRM approach links a 360-degree risk assessment to each organizational objective. By bringing together all protective disciplines, we can assess operational risks more holistically and increase the likelihood of achieving each objectives. This approach also fosters a collaborative environment that promotes breaking down the silos between the different disciplines. Once you create this joint team, each member begins to learn and understand the other disciplines. We encourage the organization to create an environment that rewards multi-disciplinary, trained personnel. Some have referred to such a cross-trained Protector as a “Unified Protector”.

SecuritySolutionsWatch.com: Can we turn to “People Risk Management” for a moment? We couldn’t agree with you more, “All your people matter, not just travelers and expats. Assess, plan, develop and deploy a People Risk Management (PRM) program including Travel Risk Management (TRM), Expat Risk Management to address the risk to the person and Insider Risk Management balancing the risk to the organization. Keep your people informed, safe, healthy, and positively engaged.” Care to elaborate?

Bruce McIndoe: In Agile Operational Resiliency, as I mentioned before, one of the four key asset classes we are protecting, using a risk management methodology, is People. Organizations should focus their efforts on each person holistically and bring together all the organizational elements that have a nexus with People into a joint PRM team. This team will typically include the traditional protective disciplines such as people & executive protection (including travel, on assignment or working from home), health and safety, and human resources, but also Insider Risk, Legal, and Compliance. Much like we learned during the pandemic, a cross-functional team that breaks down the traditional silos and shares all related information will achieve better outcomes more efficiently and cost-effectively than working independently.

SecuritySolutionsWatch.com: It’s quite impressive, indeed, Bruce, that many of your clients are in the Fortune 200. Any recent projects, success stories, testimonials or case studies you would like to share with us?

Bruce McIndoe: Achieving AOR is a journey and we have had the privilege of working with several clients that are on various stages of that journey. For instance, we worked for a global pharmaceutical company to develop a risk profile for the business and developed an overall physical security assessment and improvement plan for each functional area. Their goal is a unified protective services team to include Health & Safety. Another project has us collaborating with the CSO of one of the largest gas and electric companies in the US. Our approach involved utilizing our Protective Services Maturity Model (PSMM) through a series of workshops to determine their baseline maturity, which is where they are today, and creating a series of improvement plans by department to get them to the next level of cross-functional integration. For a Fortune 200 Technology company, we have been on a multi-year journey and recently formed the Resiliency Group consisting of all the protective disciplines except information asset protection. They have removed the word “security” from most of their corporate vernacular.

SecuritySolutionsWatch.com: Congratulations on being selected to speak at GSX 2023 in Dallas. Your session, “Highlight the value of your ESRM Program with Objective-Centric Risk Management” will be Monday, September 11, 2023, at 2 PM. May we have a sneak peek at the key topics you will be discussing?

Bruce McIndoe: I will touch on a lot of topics that we have discussed here. However, the primary focus and takeaways will be around aligning an ESRM program to the organizational value-generating objectives using an Object-Centric Risk Management approach. I will walk through the 5-step process from (1) building an objective-centric risk register to (2) assigning an owner and (3) defining the level of rigor, then (4) conducting the cross-function risk assessment and appropriate level of assurance, and finally (5) a consolidated report with a focus on the residual risk ratings – those risks that were not fully mitigated. Using this approach, leadership is directly engaged in the risk management outcomes, mitigation costs will be tied to objectives and most importantly this approach aims to raise confidence in the “certainty” of meeting objectives and achieving successful outcomes for the organization.

SecuritySolutionsWatch.com: It's understood that you have presented hundreds of times in formats from keynotes to executive teams to conference programs to webinars and social organizations on a wide range of topics including “Megatrends: What will the World Look Like in 2050”? Can we peer into your crystal ball, together with you Bruce, what WILL the world look like in 2050?

Bruce McIndoe: I have experience in conducting future forecast assessments both in government and the private sector since the mid-90s. As with the National Intelligence Council Global Trends that have been published every 4 years since 1997, while the actual timing of specific forecast may be off, the trendlines have been proven out. The forecasting model I use considers 5 domains: Globalization, Demographics, Climate Change, Resource Scarcity, and Technological Innovation. By 2050, the world will have evolved fully into two great power spheres (bipolar) - Team China and the West. This world order will be rapidly followed by the rise of India into a multi-polar world. Developed countries will continue to see their populations shrink and, despite immigration. Climate Change will force massive migration away from coastlines and middle earth (+/-25 degrees off the equator) that we will see accelerating as we get to 2050 and even more so as we march to 2100. The world will struggle with resource scarcity, both natural and man-made, including food and water. Hope will lie in the speed and effectiveness of technological innovations such as food production, water conservation, energy storage/production, medicines, and much more. We have the technology today to resolve almost every stress area we currently face. We just need the global resolve to combine efforts and investments. With global collaboration, we can optimize these technologies, get them to scale, and raise the lives of billions of people around the world.

SecuritySolutionsWatch.com: Thanks again for joining us today, Bruce, we look forward to future updates. Is there anything else you would like to mention today?

Bruce McIndoe: Yes, I would be remiss not to mention the impact of Artificial Intelligence (AI) and robotics on virtually every facet of human activity. I would draw a parallel to the impact and transformation of human existence as we entered the Industrial Age in the late 1700s. This transition then was from creating goods by hand to machines. In the US, most of the population lived in small rural communities and on farms. From the start of this industrial revolution, we saw mass migration from farms to cities and massive immigration to the US from other countries to supply the need for human labor. Today, less than 2% of the population in the US are on farms and ranches. In a significantly shorter time, AI and robotics will both enhance human knowledge-based and repetitive physical endeavors as well as eliminate many of these jobs while creating new ones. Continuous retraining and upskilling will be key to long-term career success. There will be more pressure on cities as we will see an increasing level of migration back to rural communities as people will have more leisure time and we perfect immersive technologies for human collaboration anywhere on the planet…and maybe at any time with your AI-powered Digital Twin!

HOW TO REACH BRUCE MCINDOE:

Bruce McIndoe, President
McIndoe Risk Advisory LLC
www.McIndoeRiskAdvisory.com
Bruce@McIndoeRiskAdvisory.com

1400 W. Lombard St Ste A PMB 377
Baltimore, MD 21223
O: +1-540-328-0217

Connect with Bruce McIndoe on LinkedIn