Columbus city leadership took its first step toward ESRM by funding the capital improvement project for its implementation. This multiyear endeavor is bolstering security already in place, upgrading capabilities, adding capacity, and laying foundational elements for unifying security for telecommunications, cyber and physical assets, and critical infrastructure and industrial control systems. At the same time, the city formed its official ESRM group, which is in charge of security risk management and regulatory compliance.
Realizing the Vision
Shortly after he was hired, Calero was invited to give a presentation to the city cabinet as a way to build awareness of the new CSO position, as well as to make the leaders aware of security policies and of Calero's plan to handle physical and IT security together.
"Putting a face to the CSO position and sharing the vision with the cabinet was key," he said.
Sharing a vision is one thing. Making it reality is another. As the program was being created, the city was facing a budget shortfall of $115 million, and Ohio's two-year $28.5 billion discretionary budget was projected to come up more than $7.3 billion short.
"While the capital project was already in place, budget shortfalls loomed. Everyone knew we had to do our part to reduce security costs. We focused on what we could consolidate and help others consolidate using early ESRM successes as reference," Calero said.
When the Economic Advisory Committee, which was commissioned by the mayor to review the city's financial health, sought cost savings proposals from city leadership, Calero's included unifying building access control systems and video surveillance, expanding security for the city's extensive fiber optic network, maximizing use of the centralized security command center, and consolidating or outsourcing security functions.
Ultimately, revenue generation stabilized the budget, but the opportunity to promote security convergence was not lost.
"Detailing the efficiencies that would be gained helped grow acceptance of the program," Calero said.
At that point, the CSO had the funding for the project, a strategy for the program and a vision of where to take it. What he needed now was buy-in from stakeholders across the city, he said.
Rather than seeking mandates, Calero chose to create an atmosphere of collaboration through "security cooperatives"--security awareness training in partnership with facilities security--and by dedicating an analyst to physical security alignment.
"If you don't win their hearts and minds, you are not going to get anywhere," he said.
Once that was done, Calero set out to learn about and unite key teams, managers, vendors, and consultants.
"Knowing them, of their construction projects, hearing about planned facility renovations or general security needs is making it possible for me to bring them together, see if they have common security needs, share security assets, or just make them aware of existing assets they did not know existed," he said.
Sign up for CIO Asia eNewsletters.