Live blogging the ESX keynote
I'm going to be fairly busy the rest of the day, doing interviews and hosting panels, but here's a live blog of the keynote address here in Baltimore at the ESX show. 10:00 - good turnout thus far, with all of the industry lions in the house. George DeMarco is telling people to shut their yaps and pay attention and the buzz is starting to die down. Now the lights are down and people are getting the hint. George: Welcomes everyone, thanks the sponsors, etc. 147 exhibitors, 2,000 registrants are the numbers he gives. I counted the companies in the guide and it was 132, so they had at least 15 late arrivals. That's a good sign. 10:02 - Ed Bonifas leads us in the Pledge of Allegiance. 10:03 - Bud Wolforst - George is a tough act to follow. Welcome, this whole event is our show. NBFAA/CSAA, it's the industry event. We own it, and whatever you contribute to it stays in the industry, so keep on coming. Introduces Mike Miller. His staff has prepared remarks for him and he'll read them. (Laughter.) 10:04 - Mike Miller - Welcome to this official kick-off to ESX, can you believe it, our second year. I'm excited to be here. It was just last year that the leaders of our organizations joined together to create this new conference and expo. Last year was an incredible success and this year momentum has continued to grow. We're incredibly greatful to the manufacturers and the vendors. Want to thank Cygnus and GE for sponsoring this keynote. It allows us to have this industry leading events. We thank you from the bottom of our hearts. Profits from this show will be used for the benefit of you, your business, and your industry. We've put together a tremendous selections of speakers, vendors, exhibits, and this is your show, I'm so happy to see so many of you here. Be sure to spend lots of time on the show floor. The vendors have put in a lot of time and effort and resources to come here and support us, and I ask for applause just for that. (Applause.) And get ready to be impressed. There are lots of products that are being launched this week. I believe we will continue to see growth as constituents realize the positive impact we can all have on our futures. 10:08 - Introduces Bob Haskins from GE to introduce the keynote. Bob - On behalf of the 6000 employees of GE security globally, we're very pleased to sponsor this address. Francis X. Taylor, our VP, and chief security officer. But before that, I just want to go through some of his qualifications. Prior to joining GE. He had a distinguished career in the Federal government. Most recently, he was assistant secretary of state for diplomatic security, with the rank of ambassador. (I can't keep up with all this stuff, so I'll summarize.) He was a key advisor to Bush and Powell. 31 years of military service. Rose to rank of brigadier general. Silver medal, legion of merit, department of state distinguished honor award. Went to Notre Dame. He's got three kids. We're never sure whether to call him ambassador or general, but we're pleased to have him working at GE and have him giving the keynote. 10:11 - Frank Taylor - I'm pleased to be here. I'm pleased to be among friends. I'm going to give you my perspective as chief security officer for one of the largest companies in the world as to how I think about security. We're as big as the United States Air Force. Little advert for GE comes first. He's doing the whole thing where he previews what he's going to talk about. It might get most interesting at the end when he'll probably run over and I'll have to bail to interview someone at 11. Sorry about that. GE is the only company that's been on the Dow Jones since the beginning. I didn't know that. Healthy Imagination is the new technology initiative for looking at health care. (Is this where PERS will be housed? I think so.) They spend a billion on R&D. $18 billion in profit. GE filed more than 2000 patents in 2008. The GE power generating equipment creates a quarter of the world's power every day. (Is that for real? That's kind of crazy.) This sets up the challenge for the CSO (Frank). In order to secure this enterprise it takes world-class security to protect the people and operations. And most importantly, help our clients to anticipate and mitigate risk. We're a process-driven company. When I was in the government, you always got a kudo if you quoted the president, so I found a quote from Jeff Immelt: "Leadership in security and crisis management is about consistency...planning and exercising...it is (he changed the slide)." We used to be too passive. If we couldn't imagine it, we ignored it. But who thought 19 people who fly fully loaded airplanes into the sides of buildings. No one had the imagination to think someone would actually carry through on that. I submit that nothing is impossible to imagine. We have to be the people that are the first to say, this is possible, and this is what we need to think about. 10:18 - it took this long for the phrase "guards, guns, and gates" to pop up. Point is that that paradigm doesn't work anymore. Frank spent months working on the Katrina response, for example. Talks about the Tsunami of 2005, it took three weeks to discover they lost an employee. Today it would take 10 minutes to figure out who was where. Infosecurity piece of your business is going to become more and more important. They'll be asking your technicians about hackers and viruses. That will come into your marketplace and it's something you need to be prepared for. (It's really hot in here. Just typing is making me sweat.) Foreign countries are a big headache. They're in Nigeria, Iraq, etc., Very tough places to operate. We want to protect our people. When we can't protect them, we want to mitigate the crisis as much as possible. But when we get very good is when we anticipate the risk and mitigate it before it happens. 10:22 - What keeps me up at night? Global instability - Pakistan, the Niger delta, India, Iran, Mexico - we do an intelligence review of all of these places every day. Swine flu. We don't do business in Iran, but we have to monitor those events as they have an impact on the places we do do business. Yesterday, it was the train wreck in DC. Was one of my people on that train? Our people are everywhere. Swine flu. If we had not had a pandemic plan that prepared us for Avian flu, we would have been flat-footed when swine flu hit, and I think the US government has done a great job with swine flu. Then it's the normal stuff. Terrorism, which I hate to say is normal. The terrorist threat is global, and it's real, and it's directly targeting US multi-national corporations. Then there's narcotics, the war on the Mexican border, major shipping lanes for corporations, where goods are being brought across the border. Patriot Act says we have to identify all of our employees, otherwise you're fined. Counterintelligence. How do we stop Chinese hacking, competitors, people looking for our information. Every country's intelligence service wants to know what multi-national corporations are doing. It's a global challenge for us to stay ahead of that. And then there's just the problem of working in emerging countries, which means anything can happen at any time. Talking terrorism specifically: Are multi-nationals a target? Yes. Even in GE - a guy called YIK, an IT developer for our health care business in India. He was arrested for leading an underground terrorist organization, which he was doing while working for us during the day. These things are real and they happen every day. And Al Qaeda has told us they're going to attack religious targets, economic targets, technical and information systems, and western investments in oil and gas in muslim lands and western critical infrastructure. Some people say they're a bunch of bluster. But if Al Qaeda says they're going to do it, you can rest assured someone is planning an attack of that sort. Our employee was radicalized, he wasn't when we hired him, and that was their plan. They find people they can turn to their philosophy. Their targets are any one from the west that they feel threatens their goal of recreating the 14th century without any western influence. People say they don't see evidence of their employees turning. I submit that you don't need to see evidence. It's happening. Internally, Al Qaeda tried to get management level employment with a western organization in the Middle East, and there are a number of other examples. Why do they target us and companies like us? We're hiring, and that gets you a visa into the US, and multi-nationals meet the targeting criteria. It gives them valid rationale for international travel and residence. Our guy traveled here three times for training. Access to information, worldwide recruiting opportunities. So, we assume terrorists are inside the gates. To mitigate that risk, we believe it takes a lot of hard work. It takes us every day monitoring events around the world. (Classic jigsaw puzzle slide shown - are these mandatory?) Most of my colleagues are monitoring the same things every day. What does it take to make it effective? First, business leadership. Security and crisis management is a compliance issue for us. We've written a policy and I go out and audit to make sure that standard is met. And the business leaders are responsible for implementation. It takes competent security leadership, and when I say that, that means not just someone experience in running a force, though that's important. It takes a global perspective and global experience. Because you're going to operate globally. And we hire local expertise. I just hired an egyptian who knows the culture and the language. If I were to send an ex-pat, he'll always be an outsider. And we have to have matrix execution, building on the talents of all of our business to bring the expertise to bear on our problems. Travel safety: 1 million GE employees travel outside their home country every year. When Sully landed his airplane in the Hudson River, within 15 minutes we knew whether there were employees on the airplane, what business they were from, and whether they were okay. When Israel invaded Lebanon, within an hour we knew where our employees were and we began the process of getting them out of Lebanon. I thought I had left the intelligence business when I left the government, but you can't do security nowadays unless you think globally. So I've taken our guard force and created a global watch center in Fairfield, CT, who are monitoring events around the world and can initiate response. That's what it takes. Background checks are critical. IT Security is increasingly an area of importance. I don't own IT security, that's under IT, but we have a blood brothership, because the convergence is absolutely critical for doing security. 10:38 - (My butt is kind of falling asleep in this chair. Is my posture bad?) What this means for security installers and dealers? As you think about working with people like me, the things you need to think about is how you can help me get consistent global information, from my sensors, my access systems, all the things you provide to your customers. What I'm looking for is who, what, when, where, all the time. The right info leads to the right decisions. The quicker you have it, the quicker you can solve the issue at hand. If you have 80 percent of the information, that's probably sufficient information to act. Systems integration on a global basis. I get hundreds of letters every day and it goes into my trash can because it's offering me a widget or something "new." If I see something that's about how you can integrate, then I read it. But I need to know how it's going to work with my system. I get 10 calls a week, robo-calls, from suppliers who are prospecting, but I don't have time for that. I understand you're prospecting, but that's just not going to work. I want to talk about innovative technology that works with what we're doing. You need to do your homework to talk to me. Otherwise, your email is going into file 13. I want sales and technical people who understand what keeps me awake at night. I want to talk to people who understand my problems, and aren't just trying to sell their piece of equipment. And there isn't a bright shining line between those people. Great salesmen can make sales. But there's got to be a balance there. Understand who I am and come talk to me from a perspective of providing a solution to the problems that I am facing and dealing with. I won't name the company, but we'd set up an appointment to do security at my home, and they may not have known my role at GE, but they sent a technician to the house. I wasn't home. My wife was home. The technician did a great job of perimeter security, took his notes, and then I got an email: we can do this for x dollars. Never talked to my wife. Didn't talk to me. He just was sent to the home to do a survey, and that's what he did. I called the owner and said, you don't get it. I wouldn't have called you if I didn't have concerns. You didn't even talk to me. There have been 87 home invasions in my county. It's a growing phenomonen. I was going to spend big money. I tell you that story not to hammer that company, but it's the attitude that says, I don't need to ask you what your problem is that drives me crazy. And I dare say you've got some folks like that in your employ. Security doesn't have big pockets. What drives me crazy are sales reps making blind pitches. I'm too busy, so you've got to make the best of your 15 minutes. Making pitches about pitches isn't making the best of your 15 minutes. 10:46 - You've got 5 or 10 minutes to convince me you understand what's going on. You've got to understand the new world of security and crisis management. One guy told me he had great people because they were always hired away from him. I said, hey, I pay to train those guys. You need to retain those guys. One company we now have a global contract with thought they were a body factory. We made them understand that their employees are as important to me as my own employees are. In the guard business, attrition costs money. And your system must create data that I can use to improve performance. And reputation counts. All of the CSOs in the US know each other. And it only takes one bad experience for that to spread like wildfire. Reputation counts in this industry. If you always deliver value, you'll be okay. 10:49 - Questions start. Do you do regular intelligence briefings with employees? Yes. Today it's my view that every human being, every employee, is our greatest security asset. They help give me a broader force to work with. We spend a lot of time around employee awareness. 10:51 - Signing off to pack up. It's basically over. People are making joke questions at this point. Whoever Kurt is, apparently he's getting busted on. Okay - one more question. What metrics do you use every day? We measure compliance against regulatory issues (CFATS). We measure monthly how long it takes to do emergency notification. How long to answer the phone, how long the process takes. We measure how efficient we are at locating employees. Each month we run an exercise. It was three weeks before I got there, now we're down to minutes. Those are several. Now, really, see you later.