Security Job Descriptions

We put questions to a quartet of CSOs (Francis D'Addario, Dave Kent, Linda Stutsman, Sharon O'Bryan) and a leading recruiter (Joyce Brocaglia) to see how the shape of the security practice is changing.

By Lew McCreary and Derek Slater

December 01, 2003 — CSO — Security Steeped in CultureFrancis D'Addario, CSO, Starbucks People often talk about embedding the practice of security into the business processes of an enterprise. Francis D'Addario, the CSO of Starbucks, has taken that notion one step further. D'Addario's Partner and Asset Protection group literally steeps in the Starbucks culture and philosophy. In practice, security at Starbucks is entirely aligned with corporate values of trust, dignity and quality assurance, all in the service of creating a customer experience that is both globally consistent and locally relevant. And, of course, profitable for the company.

And profitability depends, to a great extent, on the safety and comfort level of every Starbucks location. Fast-food restaurant chains do a high-volume, mostly cash business. As such, they are well-known robbery targets. If the people inside a Starbucks store are edgy, it should only be because of the caffeine. When you walk in, you're supposed to find a congenial little oasis where you can chill out, tap into the wireless cloud and disconnect from the worries of the world.

D'Addario sees a direct link between his work and the ability to sustain that kind of environment. "There's been a school of thought, from time to time in different organizations, that the security mission is something that is competitive with operations," he says. "In this company, it's pretty well interwoven in the culture."

He got his start in law enforcement more than 25 years ago, analyzing crime data to discern relevant geographical patterns ("It was pretty interesting putting the human behavior to what the logical coordinates were"). He remains a believer in data as a driver of security management. "We do an orientation that has been described as 'protecting the Starbucks experience by the numbers.' And I'd say today that the logical consequence of relevant information [provides] almost a dashboard of key performance metrics. I mean this in terms of the capability to assess risk by analyzing, say, robberies per thousand units to determine the financial return on prevention investments," he says. In such an exercise, D'Addario would look at both "the incident impact risk, which would be commercial armed robbery," and at the overall effect of acquiring preventive systems on the profitability of stores.

The Starbucks culture is reflected in the habit of referring to the folks who sell you your double low-fat latte as "partners," not as employees. Among the unofficial partner benefits is the benefit of the doubt. Thus, in the area of loss prevention, the security group behaves less like investigators and inquisitors than like polite observers of a sudden unexpected performance variance in a particular store, at such and such a register, during such and such a shift. "We have an exception-based reporting system that allows us to analyze the activity of all partners from the same [store] and to broadly look at their activity against performance rules," says D'Addario. Those rules "allow us to see how particular individual performances stack up in a district or a region, [and] to know not only whether the exceptional behavior is peculiar to the storeour interest gets perked if it is also peculiar to the district and the region."

• Print

• State of Security 2004: You Are Here
• Information Security Predictions in 2004
• A Very Concise Security Technology Time Line
• Tips to Improve Public-Private CSO Partnerships
• Security Tools for the New Era
• The Blending of Physical and Information Security Threats