Home » Security Leadership » Strategic Planning

Reinventing T-Mobile's Security Function

T-Mobile needed to reinvent its security function, so it recruited a veteran team to shape a new asset protection division. The goal: Inject risk calculations into every business decision.

The efficiencies Porcaro and company can create extend beyond the obvious. "Even the RFP process is affected," Roberts says. "The RFP for a single badge access solution is changed based on the fact we've converged and that single badge should now access doors and IT log-ons."

Convergence also helps executives decide when things should not go together, says Jennie Clinton, senior manager of business continuity management. "For example, I once was at a place where they put safety and security operations under business continuity management. But those skill sets are totally different than BCM," Clinton says. "Unless your organization is very mature, it's not going to work, even though the bosses were saying that it was great synergy, that it looked great on paper. There are areas where the function needs to be not converged, and with all of us in the same group, you'll hear firsthand when someone thinks convergence or overlap is a bad idea."

"In security, you're a bit of a one-off, a third wheel. At previous jobs, I reported to facilities, or legal. Youâ¬"re there, but youâ¬"re peripheral. Here at T-Mobile weâ¬"re clearly part of the bigger business model. I think weâ¬"re onto a good thing."

â¬ Frank Porcaro, director of asset protection

And Telders's information security function, focused on policy and compliance, also demonstrates convergence benefits. Porcaro notes that the group's separation from the CIO and IT was important so that it could set information security policy as an IT outsider. "The goal here is to achieve an objective separation of 'church and state,'" he says.

The progress hasn't been lost on those closest to the asset protection function's development. "Those who've been around get it. Within our team, everyone has bought into the convergence.

"But," Porcaro says, "our challenge is enlightening the rest of the organization."

Underscoring much of the team's conversation, in fact, was a marked wariness. It was a successful first year, yes, but the three refuse to project that success into the future.

"We just had an offsite meeting and I threw something up on the board," says Porcaro, "We can be where we want to be with the asset protection program they've wanted in three years. Trying to get into flying formation is a challenge but it's a stretch goal if nothing else."

"It's doable, but I don't want to blow smoke up anybody's skirt," Telders adds. "It isn't easy."

So far, all three men confirm that the board and top executives have shown good support. At the same time, Porcaro needs that support for at least another three years. That's asking for a lot of patience (and a long investment) from the board and executives. "We have to demonstrate added value; it's a big challenge for us."