Compass Awards

Cancilla: Security Must Put Business First

Russ Cancilla, CSO with Baker Hughes Inc., believes that security can enable business with the right attitude

By Joan Goodchild, Senior Editor

March 24, 2009 — CSO —

Baker Hughes Inc. CSO Russ Cancilla has been with the company less than three years. But in that short time he has transformed the oilfield services provider's security operations from one that was fragmented to one with a converged approach under his leadership. Managing Baker Hughes' risks for employees, resources and operations is no small task. The company currently operates in 94 countries, many in high-risk zones. But Cancilla, recently named a CSO Compass Award winner, gives us the details of why the new approach of his program not only secures the business, but also enables it.

CSO: What was your goal for security at Baker Hughes when you first started at the company?
Russ Cancilla: When I came to Baker Hughes what I found was there were independent pockets of security around the company that supported the operations. Then there was a Houston-based traditional corporate security department. I saw that the two weren't engaged very much and I concluded that we weren't actually leveraging our skill sets.

We weren't able to properly measure the performance of security people out in the field because the corporate team was not fully engaged. And, most importantly, I noticed that there seemed to be a perception of a two-class system between the corporate security team and the operation security team. I didn't like the fact that it didn't feel like a team.

I thought that what we needed to do was create a more enterprise approach to security. As the CSO I wanted to have line of sight of what was going on with security across the company. So I wanted to have sight not only of the risks and security activities, but of our security people: What are their skill sets? How are they being developed? How are they being assigned jobs?

I also wanted to establish some standards or guidelines across the company. For example, if you went into Egypt our security program looked very different than if you went into Venezuela. It seemed that we were probably creating some greater liability and exposure for the company and spending more than necessary by having fairly inconsistent security programs in place which nobody was really overseeing centrally.

What was your first step in accomplishing that enterprise approach?
I went out and met with people and did the kinds of things new leaders do. I was finding some of the security team members on the operations side did feel a little disenfranchised because there was this perception of an this elite group of corporate guys that didn't really interact with them that frequently. They didn't always feel they had a place to go if they needed some additional expertise on how to solve a security challenge.