Why you should hire us to do an OPSEC audit, even though you are bigger than we are
I recently spent time with a manager of a company that has a genuine commitment to both safety and security. Because of their size and commitment, their security department is, in fact, excellent. Indeed, it is so good that they do outside security consulting and bring in literally hundreds of millions of dollars in security consulting revenues.
I also spent time with someone way down the corporate food chain, and discovered that, as so often happens, they desperately needed an outside audit, which would allow them to see, in a non-threatening way, where policy has gone astray within the corporation.
As an example, while the manager talked about the disposal of documents, at the bottom and middle rungs of the corporate ladder (and, we are willing to guess, even higher), what really happens is that papers deemed to be unimportant (by folks not really qualified to make the judgment) are discarded intact. Papers thought to be of potential sensitivity are torn up by hand. Papers believed to be actually sensitive are run through a strip shredder.
In fact, it would appear from our conversations that this excellent company does not actually have an implemented OPSEC program.
We deal mostly with companies that are very large, and they always have security departments that are very much larger than The LUBRINCO Group, and these departments are generally well-run and competent. So why do they hire us? Because while they are generalists in corporate security, we are specialists in three areas in which it makes no economic sense for most organizations to have extensive staff. These areas are:
• High-risk protective services
• OPSEC consulting and economic espionage investigations
• Due diligence (which we define as anything where you might face liability for negligent actions) consulting and financial investigations
In performing audits for our client companies on existing programs we usually find that most things are being done right. Because we are not there to place blame, when a problem is found, we discuss the problem, not who is causing it, and we generally get co-operation from staff members who know that they can speak with us in confidence, without having to face the ire of a supervisor. When we come in to help establish a new program, we generally get co-operation because we are there to help, and will then leave, making the staff look better after out departure: While we want the internal program to run successfully, we don’t want to do it ourselves, or replace existing staff with our staff.
So if you have an existing program, it behooves you to give us a call as part of your independent audit. And if you need an OPSEC program, we are ready to help you get it going.