Building a Corporate GSOC

Chris Hurst & Steve Greenbacker

Stabilitas interviews Industry Security Leader Steve Greenbacker. Steve discusses his experience building three GSOCs.

Steve Greenbacker is a Physical and Cyber Security Leader out of New Haven Connecticut.

About Steve: Steve Greenbacker is an enterprise security leader with experience in building world-class risk management programs which enable business operations. His diverse experience in the public and private sectors includes a large portfolio of physical security, cyber security, organizational resilience, and risk intelligence programs. Steve started off his career as an officer in the US Marine Corps leading security teams domestically and in Iraq, coordinating embassy security operations across the Near East and South Asia, and managing a Reconnaissance Operations Center in Helmand Province Afghanistan. After his military service, he continued his security risk management work in the energy and pharmaceutical industries and most recently offers his expertise through a large consulting firm. He is also an adjunct professor teaching Intelligence Analysis and Corporate Security Management within the Dr. Henry C. Lee College of Criminal Justice at the University of New Haven.

Chris Hurst: Welcome Steve. You've built a GSOC in the military and two in the corporate sector. Let’s start off by describing the functions of those three GSOCs.  

Steve Greenbacker: While in the Marine Corps, I was the Senior Watch Officer for my unit’s Reconnaissance Operations Center. We were responsible for integrating intelligence collection with combat operations in Afghanistan. In the private sector, I designed an operations center to support both physical and cyber security of the electric grid for a regional utility company. Most recently, at a pharmaceutical firm, I took a traditional GSOC which was focused on monitoring cameras and answering alarms and matured it into an intelligence fusion center which was responsible for risk forecasting, incident response, and other business uses like open-source searches and new market entry assessments.

As with any critical operational function, the right people and the right plans are paramount. That’s universal. If you can find effective and knowledgeable staff and give them the right direction, while still allowing for creative leeway, you will be successful. As far as differences go, each center needs to be aligned with how the business operates. That varies by the industry.

CH: Focusing on the Corporate GSOC, what was the most important argument in favor of building your GSOC?

SG: Like most organizations, we were busy. Maybe you have an executive protection program, a travel security program, and several facilities to secure around the world. As a security leader, you can not manage all things at all times. You will likely also struggle with triaging issues and staying on top of the event horizon for upcoming risks. This is where the argument for a GSOC comes in. 

"An ops center supports a wide variety of security programs and provides valuable synergy between them. It also provides a central communication hub to keep you informed as a security leader and give you the ammunition to communicate with the organization’s executives."

CH: For corporate GSOCs, what were the biggest challenges you had getting them up and running?

SG: The typical initial barrier to entry is the financial investment in the infrastructure. You need space, technology, equipment, and manpower. Just like any security initiative, there is a fight for resources. Demonstrating a potential return on investment is important to show the fiscal reasoning behind the center when compared to other projects in groups where a financial ROI is more visible.

CH: Let’s talk about budgeting. If I were a CEO or CFO looking to start a GSOC, how should I plan? What are the big buckets I need to think about and the ranges of costs?

SG: We used a phased approach. At first, we leveraged some simple technology and re-purposed existing space. That gave us some quick wins without a lot of investment. When we committed to the concept, it resulted in a significant monetary investment. Our most recent center features an integrated video wall which connects all of our analysts' computer systems and online tools at their desktops with an interactive display. It also connects our secondary walls in the management suite and failover center.

The technology itself was around $800,000. Additionally, the space needed to be retrofitted to support the IT racks with adequate climate control, work stations for the staff, and the expenses associated with resiliency for internet connectivity, electricity, and phone systems. This pushed the budget over $1 million. Most important, you need to consider the staffing. Remember, this is the core competency of our GSOCs, so it is important to invest in the people staffing your center. To support a 24/7 center with additional full-time specialists, our budget was over $750k. We also budgeted $150k for intelligence collection and analysis tools. In the end, the GSOC had an initial capital expense of over $2 million and annual opex budget of over $1million.

CH: That’s a significant investment. What argument won the day over the cost argument?

SG: We engaged stakeholders outside the security team who were more profitable because of the work we did. We provided freedom of movement for our sales colleagues. We mitigated supply chain losses and impacts from terrorism. We gave our executives the confidence to continue doing business in countries with revenue opportunities despite significant operational risk. When we were able to do all that, the GSOC became a critical function for the organization.

CH: How did the actual running of the GSOC differ from your original plans?

SG: Our concept evolved along the way. Today it looks nothing like what was originally designed years ago. At the start I failed to integrate situational awareness and intelligence analysis, believing these were outside of my domain. As we went along, we leveraged the intelligence analysis and training to help our supply chain management colleagues define routes and relationships. We also helped our friends in compliance with anti-corruption/anti-bribery screening and monitoring. We developed our analysts and studied how to teach intelligence and discovered that an expert in the analytic process can actually outperform a domain expert when it comes to intelligence and forecasting work. 

"The real evidence of business value for our GSOC was what we did for other departments in the company."

CH: Any insights on building a team with contractors?

SG: This is a place where we learned hard lessons. It’s difficult to mentor and retain contractors. Not only are there co-employment issues with directly guiding performance and career development, but contractors have inherently less reason to stay with an organization when compared to employees who have bonus and equity structures.

Compounding that, the security guard firm we were partnering at the time was stretching to support us. We ended up doing a lot of our own recruitment and training. If I was starting this project from scratch again, I would partner early on with a firm which specializes on intelligence, despite any other existing relationship.

Thank you, Steve, for taking the time to share your perspective. Great insights!  

For more detail, including discussion on ROI and hiring veterans, please check out the full length interview here.

Chris can be reached at info@stabilitas.io. Steve can be reached on Linkedin at https://www.linkedin.com/in/sgreenbacker/ and by email at steve@sapientrisk.com.

The Science of Security

Stay up to date with the latest news and insights from the Stabilitas security intelligence network.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.