THE Enabler

Sep 1, 2007 12:00 PM, By Michael Fickes

Curt E. Armbruster took over as director of security for Northrop Grumman's Information Technology (NGIT) sector late in the summer of 2005. A month later, Hurricane Katrina devastated the Gulf of Mexico coasts of Louisiana and Mississippi, and destroyed New Orleans.

NGIT facilities in the Gulf of Mexico house the sector's computer security support group. Called IT Solutions, it comprised 250 people the day Katrina struck.

The day after Katrina, Armbruster couldn't find anyone from IT Solutions. “We had to account for them,” he says. “But they had all left to stay with relatives or friends in other parts of the country. Our security teams spent six weeks looking for them. Eventually we found them all — everyone survived.”

In the aftermath of Katrina, Armbruster's security teams also assisted in the temporary relocation of sector programs from the Gulf to Northern Virginia.

Armbruster looked for ways to help other Northrop Grumman sectors struggling with devastated facilities. For example, an NGIT security team supported the security director at a Northrop Grumman shipyard in the Gulf. He needed safes. His safes — weighing 600 pounds each — were floating around in a flooded warehouse. NGIT also provided badging equipment to re-badge and to get shipyard people back to work.

Armbruster's work during Katrina provides a concrete example of his corporate security philosophy. “We want to be business enablers,” Armbruster says. “We look for ways to enable people to do their jobs. Security people have a reputation for always saying no and for acting like corporate cops. We have adopted a philosophy that I read about in a security magazine years ago: Just say yes. It means taking ownership of problems that people bring to us and helping to solve those problems.”

The way Armbruster has implemented his philosophy has earned him the 2007 Security Director of the Year award from Access Control and Security Systems magazine.

The NGIT security group's response to Katrina is one implementation of Armbruster's philosophy. There are others. Upgrading access control technology to comply with the federal government's Federal Information Processing System (FIPS) 201 technology will enable Northrop Grumman employees to move more efficiently through facilities owned by Northrop Grumman as well as client agencies within the federal government.

Another implementation involves streamlining the company's approach to managing NGIT employee security clearances to ensure that when employees are needed to perform federal tasks, they have the proper security clearances and will be permitted access to secure data necessary to carry out their responsibilities.

Armbruster also devotes efforts to making sure that NGIT will continue to function in the event of a catastrophe that threatens business continuity. He is currently working out a business continuity strategy designed to deal with a pandemic, such as avian influenza.

“Curt has led his team through a transition from an enforcement organization to a service organization that is recognized as an integral part of the business,” says James R. O'Neill, Northrop Grumman corporate vice president and president of NGIT, which ranks among the largest of the company's eight sectors, with 18,500 people.

NGIT designs, develops, installs, operates and maintains information technology infrastructure for all of Northrop Grumman and its 120,000 employees. NGIT people are stationed all over the world. Armbruster looks after them with a staff of 150 people, including about 30 contract security officers from Pinkerton.

From Secret Service to security service

Armbruster grew up aspiring to work for the FBI or the U.S. Secret Service. He earned a bachelor's degree in criminology from Indiana University of Pennsylvania, thinking it would be one of the keys to his future. He also received a master's degree in administration from Central Michigan University and completed executive leadership training at the University of Virginia's Darden Graduate School of Business Management.

Just out of school, he joined the Secret Service Uniform Division at the White House during the Reagan administration. The work wasn't what he had hoped. He ended up on different shifts. Days off were in the middle of the week instead of on the weekend.

“I wanted something more stable,” he says. “So I moved to the National Security Agency (NSA), where I did background investigations and polygraph exams.”

One day, after administering a polygraph test to a corporate security director seeking an NSA clearance, Armbruster asked what private industry security was like. Within two weeks he had received and accepted an offer to take on a middle-management position as a security manager with Computer Sciences Corp. in El Segundo, Calif.

After a few years at Computer Sciences, he moved to McLean, Va.-based Booz Allen Hamilton, where he spent 13 years, eventually becoming the number two security executive. Several years ago, Northrop Grumman came calling and brought Armbruster in as a security director for one of the company's business sectors. In 2005, just before Katrina, he was promoted to director of security for NGIT.

Invite yourself to meetings

At this level of business, corporate policemen do not last, and Armbruster set out to remake a fairly conventional security department into a service group capable of supporting the sector's business needs.

Armbruster works in a large formal executive office with a polished wood conference table, desk, chairs and bookcases. Photographs on the walls depict aircraft made by Northrop Grumman over the years. Fox News plays on a television set against one wall. “I have the news on in case there is anything we need to be aware of — unless there is a golf tournament,” he grins.

Somewhat formal, Armbruster dresses in a signature coat and tie and projects a wry sense of humor. He clearly enjoys doing interviews and interacting with others that visit his office. People energize him. So does thinking about security as a service and support operation that enables people to do their jobs.

“I think the key for us is managing security like a business,” he says. “We've developed a security strategy and security goals that complement those of the overall business. It is to help people do their jobs better. We run the department like a business. We look for business opportunities to support the sector by learning everything we can about the sector's business. Then we market what we do for the sector through Web sites and posters.”

He adds: “Perhaps the most important thing we do is to get involved with the business side of the sector. I tell the members of my staff that if you are only going to security meetings you are not doing your job. You should be inviting yourself to meetings across the organization.”

Not long ago, Armbruster attended a senior staff meeting called by Sector President O'Neill. A few days later, he sat in on a corporate finance discussion about the company's second quarter earnings statement. “I have to understand what is going on in the business at large,” he says. “From those meetings, we develop programs that we market to senior management. As we do that, we're included in more meetings where we learn about other kinds of support activities we can undertake.”

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue