SDY Honor Roll 2005: William Plante, Giving Credit Where It Is Due

Sep 1, 2005 12:00 PM, By Michael Fickes

IN JULY, the security department at Symantec Corp. in Cupertino, Calif., helped police bust a crime gang in New York City. The gang had become the largest illegal distributor of Symantec products in the world. Two members of the Symantec Security department had followed leads to the distributor. They had worked with private investigators to collect intelligence and to make purchases that would later serve as evidence. In July, after reviewing the evidence collected by Symantec security officers, the police moved in and arrested the gang.

A few days after the arrests, Symantec's chairman penned a note of thanks to William Plante, the company's senior director of global security and brand protection. With the idea of passing along a personal “thank you,” he invited Plante to his office for a chat. Plante accepted, but also invited the two employees who had done the work. At the meeting, Plante said to the chairman: “You have been thanking me for the job I've done, but these are the guys that did the actual work. These are the guys you should be thanking.”

Plante is a self-effacing security director who talks more about the achievements of the officers in his department than about his own accomplishments. The reason seems to be that Plante learned the security business from security directors that cared about his career.

An accidental security director

“I got into security accidentally,” Plante says. “I started out with the idea of a career in the military, and I was a naval diver from 1977 to 1978. I blew my ear in a diving accident and took a medical discharge. My plan was to complete my education and maybe go back into the military as an officer.”

Plante enrolled in the facility management program at Ryerson University in Toronto. To pay his way, he took a job as a night-shift security officer at the Four Seasons Hotel. There, the director of security and a retired police officer took an interest in Plante and eventually suggested that he consider security as a career. “You've got a knack for security work,” he said.

Upon graduation, Plante followed his mentor's advice and joined the security staff at the Sheraton Hotel in Toronto. After a couple of years, he asked for a promotion. The director of security told Plante that there were not any management jobs within the Sheraton's security organization. “Then he told me that the security director at the Hilton was looking for an assistant and offered to recommend me. I said yes, and I got into management at age 24,” Plante says.

After a number of years in hotel security, Plante wanted to broaden his security knowledge to other businesses. In 1997, at age 37, he started a security consulting business.

Some years before, Plante had developed a business relationship with the facility manager at Symantec's Cupertino offices. Plante put the word out about his consultancy. Within six months, Symantec called with a project.

The next four years, Plante brought three more consultants on board. Plante himself and another consultant spent all their time on various Symantec projects. By 2001, Symantec accounted for just under half of Plante's consulting work. After the Sept.11 attacks, Symantec asked Plante to direct physical security and brand protection full-time.

“Symantec is a cool company,” Plante says. “It is one of those companies that invests in talent and education, and it isn't the kind of a company that pegs you. No one says, well, you're just a security guy. Instead senior management encourages everyone to look for ways to contribute. If you can find a way to make a valuable contribution to the company, it is yours to try.”

Physical security at a logical security company

One contribution Plante has made to Symantec has been to help institutionalize the relationships between physical and information technology (IT) security resources, an interesting undertaking given Symantec's heritage in IT security software products.

“I've always believed that the conventional boundaries between IT and physical security are shortsighted and superficial,” Plante says. “Of course, the two departments don't want to play in each other's sandboxes. But think about this: If someone is using a company's computer resources inappropriately — for whatever reason — whose problem is it? Physical security or IT security?

“The IT department should be able to tell you when someone is using a computer to do something contrary to policy. But it is the physical security people who are qualified to interview a person about those activities,” he concluded.

Plante has also studied how physical security might help Symantec comply with regulations related to the Sarbanes-Oxley Act of 2002, which requires companies to provide security for financial data and information stored in computer systems.

What does physical security have to do with Sarbanes-Oxley compliance? “It isn't stated specifically in the law,” Plante says. “But it would be fair to interpret some clauses in the law as requiring physical security. Take the problem of securing corporate data, for example. IT security people can design logical security into networks and systems. But it is also important to realize that if you can put your hands on a server or piece of hardware containing secure data, you can insert a virus, steal data and even remove the device.”

Plante's observations have led to a specialized security design for Symantec's many data centers located in cities known for low incidence of hurricanes, tornados, earthquakes and other natural disasters. Plante chooses low-key, non-descript buildings and protects them with access control technology and surveillance cameras. The server farms are located inside metal cages inside rooms constructed like vaults — no drywall to kick through.

While Plante spends a fair amount of his time thinking about security challenges, his favorite activities revolve around developing his staff. “I believe in charging people with decision-making responsibilities,” he says. “Sometimes my managers have to adapt to that. They might like being told to start here, take these steps and finish there. That's not my style.

“Some of my senior people have adapted very well to our system and are really beginning to blossom.”

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue