Saluting Tim Giles

Sep 1, 1997 12:00 PM, George Partington

Largely through the work of Tim Giles, the security effort at IBM Corp. in North America has been transformed-from fragmented to centralized, from good to outstanding, has become not only effective, but also cost-effective.

Since 1980, Timothy D. Giles has moved up the ranks at IBM-from security manager, to security program manager for the Asia-Pacific region, to security director for Latin America, to site operations director of security for North America. In the last position, he is leading a metamorphosis that, by one estimate, has already saved the company about $20 million.

Through his work at IBM, Giles has elevated the security director position to its rightful status as a vital member of his company's management team, thus setting an example any security director today can learn from and emulate. To honor his achievements, Tim Giles has been named the recipient of Access Control & Security Systems Integration's 1997 Security Director of the Year award.

Learning the ropes

Tim Giles knew he wanted to get into management as far back as high school. But he didn't know that security management was in his future.

The 48-year-old's career at IBM, now in its 31st year, began in manufacturing and engineering with stops in Lexington, Ky.; Manassas, Va.; and Nashville, Tenn. He joined the managing ranks in 1978 in Burlington, Vt., and was managing the engineering records department when he made a fateful comment to his manager, Ed Horton, who was in charge of safety and security operations.

"I enjoyed being in management, but the engineering records thing was a little boring," Giles recalls. So he expressed an interest in security-"it just piqued my interest. I told him that looked like something I would really enjoy doing." Three months later his manager said he had an opening in security if Giles was interested.

Giles' first security job was as first shift physical security manager at the Burlington facility, which, at the time, manufactured semiconductors and employed about 6,000. Back then, says Giles, there was a physical security manager for each shift, an information protection security manager and an emergency control security manager. They all reported to a site security manager, and by 1982, Giles had become one.

But Giles was never one to find contentment in sitting still. "I had developed a habit of switching jobs fairly quickly, because I enjoyed learning and doing new things," he recalls. "I called my group director of security and told him that, although I was in an interesting and challenging job, I was looking for something new if it came up. A couple of months later he called me back and asked me if I would be interested in going to Tokyo." Giles interviewed for the job and, in 1986, accepted a three-year assignment in Japan, implementing information protection programs throughout the Asia-Pacific region, which covers the entire Far East, from New Zealand to Korea.

Climbing the ladder

Upon returning to the United States, Giles began work on the staff of the corporate director of security at corporate headquarters. It didn't take long for opportunity to knock again. In 1991, he was offered the job of security director for Latin America. Since the headquarters for that position is in New York, he did not have to relocate to another country.

"IBM was very into re-engineering the company at that time," says Giles. "One of the efforts was to focus on all the site operational activities, of which security was considered a part." Giles was asked by acting corporate security director Dick Frechette to help re-engineer security in the United States, and he had plenty of ideas. "I helped design the way I thought the security organization, in the U.S. at least, ought to be organized."

Security at IBM had been decentralized. Giles reported to an on-site, non-security management team and received only functional guidance from corporate security. "When I got the job as the second-level site security manager in Burlington, I was the first site security manager at that location who had ever had security experience before getting the job," he notes.

Prior to his assignment, security manager jobs were used as a way of rounding out executives who were on the way up and needed experience in other aspects of the business. "That's not all bad," says Giles, "but the problem is that the security organization would go through turmoil every time you got one of those changes.

"I assume many large companies have the same problem we were having," Giles continues. "When you have security people at various locations that aren't under the same management team, you have a lot of communication problems. Everybody tries to come up with their own solution to problems, and they implement various supporting programs differently, so you get redundancy and inefficiencies." The same job at different locations would be at different levels with different pay and background skills. Some positions were filled with people with the wrong background for the job.

The re-engineering of security

A business with about 1,000 small branch offices and 40 major locations-everything from a simple office building to a major computer installation to a large chemically oriented site that manufactures semiconductors-needed more stability. So Giles came up with a concept that all the security organizations report up through a security management chain, with four geographical territories at the top: North, West, South and Metro, which covers various headquarters and field locations. Giles added a fifth position to the management team, manager of security systems, which reflects Giles' belief that integration of technological advances is a primary conduit for reducing costs.

The five then report to the director of security for North America, which also includes Canada. When Giles and the re-engineering team completed their work in September 1994, IBM made the logical choice and asked Giles if he wanted the North American director of security position. "I was happy to take the job," he says. "It looked like a great challenge to try to pull all this together and make it work, to take a group of 250 top security professionals that were operating as 40 different teams and pull them into an operation where they operated as one team."

George Temidis, who Giles picked as his manager of security systems, says the re-organization has done great things for the morale of security employees. In the past, security tended to become isolated, he says, a "stepchild in the corner of an organization. Everybody reported to a local site. Some places reported to a facilities department or a legal or administrative department. Now we have a large organization with opportunities."

Those opportunities are well-defined, with job descriptions whittled down from 80 to five. "There is a clear path, and people know exactly what the next level is, which was unclear before," says Temidis. Giles credits "excellent senior management support," which was critical throughout the transition process.

The security management chain stops with Giles, who reports to the general manager for real estate operations. His business background helps him here: "It gave me a really good handle on how to explain the importance and positive impacts of security programs to the business executives," he says. "If I could understand how they were going to view it, then I had a better ability to explain it to them in a way that emphasizes the benefits from a business perspective."

Traveling to keep in touch

The challenges presented by a company as large as IBM keep Giles busy. He travels for about one week every month, and since his territory is so large, he says if he didn't manage his time carefully he would be on the road even more often. One solution he has found is to have at least two reasons for each trip. What drives most trips, though, is Giles' belief that quality, face-to-face communication is of paramount importance.

"I am the direct line executive management for all locations, so I think it is important that I spend time at each location every year," says Giles. "Whenever I travel, I set up a roundtable discussion with the employees at the site. I take the time to tell them what I think is happening and what is important. I always stress to them that I want them to tell me what they think is going well and what they think is not going well. I am motivated to initiate change. With an organization of our size, the only way we are ever going to get the job done is if we constantly drive change. It is important that they tell me what they think is working very well, because then I am not going to change it. If they tell me what isn't, then we can work on changing that."

Why do all this in the age of e-mail and teleconferencing?

"People do not always get the true depth of your sincerity over the telephone and computer system," says Giles. "E-mail is very interpretive. You start reading the written words, and everybody puts their own flavor to those written words." But those tools are also necessary to anyone in charge of a large organization, and Giles says he accomplishes a great deal by using them-"you just have to be sure you mix in the right amount of face-to-face contact as well."

On each trip, Giles tries to spend time with the site location executive to enhance their relationship. He will ask for a tour and feedback on various facets of site security. "It gives me a feeling of how our communications are working and whether or not the processes we worked hard to define are getting implemented similarly," he says.

Best practice, common measurement

The emphasis on communication also led to a project team approach to problem solving, one of Giles' first initiatives when he took over the revamped security organization. "I chose the project team approach to accomplish the goal of pulling everybody together as a team and getting them to communicate with each other a lot more," says Giles.

The goal of the teams is to find "best practices and common measurements." Teams are made up of at least one person from each of the four regions. Giles put together about 20 project teams to focus on various aspects of the security business. He asked them to investigate the approaches taken to various tasks and determine the best approach. Best was typically defined as most efficient from a cost and resource standpoint while accomplishing what needed to be accomplished.

"We found that many people were motivated to do certain things for different reasons and not necessarily always the right reasons," notes Giles. "We would pick the application that could be implemented on a wide scale, implement that one and drop all the others." The standardization extended to simple, day-to-day activities such as how badge inventories and lock and key programs are maintained. "If you do them enough different ways, they can drive a lot of costs," says Giles.

Risk management

Giles has kept his costs under control while improving his "customer satisfaction" rating, now at 94 percent. The rating is calculated during an annual survey on facility services distributed to all IBM employees-the "customers." Three of the questions deal with security.

Costs can easily mount, especially if the security manager fails to understand what the risks are to his particular business, says Giles. "And more importantly," he says, "you need to help the company executive management understand those risks." But Giles cautions against using "scare tactics, where you go to management and try to convince them that they ought to do something because of some major impending disaster, which is typically the thing that never really happens to you."

As an example, Giles points to the bombing of the World Trade Center and the Oklahoma City federal building. "That has nothing to do with us whatsoever. Those targets are political and governmental. To go scare your management into implementing a lot of extra security because that might happen to you is the wrong thing to do." Instead, he says, constantly analyze your environment-the country and city you are located in, the business environment-and determine your risks from those analyses. Use that information, he says, to find the programs that will mitigate the risks.

IBM has an extensive program of controlled risk analysis. "We define key points in our programs," says Giles. "If those things are in control then the program is in control. And we define them so well our people can look at them on a routine basis and assure themselves that everything is in control."

Benchmarking

With all the changes taking place in the security department at IBM over the last three years, Giles decided to do an analysis of his own. "I hired a company to do some benchmarking work with about eight other outside companies to try to understand how we are doing things differently," he says.

He found that surveyed companies' security costs averaged 30 percent more on a per-square-foot basis; their costs per person were about 50 percent higher.

IBM uses more contract security labor than the surveyed companies. Although that saves money for IBM, Giles does not believe in just going with the cheapest alternative.

"I need companies that are going to be in business with me, not just provide labor to me," says Giles. "Developing relationships is the key with those suppliers and others." Maintaining a good relationship with APS and Wackenhut, which provide IBM with contract guard services, has kept those partnerships successful and rewarding. Developing IBM's relationship with Casi-Rusco, supplier of the controlled access network, has been a key factor in implementing changes. "Leveraging costs is achieved by finding the right balance of proprietary resources, contract resources and technology," notes Giles.

Beyond security

Giles is a busy man. One of his hobbies, he says, is trying to find enough time for a hobby. When he does find the time, he enjoys tennis and woodworking. He and his wife Linda have raised four daughters, ages 21 to 28. Giles' daughters broke a string of five generations of all-male offspring. Even Giles' brothers haven't had any daughters.

But breaking the mold is nothing new to Giles. After all, he's risen to the height of his profession without earning a college degree. He began work at IBM directly out of high school in 1967, and he has been following his own course of study ever since. Before taking a job in engineering, Giles took math and engineering courses. Later, he studied a combination of marketing and computer programming in order to become a systems engineer, helping sales representatives to find the right technical solutions for customers. And before he entered the security field he took courses in industrial espionage and high technology. He has also taken courses on executive protection and counter-surveillance, which prepared him for his Latin American assignment. Finally, he does some one-on-one study with the specialists within the organization.

"My feeling is that you have to constantly be in education mode in order to keep improving your skills," he says.

Community involvement is another way to learn and give something back at the same time. While residing in Burlington he began a local chapter of Crime Stoppers. "I think it helped me to understand better how to interact and work with police," says Giles. "I developed a number of good relationships." Giles also put together an impromptu high-technology crime unit that gathered the police, FBI and border patrol for meetings.

Keeping the lines open

Communication has been a hallmark of Giles' career. As the head of IBM security for North America, he ensures that everyone maintains open lines of communication throughout the organization. "He makes sure that people can see him and talk to him and feel they can pick up the phone and call him, no matter what level they are," says Temidis.

Giles says everyone must communicate, "because it really isn't my job to run the organization; it is their job. It's my job to make sure they have the right environment and tools and theability to get the job done. So I've tried to focus on setting the right environment." Giles credits his people for the accomplishments of the past several years. His accomplishment, he says, is giving them the opportunity to get the job done.

And the feeling is mutual. Says Temidis, "I have gained a lot from working for him and watching him in action. It's been a very positive experience."

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue