Harris and his former colleague attended a multi-hour business continuity tabletop exercise on enterprise security risk management (ESRM), a security management philosophy that had recently become an organizational priority for ASIS. Harris says he was vaguely familiar with the concept of ESRM, but the presenters at GSX kicked off the session with a detailed explanation of the approach and laid the foundation for the rest of the exercise.
“My colleague and I were in the midst of kicking off a refresh within our global security organization of our business continuity and emergency response planning,” Harris explains. “We were redoing procedures and taking a new approach, so it was timely to attend this session.”
The exercise involved breaking into small groups and conducting a tabletop exercise on a security incident, including roleplaying in different security and nonsecurity positions to better understand the importance of proactively interacting with stakeholders throughout the organization, Harris notes.
The most powerful part of the session took place when each of the dozen small groups debriefed on how they approached the same scenario, he says.
“Everyone got all this feedback, and hearing how people would approach it or what they would have done differently to prepare for this incident—that synthesizing of 40 security professionals in a single room at a single time talking about this one scenario and approach, it all really started to click,” Harris says.
The impact of the session continued to grow during dinner that evening, when Harris and his colleague rehashed the lessons of the day and started discussing how they could implement an ESRM approach in their own organization.
“That’s the journey we went through in those 12 hours—going through the exercise, hearing this information, distilling it down, and learning how to translate our objectives into business language, which then generated the spark for how we decided to pivot our approach to security to adding value to the organization,” Harris says.
By the end of dinner that night, Harris and his colleague called their organization’s senior analyst, who was about to deploy the business continuity and emergency response plan they had built before attending GSX, and told him to put it on hold.
“We apologized profusely for all the work he’d done, because we were going to scrap it and start over, kind of,” Harris laughs. “A lot of the stuff we had previously come up with would be reused, but we reframed and rebranded it to involve other stakeholders within the organization.”
The ESRM session made a lasting impact on Harris and his organization, but GSX still had more to offer. Harris also participated in a CPP preparation course that he says was the catalyst for his success in earning the certification. And later that week in Dallas, he attended a customer appreciation event and met the president of a security organization he admired—which led to him being hired by the organization months later. Even more recently, connections Harris made at GSX with fellow members of the ASIS Young Professionals council brought him to his current organization.
“My career trajectory and journey have been highly solidified and developed through not just ASIS as an entity, but through GSX,” Harris says. “It’s hard to quantify the amount of value I’ve received out of the three I’ve attended, and it’s well worth the ticket price for what you can get out of a single event. It’s impacted my career, professional capability, and me personally, so I’m greatly appreciative for what I’ve received.”