Last month, Richard “Rich” E. Widup, Jr., CPP, became the 59th president of ASIS International. Widup, who is the senior director of corporate security for Connecticut-based pharmaceuticals company Purdue Pharma, began his career in the private security sector in 2001 when he joined Pfizer Global Security as the director for the Americas Region. Prior to that, Widup worked for 27 years in law enforcement, first serving as an investigator with the United States Army Criminal Investigation Command (CID) and later with the Office of Criminal Investigations for the Food and Drug Administration (FDA).
Widup said his experience with ASIS had been in “fits and starts.” He first joined the organization when he was with the Army, but was not active and let his membership lapse. Widup joined ASIS again when he was with the FDA, but again was inactive and allowed his membership to expire. However, he joined once again just prior to joining Pfizer and had an experience that changed his outlook on the value that ASIS provided to him as a security professional.
“I was working at Pfizer responsible for anti-counterfeiting, diversion and supply chain security efforts and my boss came in and said to me, ‘the logistics team wants to put together what they’re calling standards of care for the security of our products throughout the supply chain here in North America and they want to expand that worldwide eventually… can you do that?’ I said sure and after I walked out his office I said to myself, what’s a standard of care?” said Widup.
Widup said he immediately reached out the ASIS resource center in Alexandria, Va., and began to pour over information on the topic, but one name kept popping up during his research – Louis Tyska, a former president of ASIS International. Tyska encouraged Widup to join the ASIS Transportation Security Council, of which he would later become chairman. “That was just a compelling situation for me. I had so many great takeaways and that’s what has kept me going in volunteer leadership because for every hour you give, you get a hundred times back in value,” he said.
In this “At the Frontline” interview, Widup discusses some of his goals for the upcoming year as ASIS president, as well as some of the broader trends impacting security professionals across the board.
SIW: What are some the things that you hope to accomplish as ASIS president this year?
Widup: I think first and foremost, I want to continue the long line of distinguished service, dedication and professionalism that other past presidents have provided this great organization. I’m filling some pretty big shoes. There have been some phenomenal presidents in the past. The other things that we want to try and focus on this year, and these are some of the things that I mentioned to the volunteer leadership a couple of weeks ago in Arlington (Virginia) at our annual leadership meeting; I want to continue to improve upon the strategic plan. We get asked a lot about, ‘what’s your vision for the society.’ Really the goal for our society is the strategic plan and this year we’ll be updating our strategic plan and I want to make that strategic plan the best possible document that it can be. We’re spending the better part of the year on an environmental scan process to make sure that we’re incorporating, evaluating and considering all of the dynamic factors that are affecting the security profession, and ASIS in particular, so that when we sit down and draft the strategic plan it’s going to put us in a position to continue to be a value-added organization and even more relevant than we are today.
The other thing, in concert with that, is to be more inclusive and communicative amongst the volunteer leadership element. We are a large organization and we have 59 years of storied tradition and a lot of great things have come out of that, but we’re big and I want to make sure that we do as much as we can to share information, ideas and concepts across all of the volunteer leadership entities. I think by increasing communication, we’re going to improve our ability to innovate when it comes to member needs and their desires and I think that’s important. In combination with that, what’s additionally important is that we continue to identify other organizations that share an interest in what ASIS does as an organization and an interest in what some of our members do. We need to reach out to them and try to establish a relationship or a partnership where we can exchange ideas and, again, communicate and innovate to try to keep pace with this very fast-paced, changing world.
We’ve got a couple of great initiatives that are going to come out this year. I’m really pushing for involvement at all levels with women in security, young professionals forums, and promoting the efforts of the foundation. Our ASIS International Foundation last year raised $231,000 in scholarship and grant monies that benefitted 131 members and I think that’s just phenomenal.
SIW: What do you see as the biggest challenge currently facing security practitioners?
Widup: I don’t think there’s one big challenge at all. There’s no silver bullet to resolve any issue and I don’t think there’s any one issue of great concern, but I think some of the biggest that loom for a lot us is trying to match the resources that are commensurate with the risks we face everyday – whether it be people, skill sets, and funds or budget situations. I think trying to match those is extremely challenging. I think the advanced pace of the cybersecurity challenges, the skill levels and developing a culture that protects intellectual property is equally as challenging. And I think one of the big, overarching challenges we face as security professionals, because of just the dynamic nature of what goes on every day, is trying to be better leaders and managers of our people, mentoring them and managing that inbox that changes every single day.
SIW: How difficult is it to balance the traditional physical security risks with what seems to be an unending wave of cyber threats?
Widup: I don’t know if it’s as difficult and people think it is. Certainly, the cyber risks themselves are challenging and they will always continue to evolve. I think that balancing those risks is only difficult if you’re not communicating and aligned with the other resources that you work with everyday. So, certainly on the practitioner side, that means being an enterprise security risk manager and being involved in supporting all of the business units. If you have that capability where you can perform in that capacity, then we should part of cross-functional teams that share resources and ideas to meet and mitigate those challenges.
SIW: Given your background in the pharmaceutical industry, how would characterize how security risks have evolved in that sector? How big of an issue has counterfeit pharmaceuticals become in your estimation?
Widup: It’s a big deal. I’m particularly passionate about that area because I have witnessed first-hand the devastating effects that counterfeit pharmaceuticals can have on people. It’s a big challenge. Thirty percent of the countries in the world don’t have what we would refer to in the United States as an effective or efficient medicine regulatory agency. And that means that there are not any laws on the books to help support and protect the intellectual property rights of a company to try and go after someone involved. The supply chain of the world is extremely complicated and trying to stay abreast of the challenges in supply chain security as it pertains to the pharmaceutical industry is particularly challenging.
If that’s not enough, just look at what’s going on with the Internet. The Internet is a huge, huge problem right now. The National Association of Boards of Pharmacy recently did an evaluation of the Internet and they found out that 97 percent of the sites that advertise for the sale of pharmaceutical products are not legitimate. They’re not regulated, they don’t meet the standards that we have to face here in the U.S. and other developed countries. A lot of those Internet sites are based in foreign countries and there’s really no way to track or trace where a product comes from. You don’t know if the product is going to be what you ordered and a lot of those sites are not secured, so information regarding your personal identity, credit card information, not to mention your medical status, is not protected.
SIW: Last year’s bombing at the Boston Marathon reminded everyone terrorists can and will strike the U.S. domestically if given the opportunity. What impact do you think this event will have on the industry moving forwards, especially as it pertains to the relationship between the private and public sector?
Widup: There are a couple of aspects that I think are troubling. Terrorism, kidnapping, extortion, travel security threats and challenges - those are going to continue to be ever-present, especially whenever geo-political risks increase or as crises evolve. That’s a challenge for security professionals because as businesses have begun to become more global, we have colleagues that are traveling throughout the world on business and we have to stay ahead of the curve on information regarding what are the risks in a region and is it safe for this person to travel? If they travel and we need to extract them, can we do it efficiently, quickly and safely? That’s on the internal side.
On the external side, I think what’s important and a lot of companies and organizations that security practitioners work with are sharing a lot of information daily, if not hourly in some instances, on threats as they evolve. The sharing of information amongst security practitioners and with law enforcement is going to continue to be more important that it has ever been. Public-private partnerships I think are evolving into not a nice to have, but a got to have kind of a situation. For example, I work with federal and local law enforcement almost daily on several of the programs that we manage here in our corporate security team and I know first-hand that these agencies do not have the resources that they used to. They’re relying, more often than not, on the private partners to assist them on a host of endeavors. We have situations where a lot of the private sector companies are training law enforcement on new emerging challenges. We’re providing video feeds from our buildings and tying them into municipal video camera command centers. I sense that the trend is growing by leaps and bounds and I think that’s good for local law enforcement and first responders and it is really good for the security profession.