Sarah Bynum, CPP, is director of security at Siemens Energy, Inc., where she is responsible for physical and
information security, business continuity, and the security of Siemens projects and personnel in the Americas and beyond. Bynum joined Siemens in 1998 after moving to the United States from the United Kingdom where she was a police inspector in Hampshire Constabulary.
During her 20-year police career in the United Kingdom, Bynum worked in crime investigation. When Lord John Stevens, former Commissioner of the U.K. Metropolitan Police, commenced the Stevens Enquiry into collusion between U.K. forces and terrorists in Northern Ireland, Bynum was one of two female detectives selected to be on the initial inquiry team. In 2003, after the end of combat operations in Iraq, Bynum was among the first U.S. business representatives who traveled to that country to assess electricity infrastructure and the security of reconstruction projects.
Bynum is a member of the ASIS Utility Security Council. She completed a master of science degree in Industrial Security and Risk Management from the United Kingdom’s Leicester University.
Q:You began in the United Kingdom’s public law enforcement and then transitioned into a corporate role. What, if anything, has surprised you about the private sector? Are there differences in how security is approached in the two countries?
A: Many people transition, as I did, from law enforcement into private security. You have to quickly grasp that the priority in the private sector is shareholder value and not policing. However business understands that the two can go hand in hand. A new business project may bring prosperity to a region and that can help reduce motives for crime or terrorism. In the United Kingdom the concept of business continuity was more advanced than in the United States because of the Irish Republican Army bombing campaigns targeting British businesses, particularly in the City of London, in the 1980s and 1990s. But the United States has rapidly caught up
Q: What do you know now that you wish you knew at the start of your security career?
A: The security profession is a marathon, not a sprint. Expecting instant gratification and resolution is unrealistic. You need perspective and capability for the long haul. I’ve become far more aware of the importance of embedding security
into business activities, into the entire supply chain and customer relationships, rather than simply reacting to incidents.
Q: Did you have to overcome any obstacles, perceptions, or stereotypes to get to where you are now?
A: No. In my career in Hampshire Constabulary I was given some remarkable opportunities by leaders who understood the importance of building diverse teams. In my career at Siemens I have been fortunate to have business
leaders who sought out my perspective in growing and enabling the business. They allowed me to define my team’s strategy and objectives. I was given a lot of autonomy and leadership support from the outset.
Q: Can you describe a typical day at this point in your career?
A: A typical day will begin with a review of computer security status: Are our systems properly patched and configured; is someone getting malware or spam? We systematically check the state of security and weather emergencies across the Americas and assess any impact on business activities. Then I might meet to approve security planning for a new wind or gas turbine project somewhere in Latin or South America. I’ll probably plan a business trip to review security at one of our U.S. factories and meet to design new employee communications, training, and awareness products. I’ll review the security of a collaboration project for engineering of business expansion. We always have personnel traveling the globe and if an emergency occurs then we react. My role encompasses computer security, physical security, business continuity, and investigations across our entire business and supply chain. It’s constantly evolving.
Q: How have you been able to excel in your current position?
A: I believe in exemplary customer service. I recruit team members with exemplary attitudes and train them in security, rather than the other way around, and I trust them. I believe in assessing locations firsthand so that you get as holistic an impression as possible. This means that you can speak with credibility about that situation. I have always tried to form relationships so that I have resources whom I can ask personally for help. All of this means that we provide solutions, not policies.
Q: What advice do you have about working with senior executives and stakeholders outside of security?
A: All security professionals must understand the importance of speaking to executives in their terms—being able to provide meaningful metrics and good cost/risk justification of security projects. But unless you really understand
your business goals, it’s difficult to articulate meaningful security activities to executives, so I advocate spending time learning the business and ensuring that your security projects will really enhance that business. Improved security
isn’t the destination; it’s simply another platform for business effectiveness and shareholder value.
Q: What is the best advice you’ve ever received?
A: Early on in my career my CFO remarked, “Sarah, people like you but they think you don’t have a sense of humor.” I learned to be a little less formal and stiff and to use humor in my interactions with business colleagues. think it made me and my team more approachable. I didn’t want us to have a reputation as a formidable group of policy enforcers.
Q: How do you and your employer benefit from your involvement with ASIS International?
A: One of the biggest challenges in security is properly prescribing measures based on the security vulnerability. The ASIS relationship enables me to stay abreast of new technologies and practices and to impartially evaluate different
solutions. Networking with peers locally and at the ASIS Annual Seminar and Exhibits is invaluable.
Q: What do you think the next generation of security leaders will wrestle with the most?
A: Finding solutions for a generation of employees who demand mobility, autonomy, and flexibility in their work life. Todays’ workplace isn’t an office or a factory, and security solutions must reflect that reality. I expect increased legal
and compliance scrutiny concerning the ability of security professionals to foresee security risks and to correctly implement the right measures.
Q: What activities or interests do you pursue outside of work and how are those interests important to maintaining your equilibrium?
A: I enjoy anything to do with water; I dive, kayak, and sail. In each sport you have a duty for the safety of your companions, and you can’t be distracted by other concerns. That helps me to disengage from work which is important
to stay fresh. It also helps to exercise the discipline of thinking ahead and planning for the unexpected. I’m also a voracious reader of history, and it helps to understand that my ancestors had exactly the same challenges!