SECURITY TODAY met Mr. John Robert, the dynamic Head of Corporate Security and Risk, of VFS Global, based at their UAE Headquarters at the recently concluded Intersec 2020 exhibition in Dubai. VFS Global is the world’s largest outsourcing and technology services specialist for governments and diplomatic missions worldwide. The company manages the administrative and non-judgmental tasks related to visa, passport, identity management and other citizen services for its client governments from 3425 application centres in 490 cities of 151 countries across 5 continents. VFS Global serves the interests of 64 client governments. The company has successfully processed over 219 million applications since its inception in 2001, and over 94.54 million biometric enrolments since 2007. With such mammoth operations spread across 5 continents falling in different time zones, it’s by no means easy to manage security and risk operations of such a large enterprise. John’s outwardly nonchalant attitude is perhaps a camouflage for the hidden talents of the accomplished security professional. It was a privilege to have interacted with John after many years.
John was the recipient of the SECURITY TODAY National Security Award for the Best Security Manager, way back in 2008 when he was the Deputy Chief of Security for Nokia.
ST. It’s a pleasure to meet you again, John. Tell us a bit about yourself.
JR. I have over 25 years of work experience across industries and geographies. I have served in the Indian Army, in the banking industry, IT, high-end manufacturing and outsourcing industries. Currently I am in a global position as the Head of Corporate Security and Risk, of VFS Global, based at their UAE Headquarters.
ST. We noticed in your profile that you have a number of security and non-security certifications. What motivates you into learning and acquiring these certifications?
JR. I believe that learning is an ongoing process. Whether structured or unstructured, we learn all the time. I have certifications from ASIS (PCI, PSP and CPP), ISO and BS Standards (25999 and 27001), C.A.T.S., CBCP (DRII), CACM (IMF Academy), CSPM (SIA), CPOI (IFPO), CFE (ACFE), CRisP (BSI) amongst others. On the business side, I am a certified coach from Coaching Foundation of India (CFI) and also have credentials from Wharton School of Business, USA. Everyday, I learn more and more through articles and books, and I find new certifications both challenging and exciting to broaden one’s own horizon.
ST. You’re a certified executive coach as well, how does that help you in the security field?
JR. I firmly believe that in today’s world, a security or risk professional needs to have a very different skill set for him to be able to hold meaningful discussions at the top level, and assist the business in sustaining and thriving in adverse conditions.
When you manage global or regional operations, you have to adapt your leadership style to that of your team. Some prefer to be task based and directive, whilst others enjoy a greater degree of freedom. I use the coaching skills with my direct reports, and in the past I have also coached people outside of the company, in executive management roles. It is a very fulfilling experience to see someone you’ve worked with achieving their highest potential, and that which could play a part in their success. In the end, it’s all about human to human interaction, and I always like to understand the person’s background, their beliefs, motivations and experiences that have moulded them to become who they are. There is always a story behind a story, and as an executive coach I can help people see their own blind spots and areas of growth.
ST. What is your leadership philosophy?
JR. I strongly believe in the empowerment of people, and nurturing them to take up bigger roles and responsibilities. It requires a great deal of patience and perseverance. As security and risk management professionals, one needs to take decisions in a number of ambiguous and uncertain situations. Unless we empower our next line and set very clear expectations from them in terms of their roles and responsibilities, and give them the necessary training or exposure, they cannot succeed. I believe, as leaders, we owe a great deal to society, the people working for us, and the families dependent on them.
I am in particular a strong proponent of diversity and of women in security. My own teams over the years have always had a healthy mix of views, backgrounds, ethnicities. And in particular, it gives me great pride to have women managing key positions within a global team. Everyone needs to succeed at their own level, in order for a team, a department, and an organization, to succeed. Personal integrity and ethics always need to be at the highest. Without impeccable integrity and ethics, success has no meaning.
ST. You talked about going beyond boundaries – can you elaborate a bit more?
JR. Sure. As you’re aware, matrix and virtual teams are a norm now, but about 10 years back, only a handful of organizations were working with virtual teams. I used to lead the South Asia region for an organization back then, and had a young and vibrant team, with each one bubbling with energy and ambition. We had created a regional centre of excellence and I made sure that each of my team members were part of one or more global virtual teams. We launched a program called “going beyond boundaries” and the intent was to create global centres of excellence, outside of our zone of physical influence. We launched multiple training programs to groom the next level of security professionals. Professional certifications were a norm and each of us picked up multiple credentials, as we expanded our knowledge base and skill sets, working through a diverse set of nationalities, work cultures, time zones, collaborating virtually and still succeeding was our mantra.
In each of the virtual streams, the team members did extremely well and got global recognition. Our best practices became the gold standard across regions, and it brought me great joy and confidence to replicate it on the physical scale. Subsequently, team members were either posted or did projects across Europe, South East Asia, and other locations. Management worked through them as catalysts of change. I moved to Dubai in 2012, and my erstwhile team members moved out and picked up larger roles in London, Vietnam, Singapore, to name a few. Others are heading large organizations.
Starting with very humble beginnings, it’s a team with global credentials now and each of them is a leader in their own space. It’s a matter of great pride and joy for me to see them succeed, and spread the goodness further. I take great pride in them.
ST. In your experience, what are the challenges of leading a regional or global team?
First and foremost is the people aspect. People have different aspirations and ambitions, and this needs to be set, right from the beginning. Having clear goals and a roadmap to achieving those goals is most important. Talent pools need to be created and people need to
be trained so they can come up to the benchmark for the function. This is the only way you can have a common operating picture. As a leader, you need to recognize, and stand behind your team at each step, especially when something goes wrong. When the team is doing everything well, and acting with utmost integrity, transparency and honesty, you need to back them at each stage and empower them, even if as a leader it makes you a little vulnerable. This is how I’ve always operated and given freedom to my team to perform.
Due to the vast geographical spread, and the inherent nature of security risks, there are a multitude of challenges. Time zones and geographies need to be balanced, which means you need to be available for your team at the time they need you. I have travelled to more than 70 countries so far, and each of those experiences helped me in diversifying my thought processes and learning more about the best practices prevalent there. The ways of working differ across regions, and even countries within regions, and so as a leader you need to take these factors into consideration.
The role of security agencies, laws and regulations, changes from place to place, which also pose their own complexity in some cases. Language is a barrier in some places, and you need to have a keen eye to understand verbal and nonverbal communication.
In terms of events and incidents, my own experience is that what is reported in the media isn’t always the full truth. As a risk and security leader, one needs to have their own narrative on the event, and more importantly how it relates to the business. This comes with reading and assimilating information from multiple sources, including reputed threat monitoring inputs, having a vast network that you can tap into and seek assistance from. In the end, nothing beats the person on the ground, and the ground realities need to be considered irrespective of what’s being reported. In the end, I think of these as the challenges that any professional would have in today’s world. I embrace them, and that gives confidence to my team down the line.
ST. What are some of the traits that you think are needed in the next generation security and risk professionals?
Business savviness is extremely important. You may be amongst the best of security professionals, but if you do not understand the business realities, priorities and dynamics, you’ll soon find yourself out of tune with the rest of the management team. Your own and your team’s goals must always be aligned and be supportive of the business narrative. It’s also very important for the business to understand you and your team’s priorities and challenges so they can support you. This is the only way to build mutually trusting relationships. I strongly believe that the security team needs to help the business grow. We need to get out of the mentality of being a cost centre and move towards being a performance centre. Unless you have the mentality of being a key business enabler, security and management remain in silos and that is the worst of the situations. I have spent many years understanding the dynamics of business, interacting closely with business leaders on their priorities, and helping them grow, and it has worked with me.
The old values of strong ethics, compliance, integrity and transparency are critical. Without that success has no meaning. I believe we need to set the benchmark for our own conduct higher than that of a specific country, the laws of the land, or even the organization’s own policies. The character needs to be impeccable at all times, and under all circumstances. One needs to have a calm and composed nature, because you can only dissect all that’s panning out at a regional and global scale with an open mind. I have often seen many security professionals struggle with it, because they cannot take off the hat that they’ve been wearing in a previous organization. As leaders, one needs to bring in a very neutral stance towards any challenge and think of how it affects the current organization. Constantly learning, imbibing new skill sets and networking, are also of paramount importance. Certifications and training help to an extent in bringing in a structure to your learning. They teach you the theory and the methodology. One learns a lot through their peer networks, and that also helps you as you grow into a larger role, by bringing in their own viewpoint. Industry verticals differ, but as long as you have a strong foundation, and a good network, you’ll be able to understand and inculcate new practices that are relevant to the present context. This is the theory in action, and where the formal learning and informal
learning through networking merge.
ST. Thank you John for sparing your time to interact with our team, we are sure that our readers will enjoy reading this and the young emerging security leaders will learn from your sharing of this information.
JR. Thank you for giving me this opportunity to share my experiential learnings with ST Readers. I have been an ardent reader of ST for over a decade now, and I wish the SECURITY TODAY Team the very best for continuing to do the good work of spreading security awareness and knowledge.