“Corporate security professionals can give employers a real competitive advantage”: Abbott security director Joule Sullivan

In an increasingly complex and dangerous world, how can the modern corporate security professional not only minimise risks to people and assets, but also bring commercial value to their employer?

Joule Sullivan, Director of International Security Operations at global healthcare giant Abbott, has a number of suggestions. Based in Dubai, Sullivan is accustomed to operating in some high-risk countries, especially within the Middle East.

Speaking to IFSEC Global, he explains how corporate security professionals can add value by better leveraging their peer networks, mastering the art of fear management and learning languages – both linguistic and the “language of cybersecurity” – among other things.

This interview is the first installment in a new series called Critical Conversations, in which IFSEC Global speaks to senior security professionals in a wide range of commercial and public-sector environments, including critical national infrastructure, as well as respected academics in crisis management, security risk management, policing and a range of other corporate security disciplines.

IFSEC Global: Hi, Joule. Please tell us a bit about your background…

Joule Sullivan: I started in the Australian Army – infantry first, then intelligence with operational service in both roles. I left the army in 2007 after six years.

I studied Arabic in Syria and set up a business in Iran and then joined BAT. BAT has one of the oldest and most respected corporate security functions in the world, so it was a great learning experience. In 2016 I was fortunate enough to take on a regional role with Abbott covering EMEA and I recently took on a global role.

IG: And what does Abbott do?

JS: Abbott is a global healthcare company. It has a broad range of branded generic pharmaceuticals, medical devices, diagnostics and nutrition products with a presence in over 150 countries to help people live their best live through good health.

“Corporate security is still relatively new and needs to mature in certain areas”

IG: How would you describe your role at Abbott?

JS: Very similar to other healthcare and FMCG [fast-moving consumer goods] multinationals. While the standard security programmes run globally, the focus will vary region to region.

In North America and Europe the focus is predominantly on physical security to secure manufacturing sites. In Latin America supply chain security is of paramount importance. In Asia it’s product integrity and crisis management for disaster prone countries. In the Middle East and Africa the focus is on travel security and, again, crisis management.

IG: How difficult is it to measure and manage risk across such a broad range of areas, at so many sites and across so many geographical locations?

JS: The short answer is: you need a very capable team! That is the key: hire right, nurture and grow your talent. That and a highly organised, efficient day to day approach.

Broadly, corporate security is still relatively new and needs to mature in certain areas. I think the discipline of physical security is quite robust – we know how to secure sites, personnel etc – but where I find it more challenging are frontier markets where we’re dealing with both fear and security risks.

If there is a business benefit to operating in a certain country, then in the vast majority of cases corporate security professionals should be able to facilitate that while adhering to duty of care requirements and operating per international risk management standards.

Informing and enabling the business is key. I don’t think that security professionals should say “no, that can’t be done” until all credible options have been thoroughly examined. I have a firm belief that we should say “yes we can do it – and here are the options as to how.”

Abbott has an office in Dubai

IG: So you feel that your input is welcome at the highest level in the boardroom?

JS: Most of my experience is at the regional level, and yes, security is viewed as a trusted advisor and reliable problem solver. Leaders in all companies will always respond positively to their corporate security teams pushing to enable business across the world.

“Even in low risk environments, you can still add important value if you create relationships and actively go out and create opportunities.”

I find it easier to deliver a more impactful output in high risk or disaster prone countries – there is usually a strong appreciation of the importance of security in such places. Having said that, I also believe that even in low risk environments, you can still add important value if you create relationships and actively go out and create opportunities to add said value.

“It’s vital to put in the effort to increase your commercial knowledge”

IG: Are there any challenges particular to the healthcare sector worth discussing?

JS: I view it as one of the more interesting sectors to work in. Healthcare companies have offices and large manufacturing facilities since they are  providing life-changing technologies to people around the world, staff in the field and on business travel, physical products moving around globally.

Diversified healthcare companies in particular have a certain level of complexity due to the many different product lines, various divisions and stakeholders so this results in a challenging and satisfying work environment.

IG: What do you do in terms of training and research to make sure you’re abreast of the latest best practice, for the benefit of your employer and career development?

JS: Networking with peers is vital. I’m involved in numerous formal and informal networking bodies and place huge importance on the relationships that come from them. Further, maintaining strong relationships with vendors across both geographies and the differing technical disciplines is a must.

As far as training goes my focus has been on languages over the years. I’ve studied Arabic – difficult yet hugely useful. I also completed a Masters in Security and Risk Management, which really raised my understanding of our profession.

IG: How hard is it to get to grips with cybersecurity threats and what is your level of involvement on that side of things?

JS: We have a separate cybersecurity team, but there is obviously close crossover.

As we all know, more and more convergence between security risk management and cybersecurity is inevitable as the world becomes increasingly automated and technology-reliant.

IG: What advice would you give to young security professionals who want to progress their career and secure roles as senior as yours?

JS: There is no one ideal path into a senior corporate security role. The key thing in my view is to put energy into networking. I mean purposefully discussing the challenges you face, what vendor you are using to solve a particularly difficult problem, and so on. Any effort put into networking is effort well spent, not just in terms of personal learning but in terms of increasing your usefulness to your company.

Another thing we could do a lot better as professionals is commit to languages. I see a lot of people who want to learn Arabic, for example, but very few commit. If you learn a language, not only will it greatly assist you in building relationships, but you’re also invariably adding a whole other level of cultural and region-specific knowledge – the business will recognise and respect the increased value that you bring.

I also think it’s vital to put in the effort to increase your commercial knowledge. If you can understand the commercial challenges on the minds of senior business leaders, then not only will you be able to speak their language and hence build credibility, you will be properly understand the risks that exist outside of the purely security space, and identify areas where you and your team can add value.

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

Listen to the podcast today