This year, we had an overwhelmingly positive level of interest in our Women in Security program. Due to the number of nominations received, the Security editorial team also chose several Women in Security nominees to celebrate throughout the rest of this year in special editions of our “5 Minutes With” articles and The Security Podcasts (which you can find on our site, as well as Apple Podcasts and Spotify). 

Security spoke to Kimber Goerres, Security Systems Integration & Project Management Lead at Sony Electronics, who has served diligently in her role, ensuring the company’s error or down rate is nominal and establishing the technical security requirements for Sony offices globally. Goerres has been a key contributor to the success of Sony’s Security department and mission. Here, Goerres speaks about her role, establishing technical security requirements and ensuring improved security levels through risk, vulnerability and audit assessments.

 

 

Goerres: I worked for the Federal Bureau of Investigation (FBI) for 11 ½ years and then became a Police Officer with the Chula Vista Police Department, where I spent four years and have now been with Sony’s Corporate Security team for almost 17 years. My current role with Sony is as a security Systems Integration & Project Management lead, and my responsibilities are: develop and implement technical security solutions across the business; broaden corporate security’s reach through security engagement and awareness opportunities; provide practical security advice to key functional areas and stakeholders regarding the security infrastructure at our offices/sites; manage access controls, CCTV, and badging operations across the enterprise; foster systems improvement efforts; and routinely review relevance, efficacy and efficiency of our technical security systems and programs.

 

 

Goerres: When I first hired on with Sony, the initial focus of my job was to organize and establish a case management system. As I worked on case management, I came to understand how investigations were conducted in the private sector and at Sony. Having a background in law enforcement allowed me to quickly expand my responsibilities within Corporate Security from case management to conducting internal investigations (such as theft, embezzlement, fraud, etc.). Additionally, because of my strong relationships and networks and being prior law enforcement, I was tasked to be the primary contact for local, state and federal law enforcement agencies. I was able to use my knowledge of how law enforcement agencies work to support requests more effectively, especially during cases referred for criminal prosecution. I have always been the type of person who wants to learn new things – a characteristic which served me quite well in law enforcement – so I also jumped at the opportunity to take on security infrastructure project management (including access control & CCTV installations) for all our Sony North America (U.S., Mexico, and Canada) sites and Israel.

 

 

Goerres: When I became a Security Systems Engineer, I quickly realized that our systems throughout Sony were not configured the same way, nor were they all using the same platforms. I worked cross-functionally and with counterparts across Sony companies to benchmark and establish baseline technical security standards and site requirements. After explaining and receiving buy-in from key leaders on the criticality of standardization, cost efficiency advantages of using systems and technology that easily connected and interfaced, and balancing standards of care against strict budgeting boundaries, I implemented new standards and equipment on new projects while working to update existing systems. During those early days, I collaborated with my vendors to develop a “playbook” that outlined our equipment guidance and standards, including access control, video management, servers, visitor management, intrusion detection system and intercom systems. This “playbook” can now be provided to any vendor or new integrator that works on any security-related projects for Sony sites in the U.S., Mexico, Canada and Israel. I quickly realized, when managing security-related projects internationally, that there are unique challenges when it comes to installing “preferred” or “recommended” equipment at those locations.

 

Recently, I helped relocate our Israel team to a new building while adding a third-party location for their data center. Due to customs restrictions, I had to closely manage the shipment of all necessary components to ensure the implementation of the site security system, which was executed on an accelerated schedule. We also needed to address different and specific wiring requirements for our equipment. So, suffice to say, while I highly recommend establishing similar “playbooks,” it’s essential to remain flexible when implementing in different or unique environments, and documents should reflect and allow for that flexibility when necessary.

 

 

Goerres: The main risk management principles I apply when handling my projects are: thorough assessment, stakeholder discussions, organize project objectives, establish review cycle, roles and responsibilities, and, most importantly, reporting cadence. Communication is everything, especially when working with several different key stakeholders and vendors. Failure to communicate will result in failure to complete one or more aspects of the project. Once the project is complete, I do an “after cctions” review of the project and look to see if there is any way of improving the risk management strategies we’re currently using.

 

 

Goerres: Consistent and regular reviews of risk and vulnerabilities through a mature and well-defined compliance program are critical. Now, more than ever, creating a secure and safe environment is a challenge for today’s companies and increasingly remote working environment, yet the objectives remain the same: protect employees and reduce risk and liability while increasing the efficiency and efficacy of operations while promoting/adding value to your organization. One way to protect our assets and understand potential gaps and evolving threats is through conducting routine risk, vulnerability, and audit assessments (or compliance reviews) at all our facilities. We do this at every level within the corporate security team, including physical security & safety, crisis management/business continuity, intelligence & support, investigations, global supply chain security, compliance and systems integration and system improvement.

 

 

Goerres: Here at Sony, we try to secure our buildings using multiple security layers such as intelligence, process and procedures, technical barriers, and physical barriers. The CCTV/video surveillance and access control are captured under our technical barriers. Having CCTV/video surveillance and access control systems are valuable security techniques and are highly critical to ensuring the security of our facilities and provide us with a competitive edge, pushing potential bad actors to locations with fewer measures or layers. Our layers, including technical security measures, protect our assets (products, R&D, IP, etc.) and reputation, which protects profits and drives confidence amongst our partners. For example, having CCTV/Video surveillance systems with posted and visible signage acts as a deterrent against vandalism, property theft, employee theft and allows for monitoring of high-value assets and evidence collection. Access control systems tell us the “who,” “what” and “when” individuals access a facility (i.e., parking garages, buildings, labs, rooms, etc.). Without proper camera placement and access controls systems, we’d be missing a critical component of our security layers and investigative tools.