SECURITY TODAY brings you an interview with Sahima Hannan Datta, the Global Security Program Manager of Shell Plc, Europe. Sahima is an experienced security professional who has served in a central police organisation in India before she moved to corporate security. Sahima also featured amongst the Top 20 Indian Women Influencers in Security 2020 (TIWIIS 2020).
How did you develop an interest in the field of security?
Being a product of the Civil Services in India, my career path in the field of security was not a conscious decision. I was assigned to join the Central Industrial Security Force (CISF) by the government in 1993 based on my rank in the entrance examination. However, after a year of rigorous physical and psychological training, I proudly donned the uniform and served my country for 20 years as a Security Protection Specialist. (The Central Industrial Security Force is a federal police organisation in India under the Ministry of Home Affairs. It is one among the Central Armed Police Forces. CISF provides security to over 350 industrial units, critical infrastructure projects and facilities and establishments located all over India.)
At first, my pride in wearing the uniform stemmed from being one of the few women in a male-dominated field and commanding battalions. However, as I gained more experience as a security professional, my focus shifted to what value I could bring to the job and how I could contribute to keeping our society safe and secure. I realised that being a security professional was an unconventional career path, but it was exciting and offered endless opportunities for growth and learning.
Can you recount briefly your previous experience working in government security agencies in India? What were some of your key responsibilities?
During my tenure with the CISF, I served as a uniformed officer in various industries, including ports, airports, and ministries of the Government of India. My roles were diverse and ever-changing, ranging from operational security of critical national infrastructure to commanding battalions, training, administration, investigations, internal security duties, and protection of government assets during general elections.
One of my most cherished responsibilities was commanding a unit to protect over 40 buildings and ministries of the government in Delhi, which included the North and South Blocks, where South Block houses the Ministry of Finance and the Ministry of Home Affairs and the North Block houses the Prime Minister’s Office, Ministry of Defence and the Ministry of External Affairs respectively.This was a challenging task that kept me on my toes, but it was also a great opportunity to demonstrate my skills as a security professional.
Another significant experience was my three years of service at Mumbai airport, which was a dynamic and constantly evolving environment with multiple agencies from both the private and public sectors. This experience taught me how to handle complex challenges effectively and work collaboratively with different agencies.
I was also a part of the prestigious “Consultancy Wing” of the CISF, where we provided security consulting services to the private sector, including risk assessments, security design, and security plans.
In my later years as a senior officer, I worked in the domain of “POSH” (Prevention of Sexual Harassment) as the Chairperson of the North India Committee of the CISF. This role involved investigating cases of sexual harassment and spreading awareness on such issues, which was a crucial step towards creating a safer and more inclusive workplace.
While in the CISF I got the opportunity to work in the United Nations Peacekeeping Force in Kosovo as a civilian police officer, which gave me a glimpse of what it is to work in a global multi-cultural environment and set the foundation to reach out for global roles.
Overall, my two decades of service with the CISF were filled with diverse and challenging experiences that helped me grow both personally and professionally.
How has your experience working in India helped you in your current role as a global security professional working in Europe?
My experience working in India as a security professional has been invaluable in shaping who I am today in my current role as a Global Security Program Manager in Shell Plc in Europe. As a member of the CISF, the only government armed force in the world specialising in asset protection, I gained core competencies that have been instrumental in my transformation to the current role. I used to design security systems to mitigate assessed risks, which is similar to the work I do now in advising businesses on technical solutions and designs for enterprise deployment.
The fundamentals of the security profession are universal, and my experience in the rapidly globalising India has helped me develop a keen understanding of diverse security risks, assets, and stakeholders, which has prepared me well to work in the international arena.
How do you approach risk management in your current role?
My role involves providing technical security solutions that effectively mitigate risks to all company assets. This requires a critical focus on risk management, where solutions must be aligned with the risk assessment and fit for purpose to be effective in mitigating security risks.
It is crucial for security professionals to provide advice that adds value to the business, rather than just suggesting costly solutions that do not align with the assessed risks.
How do you balance the need for security with the need for business efficiency and growth?
To achieve this, I first understand the business, its growth path, and how it generates value and efficiency. This knowledge is crucial in performing a thorough assessment of the threats and risks that the business may face.
Next, I work on developing a security solution or plan that is ‘Fit for Purpose’ and aligns with the agreed risks. It is essential to gain buy-in from the business stakeholders to ensure that the proposed security solution is feasible and practical.
I also recognize that businesses may have different risk appetites, and as a security professional, I need to be mindful of this. Sometimes leveraging existing mitigations from other functions such as safety and looking for opportunities where they can be applied to security risks also helps.
Lastly, I avoid playing on the ‘FUD’ (Fear, Uncertainty & Doubt) factor and creating unnecessary alarms for the business. Instead, I work to communicate the security risks and solutions in a clear and concise manner, ensuring that the business understands the risks and the value of the proposed security solution.
Can you walk us through your experience in managing security incidents or crises in your current or previous roles?
Certainly! Incidents and crises are an inevitable part of the security manager’s job. To deal with them effectively, a well-planned response is crucial. As a security professional, I have always ensured that detailed response plans are in place for all possible security risk scenarios, which are identified during the initial risk assessment phase.
These response plans must have clearly defined accountabilities and responsibilities, so that when an incident occurs, everyone knows what their role is and what needs to be done. It is also important to ensure that the resources involved in incident/crisis management are well-equipped and trained to execute the plan seamlessly.
Regular mock exercises are also necessary to test and improve the incident/crisis management plan. These exercises simulate real-time scenarios, making the team more equipped to deal with any unforeseen incidents/crises that may occur in the future. By conducting these exercises, we can identify gaps and refine the plan to improve its effectiveness.
In short, incident/ crisis management is all about planning, ensuring well-equipped resources, and regular exercises to refine and improve the plan.
How do you foster a culture of security awareness within your organisation?
One of the key take-aways to achieve this is by leading by example and intervening respectfully when necessary. This means that security should be seen as a shared responsibility at all levels of the organisation, from the top down, and that everyone understands the importance of maintaining a secure workplace.
It’s important to equip all staff members with knowledge of security risks, especially when it comes to personal security behaviours. This can be done through various means, such as global campaigns, easily accessible web pages, and structured periodic awareness sessions, which can be led by regional or country managers.
How do you stay up to date with the latest security trends and developments?
To stay informed and up to date with the latest security trends and developments, I use a variety of sources. I regularly read security publications, which provides news and top insights on emerging security threats and solutions.
I also subscribe to risk reports published by both private and government agencies which provide valuable information on the latest threat and risk trends.
Attending conferences, webinars, roundtables and summits is another important way for me to stay current on the latest security developments. Recently, I had the opportunity to attend a technology fair in Las Vegas, which was an excellent opportunity to learn about the latest technologies available for security risk mitigation.
Lastly, being part of various professional networks helps me to stay connected with other security professionals and gain valuable insights and knowledge on all developments in the security world.
How do you manage your work and family?
I think it’s important for all professionals to have a work-life balance, and I appreciate the question. However, I do find it amusing that this question is often directed more towards women than men.
That being said, I’ve been fortunate to have a supportive family that has allowed me to balance my career and family life. To maintain this balance, I follow a few key principles:
First, I set clear expectations with both my family and my work team from the very beginning about what I can and cannot do. This helps me avoid overcommitting and spreading myself too thin.
Second, I create clear boundaries between work and family time. I make sure to not let these two areas overlap, which helps me be present in the moment and more effective in both areas.
Third, I prioritise self-care and ensure that I have time set aside for myself to pursue hobbies or activities that bring me joy and help me recharge.
Finally, I always remember that in a conflict between work and family, family comes first. This is an important value that I hold dear and has helped me navigate tough decisions.
Any parting thoughts for young PSI career professionals? What advice would you give to those just starting out in this profession?
This is a growing profession that is becoming more technical by the day, so to all the young PSI career professionals, I would like to say that,
● You are in the right profession! It is growing rapidly and there are many exciting opportunities ahead.
● Stay up to date with the latest security developments and trends in the world, including threat intelligence, geopolitics, security technology, and having a strong functional knowledge base.
● Expand your knowledge base by exploring other areas that overlap with physical security, such as information security, data privacy, and cyber threats, etc.
● Communication skills are critical to any profession. Without strong written and verbal communication skills, you will not be able to convince businesses to accept why you are important to their value chain and what you can contribute to their bottom line.
● Learn to listen actively. It is the most important component of effective communication.
● Develop the ability to think strategically for any project, assignment, or running day-to-day operations. Think multilaterally.
● Build networks beyond your security environment. Connect with other professionals in your industry and outside your industry.
● Learn from any previous experiences you may have had, particularly from uniformed services. The next step is to unlearn and shed the mindset of a uniformed person and then understand what is expected of you by your organisation in terms of delivery.
● Lastly, make yourself visible. Security is an invisible input everywhere. Therefore, to raise awareness within your organisation, take steps to be seen by creating value for each individual in your organisation.