Facility Security Officers walking around is a growing practice that forces FSOs out of their offices and onto the floors where defense contract work takes place. A good resource for FSOʼs use in establishing milestones is the organizationʼs Security Protection Plan (SPP) or the Self Inspection Handbook for NISP Contractors available on the Defense Security Services Website.

1. FSO Series
A CL E A R A NCE JOB S SPECI A L R EP OR T
Security Through “Walking Around”
by Jeffrey W. Bennett, Industrial Security Professional (ISP), for ClearanceJobs.com
Security through walking around is a growing direct your purpose, attention and provides real time
answers to questions about the security programʼs health.
practice that forces leaders out of their offices
and onto the floors where work takes place. In The plan should allow opportunities for the FSO to
a defense contractor, the FSO leaves their office enforce the organizationʼs security message as well
as getting to know the names and characteristics of
and becomes engaged in relationship building
employees, team members and executives. It also allows
activities that help increase the protection of FSOs to get a face out there, thus creating a sense of
accessibility for the very people FSOs depend on to
classified information.
support the security program.
Perhaps you have already used this term or have at least
FSOs should begin with a prioritized list of milestones.
heard others refer to it on occasion. There are several
This list could reveal a security programʼs effectiveness
articles concerning the subject and a growing number
in matters of personnel, physical, IT, privacy, proprietary
of FSOs are becoming fans of the idea. For those new to
and, if applicable, classified information security. FSOs
the term, it means turning off the computer and showing
should understand the policies in effect and level of
your smiling face. An FSO who spends most of their work
security success. They should be familiar regulations
day processing information at a computer do not get the
and requirements and how they affects the companyʼs
full security picture. If their security policy is only a game
business and team members. If FSOs answer a question
of “gotcha” or simply conducting preliminary inquiries
with a “best guess” or rattle off a party line, you can lose
into security violations then the organization gets a small
credibility and cause others to doubt your abilities.
glimpse of value added.
These milestones should mark success or failure
The Plan indicating the security programʼs effectiveness. A good
resource for FSOʼs use in establishing milestones is the
The FSO primarily implements and directs a security
organizationʼs Security Protection Plan (SPP) or the Self
program to protect classified information. Part of
Inspection Handbook for NISP Contractors available on
that program involves collecting data, observing
the Defense Security Services Website. Both resources
and improving employee activity and identifying and
describe expectations, and the walk through can be the
mitigating risks to classified efforts. Security through
verification. For example, suppose the SPP directs that
walking around provides a larger return on investment
security containers may be left open when a designated
because it requires no additional security costs. It is not
difficult to implement but the practice does require a
plan. Without plan, FSOs risk effectiveness by just milling
about engaging in needless conversation and wasting
everyoneʼs time. A purpose will keep the FSO focused as
well as prevent the temptations to have conversations
and activities that can cause loss of credibility. The plan
doesnʼt have to be complicated or lengthy. It just helps

2. employee is available to observe it. The FSO is conducting manager gain ground in selling their security program
the walk through and observes a cleared employee and meeting company needs. However, the FSO should
locking all of the security containers. The FSO greets the plan each session in advance to prevent wasting valuable
employee warmly. The employee says that he is unable time and the loss of credibility. After the event, the FSO
to stick around, but is almost late for a meeting. The FSO should write up findings, recommendations and Kudos.
can now validate that the procedures are being enforced. The FSO is a manager and they represent the corporation
and senior management. In this role, FSOs should keep
conversations professional and avoid the temptation to
Feedback get into personal conversations that violate company
While preparing for the walk, FSOs should anticipate policy or privacy and HIPAA compliance. ★ ★ ★
both good and bad feedback. There will be some who
praise security efforts and there will definitely be those
who criticize or question security motives. Some criticism Jeffrey W. Bennett, ISP, is a former Army officer, FSO and is
may be the result of an FSO personally implementing an accomplished writer of security books and periodicals.
a security plan such as limiting access to formerly His books include ISP Certification-The Industrial Security
freely accessible areas. These objections are perfect Professional Exam Manual. He is the owner of Red Bike
opportunities for FSOs to explain the need for a change in Publishing (www.redbikepublishing.com).
security posture. For example if access has been limited,
the FSO can discuss how door magnets deny unwanted
and unauthorized visitors and how they reduce energy
spending by $12,000 annually. Others employees may not
understand having to comply with federal regulations.
This is also a great time for FSOs to NOT quote
regulations, but demonstrate how regulations impact the
company and the benefits of compliance. If any question
arises that an FSOʼs research did not prepare them for,
they should be candid. “I donʼt know, but Iʼll get back with
you,” is a perfect response. The FSO should be sure to
follow through and get back with the person. Likewise, if
anyone requests action that the FSO can implement, they
should do so in a timely manner.
FSOs should offer praise and kudos to those deserving.
These acknowledgements should be offered publically
and immediately. On the other hand, FSOs should avoid
criticism or wry comments directed toward or about an
employee who is critical, has committed violations, or
just doesnʼt understand security. FSOs should definitely
stay away from getting into personal conversations,
discussing cleared employee self-admittals, or violating
privacy or Health Insurance Portability and Accountability
Act (HIPAA) violations. These are better left for private,
official occasions.
Measuring Success
Security through walking around provides the FSO an
excellent tool to measure the success of a security
program. Asking open ended questions and developing
rapport with company team members will help a security
4101 NW Urbandale Drive • Urbandale, Iowa 50322 • 1.877.386.3323 • www.clearancejobs.com