How Intelligence Shapes Modern Corporate Risk Management with Jim Bacigalupo

0:00

Fred: 

Diplomatic Security Service, retiring as a presidential appointee to the Senior Executive Service. His career includes senior leadership roles around the world, from serving as the Director of Security for the U.S. Mission to the United Nations, to managing an $850 million security operation at the U.S. Embassy in Iraq. Today, Jim brings that deep government and global security experience to the private sector, navigating complex threats facing multinational financial institutions. Bach, welcome to the Ontic Connected Intelligence Podcast.

Jim:

Thank you, Fred. Pleasure to be here.

Fred:

It’s been a long time, my friend. I miss the old days, but I’m glad you’re able to join us today on our podcast. You spent decades protecting U.S. interests around the world, from Prague to Iraq to the United Nations. Looking back, what experiences most shaped how you think about security leadership today?

1:30

Jim:

You know, Fred, as you know, when I first started out as an agent, I did a lot of the grunt work, basically, cases, investigations, protection. And I always volunteered for different challenging things, like protecting the US ambassador to the UN, which is a cabinet level position. And I got to talk to a lot of the agents, and I got to work with them a lot. So I realized early on that you have to know your people and be able to plug them into the right area or role that works with their personality and what they like. And that’s the way you get the most out of people. So I think that really helped me form a leadership type management type role by plugging in the right people to the right areas.

Fred:

Bach, were you covering, refresh my memory, did you have Ambassador Vernon Walters at the time?

Jim:

Yes, yes, which was a cabinet level position. So as a junior agent, I was back and forth to the White House a lot, which was very interesting.

Fred:

Yeah, an amazing man with quite the storied history, not only in the military, but at the CIA.

Jim:

Exactly. I visited, he was the ambassador at Lawrence also, and we visited about 25 countries. 

2:48

Fred:

Bach, what was the hardest transition when you moved from diplomatic security into the corporate CSO role at MUFG? I know looking back on my transition, it was pretty challenging.

Jim:

You know, it’s pretty interesting because when I did the interviews for the bank, a lot of people said, oh, there’s going to be no way you can transition from the government to corporate security. And I sat down with Ray Fournier. I don’t know whether you remember the name. 

Fred:

I do. 

Jim: 

He was in the role that I’m in now. And we talked, and I said, you know, this is perfect for a person from diplomatic security. Because at the bank, it’s public versus private. You have to segregate those areas, you have to make sure, it’s just like classified and unclassified. So it’s very similar, it was very easy to plug myself in, and then also we do investigations, we do protection, we do a lot of the run-of-the-mill things that an agent does. So I think the transition was pretty quick and pretty easy once I put my mindset on it, that classified, unclassified, and put the restrictions in similar to what we have in an embassy. So it worked well.

4:03

Fred:

Yeah, our folks have done extraordinarily well and you certainly have had a wonderful career both in the public and private sector. And you’ve managed everything from embassy security to massive overseas operations. What surprised you the most about the risk landscape inside a global financial institution?

Jim:

It’s interesting. We have a lot of audits, and it’s a lot of things that, like, we just went through two different audits for security, and they’re very in-depth. They go through everything. I’ve never had anything like that with the government, even, because, you know, the inspector general wasn’t that in-depth. They’d come and ask, what do you want us to look at? But when the OCC, or the Office of, what is it? Currency? Comes and inspects our data centers or things like that—they’re through everything. The thoroughness of it, really interesting to see. So that was a big deal, actually, getting to realize what they wanted and make sure we kept them happy and that we’re doing the right things. And we did. We passed all of our audits, which was great. But they come up every so often, like every quarter. So it’s a lot.

5:21

Fred:

Yeah, I can only imagine. Bach, how do you sell security internally at the bank without being seen as a cost center?

Jim:

Well, it’s interesting. I’ve had some really good bosses that respect what I ask for, because when I first came into the bank, we didn’t really have a GSOC that was run by security. It was more of a call center. And I immediately looked at it, because as you know, Fred, I ran the Diplomatic Securities World Command Center and upgraded it for technology. So I got to work actually using what we knew about what was out there and asking other banks what they used. So we went to Ontic for our case management system. We went to Dataminr for pulling different intel off of all different servers, both open source and also the dark web and other places. And then we also went with Travel Tracker so we can keep track of our employees. And then Everbridge we use to send out flash messages when we have a problem. And I’m plugged into OSEC, Overseas Advisory Council with the State Department, and also NYPD Shield. So we gather a lot of different intel together to protect our facilities and our people, which is good. It’s working the way I want now.

6:45

Fred:

Yeah, that’s amazing. Bach, what lessons from DS do you think translate directly to corporate security? And which ones don’t?

Jim:

Well, the public to private sector, classified versus unclassified, the segregation really translated well. The investigations translated well also. And the protection, I mean, you just don’t do it on the same scale we did. It’s really just keeping an eye on the executives or events where we have town halls that are outside the bank, things like that. So what didn’t work well, what didn’t really change over well, I think the fact that you have to sell security a little more than you did with the government. You know, it was back to the days before September 11th when people wouldn’t listen to us. We’re agents and you’re in charge of security for an embassy. But right after September 11th, everybody’s like, oh, we better listen to him. You know, so it was an interesting change with the government when I was there. This position, you really do have to sell your programs. And I think I’m pretty successful with it. It’s doing well, so I’m happy.

7:54

Fred:

Yeah, that’s awesome. That’s awesome. And as you and I both know that our old organization, you know, tragedy has forced a lot of change. When you look back over the years, whether it be the horrific embassy bombings or the kidnappings and so forth, it seems like it was always feast or famine. Bach, what role does intelligence play and helping your team move from reactive security to proactive risk mitigation?

Jim:

As I said, we have a bunch of different applications we use. I have really strong watch officers that look through everything, and that’s a key component to it, to make sure that you’re reviewing it correctly. Sometimes this stuff is just raw intelligence. You get something off of Citizen or X, and it’s really unsubstantiated. You can’t just put that out and say, oh my god, there was a bombing here. Oh my god, this is going on. It looks bad, but I make them research it first before we put anything out. So, double-check all the intel that we get and make sure it’s working fine before we send out.

9:49

Fred:

Do you think, Botch, the horrific murder there of the UnitedHealthcare CEO really changed the thought process amongst your executives as well?

Jim:

I think it has. I think it has. I mean, it really hit home because it was only a few blocks from our buildings here. And it really brought up the fact that you’re not really, even though you’re not seeing that much in the public, that you’re still actually a target. So we do a lot for travel security and other things with our executives. So we have a person that looks over all that for me. He does a really good job.

10:31

Fred:

You know, Botch, you oversee a GSOC and a nationwide huge guard contract, and obviously your time at State, you know, keeping an eye on the world, which in itself is a daunting task. From your perspective, what does good look like for a modern GSOC today?

Jim:

Well, it’s interesting having worked at the diplomatic security world command center and upgrading it for technology. I had a lot of people come to me and say, you need this. You need to see this one thing. It only costs $100,000 and you can see every plane in the United States. We’re trying to sell me all this stuff. I mean, great technology, but not useful for our mandate. So when I started upgrading the GSOC here, it was the same thing. You know, you had all these different contractors coming. And I went to all the other banks and asked my counterparts, what do you guys use? So I could get an understanding of what works best. And I think that really helped with getting to where we are right now.

Fred:

So benchmarking with others as to how they define what good looks like really, really helped as well.

Jim:

Exactly.

Fred:

Yeah, you know, it’s amazing, much like it was when we were with DS, Bach, over the 25 or so years I’ve been in the private sector, it’s amazing how much cooperation you do get from folks in our industry, just asking the questions, right?

Jim:

Mm-hmm. You’re right. You’re right. 

12:04

Fred:

Bach, how do you measure effectiveness in security operations beyond incident counts and response times?

Jim:

One measure, I guess, would be the effectiveness of my program outside our normal chain of command or outside our normal interaction with areas of the bank. A lot of people come to me and say, hey, I just saw this on the news. And even if I haven’t had any interplay with them, they actually do come and email me and say, what’s your thoughts on this? What do you think of this? Like when the CEO was actually assassinated, people came to me and said, what do you think we should be doing? What do we need to do? I put together a plan right away because, as you know, diplomatic security, you have to think on your feet. So I think when people come to you, you know you’re doing a good job, that you’re really moving ahead with your program.

Fred:

Yeah, that’s awesome. What role should technology play and where can organizations, conversely, over-rely on it?

13:05

Jim:

Well, as I said a little earlier, technology is good, but you can’t rely on it solely. You need the human factor. A lot of people are going to AI cameras because they can pick out stuff and people are piggybacking or whatever. You have to have somebody like a good watch officer actually looking at what’s going on first. You can’t put out an alarm right away based on what an AI says. You got to see if somebody is holding the door open because somebody has packages. You know, things like that. You got to really review things before you rely only on technology. Although it’s getting much better. Even since I started with the bank, it’s really come a long way. I just went to GSX and saw all the different vendors and some of the capabilities they have. It’s pretty amazing. But yeah, you can’t rely solely on technology. You have to have a human factor in there and people have to actually think and understand what they’re working on, make sure that it’s not just relying on a machine or AI.

Fred:

Yeah, you know, that’s really interesting. I was down at GSX, too, and when you walk around, it seems like AI is everywhere. That appears to be what everybody’s talking about. Do you find that to be the same within the financial industry that you’re in?

Jim:

Actually, yeah, we’ve moved to some AI right now. We’re only using one program right now, which is good, because you’re making sure that our IT people are following it, making sure they’re keeping track of everything. But yeah, it’s really out there, AI, as everybody knows. From co-pilot, assist with writing and things like that, it’s just very interesting.

15:03

Fred:

Bach, as you look over your career and think about everything from starting out as a basic street agent and working your way up, what lessons or advice would you give to that young person that wants to be a Chief Security Officer one day and really doesn’t know how to get there?

Jim:

Yeah, Fred, the thing with my career, it was very different. Because I always volunteered for the assignments people didn’t want, thinking this could be interesting. And by doing that, I think I made a name for myself with some of the senior people because they were like, oh that guy, you know, he’s always willing to do stuff, rather than saying, I’m not gonna, I don’t want to do that. I can’t do that. We had a bunch of people that would do that, and in the office I was in in New York, it was, I’ll take that. I’ll do that. I’m single. You know, throw me, throw me there, you know? So I would go on back-to-back protection assignments and things like that. I did a very large, couple large investigations with diplomatic security, as you know. So yeah, like always, I would tell a young agent or a young person looking to move ahead in security, don’t think that because you’re doing something different, it’s going to hurt you. It’s actually going to make you more of a well-rounded agent or well-rounded security professional, which will help you in the long run.

Fred:

You know, that’s very sage advice. You know, Bach, as a young agent myself, I remember when the CIA’s Counterterrorism Center and they decided to stand up the hostage location task force and, you know heck, I volunteer to go because you know it was a wonderful opportunity and it was probably one of the best things I ever did career wise you know being in protective intelligence investigations but going over and working on the hostages which was. You know, you want, you get the chance to see different agencies, how they work and in some cases don’t work. Right. And you know, be able to come back with a much more broader scope of, at least from a national perspective, you know, how things are done.

Jim:

Well, I remember you did a really good job with protective intelligence for us. 

Fred:

Oh, my, thank you. 

Jim:

No, you really did.

17:34

Fred:

Yeah, I appreciate that, Bach. Sometimes it feels like yesterday, and other days it seems like a lifetime ago. But, Bach, as you look over and, you know, protecting the likes of, you know, just an amazing man like Ambassador Vernon Walters and others, what are some of the key lessons you learned from individuals like that that you have protected around the globe from a leadership perspective?

Jim:

Well, it’s interesting because Vernon Walters was an incredible man, spoke, I think, eight languages fluently, was the ambassador at large for the president, President Bush, one. He just had so much knowledge and was such an intelligent person, but he was down to earth. He always looked at the agents as like his sons. I always remembered that, that this high level guy saw me trying to get into a limo and the Deputy Chief of Mission got in and took my seat and locked the door. And the ambassador saw that, at the next stop, he pulled the guy out and he goes, don’t you ever jeopardize my security. He’s my agent, you do not sit in his seat. Like, I always respected that man for that. A lot of people wouldn’t do that, but he was always down to earth, despite his position. So I always remember that. And I always try to make sure I take the time with some of the junior people here and talk to them, make sure they’re doing okay, you know, just rather than just walking in and saying, get work done, you know.

19:00

Fred:

Yeah, I do. I do. Bach, we ask every one of our guests this question, so I’m not putting you on the hot seat, but I’ve known you long enough to ask this question anyway. What does the phrase Connected Intelligence mean to you?

Jim:

With all the different technologies I mentioned, linking that with the AI and everything else, but also having the human factor in there. Connective Intelligence is how they all fit together, not just relying on your systems and also making sure your people are aware of how they work and what an effective use of them are, not to over rely on them. Connective Intelligence is very important, but you really also have to have the human factor in there. It gets rid of data silos or whatever you want to call them. So I think it’s what would you call it? Creates a unified system where everything’s working together, including the human factor.

Fred:

Well, Bach, I think it’s a great answer. There’s no right or wrong answers with that. We’ve gotten a lot of different inputs from that. So it’s always fascinating to hear how folks explain that. I want to thank you for your friendship over the past 25 or 30 years. And certainly thank you for what you’ve done for our country and certainly what you’re doing today in the private sector. And we really want to thank you for being on the Ontic Connected Intelligence podcast today.

Jim:

Well, thank you so much for inviting me. It was a pleasure being on Ontic’s podcast and always great to see you. So I appreciate it.

Fred:

Thank you.