A highly functional security program requires attention to detail, dynamic communication, and building and fostering relationships. Whether during my time serving in a combat environment in Vietnam as a medic with the U.S. Army’s 5th Special Forces Group, leading the United States Secret Service as its 19th Director, or developing security practices for all NFL stadiums during my tenure as the director of security for the Cleveland Browns, these core pillars have always been required for success.
The same holds true for a top-tier security program for a regulated cannabis business. Here is my advice for companies developing their own security plans.
1. Conduct a risk assessment, and never stop.
A detailed approach begins with an initial thorough risk assessment. This evaluation should not only examine the threat environment (i.e., the actors, their capabilities, and the realities of your environment), but also be tailored to effectively support the regular and sustained operations of the facility and business. Additionally, the risk assessment must include the local community, its resources, its geography, and prospective mutually beneficial partnerships with first responders and community leadership. Undoubtedly, the ongoing risk assessment program is not only vitally important, but it becomes more complex with intelligence management, defensive strategies, and evolving environments.
2. Build a rapport with locals and law enforcement officials.
I was very fortunate in this respect, as Andy Rayburn, CEO of Buckeye Relief, prioritized communication with the local community at the business’s very early stages. This was a team effort that included educational discussions in announced public forums with concerned citizens and local city, county, and state leaders. From the very beginning, Buckeye Relief was committed to working with and giving back to the community. Matt Winningham, Buckeye Relief’s security lead, and I built a strong, mutually beneficial relationship with the local police department by inviting them into our facility, volunteering, supporting multiple annual fundraisers, and more. These relationships continue to pay dividends for security operations at Buckeye Relief.
3. Create a plan that includes your IT department.
A relationship with your information technology (IT) director or department is a paramount security connection that requires accurate, relevant, and timely communication. In a world that is continually becoming more technical and automated, no state-of-the-art security program can be absent of cutting-edge technology; therefore, a security program and the people behind it must understand the latest technical vulnerabilities and be well-versed in cybersecurity.
4. Make everyone’s roles and responsibilities clear.
Communication also is needed to ensure that everyone is aligned and understands their roles within the overall security department and its operations. Furthermore, security leadership must communicate and align with management to understand possible risks and exposures, as well as to identify and understand all acceptable risks. This process begins with the initial security plan and its submission to the governing body, and continues through construction, building operations, and product transportation, in addition to all future modifications, updates, and unforeseen events.
5. Thoroughly vet your security team and partners.
It can be difficult for stakeholders in a cannabis company to quickly determine qualified and competent security applicants and solutions versus those groups claiming to have the same qualities and same wealth of experience. Whether internal or external, validate verifiable extensive experience, preferably in the cannabis industry, that demonstrates a core mastery of attention to detail, dynamic communications, and the ability to build and foster successful relationships.