Luca Tenzi is a corporate security expert with over 20 years of experience in Fortune 500, CAC 40 companies, and international organizations, leading security operations in diverse environments. His experience spans multiple sectors including manufacturing, information and communication technologies, financial services, and UN agencies.

He has operated and resided in Europe, Africa, the Middle East, the Far East, and Latin America, specializing in geopolitical risk assessments and security operations in high-risk locations including Venezuela, Iraq, and Libya. Over the years, he has been entrusted to brief senior managers, C-level executives, and board members regularly on emerging and latent geopolitical and regional security risks and threats.

Luca is an innovative thinker with a proven track record of collaboration and engagement with a broad variety of business stakeholders worldwide, who is actively committed towards security convergence and integration of cybersecurity into standard security practices.

He is also a keen mentor on global security management strategies, crisis management, organizational resilience, change management, and new business culture. Among his most recent experiences, he has redesigned and implemented security and resilience governance programs for specialized UN agencies.

How did you start your career in corporate security and what is your academic background?

My career in corporate security begun in the 90’s mostly thanks to my knowledge of languages rather than for a real interest or capability in the field of security. A colleague introduced me to the Anglo-Saxon kidnap and ransom security consulting environment and my French-speaking skills were an advantage to operate in North Africa. I attended a few missions in an instable Algeria and in other north African countries, where I supported different foreign companies with local operations. These experiences opened my eyes and made me realize how wonderful this job is.

My studies in political science then encouraged me to learn more about geopolitical and regional risks analysis, and I was lucky enough to be able to do it with my own boots on the ground. After some missions on dignitary protection and a one-year long kidnap and ransom operation in a post revolution and newly born Czech Republic, I started having the feeling that I might actually be good at this.

I also had great mentors in my early career. I had the chance to interact and work together with some of the most recognized personalities of the corporate security industry. In those decades, a few pioneers working for organizations with forward-looking management teams, laid the foundations of the modern corporate and private security vision and structures.

As I came closer to large corporations, I completed a master’s degree at Leicester University in Security Management / Applied Criminology, which then became the springboard to other post-graduate courses I took in the following years. With these diplomas in my back pocket, I finally joined the corporate world and started travelling the world and learning about different culture and peoples.

Risk and threats have evolved significantly over time. How do you think the security needs of organizations have changed through the years and what are the top security concerns in these challenging times?

Criminal modus operandi evolves as fast as, if not faster than, technologies and business models. Over the decades, the growth of international markets due to globalization has brought companies and decision-makers to face the local and transnational nature of crime. From local violence to political instability, from armed robbery to endemic corruption. as the go to market evolved so did the risk exposure and the consequent security needs for corporations.

Criminals have always been looking for new ways to sneak tangible or intangible assets. It is what they do.

Let’s use kidnapping for ransom as my file rouge. Abduction meant as forcing someone to pay a monetary or property value to release an individual has been around ever since mankind; however, in the 70’s and 80’s, in Europe, but also in the US, it evolved into a mean of political pressure. Consequently, we recorded an update of kidnapping and ransom security strategies to successfully face an evolved threat. At the same time, new techniques used by terrorists moved by allegedly political reasons were then taken and further developed by ‘traditional’ crooks aiming at old-fashioned money. The private sector had to react and the kidnapping and random insurance industry was born. Multi-million policies to protect executives operating in dangerous areas were established while local criminals started targeting highly visible managers and wealthy expats.

As the industry developed way to trace cash, criminals had to adapt and react too. I remember cases in which the ransom was paid with physical products, such as tyres or mobile phones recharge cards.

Over the years, societies evolved through a Volatile, Uncertain, Complex, and Ambiguous (VUCA) environment which now progressed into a Brittle, Anxious, Non-linear, Incomprehensible (BANI) world. In simple terms, we are facing a context in which we need to become increasingly resilient in order to survive. The systemic crises that hit starting from 9/11 all the way to the recent pandemic push us to rethink entirely how we protect ourselves.

As the world evolved towards a more technology savvy and greedy environment, criminals did the same. The evolution to a 4.0 industrialization with an extended use of information technology originated new criminals that have adapted old crime to the modern world with new techniques. Cyber ransomware is nothing more than the virtualization of the early 80’s physical abduction of a senior executive. The crypto currency technology assisted criminals to become wiser and tech savvy in their ransom requests. They have adapted their modus operandi, targeting a larger number of virtual victims to collect smaller amounts instead of demanding large amounts to one particular victim.

In the last decade, cyber threats made the news. Therefore, private and public sectors had to raise their attention and steer investments towards 4.0 security, mostly trying to catch up with ICT evolutions, but always one or several steps behind the innovation curve. However, physical threats remain equally important, as demonstrated by the war in Ukraine, the geopolitical tensions in Asia, and the current rioting in France.

In my view, the top security concern is complexity. Corporation are complex environments with limited resources that must be allocated correctly. Board members must deal with complex threats by finding a balance between development in extremely competitive markets and resilience needs to ensure sustainability to their business model. For this reason, in my view, security is now more about complexity management and organizational resilience than just a response to an identified threat through crisis management.

The BANI working environment requires C-suite executives and investors to actively manage risks and investment. A key leadership challenge for Chief Security Officers, Chief Information Officers, and Chief Information Security Officers is to demonstrate the capability to propose strategies and solutions that would guarantee sufficient foresight to identify future changes in our society, business models, and technologies.

Technology is a double-edged sword for security, as it grants the opportunity to enable certain controls, but it also gives rise to new threats. How is the profession keeping pace with innovation and what are your tips for security managers who want to update their competences and skills?

Technology is a double-edged sword for society in general. It is and always will be a game changer. The speed of change / innovation is the real dilemma for security practitioners. We have been asked to think outside the box and we must move out of our comfort zone. For physical security professionals, this means spending more time learning about ICT. Training and education are a good start, but also attending conferences that are specifically meant for IT expert can be helpful.

As you deploy new IP based solutions make sure you challenge the way you do your work. As security software evolves and integrate Artificial Intelligence (AI), we shall rethink the security strategy, tactics, and operations. To do so we need to understand what AI is and how it will influence the immediate future.

One simple way to keep up with innovation is to listen to new generations. The Millennials are tech savvy and digital native. Therefore, if we are able to create the right environment, they can be a great source of inspiration for the Generation X in the security business.

However, innovation is not just about ICT. Best management practices, such as lean management or collective intelligence, should be applied to security as well. Security processes are being contaminated by the new ways of doing business in all areas. We must observe what other disciplines are doing, learn from them, sit with businesspeople, and find together ways to innovate business through security.

In your opinion, what is the relationship between security and resilience? And what can security practitioners do more – or better – to enhance cooperation with other complementary disciplines / systems and pursue organizational resilience objectives?

This response may take someone by surprise, but I think corporate security is dead. Organisational resilience is the new way forward for security practitioners.

When it comes to protecting tangible and intangible assets, organizations want a combination of efficiency and compliance. In fact, regulations are getting more and more stringent and basically ask any business to be able to foresee, navigate, and survive the storm (possibly multiple storms).

As corporate security practitioners, we must be able to operate in increasingly complex environments. The only way to do it is by looking at resilience as we used to with corporate security. Chief Security Officers and Chief Information Security Officers cannot operate in silos. And so cannot risk managers or incident and crisis managers. Organizational resilience is the new fusion centre tasked to protect the business.

Just like the post-9/11 intelligence fusion centres, we shall now push the evolution of risk management towards a more proactive and larger resilience scope. Chief Security Officers could become Chief Resilience Officers and act as natural leaders for such function; however, it must be clear that this new structure must have a heterogeneous scope and must leverage on collective collaboration.

The leader should be an individual who represents and defends the resilience needs by communicating effectively with the Board of Directors and other influential stakeholders in a collectively intelligent effort to protect the company and its assets.

What advice would you give to young people who aim to become security or resilience managers? What will the features of a successful practitioner in this field be in the foreseeable future?

There are many famous quotes that can be used to answer this question, but first we – meant as the “old generation” – must agree that security is not just about having a military / law enforcement / intelligence background. If agree on this crucial point, then the new generations will show interest towards the profession and be open to learn and grow with a positive spirit.

To the young people, make sure you “stay hungry, stay foolish”. As we move in the third decade of the millennium, security is going to be all about ability to foresee threats and manage complexity. As you build your experience, make sure you get out of your comfort zone, study and work abroad, and learn foreign languages while seizing the opportunity of meeting new cultures and understanding different perspectives. It will help you navigate through the complexity. The future resilience leaders must be eclectic in the path that brought them to the profession, more than ever before.


Author: Alberto Mattia


If you liked this article, you might enjoy reading this one.