ComplianceGamechangers in Resilience: The Human Firewall

In the ever-evolving landscape of the business world, adaptability stands as a foundational attribute in uncertainty. Our ‘Gamechangers in Resilience’ interview series pays homage to influential leaders who have mastered the art of being adaptable and resilient.

These exceptional individuals not only help their teams and communities thrive during tough times but also inspire others by their own example. iluminr recognizes their accomplishments, shares their experiences, and salutes their unwavering commitment to success, even when faced with significant challenges.

Tim Scyner is a seasoned professional with over 20 years of extensive experience in the Business Process Outsourcing (BPO) industry. His career has encompassed various key areas within the sector, including operations, training, facilities management, and security.

With a remarkable track record spanning 15 years, Tim has established himself as a prominent figure in the field of security within multi-national BPOs. His expertise extends across a wide spectrum, covering logical, physical, cyber, business resiliency, and the development and implementation of fraud mitigation projects. Tim’s commitment to security is further exemplified through his contributions in creating and disseminating training and awareness materials aimed at fostering a secure operational environment.

Tim Scyner holds a distinguished position as the Chairman of the Call Center Association of the Philippines Security Council, where his leadership plays a pivotal role in shaping security practices within the industry. Additionally, he is an esteemed member of influential organizations such as the Joint Cyber Security Working Group (JCSWG) and the Overseas Security Advisory Council (OSAC), where he collaborates with industry experts to advance the global landscape of security.

With an impressive career spanning over two decades and a notable presence in the BPO security domain, Tim Scyner is a Gamechanger safeguarding the industry against evolving threats and challenges.


Q: Can you share your background and experience in the field of security, compliance, and resilience? What drew you to this field, and what key lessons have you learned along the way?

Tim: I’ve spent the better part of the past 14 years running security for a multinational BPO company and recently transitioned to a new company to do more of the same, prior to this I held more operational roles as well as a global trainer function traveling the world. My responsibilities included all aspects of security within any area you could imagine and therefore coordination with all departments and groups within the company.

What initially drew me to security was a very good friend who asked me to conduct security assessments while I was traveling around the world training various groups, I quickly found that I was intrigued by the numerous areas of risk that existed and how they could be mitigated.

Over the years I have learned many lessons either through trial and error or through guidance provided by good friends and mentors along the way.

I was just discussing very recently with a colleague, as we relived the moment we both learned the lesson, “If you don’t ask, you will never get what you need.”

Second lesson would be to always engage and include senior leadership in any discussions about change, knowing and understanding how any change will affect different groups and having buy in from those involved makes the transition much smoother.

Q: How have conversations in security and compliance evolved in recent years?

Tim: I wanted to say that they haven’t really changed, we talk about the same issues and challenges and nothing seems to evolve but that felt unfair to all the people genuinely trying to drive change in the various fields.

So while I still believe that there is more talking than actual change in general, I would say that the evolution of focus on resiliency from basic redundancy and mitigation, to true company enveloping risk evaluation across all areas is one great evolution that is happening and one which I hope to see continue to grow.


Q: In all the work you have done in security and compliance you’ve done over your career, what are the themes that come up most often?

Tim: The failure of a company’s human firewall is the most consistent recurring issue, organizations still don’t seem to put enough focus on their people.

Not just training and certifications and repercussions but actual understanding of employee’s job satisfaction, listening to their challenges and general well-being as when these are not addressed, they quickly become the fundamentals as to why employees just don’t care if they fail to secure a company’s assets or data or resort to theft and fraud.


Q: How do you think about the relationship between resilience and compliance?

Tim: Resilience should be an all-encompassing, company level matrix of measures, controls and responses, so for me it has a natural alignment with compliance.

If you think about it, [resilience and compliance] are essentially one and the same, both areas focused on mitigating and removing damage, risk and exposure. There will probably come a time wherein resiliency is the catch-all for a number of other roles and responsibilities if it isn’t already.


Q: Collaboration across departments is crucial for success in compliance and security roles. What is your playbook for success?

Tim: Fostering relationships is critical and I am sure most would agree however I feel that to have true collaboration there needs to be a trusted relationship with those you work with.

My mentor would often say to ensure you have “money in the bank” with people, this isn’t as nefarious as it sounds.

It relates to trust, meaning you need to ensure you have trust in the bank with people you work with so they know they can rely on you, this will deepen and further the collaboration you need.


Q: As a leader in your field, how do you prioritize security awareness and training within your organization? Could you share your approach to developing and delivering effective security training programs?

Tim: Security awareness and training is an ongoing need and not a once a year thing would be my most honest answer.

The training needs to be deep and varied, it cannot be one course that is a snooze-fest for all involved.

In-person listening sessions, town halls, posters, emails, banners on internal pages and gamified actual material that is engaging rather than sleep-inducing.


Q: Change is the one thing we can all count on. People generally don’t like change and uncertainty. How do you get employees to be open to the idea of transformation?

Tim: You can never truly predict how each individual will react to change in an organization and when that change is affecting thousands it can be especially daunting to consider adoption.

In my experience you can do two things that sit within your control:

First, give as many “Whys” and “What’s in it for you” ahead of the change to all parties involved.

What do i mean by that? Explain the reasons for the change in clear understandable and considerate phrasing, not everyone will agree necessarily but transparency is your friend. Provide the benefits to the various groups at each group level, explain what they gain from the change while still remaining transparent on anything lost, again transparency is key.

Second, realise the old adage “You can’t make all of the people happy all of the time.”

There will always be some people resistant to any change and if there is nothing that can be done to resolve their particular issue then you do your best to accommodate and at the end of the day know you did everything in your power to be reasonable towards a reasonable request. Sometimes not everyone’s wish list can be met and that’s just the nature of change in large scale enterprises, you do your best to accommodate the majority.


Q: Throughout your career, you’ve worked in various regions, including APAC. How do you adapt your security and compliance strategies to different cultural and regulatory environments, and what lessons have you learned from these experiences?

Tim: There are many cultural variances across the world, in particular for communication and how things are explained differs greatly. This doesn’t mean that you have to change your whole persona and approach to communication, it does require that you consider the audience and any nuances to best approach a message or awareness campaign, training session etc.

What may resonate in the US will most likely definitely not work in the Philippines, people just react differently to content and it’s a lesson to learn on what approach works best in each country and sometimes even per location within each country.

Legal requirements also vary greatly and it is incumbent on you to know and understand all of the legal environments you operate in to ensure you can cascade that understanding to others, including clients so that there is no misunderstanding on why a particular action or activity is taking longer than they would expect or why a particular action is not possible in a given country as examples.

Key lessons I’ve learned are to remain flexible in approach and expectation for all aspects of security, maintain a foundational expectation of controls to be in place but allow for differences in approach and methods to address.


Q: How do you apply the lessons of resilience in your own life?

Tim: Having a long career in security, the inevitable result is that the approach to life in general, at least for me, becomes a never-ending risk assessment. Maybe I’m obsessive on how I view the world but yes, all activities involve an internal risk assessment which can become quite tiresome if all you’re doing is taking a trip for the weekend for example.

Still, again for me, this is how I am now and honestly it does in my opinion offer a value add to viewing alternatives in all scenarios and ensuring there are always backup plans within backup plans.

Conversely it has also created within me an acceptance of failure in everyday scenarios and the ability to shrug and say “It is what it is” when something doesn’t go as planned then look for the alternative option to move on to.