DoD Secure-Working with National Industrial Security Program

Managing the security of classified information. What people with security clearances do. an interview with David Bledsoe ISP Iron Mountain

May 07, 2020 David Bledsoe, ISP
DoD Secure-Working with National Industrial Security Program
Managing the security of classified information. What people with security clearances do. an interview with David Bledsoe ISP Iron Mountain
Show Notes Transcript

We are so happy to have with us on our podcast  David Bledsoe David Bledsoe


He is the Manager of Industrial Security Compliance at Iron Mountain. In his job, he has oversight of 17 cleared facilities across the country, and provides training, leadership, and education to the local FSOs. We talk about security clearances  background checks and working with customers on classified contract requirements. Iron Mountain is the world’s trusted partner for storage and information systems management and provides security storage, destruction, transportation and more.

An interview with a defense contractor security manager. What people with security clearances do and how security programs are implemented.

Websites relevant to the interview.
www.redbikepublishing.com. security clearances, books, and training.
www.bennettinstitute.com.  security clearance information and education for security managers.
 

Support the show

FSO Consulting:
https://thriveanalysis.com/nisp/

We provide facility security clearance, personnel security clearance, FSO consulting and NISPOM consulting.

Personnel Security Clearances

  • How to get a clearance
  • What to expect once you get a clearance
  • What you can do to prepare for a clearance

Facility Security Clearance

✓Become a CDC Contractor

✓Determine security requirements for SECRET, TOP SECRET and SCI Clearances

✓Establish a security team to protect classified information

✓Develop and provide required security training

✓Prepare for government inspections

✓Interpret Contract specifications

✓Fight Insider threat

✓Learn Security clearance levels

✓Process Classified information

✓Prepare Derivative Classification

✓Provide required Security Training

✓Appointing a Facility Security Officer

✓Prepare for Government Audits

Security Clearance and NISPOM consulting

spk_0:   0:01
Welcome to Deal D. Secure Boot. Your host, Jeff

spk_1:   0:03
Bennett. Thank you, ladies and gentlemen, Thank you for returning for another visit. I know there's a few of you out there and today I'm really excited to bring on David Blood. So I sp For those who do not know who may not work in this field yet, I S P is an industrial security professional, and it's a certification honor bestowed by the N CMS. It's a It's a professional organization for those people who protect classified information. I know some of you out there are facilities, security officers, or you are, um, in the discipline of security, protecting classified information. But many of you are in the discipline of looking for a job, and you're wondering about security clearances. So this interview is with somebody who actually, um, protect security clearances at a defense contractor facility. Um, he works in the career of security, setting up security programs to protect classified information. And he's also, uh, responsible for bringing in cleared employees and managing. Or he works with people who manage their security clearance there. So if you have any questions as usual, please email me at editor at red bike publishing dot com. And I'll get him to David, and and, uh, he will probably be happy to answer some if I can't. Anyway. Again, it's David blood. So I s P and he is the manager of industrial security compliance with iron mountain dot com. Welcome aboard, David.

spk_0:   2:08
Thank you very much. It's Ah, pleasure and honor. Teoh be here with public security with you.

spk_1:   2:14
Well, well, I would like to know what a manager of industrial security compliance does and a little bit about what you dio.

spk_0:   2:22
Okay, So, basically, in layman's term, that's a corporate facility. Security officer. So on the corporate FSO for our mountain. Uh, and we have oversight of 17 cleared facilities across the country, and I provide training the leadership and education to the local F esos, who some are, almost are had that job as an additional duty. So it's something in addition to their full time job that they do a tear clear facility.

spk_1:   2:57
Okay, so a facility security officer is like I said, a security manager who has the clearance and they set up security programs to protect classified information. So is there a facility security officer and you mentioned this already for ah, cleared facility, which is a clear facility. Is a defense contractor organization that has a clearance. Is there an FSO for each cleared facility?

spk_0:   3:26
Yes, there is. It's a requirement in this armor. Corman.

spk_1:   3:30
Yeah. So when I wrote my book D o D Security clearance and Contracts guidebook, I, uh, wrote in their language to effect that every defense contractor has to hire an FSO. And, um, I sent it out to the community to read in. A lot of people pointed out, they said, Jeff, no, they don't have toe hired FSO. They have to appoint somebody to be the FSO. It could be an existing employees. Oftentimes it's a case. Yeah. So, um, so some larger organizations that you could think of. Maybe that Boeing's that Raytheon's real big name brand organizations there will have a facility security officer, and that's their only job. And they may have. It's a big job. Don't get me wrong, but they may have a large ah staff of security professionals, and sometimes we call them industrial security professionals. But sometimes in smaller companies that FSO may also be the CEO or they h R person or the recruiting person or a program manager who already has enough to do. What are some of the additional duty skills? I think you said that word that an FSO would have on top of their program manager job or their regular other job.

spk_0:   4:54
Well, they're responsible for implementing than this bomb standards of their facility to include storage, transportation and, you know, protection of classified done, whether it's in a storage state or whether it's being transported back and forth. Basically, what we do in our mountain with classified is restored for customers, and then, you know, we secure it, and then when they want it back, they requested back some more recurring services, like weekly or monthly and then some. Our own demand requests like you know, they'll request a certain container back, and then we'll we'll pull that from storage and then deliver it back to to the customer. And then the local episodes are also responsible for providing the annual training that's required for people that have clearances. Make sure that their periodic re investigations get submitted on time and just, you know, basically run in the Industrial Security program at that location

spk_1:   5:53
Yes. So what that means is, if you're on, it depends on what you charge, Teoh. If you're if you're on a contract in your job on that contract is to build a weapon system or transport items or whatever your contract requires you to do many times. If you do your FSO job as well, you have to come off that contract and right and charged to another charge number. And and so you have a responsibility to still build your system. But also do this Miss Palm compliance and then this Palm is a national industrial Security program operating manual. And a lot of these tasks are above and beyond what the normal clerk employee does. And, um so what? Iss, um Iron Mountain Dew. He makes a

spk_0:   6:50
mountain. Our mountain is basically a company that handles information from cradle degree. So, you know, they take information from its inception, provide ah, the ability to store it. They, you know, also do scanning the do destruction. And so it's, you know, it's the whole gamut of of information management. So from the time the information is generated to the time it needs to be destroyed, I meant provides all

spk_1:   7:23
the services in between. You know, sometimes it just happens in spite of living your life above reproach. You have an event that could put your security clearance in jeopardy. And you know, you should self report that our her before you do. You should talk with Run Sixtus immediately before you discuss it with anyone at work or your facility security officer, because Ron can help to self report in the best possible Wait. If you have questions, call Ron at 2567130 to 21 Or you can email Hammett our sixties. That's R s. Why K. S t. U s at Bond bong the letter in bot s dot com or visit his website at www dot security clearance defense lawyer dot com. Okay, so Iron Mountains not necessarily handling Iron Mountain information, they might be on contract to handle other information from other companies.

spk_0:   8:37
That's exactly right. And that's the majority of our work is handling other people's information and protecting it and safeguarding it to their their specifications.

spk_1:   8:48
Well, so how many people are on your team as on it? The manager of industrial compliance you mentioned f esos But what's a good round number of how many people were your for you on

spk_0:   9:04
my corporate team? I had three individuals myself and to others. I have a security administrator, and I have a security analyst on my team.

spk_1:   9:12
Okay, so you have administrator, an analyst, and then you work with other facility security officers. And, um so I guess the point where I was looking at if somebody was interested and they might have a security job, but they don't have a clearance yet. What kind of skills or what? Kind of, um uh, studying Or how can they prepare to get ah job to either work as an FSO or work for NFS? So if they want to change their careers,

spk_0:   9:47
Well, first thing is, you know, basically, just have to have a good, solid background on where you know you you're have the ability to obtain in a security clearance. So, you know, that looks into all aspects of your past life finances of drug and alcohol, law enforcement. One of those kind of things. Previous jobs, you know? So basically, you're history going back 10 years. It's what they look at. So if you get a job at a company, and they have a requirement come up for an FSO. You know, if you don't have a clearance, you would have to apply for one. If you did, if you already had two clearance 10 you know it would just be a matter of being interviewed for that position. And it takes somebody with good organizational skills, somebody who's mature and somebody who's going to do the right thing without somebody looking or checking our, you know, making sure that they do. It's a, you know, takes a self starter. Someone who, uh, you know, basically, you know, brings in the term leadership here. It's someone that used to looking out for the person on the right, in a person on their left. That's sort of what you know is a basic definition of a leader. When you know you make that decision that you want to do the right thing, you're going to take care of your company. And therefore those are the attributes that you're looking for, a person with attention to detail and someone who's going to point out the wrong when they see it happening and explain the reason why it's wrong and what the right processes. So it's someone who really likes to work with people and, you know, just likes to play a lot of attention to detail and point things out.

spk_1:   11:32
Well, that's that's good. I'm glad you did not say you list an attributes of a good, successful person in that field, but you didn't mention a specific discipline, which is really good. Um, I've seen people working in the security field who did not have a security background, and they did very well. Um, I did. I. I was. I was a former military, and I came out of the Army and got into the field, um, to see what else I've seen. I've seen some law enforcement people, and but most have seen engineers, business people who thought that this was a good career move. And, um, it's one of those is kind of an analytical job. As you mentioned, you've got to be able to think things through. And running a security program to protect classified information requires more than just mocking gates or or things like that. You've got to figure out what the threat is, and you have to do a risk assessment. Do you have Ah, you mentioned a ah ah, security analyst. Is that analytical job?

spk_0:   12:44
Well, yeah, basically, the analyst. The job the endless performs on my team is reviewing Theo. SF 86 is and you know the security applications. We also have a lot of public trust clearances that are, you know, required for access to unclassified government material. So we do a lot of ah, a lot of that type of work reviewing security packets, miscellaneous security forms from different government agencies to make sure they're filled out completely inaccurately. And then we provide the feedback, you know, whenever they're not and, you know, assist the people with getting them completed. You know, in the main thing for any businesses to generate revenue. So the sooner you can work through that clarity process to get those employees qualified to work on a contract to sooner, the company realizes revenue. So it's really a key element to, uh, the business model for Iron Mountain to get people cleared in a timely manner. Um, and everything is not within your control. Those things that are, would you do internally with the employees and, you know, doing the reviewing and getting the package completed is under your control. But I want to get submitted to the agency and, you know, you're sort of out of control. You have no control at that point, and you have to just trust the facility. Hey, David. David Cay. It's so basic. Really. All of the operational things are conducted at the cleared facilities across the country for Iron Mountain. But for the corporate, for the corporate team, we mostly provide guidance in subject matter expertise to those folks whenever they need it. But the majority of our work is processing people for clearances and making sure that we have enough people qualified to perform on the contract and to keep you know, you have things that happened during the contract performance. People term, uh, you know, people can lose their clearance like if they you know, something happens financially or whatever it may be. There could be no clearances that get revoked. And so you have to replace those people. So you know you can't have a bunch of people clear just to replace him, so you sort of have to do it as Ugo, you try to make sure you have enough to be operationally functional. But then if something happens, you know, you sort of have to want to fly. You have to make those adjustments and get more people processed and get him cleared so that you don't have a lot of lag time in between.

spk_1:   15:20
Yeah, so I imagine with your job, you have to be in contact or kind of with the heartbeat of the company. Because some decisions that you make, um, determines how well the company is prepared to do. It's just ah mission. For example, you mentioned having the right amount of cleared people at the right time. And so you said you were reviewing SF 86 which is I forgot the teller by. That's the application process for national security, national security applications. And so that's the form you filled out and thats what starts the investigation. But, ah, security managers in this environment also review statements of work so they can understand what the performance on the classified contract will be. And they also look at security classifications guides so they could understand that classifications level and the love of classified work that will be conducted. This is all important because the security manager needs to bring that back to the corporate so that decisions can be made on how much money to spend, whether or not you prepared to execute the work, or if you need to prepare to be able to execute the work that's coming down the pike, do you do a lot of that work as well? David?

spk_0:   16:44
Yes, Jeff, we dio get involved in all of the solicitation to take place within the government services division of our company. My team is on the copy of those, and there's, uh, there's a subject matter expert Ah Smee response list that gets sent out. And if there's something about security involved in the contract and will be listed, and then we we read through the security requirements and respond as to whether we can perform that if it's a routine ah, task or if it's something that might be special need, where we have to have additional labor or we don't have the right, you know, cleared people that we're gonna have to go out, maybe and hire some people to fill some of the rules. So, yeah, we do provide feedback on that so that the folks that are bidding on a contract have another standing of what the effort the level of efforts wanna be to be able to meet those contract requirements.

spk_1:   17:47
Well, now I'd like to tell you about another one of our sponsor, and that is our friends at Mission Driven Research. You know, Mission Driven research is a growing company providing technical services to the U. S. Federal government. Their goal is to continuously improve performance and three core values. And this mission focus is the core of mission driven. Research and fosters are highly satisfying work environment, motivating their employees to excellence. And so, I would say, visit mission driven research dot com to find out about more of what they do their core values. That image Inner three is the Goto Extra Mile for their customers grow our employees personally and professionally and give generously to their community. Yeah, that's really good, because, um, I think the, uh, the policies that the security manager comes up with should kind of like be woven with Thea with the corporate policy so they're not stand alone and that they they both are knitted together because there are all kind of issues with security clearances, especially with unauthorized disclosure and maybe some disciplinary actions or or as you is, it looks like you have, um you've won the Coxes well, award, which is very prestigious. You have to get excellence is on multiple government reviews. So congratulations on their, um, I don't I've seen situations where security managers were sent. We're kind of at the bottom of the totem pole and were only used to get security clearances started, and then they weren't consulted again. But it sounds like what you have is a good partnership with your organization were where you're you can make a significant contribution. So I commend you on that.

spk_0:   19:45
Well, thank you very much for that. I appreciate the kind words one of the things that I found it for really good for, for my team is we tried to establish relations chip with the core as soon as we possibly can after contract award. And, um, you know, they'll have a kick off meeting where the company representatives and the government representatives will be in a meeting to go over the requirements and all that. But we try to get a, you know, one on one call set up with the core so that we can communicate what we understand the security requirements of the contract to be. And then we want to know from the core. How do you want this information? Do you have certain naming conventions for your documents? You know, do you have a certain way you want this center? You Do you want all the documents scanned in and sent his one file? Where do you want each documents scanned and separately and said separately in an email, or, you know, being a separate attachment. So our goal is to make the make the life of the core is easy as possible to give them what they need in the format that they need it. So all they have to do is basically pass it on to their security team so that you could be processed and get, you know, uh, more timely feedback in decisions on the paperwork that we're submitting.

spk_1:   21:08
Okay, great. So it sounds like you've got a great system going and and I encourage others if you're not involved the same way as David is in his company to establish yourself as that go to person when classified contracts come down, be sure to review them and provide assistance and inside end leadership. As David mentioned earlier, Leadership is very important because that point you become valuable to your company and more than just the person get security clearances. They will come to you for decisions that they need to make to be successful in their business. And it is a serious business to protect classified information and train your company to do that, cause I'm sure David is involved. You're probably involved with a lot of the required training to get the cleared employees, especially or drivers and such to perform their job According to the NUS Palm, How do you train a remote group of folks? You just get him when they come in.

spk_0:   22:14
But we basically, uh, you know, have that responsibility passed on to the local office? No, for that facility. So that FSO most likely is gonna be the operations manager for that facility and, you know, be a direct supervisor or a second a tertiary supervisor for that individual. So So they have immediate, um, you know, they have the ability to have immediate contact face to face, and most of the training is done like that. It's on face to face and one on one type of training for all people to get security clearances.

spk_1:   22:51
Yes. So you've got security awareness training, you know, get the initial training, then you've got the training that you take every year to reinforce what you originally did. Some cases you might have derivative classifier training. Ah, and then you have, uh what is it? Insider threat training those air, at least three that required. What else is there that might?

spk_0:   23:19
Well, there's, you know, there's the basic training, the basic things that come with the initial trending like self reporting. And you know the things that you know what your responsibilities are for having a security clearance

spk_1:   23:32
day. We've been talking about security clearances and being a facility security officer, the person that is responsible for setting up a security program to protect classified information. So David's been tell us all about that. But what I also want to share with you is that read by publishing, um has a book out called D O D. Security Clearance and Contracts guidebook, and it's a complimentary book to our other book called Insider's Guide. to security clearances. Now the D. O D Security Clearance and Contracts Guide book tells you how. Once you set up your organization to be able, Teoh, uh, work on classified contracts, it tells you exactly how to set up those classified contracts. Certainly, if you would like to take training this facility security officer certification or training on how to protect classified informations, how to get a security clearance come visit us at Red Bike publishing dot com. And while you're there, hit the contact US tab and we have a form that you could fill out to be on our mailing list. And we send out regular newsletters to tell you how to protect classified information. How to get a security clearance. Additionally, you Congar oh to Bennett institute dot com, be in an e. T. T institute dot com and sign up for our Miss Palm or our facility security officer client

spk_0:   25:07
uh, one of the other tools that we have in our mountains. Our mountain has what they call a team huddle every day for all front line employees before they start their business day. They have a team huddled with their direct supervisor and our team is able to include industrial security topics and tidbits and reminders and, uh, you know, things like that in those huddles. So not only do the cleared employees in our mountain get in industrial security training, all employees in our amount receive some level of training, and we try to keep it at the basic level. And we find also that by putting out a little bit of information you know, many times throughout the month or through after year, works a whole lot better than having a one or two hour session just before you have your, uh, assessment from D. C. S A. We find that the information sticks better and its employees have a much better ability to recall the information whenever they're questioned by the D. C. S A lab during that assessment.

spk_1:   26:15
That's a great idea. How do you capture it? Like, you know, if you want to capture in your files that the turning was conducted. Is that automated?

spk_0:   26:24
Well, we do have what we have a system in place that all all employees that are amount whenever they report in the morning, they're required to sign in, and then they have to sign out every time they leave facility, go to lunch when they come back, someone so forth. So So there's a record each day of who's in the facility. And so the people who are in the facility will attend that meeting. And then? Then there's a, uh, there's a prepared list of topics for that day's huddle, so it's easy to show who attended to training and went to topics were

spk_1:   27:02
excellent. Well, well, that's good. I appreciate you coming on our show today and talking us through what a, um, what you do at work. And I hope this encourages our audience to not give up on the dreams that they're looking to do some classified work or if they're in this business. You've learned something new about being a leader in that business, and I encourage you to continue to learn and grow in your field. And again if you have any questions, email us at editor at red bike publishing dot com. David, Is there any last departing words of wisdom you like toe? Give us.

spk_0:   27:44
I would like to say that in the industrial Security world, the opportunities to perform are plentiful. If you ever get an opportunity in our all for DEA ability to take on an assistant FSO on FSO role. I would certainly encourage you to do so. And in this community there's no strangers. Everybody helps everybody. Anybody who has been successful in this business has had someone that reached out was a mentor to them, you know, help them along the way. So you're never out there by yourself. There's always somebody that you're able to reach out to that can get you the answer to what you need for any situation that might that might crop up. And then, of course, over time you you look forward to paying that back in doing the same thing for the people come up behind you.

spk_1:   28:37
Thank you so much for that. And I appreciate you reaching out to me. David reached out to us and asked to be on our show. And so we we appreciate you, David, and everybody have a good one. What? We're so grateful to have you here with us today and tuning in to our show. We're approaching our 1/1000 download, and that's something to celebrate. And, um, also like to thank David blood silver being with us and giving us the insight from a corporate security officer that is responsible for setting up security programs to protect classified information. And, as explained to us, there's a lot of planning involved and understanding what the security or what the classified contract details are. If you like more information, please contact us at editor at red bike publishing dot com or visit. Read by publishing dot com and sign up with our form. And you can get on to our newsletter, which will give you the latest information on Arctic Cole's geared towards security clearances and protecting classified information until next time we will see you later.