Originally published on LinkedIn · July 2024. One year since leaving Verizon and launching Ask McConnell.
Year One
One year ago, I left Verizon after a long career and launched Ask McConnell, LLC — a converged security services company built around 35+ years of practitioner experience. If you have never started a company, here is the most accurate summary I can offer: CEO stands for Chief Everything Officer. You handle business development, client delivery, finance, marketing, IT, legal coordination, and administration — often in the same day, sometimes in the same hour.
I am grateful for my professional network. The referrals, the conversations, the people who said “you should talk to Jim” — those have made Year One possible. I am actively seeking new engagements and new connections. If you know someone who needs converged security help, I am the call to make.
A personal milestone this month: my father Bob recently retired after a combined 96 years of Verizon service between the two of us. That is a number that deserves a moment. My wife Diane continues her real estate business, and my son James is building an Amazon marketplace business. The McConnells stay busy.
Church Security & Safety
I have been doing church security and safety work for more than 33 years. It is pro bono work — faith community service — and it is some of the most important work I do. This year I have been developing new resources: updated security assessments, weapons-related policy tools, and articles specifically written for senior pastors. Recent incidents continue to make the case that faith communities need structured, professional approaches to security — not improvised responses.
Senior pastor engagement is the critical variable. When pastoral leadership understands the security posture of their congregation, outcomes improve. When they don’t, security plans sit in binders.
Training: A Program, Not a Project
The most common mistake I see in security training: organizations treat it as a start-and-end project. Complete the course. Check the box. Move on. That is not training; that is documentation. Security training is a program. It has ongoing components, refreshers, scenario exercises, and individual skill development pathways.
Brian Jantzen’s framework for security training is one I reference often: technical skills, cognitive skills, and personality skills. Most training programs focus exclusively on the technical. The organizations that develop all three build security teams that actually perform under pressure.
Security Governance: The Most Common Request
Of all the engagement requests I received in Year One, security governance was the most frequent. Organizations are struggling with structure — where does security sit in the org chart, who has authority over security decisions, how do security functions coordinate across business units?
The most common failure pattern: executive titles with “security” in the name but no actual security authority. Someone is called the CISO or the VP of Security, and they spend their time reporting on security rather than directing it. Governance is not a title. It is a defined decision-making structure with authority assigned and documented.
On Metrics
A pattern I see repeatedly: organizations launch security metrics programs, then stop tracking the metrics that do not show positive results. That is not a metrics program; it is a scoreboard that only shows winning. Real security metrics include the unflattering numbers — the incidents that were missed, the gaps that were not closed, the training that did not stick.
Balanced metrics — both technical and non-technical, both operational and programmatic — are the foundation of an honest security program. If your metrics only show how well things are going, they are not measuring the right things.
What I Help With
- Mergers & acquisitions security integration
- Insider threat identification and mitigation
- Supply chain security and fraud prevention
- Physical security vulnerability assessment
- Executive protection program management
- Security operations center effectiveness
- Crisis response planning