In 1992 I started my "private sector" career as the Director of Securtiy for McKendree University. In this role, I led and managed a 24/7 operation to ensure the security and safety of all students, faculty, staff, visitors, as well as the physical assets of the university. Transitioning from a law enforcement background to an academic environment proved interesting. I remained at the university until I started my own business 1994.
In 1994, I founded McElroy Investigative Services, later becoming the Professional Surveillance Group, Inc. As a private investigations agency we provided specialized investigative services to Workers Compensation Insurance providers on suspect workers compensation and personal injury claims. I also conducted contract work for a major agricultural company doing intellectual property investigations, as well as contract work for a major supplier of video surveillance services for the personal injury and workers compensation insurance industry. I held Illinois Division of Professional Regulation Licenses 115-001117 and 117-000754. I sold my interest in the agency in 1999.
In December of 1999, I accepted the position of Director of Security, Embassy Suites Hotel St. Louis-Downtown. As a member of the hotel’s Executive Committee, I directed the program that ensured the safety and security of hotel guests and employees, as well as company assets, for the 297 all-suite urban/entertainment district hotel. I was responsible for budget accountability and the supervision of seven security officers. My responsibilities and accomplishments included;
• Turnaround Management: led department restructuring which ended a troubled legacy of high thefts, worker injuries, lack of credibility, and problematic law enforcement relationships.
• Safety Plan Development: reduced worker injury frequency rate by 21% and severity rate by 88% by pioneering safety planning that included safety training, safety education, and safety recognition and awards, as well as highly visible safety programs that raised awareness of OSHA and safety issues.
• Risk Management: attained 98 out of 100 score on 2000 Corporate Risk Profile Inspection. Advised hotel’s Executive Committee on risk-management procedures to ensure the security and safety of guests and employees, and limit exposure to risk.
• Staffing & Development: achieved 90%-plus staff retention rate in high turnover hotel-service industry. Championed and led staff development, mentoring, recognition, and promotion opportunities.
In 2001, I was promoted to the newly created position of Investigations Manager, Hilton Hotels Corporation. In this position I was responsible for loss prevention investigations and physical security technology research and technology deployment to 700 owned or managed hotel properties in 77 countries. Responsibilities and accomplishments include;
• Investigations: assisted corporate Legal, Information Technology, and Human Resources Departments with complex investigations that posed potential significant legal risk or asset loss.
• Background Screening: collaborated with the senior executives of the Loss Prevention, Legal and Human Resources Departments in the sourcing and selection of the vendor of the domestic Background Screening Program that averaged 35000 pre-employment background screening checks annually and resulted in a $450K savings over the contract term.
• Physical Security, CCTV, Access Control, Perimeter Security, Security Lighting and Critical Communications Technology: coordinated and led multiple successful projects and launch of new security technologies and programs from sales and engineering through systems installation, training, financial integrity, and project closeout.
• Multi-Agency Liaison: served as key point-of-contact with US State Department and US Department of Homeland Security for hotel facility security threats.
• Security Intelligence: pioneered and managed the Hilton Loss Prevention Information Sharing System, the Hilton Loss Prevention web site, and the relationship with the National Center for Crisis and Continuity Coordination to provide real-time readiness reporting to enable the sharing of sensitive security information among security directors and loss prevention staff. I was also responsible for the analysis of crime and threat statistics and assisted with the development of procedures and programs to mitigate and, or respond to identified security threats.
• Threat Assessments: executed risk assessments and vulnerability analysis on facilities located in high risk areas, including facilities located in the Middle East. Worked with the resident security team and facility management to identify cost effective solutions, vendor and, or provider services (equipment / services specifications, RFP development, and vendor identification / selection), compliance safety and security regulatory requirements, safety and security policy and procedure review and development, and training of facility staff in safety and security procedures.
In 2007, I was promoted to the newly created position of Enterprise Information Security Office - Incident Response Director, Hilton Hotels Corporation. Across an enterprise consisting of 3000 (owned, managed, and franchised) domestic and international hotel properties, I directed all aspects of response to real or suspected breaches of logical data. My responsibilities and accomplishments included;
• Leadership and Management: was responsible for setting objectives, metrics, policies, and guidelines related to compliance with government and industry data security incident response standards, including Payment Card Industry Data Security Standards (PCIDSS). I assisted with information security incident response awareness and compliance reporting. Plus, I directed a staff of IT Security professionals including a Digital Forensics/ Information Security Incident Manager. Also, served as key point-of-contact with law enforcement, merchant processors, and credit card issuers on incidents related to the compromise of logical data.
• Information Security Process Improvement: assisted with the establishment of the policy that directed and verified implementation, monitoring, reporting, and escalation of suspected and real Information Security incidents and anomalies in the Information Technology operations areas.
• Investigations: directed and, or coordinated investigations related to breaches of guest information, fraudulent use of corporate IT systems and loss of IT devices.
• Capital Planning and Management: managed the budget for Incident Response and Investigations team, as well as costs of external resources and consultants. I shared fiscal responsibility with the Information Security Officer of the overall operating budget of the Enterprise Information Security Office.
In 2009, I left Hilton Worldwide as a result of outsourcing and company transitioning. After a month or two of leisure time, I came up with the idea of starting a consulting practice that focused on safety and security consulting services for the hospitality industry. I called my former Boss about the idea and he agreed to come out of retirement to join me in this endeavor. Together we founded the HSCG, LLC.
As a consultant and trusted advisor, I provide safety and security consulting services that include; risk assessments, safety and security program development and physical security systems project management. Our clients have varied and include: places of public assembly, hotels and casinos, resorts, law firms and warehouse/distribution centers.
With the goal of reducing losses, their attendant costs and future liabilities, my role is to:
• Identify and, or assists with cost effective solutions utilizing security risk assessment and vulnerability analysis processes; vendor and, or provider agnostic security project management services (equipment / services specifications, RFP development, and vendor identification / selection); security related regulatory compliance guidance; security policy and procedure review and development; basic and advanced training of facility staff in security procedures.
• Identify and, or assists with cost effective solutions utilizing workplace safety risk assessment and vulnerability analysis processes; vendor and, or provider agnostic safety project management services (equipment / services specifications, RFP development, and vendor identification / selection); safety related regulatory compliance guidance; workplace safety policy and procedure review and development; basic and advanced training of facility staff in workplace safety procedures.
• Provide litigation support and Expert Witness or forensic testimony in cases relating to safety and physical security.