Corporate Security Field Guide: Insights from Erin Thomas

Written By Robyn Sotolov

I recently hosted an “Ask Me Anything” with Erin Thomas, Head of Physical Security Intelligence and Investigations at Vanguard, to deconstruct a field that is frequently misunderstood by those coming from government service. Erin’s career, spanning 13 years in the federal government followed by six years at Amazon and Vanguard, offers a masterclass in how to bridge the gap between national security missions and corporate value.

Sidenote: Erin made it clear that everything she shared are her own views, she was not representing Vanguard, Amazon, or the federal government.

Here is the strategic breakdown of our conversation:

Defining Corporate Security Beyond "Guards and Gates"

In the private sector, security is often a broad umbrella covering several distinct, highly specialized functions. Understanding where you fit is the first step in a successful pivot.

  • Physical Security and Facilities: This involves managing guard forces, building vulnerabilities, and integrated tech (cameras/access control). If you have COTAR experience, it translates directly to managing these large vendor contracts.

  • Corporate Intelligence: This is about "horizon scanning." In these roles, you’re protecting employees and operations by assessing any and all threats to them, including geopolitical risks, travel safety, etc.

  • Executive Protection (EP): These roles, often board-mandated, are all about ensuring the safety of the company’s leadership. This requires the high-touch nuance of being present without being intrusive.

  • Red Teaming: Testing physical security through unauthorized access attempts and providing gap-analysis reports. Covert operations backgrounds are a natural fit here.

  • Global Security Operations Centers (GSOC): These are 24/7 tactical hubs that monitor global incidents, very similar to Agency operations centers.

Shift from Mission-First to Business-Impact

One of the hardest parts of this transition is moving from a world where security is the mission to one where security is a "cost center," meaning that they cost the company money rather than bringing it in. In a company, security exists to enable the business to take smart risks.

  • Efficiency over Growth: In government, a bigger team often signals success. In corporate security, growing a team from 12 to 200 can be seen as a failure of efficiency. You must show how you save money through technology and smarter processes.

  • Data-Driven Writing: Your ability to write an intelligence-style briefing (with concision and a bottom line up front) is a high-value currency. Corporate executives have no time for fluff; they want clear, data-backed risk assessments that lead to a decision.

  • Neighbor Stories: If you can’t talk about your work without saying "it’s classified," you won't get hired. Practice "neighbor stories": describe your problem-solving process and the impact you had as if you were talking to a neighbor over coffee. Interviewers don’t care about your sources; they care about your thinking.

Critical Pitfalls in the Hiring Process

Erin was clear about some "disqualifiers" that often trip up high-performing government professionals.

  • Title Chasing: Federal titles rarely have a 1:1 match in tech or finance. There are fewer "Director" roles in a cost center. Focus on compensation, location, cultural fit, and the complexity of and your interest in the work rather than the name on the door.

  • Consider Starting as an IC: Consider targeting mid-level individual contributor (IC) roles for your first pivot. This allows you to learn how a multi-billion dollar business operates before you take on the responsibility of managing people within a new culture.

  • Show Humility: When asked if you would have done anything differently after a successful operation, answering "no" is a red flag. It suggests a lack of the introspection and continuous improvement mindset that corporate leaders prize.

Practical Realities of the Lifestyle

Work-life "harmony" varies significantly based on the specific discipline you choose.

  • High-Response Roles: Site managers and protective intelligence are often on-call 24/7. If an alarm goes off or a threat surfaces at 3:00 AM, you are the primary lead.

  • Stable Functions: Policy, governance, and certain analyst roles tend to follow a more traditional 9-5 rhythm.

  • Shift Work: GSOC roles often require shift work or "follow-the-sun" models, making them an accessible entry point if you are comfortable with an unconventional schedule.

Alternative Entry Points and Stepping Stones

If you aren't finding the right "in-house" role immediately, maybe consider these adjacent paths:

  • Risk Consultancies: Firms like Crisis24 or Control Risks value federal skills immediately and serve as an excellent bridge to learning the private sector.

  • Customer Success: For diplomats and case officers in particular, this can be a great fit. It is relationship management at scale and fits the "Human Intelligence" skill set perfectly.

  • Vendor Tryouts: Many companies use contractors as an extended interview process. Taking a contract role can be a strategic way to show your value before converting to a full-time employee.

Bottom Line

As Erin highlighted, internal mobility is often a hallmark of larger companies. Your first job in the private sector doesn't have to be your last, but it must be a place where you can learn the business language and show that you can succeed outside of government. Don’t wait for the "perfect" senior role; find a culture where your skills are respected and start building your corporate track record and network.

Robyn Sotolov
Next

Navigating the Boutique Consulting Pivot: A Perspective from the Inside