‘Risk happens at the coalface’ – SHIELD Security Consultants CEO John Schembri

John Schembri has a mission: To democratise operational risk management and hardwire risk-based thinking into the DNA of organisations, informing how they plan, operate and deliver. Possessing demonstrable analytical understanding of risk scenarios plus extensive security risk experience, John is leading the charge on redefining how businesses view risk. Instilling the value of organisational resilience in his clients, and helping them achieve this by using SHIELD’s revolutionary business continuity tools, has given his firm its laser focus ‒ and ultimately its path to success.

“Risk happens at the coalface: It usually starts with making wrong decisions and taking the wrong turns,” says SHIELD Security Consultants Ltd CEO John Schembri. “White and blue collar fraud, health and safety incidents, security breaches… these all happen in real time to real people in the real world.” After 18 years of military service, John was convinced there was more to managing an organisation’s security than the traditional measures of onsite guards or CCTV monitoring. “We were at a point where we needed to make sense of risk beyond the perspective of number-crunching for financial risk management,” he explains. “It was about understanding real-world scenarios and making sure organisations were ready for whatever might come.”

John launched SHIELD in 2004 with an avant-garde vision to “offer business solutions that addressed these operational risk realities”. Combining consultancy, training and innovative technology, SHIELD identifies threats businesses may not recognise themselves and delivers effective solutions and strategies for security risk management, occupational health and safety, quality risk management, fire safety, resilience and business continuity. The company has been instrumental in protecting vital national assets and critical infrastructures, designing security protocols for power stations and storage facilities, securing museums, guiding emergency response initiatives, as well as conducting security risk assessments and advising on policy development across various sectors.

What started as a one-man operation has grown into a significant player in the security consultancy industry, serving a client base that extends beyond Malta. Operating to the highest ISO regulatory standards, SHIELD comprises 15 internationally diverse and highly educated professionals who share their leader’s passion.

During the (by John’s own admission) “chaotic and challenging” early years of SHIELD, his military background (comprising the Royal Military Academy at Sandhurst, Armed Forces of Malta, United Nations and President Ugo Mifsud Bonnici’s military Aide-de-Camp) helped open doors. So did his confidence in the tailored service he was building and its value proposition. To this day, he remains committed to “being in the boat with clients, rowing in the same direction,” to help them achieve their objectives.

The sheer dynamism of the global environment is a major challenge for businesses today, John elaborates. “Geopolitical instability, natural disasters, major incidents and cybersecurity attacks are leading to the emergence of organisational resilience as a fundamental priority in operational risk management. Organisations must now accept the responsibility of being able to withstand dynamic change and deliver business continuity.” Investing in organisational resilience, John argues, is the only way to mitigate the impact of targeted attacks or external shocks on business performance, objectives and reputation.

This leads to the innovation that could be credited with developing the backbone of SHIELD’s success: the company’s proprietary risk management platform STORM (Shield Tools for Operational Risk Management) – a groundbreaking suite of tools designed to enhance the efficiency and effectiveness of organisations’ risk management and assure their business continuity. Described by John as the “most beautiful thing to happen to us”, STORM’s creation represented a milestone moment that revolutionised how SHIELD serves its clients and generated a “quantum leap” attracting clients across the Mediterranean, Middle East and North Africa. 

What sets STORM apart is its comprehensive housing of multiple risk elements on one platform. Offering audit trails, reporting, document management, and controlled permissions, STORM supports real-time risk monitoring on a bring-your-own-device basis, providing busy professionals with an optimum way of protecting their operations from anywhere in the world. “We could send information to a safety officer on the ground in Argentina, Saudi Arabia, Chile or elsewhere as we speak,” explains John.

Crucially, STORM “puts risk monitoring in the hands of responsible parties on the ground,” embodying the concept of risk democratisation that is central to John’s ethos. Instead of being the sole purview of directors, risk management becomes accessible to every individual engaged in critical decision-making, he explains.

Any conversation about risk must acknowledge the culture of risk avoidance. Addressing the question of why some organisations are reluctant to recognise and proactively deal with the risk imperative (inviting comparison with an ostrich burying its head in the sand), John highlights three significant factors: cost, competence and feeling overwhelmed.

Firstly, cost prioritisation is a pervasive issue, John warns. “Focusing on minimal expenditure over considerations such as the efficacy and viability of chosen solutions is shortsighted.” Competence is another hurdle. Risk-focused measures are often viewed through a narrow lens as unnecessary or simply as a “tick-box exercise”. These misconceptions can lead to “organisational drag” and result in risk management being wrongfully designated to unqualified individuals. Notably, a key SHIELD remit is to ensure that STORM is only operated by individuals properly versed in risk management application.

Finally, some organisations are simply overwhelmed by the need to adopt a risk-focused mindset to align with best practices including compliance, John reveals. “Resilience involves a combination of foresight, planning and adaptability – a skill set that is not universal among companies.”

This ‘ostrich effect’ offers insight into why John is resolute about redefining the image of risk management and strengthening its scope. “Risk management is not just about surviving risk. It is equally centred on learning to adapt and thrive amidst the presence of risk,” John emphasises, recalling a peer’s advice to “teach clients to view risk management as the brakes on a high-performance car.” Just as drivers can only go fast if they have the ability to brake, organisations can only pursue opportunity and innovation if they have robust risk measures in place. This argument transforms risk from a defensive necessity into a proactive, value-generating force. “Risk management is good management… it should be integrated into every decision-making process, not simply employed when something goes wrong.” The solution, John asserts, lies in embedding risk management into an organisation’s DNA so that it runs through everyday operations – not in treating it as a separate function, John asserts.

Following SHIELD’s primarily organic growth, its CEO believes a more strategic approach is now required to further expand the firm’s horizons. “Upon completing its 2023-2025 business plan targets, SHIELD will emerge as a new version, focusing on internationalisation and offering an enhanced product and service line that incorporates ‘safety by design’ and ‘information security by design’.”

Legacy seems the obvious next topic. Reflecting candidly on long-term continuity, John marries the company’s solid past with the promise of its future. “I want to safeguard SHIELD’s success so it survives me. I’d like to increase our geographical footprint via franchises in the Middle East and North Africa, and see STORM become a leading global risk management solution – hopefully cracking the mothership of risk management: the UK.” These goals will be pursued without compromising SHIELD’s existing ethics and integrity.

Looking beyond SHIELD, John is deeply invested in the broader field of risk management. Blending hope with foresight, he highlights three trends shaping the future of the global risk landscape. Technology, he predicts, “will drive operational risk forward”. The integration of wearable technology with platforms like STORM will enable larger-scale, real-time risk management. “If we can monitor our health via smart watches, why can’t we do the same with risk?”

Next, he recommends that public institutions embrace a more enterprising risk management approach to close the gap with the private sector – while also balancing enterprise with ethical risk management.

John concludes with possibly the most important factor: increased awareness. “My hope is that through the lessons learnt from historical events and incidents, employees and higher management will become more attentive towards proper risk management. Planning ahead is essential. After all, what’s the use of investigating incidents after they’ve happened?”

This article is part of the serialisation of 50 interviews featured in Malta CEOs 2025 – the sister brand to MaltaCEOs.mt and an annual high-end publication bringing together some of the country’s most influential business leaders