Security’s 25 Most Influential
There’s the visionary who nearly 30 years ago steered a new course persuading the industry to take an integration path built more on computer and communications technologies.
The top executive who helped wake all of us up to the business benefits of standards, working with government agencies more closely and realizing the globalization of security assignments and tech growth.
An industry pioneer, who helped develop the network camera, knew he started a revolution even those he influenced did not realize it at the start.
A first professional security director for North America’s largest sporting organization refined complex multi-location special event protection that is now replicated in scores of sports and convention venues. “In the not too distant past, corporate security was generally relegated to basement levels of most business interests.” Now he has the ear and confidence of the CEO at a new international assignment.
Influence can come from many directions and affect myriad colleagues, operations and future directions.
In his Publisher’s Letter this month, Mark McCourt tells us how these men and women, who have given so much in the past and present, are also “25 crystal balls,” well-known thought leaders who share their outlook on 2007 and into the future in the following pages.
There’s the long-time practitioner who sees the future of security electronics hardware “migrating rapidly toward a commodity model”…as the focus next year turns more sharply to “analysis and higher level, on-the-fly, quicker decision making” with end-users partnering more often with IT integrators.
The security executive at the nation’s busiest airport views a future in which “security and technology will continue to grow closer together.” But he warns, “We should never forget our primary role of protecting, assisting and servicing our customers.”
The growth and broader acceptance of self-regulation is in the crystal ball of a government security leader who protects 15,000 employees within 900 city facilities and more than 700 parks. His 2007 bottom line: more best practices and benchmarking as part of security’s business planning.
A tech guru predicted a cautious next year. “Intelligent video is a hot area that is sure to grow.” But he also believes that a lot of the hype around intelligent video is premature. Other members of Security’s 25 Most Influential see a breakout year for biometrics, smart cards and more sophisticated and integrated radio frequency identification.
A top security executive at a top national property management firm urges his colleagues to place emergency management training and certification on the 2007 Things to Do list, suggesting that many should also consider hazardous materials, radiological emergency management and incident command systems as the threat of terrorism intensifies.
A university professor who helped define B.S. and M.S. degree pro- grams nationwide believes in the need to demonstrate measurable value every year. While chief information officers and chief security information officers are riding high, the professor suggests there may be a fall for some of them as in-built hardware and software controls make those positions less vital.
Is the future more about quality people or more about the convergence of technology? A well-recognized healthcare profession sees it both ways, or at least warns against forgetting one for another.
A chief security officer defines the “greatest challenge in an elusive and ever changing global business as the total integration of security into the business.”
Check out Security’s 25 Most Influential Executives
How They Were PickedDuring the spring and summer, nominations were solicited from thousands of security executives worldwide. Select members of Security Magazine’s independent Executive Council reviewed the nominations and made recommendations with the magazine staff reviewing for final coverage.
If you know of a person that’s a natural for Security’s 25 Most Influential, e-mail the Editor at firstname.lastname@example.org with your information. This list is, of course, subjective, and does not portend to be complete. There are plans to continually enhance this unique and useful list.
Security’s 25 Most Influential at a Glance
Dr. Robert McCrie
Define Integration, Standards
The security industry has seen an amazing transformation since I started back in 1979. While September 11th had a powerful effect on the country, it was not the only cause in making security an important aspect of our lives. We’ve literally gone from the “outhouse” to the “penthouse” during my career. Higher standards will be developed and put into place. We still don’t have the same type of stringent standards as the life safety industry but as they are developed, these standards will have a huge impact on the industry. To better work with end-users, it’s time independent security integrators understand more than just security technology. They must also understand the business of security.
President and CEO
Crawl, Walk, Run
Since 2001, Chace has served as the CEO and executive director for the Alexandria, Va.-based Security Industry Association. Formed in 1969, SIA is an international trade organization with 400 corporate and multinational members, which seeks to proactively represent its members in the global security and life safety markets.
Chace serves on the Board of Directors for the National Crime Prevention Council and a director and founding partner of the National School Safety Council. He serves on the U.S. Chamber of Commerce’s Committee of 100 and the National Association of Manufacturers Association Council. Chace has served as an industry representative to the International Association of Chiefs of Police’s Private Sector Liaison Committee, among numerous public and private groups.
Today, SIA is managed with a “crawl, walk, run” philosophy that seeks to build upon measured growth and learn from failures. It is strategically focused from top to bottom on four core areas: Education and Training, Government Advocacy, Standards, Research and Technology. Our industry is at a point in its evolutionary growth where it needs to make more of an investment in migration technologies and standards and start a more aggressive move from its comfortable legacy roots. My vision is to ultimately see a Global Security Industry Alliance (GSIA) of international security industry organizations working to promote and address the global security industry issues. This global alliance can be a powerful agent of change and allow us to do what we can no longer do on our own. The lines of the industry are increasingly becoming blurred and undefined with a focus on international markets and multinational players.
Richard W. Chace
CEO, Executive Director
Security Industry Association
On February 15, 2005, Judge Michael Chertoff was sworn in as the second Secretary of the Department of Homeland Security. Chertoff formerly served as United States Circuit Judge for the Third Circuit Court of Appeals. Secretary Chertoff was previously confirmed by the Senate to serve in the Bush Administration as Assistant Attorney General for the Criminal Division at the Department of Justice. As Assistant Attorney General, he helped trace the 9/11 terrorist attacks to the al-Qaida network, and worked to increase information sharing within the FBI and with state and local officials.
Chertoff spent more than a decade as a federal prosecutor, including service as U.S. Attorney for the District of New Jersey, First Assistant U.S. Attorney for the District of New Jersey and Assistant U.S. Attorney for the Southern District of New York. As United States Attorney, Chertoff investigated and prosecuted several significant cases of political corruption, organized crime and corporate fraud.
In September 2006, Security Magazine named Secretary Chertoff to the top position in the Security 500.
September 11th remains a defining moment in our personal lives and in the history of our country. We''ve had five years to absorb the lessons of 9/11, and we have acted deliberately and decisively to reduce the risk that we will ever face another day like that infamous September morning.
So looking back and looking forward, how do we build on our progress to date? What are the remaining challenges we have to face? And how are we going to allocate priorities among them? And what is the path we have to follow to achieve those steps that must be in place to guarantee ourselves and our families’ safety in the years to come?
Well, let me say, there''s one critical thing we have to recognize at the threshold. We have to be focused on the most significant risks, and we have to apply our resources in the most practical way possible to prevent, protect against and respond to manmade and natural hazards. That means we have to make a tough-minded assessment, and we have to recognize that it is simply not possible to eliminate every threat to every individual in every place at every moment. That is simply not the way life works.
One of the most valuable tools we can have in identifying the unknown terrorist is actually already in our possession. It''s in our fingertips. It''s information that is routinely collected by the travel industry when a person makes an airline reservation or buys an airline ticket. They call this passenger name record data, and it includes such basic things as how you paid for the ticket, what your telephone number is and a little bit about your travel history. By analyzing this kind of information, we can determine if an individual has traveled with a known terrorist, if their ticket was bought by a terrorist facilitator, if they''ve been in phone communication with a terrorist. A second area we need to look at is more secure documentation. And, again, 9/11 has a very, very vivid lesson for us. All but one of the 9/11 hijackers who carried out the plot five years ago used American identification documents that they had obtained in fraudulent purposes, including drivers'' licenses, which enabled them to move freely around the country.
The solution is obvious. We have to take the advice of the 9/11 Commission and other experts in developing standard secure identification credentials that give us a high degree of confidence that an individual is not using phony documents to enter our country or get on airplanes or get into our critical infrastructure. The good news is we have underway a number of initiatives mandated by Congress that will do exactly that. Under our Western Hemisphere Travel Initiative, we are in the process of developing a secure biometric credential for individuals traveling in the Western Hemisphere. This card is going to be wallet-sized. It''s going to contain biometrics – that means fingerprint-type security features -- and it will allow for real-time security checks at our ports of entry.
We''re also working with the states to develop standards for a secure drivers license under the congressional Real ID Act. Drivers licenses are one of the most common forms of identification in this country.
And then there''s a third thing we can do, which would probably be, in my view, the greatest step forward in protecting against the unidentified terrorists. And that is building on the experience we''ve had with two fingerprint identification into a 10 fingerprint identification system. So to promote this vision of a real biometrics security net around this country, this year, the State Department will begin to deploy new 10 print fingerprint reading devices at U.S. visa issuing posts overseas.
Standing back and looking at what we''ve done over the years, here is a remarkable number often not reported in the media. If you look at the budget from fiscal year 2003 through the current budget proposal in Congress for 2007, you will see that this administration has provided for nearly $10 billion in port security -- that''s billion with a "b" -- and that includes the resources and manpower devoted by the United States Coast Guard, by Customs and Border Protection, and the research and development efforts of our Domestic Nuclear Detection Office.
In the area of rail and mass transit, we have bio-detection sensors in many cities that sample the air to determine whether someone is trying to put a biological or chemical agent into a mass transit system or elsewhere in a city. We''re funding sensors and video cameras. And we''re building the capability to surge law enforcement when there is an emergency, including the old-fashioned, low-tech method of using bomb detection dogs.
I hope that five years from now the only attack that people have to remember in this country remains that first attack on September 11th.
Secretary of the U.S. Department of Homeland Security
Pioneering Special Events, Threats WorldwideBackground:
Tim recently joined the Home Depot Corporate Security team in June 2006. As part of his duties, he manages the protective security operations for Home Depot Corporate executives both domestically and internationally. This current assignment has him focusing on operational management, strategic vision and public safety and homeland security. Tim served as the first Director of Corporate Security for the National Association for Stock Car Automobile Racing (NASCAR) in Daytona Beach, Fla.
At NASCAR, Tim pioneered comprehensive special event security in programs to enhance the safety and security initiatives for competitors, officials and the general public at all sanctioned facilities throughout North America. Tim served a distinguished career of over 20 years with the United States Secret Service, including federal intelligence and criminal investigations.
In the not too distant past, corporate security was generally relegated to basement levels of most business interests. Security did not generate income in the minds of most CEOs. Security was viewed as a drag on their bottom line because security did not generate income. Today, the private sector controls over 85 percent of the nation’s critical infrastructure from power, transportation, financial services and the retail supply chain. Today, successful companies are lead by CEOs with vision that embraces the value of a well thought out corporate security platforms. Today’s corporate security professional must incorporate pro-active strategies into their business operations plans and must be willing to educate the corporate policy makers of the value of integrating proven business continuity strategies into the routine day-to-day operations. Today’s CEOs need guidance from the corporate security professionals for evaluating risks, identifying responses and measuring progress.
Today’s corporate security professional has a complex job in what seemingly looks like an area where there is no existing road map. To be effective one must reach out beyond one’s core business enterprise and embrace homeland security initiatives at the local, national and international levels. Continuing education should be on the agendas of all corporate security managers. The ability to remain relevant and to develop cutting edge crisis management plans cannot be realized in a vacuum. One must be willing to foster public-private collaboration to combat terrorism. Yes, even today’s Corporate Security Professional must become a good salesperson to ensure their companies develop creative ways to manage risk by leveraging all assets at their disposal. Opportunities exist and I feel both lucky and honored to work for a company and CEO.
The Home Depot, Inc. Corporate Security
Sharing Expertise to Protect the Nation’s Infrastructure
Crocker is a member of the International Association of Professional Security Consultants earning the Certified Security Consultant (CSC) designation in 2005. His firm maintains memberships in the Association of Chemical Industries in
As I was maturing in the industry, the microprocessor began to impact security products and services. It was clear that the best return on investment would be to use these new digital tools as the conduit to bring security related events into an environment where effective analysis tools could magnify the experience of security management professionals. Network-based security systems with digital video servers and advanced analysis software will continue to drive security systems designs moving forward. Carefully selected wireless technology will continue to reduce the infrastructure costs of large scale systems such as those found in the chemical, maritime or petrochemical sectors. Nonproprietary access control and security systems components will play an ever increasing role in new systems acquisition decisions. Electronic security systems components will migrate toward a commodity model where low cost high quality interchangeable components will be widely available.
The future of security management is focused on the use of these tools for analysis and decision making not on the brand of the equipment itself. As business and personal computer manufacturers started this trend, expect to see them enter the electronic security components market in force over the next ten years. As their servers, workstations, switches and routers will drive these networked systems, the computer manufacturers will view the sale of security equipment as a natural extension of their domain. Consider that security integrators hire IT integrators to assist in large projects. IT integrators are learning the security hardware products industry from the integrators. Thus, whoever owns the IT infrastructure owns the electronic security.
President, Michael Crocker & Associates
Mixing Technologies to Guard the Busiest Airport
A retired U.S. Army Major, Richard has performed law enforcement and security management duties, internationally. During Operation Desert Storm, he served the Chief Enemy Prisoner of War Branch, U.S. Army Central Command and received a Bronze Star. He is a past chairman of the Airport Council International (ACI)-
Aviation security is vital to our nation’s and the world’s economy. The security industry, in general, provides a similar umbrella for corporations and facilities around the world. Our role is to protect, assist and serve our customers. Prior to the tragic events of September 11, 2001, security was relatively low on the list for funding and other resources. We focused on the physical security and personnel security aspects of our business. Since 911, I have seen a greater emphasis placed on security at all levels.
Today’s and tomorrow’s security executive must be well versed in all areas of security while understanding the impact of technology on our business. Security and technology will continue to grow closer together to address the rapidly changing world and the evolving threat of terrorism and criminal activities around the world. However, we should never forget our primary role of protecting, assisting and servicing our customers, regardless of our line of business.
Richard L. Duncan,
Best Practices Cover Vast Arena
Gauvreau is responsible for the design, implementation and operation of the City’s Integrated Security Management System, for the security of over 15,000 employees, contractors and thousands of visitors who utilize the over 900 city facilities and more than 700 parks. Bob takes a leading role in the security planning for major national and international public events in the city.
His work has garnered international recognition, with invitations to address international and national security conferences including the ISC East and West Trade Shows, the Chief Security Officers Summit, the Canadian Security Association Show, and the International Institute of Municipal Clerks Annual Convention on the subjects of Threat and Risk Analysis and Security System Integration, Workplace Investigations, Violence in the Workplace and Security as a Business Enabler.
He has received Security Best Practice Award from Security Magazine for his innovative and creative security solutions.
In the past the security industry was generally viewed with a negative stereotype. This has changed, and the security industry is currently an innovative and creative place. Within the industry there is a movement towards standardization and the implementation of professional standards, which help to give more credibility to the recommendations made by security professionals. As well, the use of a more management-based approach has helped to ensure that security Threat and Risk Analysis reports are given appropriate consideration.
I see the future as only getting better within the industry. I expect the movement towards self-regulation will come to fruition, improving the quality of the people involved in security and providing good resources for security managers to provide best practices and benchmarking as part of their business planning. I am confident that security technology will continue to move towards complete integration, allowing for stronger relations between physical and information security, the integration of security at the base level of operations and using the security program as business enabler. The recognition that security professionals are being accorded will mean an increased presence of security managers in the boardroom, assuming the role of chief security officer and promoting ways security can contribute to the success of an organization. I also expect that manufacturers and distributors will increasingly move towards a partner-based approach, looking to promote the appropriate technology to end-users.
Mix of Admin Confidence and Security Tech in the Schools
Joining the district, the administration quickly recognized his security/law enforcement aptitude, promoting him first to Patrolman, Lead Officer, Security Coordinator and in 1999 Guy was appointed to head the LPS Security Department. Prior to employment with the school district, Guy had served in the military. After leaving the military, Guy was exposed to school security as a contract private security officer providing services to a school district in his hometown.
While serving in his position with LPS Guy has continued his education in human resource management, criminal justice and technology. Guy has received numerous awards and recognition for his service and creativity. In 2001 Guy was awarded the distinguished Association of School Business Officials International Pinnacle of Achievement Award. As an active member of the National Association of School Safety Law Enforcement Officers and the Association of School Business Officials International, Guy strives to improve school safety and security through shared resources, communication, and awareness. Guy also serves on several local and state emergency-planning committees where he offers valuable input and insight from a school districts point of view about security and emergency planning. Guy has also assisted in the designs of physical security programs for schools for LPS and other districts.
When I started in school safety as a contract security officer in 1988 my 1st exposure was to providing uniformed security at football games and school dances.
The events of April 20, 1999 changed my profession forever when the tragedies of Columbine unfolded. Every school district across the country was affected by this tragedy and since. Our focus now was visibility, violence prevention and realignment of our structures.
My duties have grown 10 fold since 1999. 9/11 and other events have even more affects on our operations that ever before. So far this school year since August I have worked seven days a week about 18 hours a day along with my fine security staff. The fact is a school emergency event in our country affects every other school district in the country in some way. In many ways all school districts are a large extended family. The tragedy that unfolded in
Guy M. Grace Jr.
Manager of Security and Emergency Planning
Littleton Public Schools, a suburb of Denver, Colorado
Network Camera Pioneer
A company visionary, Gren has played a key role in establishing many of the new businesses and flagship products in Europe, Asia and the
Mikael Karlsson and Martin Gren founded Axis Communications in 1984 while Martin was still a student at the
The technology shift from analog to digital solutions continues to progress at a steady pace. Despite initial concerns over scalability, cost and security, network video systems have been used in highly sensitive applications and have proven superior.
I see the industry moving to digital pan/tilt/zoom camera with no moving parts. This reduces wear and tear on mechanical parts making for a more durable camera that can stand the test of time. I also predict that megapixel cameras, which provide higher resolution than analog cameras, will continue to grow in popularity.
Intelligent video is a hot area that is sure to grow, but I believe that a lot of the hype around intelligent video is premature. I have a seen a lot of intelligent video solutions that work in a closed laboratory or in very specific niche applications, but this technology is not mature enough for widespread adoption. In order for intelligent video to work, we need more processing power and significantly higher resolution and frame rates. We are getting there, but the technology is not there yet.
I also see increasing interest from key industries in network video and new opportunities for partnerships. The transport sector continues to show an interest in network video and we secured an additional order from Stockholm Transport for the installation of network cameras. Another interesting cooperative venture is that with the Mexican telecom company, TELMEX, where network cameras are part of a service aimed at the home market.
Director of New Projects,
Member of the Board
Leading the Industry Side
A 25-year industry veteran with responsibilities for the management and formulation of global strategies, Grillo manages its three business units: hospitality companies, HID Global and identification technology. He served on the Board of Directors of the Security Industry Association since 1998, including stints as chairman of the Access Control Interest Group, president (2003-2005) and he is currently the immediate past president.
In management roles at HID, he led the company’s transition from a small RFID technology manufacturer to its current market-leading position as supplier of cards, readers and related products in the electronic security industry. Grillo was responsible for the formation of ASSA ABLOY’s Identification Technology business unit.
Transformation from “cottage industry” to industry pioneers: Early on, the security industry could almost be described as a “cottage industry,” made up of many small companies, whether in the equipment or installation side, with leadership coming primarily from entrepreneurial visionaries or industry pioneers. Over time, I’ve seen the electronic security industry mature, the result of consolidation around some of today’s largest industrial conglomerates (e.g., GE, Siemens, Honeywell, Bosch and Tyco).
Like many industries, I’ve seen the heavy impact of technological advancements on the security industry: adoption of PC technology, microelectronics, network communications and RFID as technology that has enhanced effectiveness in solving end-user security problems. In addition, the move from proprietary solutions to open standards has allowed greater flexibility for end-users in the market.
In the time that I have been involved in the industry, there has been a growing awareness of threats to the safety and security of our most valued assets. Examples like the high profile incidences of workplace violence, ID theft, industrial espionage and terrorism has led to higher visibility for the security industry, as well as greater recognition from the financial markets.”
For the future, Joe expects “more of the same.” I am sure the next 25 years in security will be as fascinating and challenging as the last. Current trends will continue. While there will always be room for new technology and small start-up companies, M&A activity will result in further industry consolidation. I predict that Fortune 500 companies from related (or unrelated) industries – like IT and Defense/Aerospace – will emerge as significant players. He points to companies like IBM Global Services and Cisco as potential significant security industry players.
Joseph J. Grillo
Executive Vice President, ASSA ABLOY
President and CEO, Global Technologies Division
Focus on Property and Emergency Management
Hellums, in addition to traditional property security management, has blazed a pioneering trail in emergency response. With 21 years experience in corporate security, 18 of those years in security management, he earned FEMA certifications in several different areas encompassing emergency response.
His responsibilities include public relations, managing personnel, asset protection and loss prevention, special projects, scheduling, budgets, purchasing, risk assessment and abatement, internal relations, access control of facilities, computer controls and security interfaces, systems integration, security technologies, facility management, training and security video. During his career he has covered hiring, instructing, gauging performance and managing security and staffing at over 1.7 million square feet of commercial property servicing several Fortune 500 companies and Federal Government agencies. In property security management, Hellums is also thoroughly familiar with various systems from mechanical structures to electronic systems involved in controlling access to restricted areas and/or property. He updates and re-programs security database systems for his current facility.
I actively seek to keep up-to-date of developments in the security and computer fields. I place a heavy emphasis on internal security including confidentiality and customer service. Now and into the future, security management executives who succeed will have multifaceted experience and training within various capacities with respect to cultural and ethnic diversity, customer relations and training with regard to implementation of policy and procedure.
Certification in emergency management issues also will be growingly important. Topics include hazardous materials, emergency preparedness, radiological emergency management and, of course, emergency response to terrorism and basic incident command systems.
Trammell Crow Company
International Advocate for Physical Security and IT Security Convergence
Hunt has been called one of the world''s most influential security analysts. He has spent his career identifying trends and best practices while working with hundreds of end-user organizations to solve practical and strategic problems related to security. Hunt served on the board of the Open Security Exchange, advises the board of ASIS International through its Convergence Commission and is a valued consultant to many of the world''s largest corporations.
From 1998 to 2005, he led the security research teams of Forrester Research and Giga Information Group. Before joining Giga, he served as technical director to an Israeli security company''s 20 worldwide channels and resellers. Previously, Steve worked as a consultant to
The niche Hunt carved out is accurate prediction and analysis of market trends. He discovered a methodology for predicting market movements and security buyer behavior that “cleared the fog” on the industry. He is a coauthor of a ground-breaking research study first clearly identifying the convergence movement.
Is it the end of an era?
Just in the last few years, business executives, security directors, technology integrators and manufacturers have been discovering new ways of creating value through smarter security systems. Software, computers and networking are sweeping across the security industry. Not only are manufacturers incorporating these information technologies, but security executives are also discovering more efficient and effective ways of running a security operation with better policies, processes, and tools inspired by information technology.
In the next few years companies will achieve more value from security investments than any time in recent history. The reason for this strong increase in benefit and flexibility is the maturity of information technologies like Internet protocol (IP), new software and communications standards, and improved understanding of how to measure the value of security.
Twenty years ago, access control and video surveillance was a much simpler business. There was no IT security department in your organization – and even if there were, it was relegated to the dark corners of the basement or data center. Similarly, corporate security was the last office at the end of the darkest corridor. Security personnel oversaw the installation and maintenance of alarm panels, door controls, fencing, lighting, cameras and kilometers of coaxial cable.
Manufacturers of physical access control, surveillance equipment, alarms and door controls rush to upgrade from proprietary, non-standard, and downright primitive designs to modern, standards-based, network-connected solutions. The old boys club of security vendors is being ripped apart by the younger, faster IT champions.
The switch from the old to the new is not an easy one, however, with most physical security technology companies finding themselves very short on IT savvy. That leads us to three different types of security convergence with IT occurring suddenly and globally:
• Security companies are adopting IT hardware, software, processes, and protocols.
• Physical security vendors are partnering with IT security companies to create complementary solutions.
• And corporate security departments are doing projects alongside, or outright merging with, IT security departments.
But the customer, integrator and manufacturer have to work in concert. Simply buying or supplying better technology is not enough. The corporate executives, the business units and the security department have to feel pain first. Similarly, the integrators have to understand the technologies. And manufacturers have to produce solutions that ultimately solve the problems. All must reach a consensus that cutting costs, improving efficiency, streamlining operations, and most importantly – collaborating across departments, are priorities that will create innovation and improve the business. When a company operates with a corporate mindset of efficiency, effectiveness, and flexibility, an intelligent IT-based security system will not just be the better option – it will be the only option.
Hunt recently posed about what is the quintessential symbol of any organization’s security preparation. In his mind, it is clearly the command control or security operations center.
When I walk into a stale command center and see half empty cups of cold coffee spilling out of the trash can, dusty operator desks and blurry video images blinking on hot TV monitors, the security group’s lack of preparation or empowerment is obvious. The command center sets the tone for the entire operation.
Compare that to the sense you get when you see a command center with clean floors, fresh air circulating and bright monitors graphically displaying security events accompanied by intelligent video feeds and incident response checklists. Now that’s a security operation equipped to get the job done!
And guess what? The bright modern command center is far less expensive to run than the older, dustier version. That’s because effective use of intelligent video, excellent software and automated incident response procedures make detecting and responding to events faster and easier for the security professionals manning desks and making rounds. When you have more information and respond faster and miss fewer problems, your security operation is saving loads of money caused by loss, injury, fraud or security violations.
Shining a Wall Street Light on Security
Kessler joined Lehman Brothers in 1989. He is responsible for Lehman''s Business Services research, which currently includes coverage of 18 companies. He has been a pioneer in bringing investment community recognition to the coverage of commercial business services companies, and he began coverage of the sector with ADT in 1983. He is frequently quoted in business services and security trade journals and in financial publications, such as the Wall Street Journal.
Lehman Brothers is a co-sponsor of the annual “Securing New Ground” security conference – 11 years running – and is a leading investment banker in the security industry. Kessler has won numerous Institutional Investor,
Security New Ground partners include Lehman Brothers, Sandra Jones & Co., ProFinance Associates and BNP Media’s SDM Magazine and Security Magazine.
My coverage of security began when there were still large multi-million-dollar security companies, independent and publicly traded. Of course, that didn’t last too long, as many large security companies percolated to the top of their niche and were acquired. Not many on Wall Street paid too much attention to my security work until 9/11, when the world of the security industry analyst was revived. A horde of new young analysts entered the industry to focus on the “hot” new area of Homeland Security. I was questioned for sticking with coverage of "older technology” security companies, such as Brinks and Corrections Corp -- it’s just that I’ve got this thing about recurring revenue. Even so, I have balanced my coverage of these “old line” companies by aggressively meeting and learning about all the IP-based security companies I can get my hands around – and ultimately writing about many of them.
I believe that current installations of new security technology products and services at the state and federal government level will serve as the beta tests and reference sites for the corporate market. I see that Fortune 1000 companies like Lehman are intensively looking at – and testing --new forms of background screening, “smart" video systems, and biometrics --all tied together by data analytics algorithms. The ultimate goal is to get rid of "the old employee identification badge," which is more prone to be compromised relative to smart cards and biometrics.
Jeffrey T. Kessler
Senior Vice President
Senior Business Services Analyst
It''s the Risk
Educating IT security professionals on the spirit and importance of various compliance requirements; and
In the mainframe world, information security had business relevance: the enterprise ecosystem was closed, the threat to systems and digital information was well understood, and the need to assure confidentiality, integrity and availability of digital assets was a fundamental business requirement.
Today, that market is lost and adrift, lurching from headline to headline, seeking relevance in the latest security crisis or compliance dictate. The truth is, businesses no longer recognize information security as a fundamental cost of doing business.
Why? Because we in the information security industry have it all wrong. Today we are focused on creating solutions that better prevent a rotating menu of unpreventable events. We have all but forgotten that a business is a “system” dependent upon the efficient and reliable interaction of people with systems and data. Application of security controls without understanding the strategic objectives of the company (what makes the business tick) and understanding how those objectives may inhibit the performance of the business.
Kristin Gallina Lovejoy
CTO, Vice President of Technology and Services
Author of B.S. and M.S. Degree Programs
McCrie’s life in the field began over four decades ago when he was a summer security guard for the Toledo Museum of Art. The job helped pay college tuition. He joined an advisory board at John Jay College of Criminal Justice that had just started an associate’s degree program in security management. This involvement slowly grew and he joined the permanent faculty in 1986 – the first coordinator for the B.S. degree program and a decade later for the M.S. in protection management.
Since 1970, Robert McCrie has written, edited, researched, taught and consulted broadly in issues related to security management (protection of assets from loss). He was the founding editor-in-chief of Security Journal, published originally by Elsevier Science and now Perpetuity Press, and now is editor emeritus. He writes Security Letter, a provocative privately-circulated management newsletter, published since 1970. His many publications include: Security Operations Management, 2001, Butterworth-Heinemann, and
The Industrial Revolution changed the ways in which people worked and lived. Security started as independent for-profit businesses in the
In the past two generations the task of the security chief, director and manager has required separate skills. First, is the ability to plan and manage programs and procedures to reduce risks. Next, is the specific capacity to prevent or respond to exigent conditions with fact-finding and counsel to senior management and the board. Then the remarkable revolution caused by IT has enormously reshaped the way in which security directors do their jobs. Simultaneously, the protection of these electronic assets has become a dynamic vocational area, generally separate from but linked to conventional security management. This revolution has not ended, but continues to evolve in ways that incorporate communications and controls. Security software increasingly is doing the “thinking” for conventional decision-makers.
My view is that security is a fundamental necessity for survival of the enterprise. Without security, operations are vulnerable to decline. I argue that crime or loss relates to the intersection between opportunity and controls:
Crimes/losses = Opportunities
This is a formula for understanding loss issues. The vulnerability from opportunity will always attract the unprincipled, opportunists and law breakers. To counteract this ever-present risk reality, managers create and implement controls (guards, systems, procedures, and plans). But some large organizations do not necessarily require security executives. The industry and culture of the workplace dictate the need for top security talent.
It is not clear to me what’s in store for conventional security managers in the years ahead. To maintain status or grow in significance, managers must constantly produce and demonstrate measurable value. Additionally, they can creatively develop profit centers from their protection activities. This is achievable. Computer security has evolved from a primitive state to a significant managerial place. But CSIOs have no reason to be complacent. Within a decade in-built hardware and software controls could make their positions less vital.
For the right people opportunities in investigations and consulting are highly promising. That’s because enterprises need to consult outside specialists for domestic and global problems. Without question, globalization with all its exuberant diversity and challenges, surges unabatedly. The adaptive manager should enjoy an exciting ride.
McCrie''s second edition of Security Operations Management continues as the seminal reference on corporate security management operations. Revised and updated, topics covered in depth include: access control, selling the security budget upgrades to senior management, the evolution of security standards since 9/11, designing buildings to be safer from terrorism, improving relations between the public and private sectors, enhancing security measures during acute emergencies, and, finally, the increased security issues surrounding the threats of terrorism and cybercrime.
An ideal reference for the professional, as well as a valuable teaching tool for the security student, the book includes discussion questions and a glossary of common security terms. Additionally, a brand new appendix contains contact information for academic, trade and professional security organizations.* Fresh coverage of both the business and technical sides of security for the current corporate environment.
• Strategies for outsourcing security services and systems.
• Brand new appendix with contact information for trade, professional, and academic security organizations.
Dr. Robert McCrie
Professor of Security Management
Dept. of Law, Police Science and Criminal Justice Administration
John Jay College of Criminal Justice/City University of New York
Association Commitment to Impact Whole Community
Michelman has over two decades of experience in diverse companies and industries with the consistent goal of professionalizing the security industry. This work experience is mixed with teaching at one of the largest universities in the world, consulting nationally and internationally, writing in various journals, and significant involvement with leadership in several international security organizations, serving as president and chairman of the board in two of them.
Michelman boasts a blended career impacting the industry through publishing, seminars, volunteer organizational leadership, legislative involvement and development/mentorship of many people in the industry. She has had senior leadership in professional organizations resulting in tangible benefits such as the establishment of guidelines/standards, globalization of industry associations, establishment of best practices, educational opportunities for specialized education in various facets of the profession.
Over the last 25 years, I have seen this industry grow to one of strength, size and power. It is one of the fastest growing industries in the
With changing risks to those more apparent and frightening to companies and individuals such as workplace violence, terrorism, and intellectual property crimes, there has seen major change. Security technology has exploded to become a multibillion dollar industry with advanced products, services and rapid change. Those we hire are coming to this industry more with career aspirations to be part of the industry, with stronger credentials, commitment, and competencies. We have seen the expansiveness of functional breadth of the industry crossing over to more and more arenas.
Bonnie S. Michelman, CPP, CHPA
Director of Police, Security and
Officer Focus; Certification Dedication
Minion started his career in security in 1965 when he established a security company, Base-Fort Security Group, a one man operation which grew to become the largest private security company in
He sees his most significant accomplishment resulted from having the opportunity to employ thousands of line security officers and supervisors. He has enhanced their motivation by making them understand the depth and potential of opportunities within the private security industry. Many answered the call and have since been rewarded through a gradual, steady enhancement of their professional careers.
He takes much pride in their accomplishments as well as having helped them become successful security leaders.
When I began my career in private security in 1965, security officers were earning about $1.50 per hour. The need for professional development within the security industry was much talked about, but not delivered often enough.
Today, not too much is different. In both the human and electronic driven protection program, there are security companies who care about quality and focus on their customers getting a product that can provide the needed level of protection. But, there are still companies in security seeking the “fast-buck,” with little regard for the level of protection resulting from their service or supplies. Being in business only for the “fast-buck” is never good, but it is not tolerable when it comes to protecting life and property.
For the members of the private security community, a never before host of opportunities comes thanks to an individual and organizational perceived need/demand for safety. For the security practitioner, both apprentice and journeyman, who are willing to go the extra mile in product development and service, a new world of opportunities await. And, I’m very proud to say, so many people in our business are making professional development a by-word of their way of doing business.
Ron Minion, CPP
International Foundation for
Love Him or Hate Him, He Brought Needed Attention to Computer Security
Mitnick drew headlines and a prison sentence in the summer of 1999 when he pleaded guilty to a series of federal offenses related to a 2-year computer hacking spree. He got 46 months in federal prison. Today, he has his own consulting firm, two books in print and biography on its way.
Mitnick was among the first to show the vulnerabilities of the geeks who could break into high-flying enterprise computers from such firms as Motorola, Novell, Fujitsu, Sun Microsystems and other companies. Let out of prison for good behavior, Mitnick then pioneered the concept of legitimate business based on his previous crimes. While not all security professionals agree on this route to real business, he continues to grow his business.
At a conference on Internet security setup by the Israeli branch of IDC, he told of "social engineering," what he defines as people getting others to reveal passwords and other sensitive computer-related information.
"Last night," he said at the beginning of his talk in his typically wry, dead-pan manner, "I had dinner with the CTO of a security company, and invited a friend to come along." When he asked his friend later that evening if he had told their dinner partner where they had met, the friend told Mitnick he had described them as "neighbors."
"That was partially true," Mitnick told the audience. "He was my neighbor in federal detention."
"Social engineering," Mitnick explained during the first lecture he has ever given in
"I used to get in a lot of trouble and which I now get paid for," Mitnick said at the end of his lecture. "I regret having done it, but I did it for the challenge and out of intellectual curiosity, and now I am happy to benefit." Then he turned to his many admirers among the Israeli computer specialists who attended his lecture, and wrote his name on a detached phone receiver one man handed him - the high-profile ex-hacker''s version of signing a baseball.
Mitnick Security Consulting, LLC
Convicted computer hacker
Shaking Things Up
Successfully bridging from law enforcement to enterprise security, Pacelli has taken the traditional route and turned it on its head by intelligently combining crime reduction goals with more use of technology that as much business-centric as it is security. The
When I entered the security profession in joining the
What I see in the future is continued technological advancements, combined with a greater awareness of the importance that a quality security program can play in their business or community. In recent years we have seen private security firms take the place of local police in protecting neighborhoods. At the
Vincent C. Pacelli
Former Police Commissioner Makes Business Security Impact
Safir is chairman and CEO of SafirRosetti, a part of GlobalOptions Group, which provides security, public safety and investigative services to clients both nationally and internationally. He also serves as consultant to the Chair of ChoicePoint, a leading provider of credential verification and identification services. Howard Safir was appointed 39th Police Commissioner of the City of
Safir was inspired to get into law enforcement by a close relative who was a
I am proud of the fact that we have built a business that provides an end-to-end risk management solution to any company or organization. I’m pleased that we have the expertise and depth to supply all of the services that will protect a business from any threat, whether internal or external.
Of course, 9/11 was the seminal event that changed the security industry: It took the industry from the basement to the boardroom. Prior to the attacks of Sept. 11, corporate security was looked upon as a necessary evil, a non-revenue producing function that often reported to HR or corporate counsel. Since 9/11, and also Hurricane Katrina and the corporate misdeeds at Enron, Tyco and others, CEOs have become sensitized to the damage that can be done to shareholders and employees if they don’t have appropriate risk management plans in place. One positive result is that security executives now have a seat at the table.
Traditionally, the security industry was very fragmented, without an end-to-end solution. Now, CEOs are demanding one-stop-solutions for their security and risk management functions. At GlobalOptions Group, my colleagues and I believe we are creating an organization that will provide that full range of service -- including investigations, physical security, brand and product protection, employee/executive protection, crisis management and business continuity in the face of any threat.
Increasingly, I see the industry relying more and more on technology to analyze and protect corporate assets. IT will play a greater role in risk assessment as the industry evolves, and those service providers that have that capability will be capable of adding even greater value to the security services that they can offer.
Now, I’m building on all of my previous experience in protection and security and helping to build a company that can offer those services throughout the country to organizations, companies, local governments and individuals.
ives and assets requires a well-conceived and executed security plan that both meets today''s challenges and positions organization to succeed in mitigating and addressing risk as it and external forces develop.
Whether protective of a single floor in an office building or a portfolio of properties throughout the world, achieving security goals requires the appropriate balance of systems, procedures, plans and people working in concert to protect employees, customers, vendors, partners and the physical assets of your organization.
SafirRosetti specializes in practical, actionable and carefully budgeted security master plans that leverage knowledge and relationships with security systems providers, guard companies and public safety agencies to help achieve security objectives in the most effective and economically sound manner possible.
By helping organization set and measure security standards and operating protocols, provisioning for the technology and people to implement and run systems, and creating and implementing emergency operations plans, it provides effective solutions that are effective, accountable, and scaleable for future growth.
The SafirRosetti team performed a comprehensive building-by-building audit of a current installed system while concurrently developing an overarching plan for security implementation in compliance with industry expectations and regulation requirements.
The constraints of the installed technology were identified, and a comprehensive feasibility study of current security investment retention was performed.
The final Master Plan developed by SafirRosetti allowed the client to move forward with a new implementation of security controls and procedures, retain certain functional elements of their security investment, and proceed with confidence and the knowledge that they would meet or exceed all regulatory requirements.
Proving He Could Do It
Schwartz discovered he had Becker’s muscular dystrophy when he was thirteen years old. When he was twenty-three, he was hit by a drunk driver, lost two good friends in the same accident and eventually ended up in a wheelchair full-time. No matter, he went into the security industry and now has his own company.
In forming his own security company he showed that a wheelchair doesn’t mean that he had to conform to the stereotype of being disabled. He is one of only three bodyguards in a wheelchair internationally. He brought crime down forty percent as head of security for one recent client using verbal judo instead of physical judo. Schwartz is an accredited MENSA member and his mentor was a member of the Italian Bomb Squad - Guy Marzolla.
When I first started in the security industry, there was no face. You were considered to be a “rent-a-cop.” There was no luster to be found in the industry. You were embarrassed to tell what you did unless it involved celebrities. Security was naive to client’s needs. The company hired anyone to do the job. Security had lacked a personality. Why would I want to put myself on the line for someone when the paycheck was not worth the trouble? Security showed to be a dead-end job with a paycheck.
Now in these troubled times, security is starting to form a personality. There is more of an image to doing security. The luster of the industry is in the variety of security jobs that are needed from private to corporate to computer. It also shows to be more in tuned to the client’s needs, not the company. Security is growing due to more attention paid to situations where the worst can be prevented by someone who can do something about it. The industry is now using a trained professional for the job instead of the everyday public.
I believe the future will show more need of security. The industry will offer more education. An example would be more research and development in security in protecting the public from computer to home to work environments. Another example would be an apprenticeship to a bodyguard. Security will become better advanced in techniques. An example would be communication, such as body language and conversations skills. The industry will show to be technology smart. Some examples would be lighter armor plating and advanced body armor.
A use of everyday security would show how the industry has grown and will become since I have been in the business. Surveillance is a technology that has grown with the industry that has developed a need and use for the equipment.
Timothy J. Scott is the chief security officer & global director of emergency services & security for The Dow Chemical Company, the world’s largest chemical company. In this role he leads the ES&S expertise network and global functional delivery network, and leads Dow’s Chemical Security Issues Management Team.
Scott is the site leader for Emergency Services & Security at Dow Chemical’s Texas Operations in
Scott’s responsibilities include security, crisis management and emergency planning, preparation and response for on and off-site emergencies involving Dow or Dow products.
Scott also represents Dow on the Security Strategy Team at the American Chemistry Council and is vice chairman of the Chemical Sector Coordinating Council with the Department of Homeland Security. In 2004 Scott was appointed a member of the National Maritime Security Advisory Committee by the Secretary of the Department of Homeland Security.
A focus on safety and security is not new to The Dow Chemical Company. However, as the world changes and new security issues evolve – so too does Dow’s safety and security program. New challenges of a global terrorist threat have added to traditional security concerns of theft, employee violence and emergency response. Today''s world requires a comprehensive and adaptive approach that goes well beyond simply protecting a fence line – security must be integrated across every aspect of the enterprise.
With Dow’s growth over the years, coupled with recent changes in the world, the company’s approach to security has progressed into an internationally-standardized security program that builds on local fundamentals while leveraging global expertise, technology and best practices. In other words, Dow applies the same safety and security approaches wherever it operates worldwide. The company employs a three-pronged risk-based approach that includes understanding the risks we face, conducting comprehensive vulnerability assessments, and applying the appropriate tools to mitigate risk. Dow''s integrated approach to security and safety is embedded across our enterprise – site and facility security, personnel security, supply chain security, information/cyber security and emergency response.
Timothy J. Scott, CPP
Dow Chemical’s Chief Security Officer & Global Director
Emergency Services & Security
Encouraging Independence, But Sharing Expertise
Sennewald has educated and informed thousands of security executives through his much read books on security management, retail security and security consulting. A graduate of the Army’s Military Police School, L.A. Co. Sheriff’s Academy, he holds a B.S. degree in Police Science and Administration from California State University at Los Angeles .
After retiring as director of security for the Broadway stores, he started an independent career in security management consulting. Sennewald has assisted and advised numerous major corporations as a management consultant. He was on the scene at the beginning of the American litigious explosion and served as consultant and expert witness in scores of cases across the mainland, Hawaii and Alaska in matters which focused on the adequacy or inadequacy of security and custom and practice in the security industry. His opinions and testimony are reflected in three state Supreme Court decisions, establishing case law. Semi-retired today, only accepting special consulting assignments in the forensic field, exclusively in major cases such as wrongful death lawsuits, and then, only as a consultant, not as an expert witness.
As a new consultant, I felt there was a need to upgrade and professionalize that niche in our industry, resulting in my founding of the International Association of Professional Security Consultants (IAPSC) in 1984. Membership is very restrictive and the Code of Ethics set the highest possible standards. That organization today assures those in need of a security consultant a resource to draw on, by-passing those many unqualified and temporary “consultants.”
Some years later I wrote the book Security Consulting to provide guidance and encouragement to those who were considering consulting as a second career. That work also survived time and is in its 3rd Ed.
In my favorite discipline, retailing, I’ve written three books which provide guidance to Loss Prevention practitioners specifically in shoplifting management. The most recent, Shoplifting: Managing the Problem, published by ASIS, is most likely the most definitive text on the subject available today. Two of those books I co-authored with my long-time friend and colleague, John Christman, former VP and Director of Security for Macy’s West.
In my view, when I entered this industry, the security manager or director wasn’t really a part of the company’s management team. They were the company cops. Indeed, many intentionally built walls around their departments to maintain a certain mystique about the security organization and its affairs. In the early years of my consulting practice, most security executives were wary or resentful of an outside security consultant. That’s changed with time.
And over the years I’ve seen a clear and steady rise in and recognition of the value of the security administrator and the contributions his organization makes to the mission of the enterprise. Over the years more enlightened security executives have come to recognize the value of tapping into the resource of a talented consultant. I’ve attempted to contribute to that recognition. Bottom line: Security today is an integral part of the modern and dynamic management machine of business and industry. Today, years later, I can safely say that “security” is no longer a four-letter word.
More integration of the sophisticated professional protection provider and growing sophistication of technology.
The International Association of Professional Security Consultants, Inc. (IAPSC ), is the most respected and widely recognized consulting association in the security industry. Its rigid membership requirements ensure that potential clients may select from the most elite group of professional, ethical and competent security consultants available to them.
The primary purpose of the IAPSC is to establish and maintain the highest set of standards for professionalism and ethical conduct in the industry. Members are independent of affiliation with any product or service they may recommend in the course of an engagement, thus ensuring that the services they render are in the best interests of the client. Prospective members can be confident that membership in the organization will enhance their professional image and respect in the field.
The International Association of Professional Security Consultants created the Certified Security Consultant designation for professional, independent security consultants. The CSC reflects a high level of professionalism, knowledge, and integrity and will be the recognized standard for Security Consultants.
The CSC demonstrates a depth of knowledge, professional objectivity, skills as a security consultant, and level of integrity. In keeping with the professionalism of the IAPSC. The CSC qualifications are designed to screen out product-affiliated salesman who call themselves security consultants. The CSC requires a combination of experience and education, as well as independence (professional objectivity) and adherence to a professional code of ethics. No grandfathering of CSCs will occur. The CSC is another wrench in an end-user''''s tool box that separates. Clients recognize the value of certification, especially one that has the backing and credibility of the premier security consulting association.
Earning certification consists of meeting the qualification and an Internet-based 100-question multiple choice examination which includes consulting practices, security management, and business ethics. The objective exam is hosted on a secure internet server and your score will not be shared with anyone outside the IAPSC’s management company. A formal plan for re-certification is being developed and will be consistent with other professional certifications. Re-certification will likely be required every three years.
Charles A. Sennewald, CPP, CPO, CSC
Independent security consultant and book author
Challenging Environment Gets More Complex With Convergence
Prior to joining Nortel in 1987, Williams was director of corporate security services at Boise Cascade Corporation and international security coordinator of Procter & Gamble, with both domestic and international corporate security responsibilities. Williams is responsible for global security functional leadership within Nortel including policy and practice development for computer, telecommunications and related systems security, risk assessment, crisis management, security-related investigations and employee protection. Previously, he served as vice president, business ethics.
Williams has conducted significant research into fraud and related ethics issues and has written extensively on these subjects for Internal Auditor, Security Management Magazine and Security Journal. He twice received the Outstanding Contributor Award from Internal Auditing Magazine and the
Today, post globalization, 911, a series of very destructive computer viruses, corporate espionage, and devastating tsunamis, hurricanes, earthquakes and related natural disasters have created a very challenging environment for the security practitioner.
The greatest challenge, an elusive and ever changing goal with the pace of global business today, is the total integration of security into the business. The most successful security leaders recognize the critical need to fully integrate security into the business at all levels through existing or newly developed processes to be most effective in the long term. Accomplishing those objectives requires security practitioners to not only be subject-matter experts in all aspects of enterprise security, but also to intuitively and emotionally understand the business, its earnings drivers, and its key success factors.
Timothy L. Williams, CPP
Chief Security Officer
Technology Focus Against Telcos
Gary and his wife Galia started GRW, Inc. (now DVS) in 1993 with only a very small amount of money they had managed to save.
When I stop and think back on our earliest days with Data Video Systems, it’s like going back and asking how we did reports and papers without computers. From cameras, recorders and just about all of our equipment in the security industry, nothing has stayed the same.
Our early days in CCTV were filled with black and white cameras, tape recorders and relay driven switchers. Even my home VCR is old yet still flashes the time (wrong of course) and I can’t recall the last time we recorded a movie with it. The VCRs are fading away to digital video recorders and now they are being slowly phased out to Network Video Recorders which have more of an open architectural software based on the data and network infrastructure’s we are surrounded by.
I believe the industry with all the proprietary software will have to go to an open architecture to work with different manufactures in the new digital world both with cameras and recorders. The days of each manufacturer having its own “Proprietary Black Box” will fade away.
The technicians also have changed. The new challenge we all face every day is how to recruit, train and keep talent. With so many new products coming down the pipe, it takes a lot of research and focus and sometimes just good luck to make sure you stay with the right technology which will meet end-user needs today and into the future.
Gary R. Wilson
President and CEO