Subscribe to Industry View RSS Feed

Industry View

by: Guest Blogger - Thursday, December 27, 2012
By Mike Nikzad
COO, Iomega Corp.

To better protect customers’ businesses, security professionals are entrusted to leverage new approaches and technologies to counter the latest threats. Yet many are hesitant to try emergent, less well-established solutions, instead favoring legacy methods and systems. By ignoring advancements, or at the very least putting them off, many security professionals are limiting themselves and their customers from reaping the benefits of current technologies.

They are also missing out on key opportunities to expand their service offerings and increase recurring monthly revenue through the adoption of cloud services and hosted software.

Aiming to align resources to maximize security, I thought it might be helpful to walk through a sample installation to show how easy and beneficial it can be to convert customers to a hosted video solution.

Standard needs
In this example, your customer is a modest, family-owned jewelry shop that has been in the local business community for 15 years. Until now, their security posture has primarily relied on a buzzed entry and thick bulletproof glass to fortify the shop. The bulletproof glass separates staff and merchandise from customers, enabling contact through transaction windows.

Three recent robberies in their strip mall have made the owners extremely concerned about their ability to secure the shop, and they have expressed a desire to improve security and upgrade to a contemporary surveillance system.

Your on-site survey reveals the following requirements: 1) the system must be easy to install and use without additional costs, equipment and maintenance; 2) they cannot afford significant software and hardware upgrades; 3) they want to monitor the shop after hours via remote video access. What do you recommend?

Solution found
This scenario seems ideal for a hosted video system. You recommend installing three networked cameras to capture video data, delivered to a 24/7 hosted video service.

Cameras: Using IP megapixel cameras, the deployment of an affordable and reliable hosted video surveillance solution is scalable, enabling new network cameras as the need arises. The network cameras stream live video with up to 1 megapixel resolution to a PC in the back of the store. During an event, users can activate an LED to illuminate the scene remotely, while using cameras to pan, tilt and zoom. Sensors on the camera provide motion detection, even in low light conditions.

Hosted Video: Combining the benefits of cloud storage technology, network attached storage and an integrated video management system, the HVSS enables your customer to access real-time and recorded surveillance video anytime and anywhere via a web-enabled device. The provider handles system maintenance and upgrades on the back-end, allowing for a full-featured, yet easy-to-use end-user system.

In the past, businesses have used elaborate and expensive DVR-based systems to store video data, but this model is showing its age in terms of cost, ease-of-use and technical capabilities. Savvy intruders know to find the DVR to destroy evidence.

External cloud-based storage platforms compare positively to DVRs and other internal storage platforms, allowing for backing up file copies in the cloud. The cloud-based hosted system eliminates the need for on-site DVRs, reducing security vulnerabilities with the video streamed and stored securely in an off-site data center.

An HVSS provides high performance, capacity and security, allowing the small business to recognize cost savings. A network attached storage device can work in tandem with the cloud storage service provider and IVMS, allowing users to record and store high-definition video locally while backing up a standard definition copy in the cloud for retention requirements and peace-of-mind.

Reducing the need for upfront capital investment, the HVSS’s small monthly operating expenses appeal to small businesses. As a hosted service, this model proves attractive to the integrator, offering RMR opportunities and further opportunities to entrench customer loyalty.

Security and confidence
Through a browser-based application, the owners have access to live video feeds from different areas of the store. The staff feels much safer with camera surveillance. When someone is working with a customer, other staff can keep an eye on them, simultaneously scanning other areas, too. The owners can log into the system to check on their business after hours.

By embracing today’s cloud-based tools and hosted service models, you can help your customers to more strategically align resources and maximize protection. Thanks to the affordability, ease of installation and management, a hosted video service is often the right solution for businesses of all sizes. Moving video surveillance data storage into hosted and cloud-based environments enables small business customers to recognize gains in efficiency, flexibility and scalability.

 Mike Nikzad is the chief operating officer of the Iomega Corporation, an EMC Company.  

by: Guest Blogger - Monday, December 3, 2012
Andrew Wren
CEO of Wren Solutions

In 2012, as in years past, loss through shrink has continued to plague retailers. While investments in security technologies have contributed to a slight dip in the numbers over 2011, shoplifting and employee theft remain considerable threats and key areas of focus for retail security professionals. Looking ahead, mobility offers opportunities and challenges in equal measure as the industry awaits standardization on a mobile payment platform and the explosive growth—and security concerns—that are bound to follow. 

In 2013, traditional threats and new technologies will continue to converge, creating an environment rich in prospects for advancement in retail loss prevention tools and the professionals who wield them. Additionally, as the lines between IT and loss prevention bend and blur, it is incumbent upon security professionals to both ensure a basic understanding of underlying retail technologies and partner fully with the IT professionals tasked with supporting emerging systems such as mobile point-of-sale.

To Know the Future, Look Back

The FBI has estimated that, nationally, organized retail crime costs the industry around $30 billion a year. In response, the National Anti-Organized Retail Crime Association was created “to bring the law enforcement community and the private sectors together to fight the worldwide epidemic of organized retail crime.” The Safe Doses Act was passed in October of this year “to fight theft of prescription painkillers from points of the supply chain, from the drug warehouse to the delivery truck to the pharmacy, by increasing penalties and giving law enforcement wiretaps access, among other tools to combat drug rings.” Last year, employee theft was at the top of the list of sources of shrink according to the Nation Retail Security Survey, and shoplifting was a close second.

Traditional threats to retailers continue not only to exist but to thrive. Clearly, offering a safe and secure environment for customers and employees continues to be a top priority for retail security teams. With technological advances, however, the concept of “safe and secure” has grown to include new threats beyond personal safety and asset security to include the securing of personal information, data and even personal identity. For security and loss prevention professionals, this has led to a flurry of new information and standards that accompany the move toward digital, mobile and a vast array of tech-enabled security measures.

Maintaining a safe and secure environment increasingly requires a working knowledge of and cooperation with IT. In fact, as we move into 2013, the lines between IT and security will continue to blur as security professionals work to gain a better understanding of the technology associated with advancements such as mobility—as well as the implications for security—and IT professionals’ responsibilities continue to overlap into the realm once belonging solely to security and loss prevention.

Tech-Savvy Security

At 1.42 percent, the average retail shrinkage in 2011, according to the NRSS, was the lowest ever recorded in the 22 years the survey has been conducted. Many in the field, including Dr. Richard Hollinger, director of the Security Research Project, which conducts the annual NRSS, credit retail technologies for the reduction of shrink numbers.

In addition to enabling a wide range of solutions to assist in the protection of employees, customers and assets, technology serves another, equally important and perhaps more visible, purpose: meeting the needs and desires of customers who want the convenience of mobility. Where IP video surveillance serves security teams by providing broader capabilities in identifying and addressing theft and loss, mobile POS gives customers what they want. With both, however, come the challenges of understanding the technologies well enough to serve as a valuable partner to IT and ensure optimal adoption and deployment.

Take the Payment Card Industry Data Security Standard, for example. The standard has been put in place to ensure that all companies processing, storing or transmitting credit card information maintain a secure environment. The standard applies no matter how the data is collected (by phone, online, in person, etc.). However, with mobile technologies advancing so quickly, and consumers demanding mobile options “now,” ensuring compliance to the PCI DSS will pose yet another challenge for many security professionals. Those well acquainted with mobile technologies, and working closely with their technical counterparts, stand a much better chance of ensuring compliance and reducing issues regarding consumer data and company information.

In 2013, we will see the lines between the security and IT functions continue to thin and blur as technology and security depend more heavily on one another. The demand for mobility leaves retailers no choice but to offer what consumers desire most or lose out to the competition. In the age-old battle against pervasive loss as a result of theft, we’ll see more retailers adopting IP video surveillance and IP analytics, remote monitoring, shelf-mounted cameras and, according to the NRSS’s Hollinger, POS exception-based CCTV interfaced systems. To be effective, these technologies, like mobile payments, must be carefully selected, deployed and secured. This will require IT and security professionals to come together in an unprecedented way, creating a new standard in retail security.

Andrew Wren serves as chief executive officer of Wren Solutions, a loss prevention technology provider helping leading retailers reduce loss and increase profits. Wren is responsible for corporate and product strategy, leveraging his more than two decades of security technology expertise. To learn more about Wren Solutions, visit  


by: Guest Blogger - Thursday, November 1, 2012
Andrew Wren
CEO of Wren Solutions

Black Friday is a unique day for retailers. While the “black” in Black Friday represents profitability, for retail security professionals, the “black” could just as easily represent the sense of foreboding brought on by the promise of long lines, anxious shoppers, crowded stores, an abundance of merchandise on display and all of the safety and security risks that come with all of this. How will you know if you are ready?

According to the National Retail Federation, a record 226 million consumers shopped in stores and online between the Thursday and Sunday surrounding Black Friday last year. And that is likely to increase in 2012. As recently as October, NRF pointed to an increase in spending in September of this year and expressed guarded optimism regarding consumer spending through the end of the year. There are many uncertainties this year surrounding the fiscal cliff, gas prices and the economy in general. However, there is good reason to believe Black Friday will once again bring crowds of shoppers, all looking for a deal.

As this day approaches, security professionals must take the lead in preparing for crowds and addressing the need to protect assets, limit losses and ensure a safe environment for employees as well as shoppers. This requires careful planning, monitoring of plans to ensure they are deployed effectively and precise execution. Taking it one step further, all of this must take place with the overarching goal of providing an enjoyable customer experience that encourages shoppers to spend time—and money—in the store.

Safety and security
In 2008, a worker was trampled to death during the opening of a Black Friday sale. In response to an increase in crowd-related injuries, including the 2008 tragedy, the Occupational Safety and Health Administration created Crowd Management Safety Guidelines for Retailers, a road map for offering a safe environment during a large customer event such as Black Friday.

Many of OSHA’s recommendations for safety cross over into security. For example, ensuring employees are trained to manage crowds and are stationed appropriately in addition to placement of trained security or police officers. These precautions simultaneously ensure the kind of visible presence—of employees and security personnel—that can serve as a deterrent to theft.

OSHA’s recommendations are key, but implementing them is just the beginning. To ensure safety, security of assets and uncompromised implementation of business best practices on Black Friday, begin now by conducting a pre-event audit, including the following elements:

•    A store-opening checklist is beneficial at any time, but on Black Friday, it can help ensure that every employee knows exactly what is expected of them and every process is documented and optimized when the doors open to eager, impatient crowds. This limits confusion and increases the probability of a safe and successful event.

•    A test of all alarm systems and video surveillance cameras will facilitate identification of any equipment that is not functioning properly and confirm that cameras are capturing images in critical areas, allowing for adjustment or repairs as needed before the big day arrives.

•    Confirmation that OSHA Crowd Management Safety Guidelines are being followed will also help ensure that employees have been assigned duties that are specific to the event—for example, additional greeters to accommodate the crowd or security personnel at front doors or emergency exits.

•    A review of the inventory receiving process will minimize the opportunity for loss due to mislabeled, damaged or incorrectly processed items. Limiting the probability of a breakdown in process is key to avoiding shrink on even the most ordinary of days—its importance during an event like Black Friday cannot be overstated.

When exceptions arise during this pre-event audit, ensure immediate resolution by sharing photographic evidence, attached to audit questions, with those responsible. Retrain where necessary. Black Friday can act as a magnifying glass, bringing otherwise “minor” issues to the forefront and multiplying their effect simply due to the nature and scope of the event. Don’t wait for Black Friday to shine the light on threats to safety and security.

About the author
Andrew Wren serves as chief executive officer of Wren Solutions, a loss prevention technology provider helping leading retailers reduce loss and increase profits. Wren is responsible for corporate and product strategy, leveraging his more than two decades of security technology expertise. To learn more about Wren Solutions, visit 

by: Guest Blogger - Friday, August 10, 2012
Norman Spain
Professor of Safety, Security and Emergency Management at Eastern Kentucky University


NOTICE: This commentary is for general education purposes only and is not intended as legal advice. Readers in need of legal advice should consult with competent legal counsel.   

There is a public demonstration on the sidewalks and plaza outside the shareholders meeting. An emotional speaker on a megaphone is calling for sweeping changes as he leads a small breakaway group of activists, some wearing shareholder badges, who are defiantly chanting and carrying signs as they walk towards the security staffed meeting entrance. A confrontation is brewing. The media is watching. Several persons are video recording on cellphones.  

At times public demonstrations appear inseparably interwoven with private shareholder protests. Outside, non-shareholders and activist shareholders are calling for public policy changes. Inside activist shareholders are advocating for similar changes in short term company policies that create excessive wealth for a few, devalue human and worker dignity, and degrade the environment.

Activists are passionate. They are deeply committed to change the practices they perceive to be wrongful. They understand the value organizational reputation and power of public perception. They are highly motivated to attract and leverage public opinion to force governments and businesses to change today.

Security directors cannot overlook the willingness of some activists to engage in passive (e.g., sit-ins) and/or overt conduct intended to force a security and/or law enforcement response. It is both strategy and tactic. It can be a powerfully persuasive gambit in a digital world if the responses are perceived by the public to be heavy-handed.  

Where are the lines for activists and officers between lawful and unlawful conduct? How can the company manage this liability?

Freedom of Expression

The 1st Amendment of the U.S. Constitution provides: "Congress shall make no law ... abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." The courts have extended freedom of expression to the states by application of the 14th amendment prohibitions: "No state shall make or enforce any law which shall abridge the privileges or immunities of citizens ... nor deny to any person within its jurisdiction the equal protection of the laws."

Freedom of expression is a fundamental, but not absolute, right of the people. The inciting of violence is not protected free speech. Nor are all government properties public forums. However, sidewalks, plazas, parks and similar areas historically used for public pronouncements and debates are protected traditional public forums. The government may regulate freedom of expression in traditional public forums as to time, place and manner of conduct. The regulations must be for compelling government interest (e.g., public safety), narrow in scope, and viewpoint neutral. (An excellent general resource:

The public's right of freedom of expression in traditional public forums does not translate into a right to block access, enter upon private or other public property, and/or to disrupt the use of the property for its intended purposes. Such conduct is potentially criminal in nature.

Activist Criminal Conduct

While state statutory language differs, criminal trespass and disorderly conduct are probably the most frequent offenses committed by activist shareholders. Vandalism and resisting arrest are issues too. More serious offenses are wanton endangerment, and assault and battery.

Proof of a criminal trespass generally requires notice by the owner or representative, and/or signage that says the property is private or restricted, that the individual cannot enter or remain, and is given reasonable opportunity to depart. Disorderly conduct refers to a range of behaviors disruptive of the public peace and peaceful enjoyment of property.

A company may restrict access to a shareholders meeting held on company property. Similarly, a hotel or conference center may restrict public access, however, common areas such as lobbies and restaurants are often kept open to the public for the intended use. Protestors who knowingly without authorization attempt to enter or remain in restricted areas, or who have authorized access but become disruptive in common areas OR IN shareholders meetings, may be subject to arrest and removal for trespass and/or disorderly conduct.  

Protestors who deface or destroy property may be subject to arrest for criminal vandalism. Those who recklessly throw dangerous objects may face charges for wanton endangerment. Criminal assault and battery claims may be filed against protestors who grab, hit or throw objects at others; and those who resist lawful arrest may be subject to resisting arrest charges.

Legal Risks for Security Professionals

Most lawsuits filed against security officers are tort claims under state law. Whereas a crime is an offense against the public, a tort is a civil violation against the personal and/or property rights of another who may seek judicial relief. Officers are at heightened risk when using force and making private party (i.e., citizen) arrests. Note, a few torts and crimes share the same or similar names.

A tortuous assault occurs when one party intentionally creates a reasonable apprehension in the mind of another of an imminent battery. Battery is an intentional touching of another that is highly offensive to a reasonable person. An officer who uses excessive force to block a protestor from entering or to remove a vocally disruptive activist shareholder may be sued for assault and battery. An infliction of emotional distress claim might be made if the officer's conduct is outrageous and highly likely to inflict distress upon another, e.g., repeatedly hitting another.

False arrest is arrest without sufficient probable cause for a reasonable person to believe the suspect committed a crime. False imprisonment occurs when one party without justification denies another voluntary freedom of movement. Malicious prosecution requires proof that a party with malice and without probable cause initiated a criminal proceeding that was terminated in favor of the accused. A security officer who without further inquiry forcefully grabs and detains for trespass a known activist shareholder who was not being disruptive may face a lawsuit for assault, battery, and false imprisonment. If he arrests the activist shareholder, the officer may also face false arrest and malicious prosecution claims if the criminal charge is dismissed with prejudice (i.e., cannot be re-filed).  

When officers are sued, security managers are at risk of being sued for negligent training and negligent supervision for failing to assure the officers competently performed their duties. Managers may also be sued for negligent security for failing to provide overall reasonable protection if innocent parties are injured.

At a security checkpoint, a shareholder may claim a frisk by an officer of the opposite sex was a highly offensive intrusion upon privacy. An individual wearing a colostomy pouch might claim publication of a private fact if verbally coerced to show the pouch in an open versus private screening area.

Managing Company Liability

According to risk management theory, risks may be retained, reduced and/or transferred. These are the same options for managing security liabilities.

The legal doctrine of "respondeat superior" holds that a company may be held vicariously liable for the intentional and negligent conduct of its employees committed within the scope of employment. By deploying its officers the company retains liability.  It can reduce this risk by providing officers supervision and training on their authority and protocols for using force and making private party arrests. It can transfer some risk by obtaining insurance, however, intentional harms caused by the insured (e.g., assault) are frequently excluded from coverage.

A company can transfer liability by outsourcing security. Under the independent contractor rule a company is not liable for acts of an independent contractor and its employees. There are exceptions if a company reserves or exercises too much control over the security provider's officers. Also, companies today prefer to allocate liability risks in the contract for services. Minimum insurance requirements with named beneficiary; indemnification for losses suffered; and hold harmless for injuries caused are typical topics addressed.

Another transfer option is to directly pay a city for supplemental police coverage to handle disruptive persons. A company reduces liability exposure when the city assigns and supervises the officers who are trained to follow police protocols. Another benefit, if injured the officers are more likely to be covered by the city's workers compensation. When a company directly retains the services of police officers the issues of insurance coverage and whether they are acting as police officers and/or agents of the company may be more open for review by the courts.

In conclusion, public demonstrations and shareholder protests raise reputational and legal risks. Security directors should in consultation with legal counsel develop shareholder meeting security plans in advance long before the activists are approaching the entrance.

Disruptive Public and Shareholder Protests - Recognizing Lawful and Unlawful Conduct and Managing Company Liability

Norman Spain, J.D., is Professor of Safety, Security and Emergency Management at Eastern Kentucky University.

by: Christopher Walker - Thursday, August 9, 2012

Editor's Note: Christopher Walker, a Professor and Director of Security Studies at Northeastern University, is a new regular contributor for Security Director News. In his new monthly guest blog, "Speaking of Security," Walker will explore the security profession and its integration with the wider world of business. He'll bring his perspective gained from his years as a law enforcement officer, a chief security officer in the private sector, and his time in academia. He also holds a doctorate in business administration.

Not surprisingly, as with the tragic events of 9/11, the shooting in Aurora, Colo., has brought out many security “experts” who opine how the shooting might have been prevented or mitigated (even my son’s martial arts instructor has an opinion). What is also unsurprising is that, without knowing what security or risk mitigation programs might have actually been in place, the company that owns the movie theater has been judged by many to have failed to secure its environment against a violent attack. Perhaps, it did. But that is an issue to be addressed in the courts. And, it will be. Both sides will have their various experts testify and the most compelling legal argument may not win. I understand this as a former court-qualified expert witness in negligent security. I say “former” because that was only a temporary role and never how I made a living. What I do now is more mundane. I educate. I do it in the classroom, in executive education programs, as a consultant and will now seek to do some variation of it for Security Director News. More specifically, I have been asked to create an ongoing column that will appear in SDN roughly once a month, depending on interest—yours, mine and the editor’s.

I want to be clear why I agreed to do this column. I am not selling anything. I have no agenda beyond informing and, if I am lucky, educating. To what end? Well, if security is to be recognized as a profession within the business community, it will not be by establishing security standards or developing technical expertise. It will be the result of understanding more fully the world of business. Consequently, no matter what security related topic I write about, it will always come back to the basic point that security practitioners must help businesses operate more efficiently and effectively. And, to be clear, these are two very different concepts. But, I will save that discussion for another day.

Understandably, there is a tendency to question the credibility of a writer or speaker who posits an opinion.  In truth, one of my biggest irritations comes from the so-called security experts who, absent any real business experience, base their claims on years in law enforcement or the military. Somehow, the media find these people credible on the topic, often because of the position or rank they once held. I do not. While I respect this prior experience, it is not business experience and that anyone might conflate the two is, well, ignorant of the realities of business. This leads me to the credibility question that may well have formed in your mind—Just what does this guy bring to the table? Or, as someone once asked me, why should I listen to you?

As simply said as possible, my perspective is born of ten years in law enforcement, twelve years with a global firm (nine as the CSO responsible for global security in a multi-billion dollar division), and six years as a full-time professor at Northeastern University, where I got the job because I hold a doctorate degree in business. This is not an attempt to say my resume is better than yours; rather, it is to suggest that I might offer a different point of view.

So my commitment to the reader is simple; I will not shy away from weighing in on topics that deserve discussion, even if not agreement. While I will try to be fair, undoubtedly I will offend, irritate, or otherwise bother some readers. But, there is nothing wrong with that. Just like medicine and law, security is a field that needs much debate and discussion. In fact, without it there would be no growth and improvement. As anyone in the field of technology knows, innovations do not occur because something is bad, but because it can be better (think landlines being replaced by cell phones; which, in turn, are being replaced by smartphones with countless apps). At its heart, my effort will seek to generate thinking and discussion. And, speaking of that…

ASIS International's global conference will take place in Philadelphia in September and a number of speakers will offer their insights and opinions, based on their education and experience. I will be among them. More by accident than design, I will speak at two sessions. A member of ASIS for more than 25 years, it has been my privilege to speak at a number of their conferences in a variety of countries. So, I welcome your attendance and feedback. As with this column, I will try to be interesting, even if disagreeable. I will never have all the answers, nor will I pretend that I do. On the contrary, what I am more likely to have are tough questions. As Theodore Geisel (Doctor Seuss) once said: “Sometimes the answers are easy and it is the questions that are complicated.”


Christopher Walker is the former Executive Professor of Strategy with Northeastern University's College of Business Administration and now Professor and Director of Security Studies at the university's College of Professional Studies. Prior to entering academia, Walker served 10 years as a law enforcement officer, followed by nearly a decade as CSO in charge of global security for a multi-billion dollar division of a Fortune 50 company. He also holds a doctorate in business administration.

by: Guest Blogger - Friday, August 3, 2012
By Jeffrey Grossmann
Program Director, Homeland and Corporate Security Studies, St. John’s University, Queens, N.Y.


Editor's Note: The following is Jeffrey Grossmann's response to comments made by Tsung Y. (Bill) Soo Hoo, a faculty member in New Jersey City University's security studies department, concerning the July 30 article "Doctor of Security," which was about NJCU's new doctorate program in security studies and included quotes by Grossmann. Bill Soo Hoo commented using the name TYBill.

Reading the comments posted by TYBill regarding the July 30, 2012, article “Doctor of Security” reminds me of a bad television police docudrama where the hero agent has a sarcastic and condescending (yet funny) retort for every statement the suspect gives. In fact, those comments posted by TYBill do not appear to be typical opinion-based responses, rather, an underhanded attack on the veracity of a source. But I get ahead of myself…

Introductions are in order. My name is Jeffrey P. Grossmann (Grossmann spelled with a double “n” TYBill). I am an Assistant Professor and Program Director of Homeland and Corporate Security Studies at St. John’s University in Queens, New York. I have helped develop and continue to drive the Homeland and Corporate Security Program at St. John’s. I am the 2011-2012 Chair of the Academic and Training Programs Council of ASIS International (a highly regarded group of academic professionals dedicated to the betterment of security education). I maintain an education-based consulting practice where I work with the American Council on Education and the Department of Defense awarding academic credit to training programs throughout our armed forces (something as a veteran I am so proud to do). I have helped colleges and universities in the creation of their own homeland security programs. I have conducted research, been invited to speak at numerous security conferences, and continue to publish articles on both homeland security and generic security academic programs. In short TYBill (I use your screen name since you have chosen to remain anonymous), I have sufficient experience in this field to give an informed opinion on the creation of a security-themed academic program, regardless of your attack on my credibility.

You have taken offense to a few generalized comments regarding the state of homeland security and generic security education. My comments were aimed at providing some background to the world we both work in. I did not reference your program. In fact, I refuse to make public comments on any academic program, not just yours. My comments focused on the central issues confronting our industry (subject matter, accreditation, and the need for doctoral programs). You could even say that I included my own program in those generalized remarks concerning our industry.  

When I address an opinion in which I disagree (and there are a few), I try very hard not to attack the source of thought. In fact as an educator, I owe a duty to my students (and the industry) to help nurture and develop these young thought mechanisms. These opinions or thoughts will develop into ideas, ideas in which problems will be solved, innovative processes will be developed, and goals will be achieved. Yes TYBill, I do not necessarily agree with your remarks, however, I can appreciate your point of view. I will not call your comments “perplexing” or question your loyalty as you did with me, for I understand why someone so close to a cause would react the way you did to generalized criticism.

The truth of the matter is that our industry is growing. It is still in its infancy, especially homeland security education, when compared to similar academic disciplines such as criminal justice. There are legitimate questions which need to be answered. In particular, there are no formalized data sets showing the need for the creation of doctoral programs in the generic security industry at this time (none that I have encountered). You suggest that we create these programs in advance of such need. In fact TYBill, you went on to compare the development of a national homeland security program in response to the devastating terrorist attacks of 9/11, to the creation of educational programs. You made an off-handed and semi-patriotic point that since the government did not wait to address the terrorists attacks of 9/11 (and rightfully so), so too should your organization not wait to develop a doctoral program (not rightfully so). The Office of Homeland Security was established in mere weeks after 9/11/01 to address an “obvious” need. TYBill, instead of attacking opinion, make an argument for an “obvious” need in relation to the creation of a doctoral program in generic security studies. Do not insinuate that I should “rubber-stamp” approval of such an academic endeavor because of my standing in a professional association. Instead, explain how such a program will enhance my profession at this time. Refrain from making patriotic comparisons and concentrate on legitimate comparisons with other programs in similar disciplines.

TYBill, I am sure you did a wonderful job in the creation of your program. You should even be commended for completing such an arduous task. Please do not diminish your significant accomplishments by “bullying” folks who have legitimate questions. After all, isn’t that what makes this country so great, freedom of opinion?

-Jeffrey P. Grossmann, JD

by: Guest Blogger - Monday, July 9, 2012
Sean Spellecy
CEO of NewDawn Security

As a “retired” school principal and lead analyst of NewDawn Security, I have visited at least 200 schools ranging from Pre-K to college, public and private, have read more than 2,000 articles, briefs and research reports related to current/past safety and security events in schools, attended over 100 security/safety training seminars and exercises, and either authored and/or presented more than 35 lectures or seminars. I provide that as reference to the following claim:

Expecting schools to educate children and keep them safe is no longer a combination that only school personnel should be responsible for.

The point of this article is that without the strong intervention of security professionals in the day-to-day safety and security operations of both private and public schools, we will see not only school shootings happen again, but we will see the continuation of schools being unprepared to handle the multitude of crises they are bound to face.

An example can be found in Chardon, Ohio. The tragedy that befell Chardon also provided a good barometer of the current state of safety and security in education. Superintendent Bergent was on CNN in a timely manner detailing the tragedy as best as possible; his staff said nothing to the press, which is the way it should be; and he stated that the Geauga County Sheriff's office responded in a short amount of time, just the way the training exercises had dictated. The response was there, it was correct, and it was effective. (Not to discount the heroics of Coach Frank Hall, who chased T.J. Lane from the building.)

The problem, and what proactive security personnel can help prevent, is that a student who did not attend Chardon High rode a Chardon School District bus to his alternative school, but got off at the Chardon High stop, walked into Chardon High with a loaded weapon, made his way to the school cafeteria and then began his rampage.

Using this tragedy, or any other, as an example is by NO MEANS a criticism of any school district or staff, or an armchair-quarterback example. The students and staff at Chardon High did the best they could with the tools they had. My point is they needed more tools and the people who know how to use them.

Expecting that schools will be able to progress towards prevention with their current situation of security funding, grants (the Safe School Grant program provided $32.8 million to 18 states in 2009; it provided $0 in 2011), training, and staff levels being drastically cut is almost preposterous. Add in the fact that schools are having to be more and more accountable for student learning, which obviously is a good thing, by overhauling and adding additional duties without new positions or financial support is enough to make it completely preposterous.

Let me clarify:

1) Schools do not have the training or time to correctly identify risk factors in their buildings and/or operations. Expecting them to find the time, or be trained in a field that is so much more detailed and foreign vs. current post secondary education (K-12) curriculum is an expectation that the general public should no longer possess.

2) What training school staffs are provided usually happens at a rushed meeting prior to the start of the school year, when all the staff is still preoccupied with getting rooms ready, analyzing class lists, and preparing lessons. Very rarely are their follow-up meetings devoted solely to improving safety and security techniques—unless, of course, an unexpected negative event demands it takes place.

3) Schools are now doing a better job of meeting monthly with “Safe School Teams," but to expect that the information and even the training that takes place gets to the entire faculty as an embedded action is not likely—again, unless a tragedy occurs.

4) Here is the most important point: Since the Columbine High School shooting took place on April 20, 1999, what we expect from teachers and school administrators in terms of providing an increased level of safety and security has grown beyond what is possible. If we want these people to be able to succeed at their core mission, which is to provide the best learning environment possible for every student, they need the support and services of security professionals.

With the above information, and the school shooting at Chardon High as a guide, the following is just a LIMITED example of how an embedded safety and security professional team can make a difference:

1) Any good security professional knows how to not only administer risk and threat assessments, but they also know how to analyze the data produced by such assessments. Specific risks at schools exist when there are entrances/exits that are common, but not manned by adult personnel that greet each student, and identify persons who do not belong at the school. Same standard for bus drivers allowing students to enter and exit at irregular stops.

2) Security professionals know that all schools are at risk for school shootings. It may be miniscule, but it is still a risk. There is no proven profile of a school shooter, but there are observable patterns: School shooters have always been boys; more than 75% have felt bullied, persecuted, or injured, and suffer from some sort of actual or perceived loss. (Sources: Eric Madfis' dissertation on school shootings [March 20, 2012; Northeastern Dept. of Sociology and Anthropology] and the Safe School Initiative, a collaboration between the U.S. Department of Education and U.S. Secret Service.) Having this pattern in the forefront would allow for better analysis of: A) Incident Reporting System data B) Crisis Hotline Anonymous information C) Teacher/Counselor concern reports. This analysis should be done by a security professional due to the training and time it takes to compile. The goal of these reports would be to compile the data from all three reporting systems, and identify students who stand out so that support services and heightened supervision can be prescribed.

There are many more benefits a school would receive with active participation of security professionals, especially since Active Shooter Response and Prevention is just one of the 26 Safe School Standards security professionals can analyze and improve. However, that doesn't mean school administrators and teachers should be expected to have their schools at the necessary level of prevention and preparedness without outside help. We should expect our school professionals to educate to the highest level possible, and allow security professionals to secure their schools to the highest level possible. One doesn’t happen without the other.

Sean Spellecy is the CEO of NewDawn Security.

Interested in writing a colum for Industry View? Send your pitch to

by: Guest Blogger - Monday, June 18, 2012
John Dillard
President, Big Sky Associates

Businesses face a multitude of security threats—from leaks to targeted attacks—that can compromise closely guarded information and day-to-day operations.

Often, the source of the threat comes from within the organization—from individuals with knowledge that would allow them to exploit the company’s security, systems, products or facilities. And, whether the act is white-collar in nature, sabotage or violence against personnel, the effects can be devastating to a company’s operations and financial stability.

The good news? Risks can be minimized by developing a strategic planning framework that addresses threats from insiders. Organizations can address this threat by focusing on improving personnel security, information security, counterintelligence, and training and awareness.

To minimize risk, the process begins with a current-state analysis. This is an inventory of existing programs, practices and initiatives that address the insider threat. Once the analysis is complete, organizations can identify focus areas and develop strategic objectives.

Three strategies can work together to help organizations evaluate and address threats from within: deter, detect and neutralize.

Deterrence helps prevent insider threats to critical information, personnel and facilities. This is accomplished by focusing on personnel security and suitability screening, awareness and training, continuous evaluation and information sharing. Organizations should inform employees that a detailed security plan is in place to protect the company. Additionally, organizations should remain vigilant and identify employees who pose potential threats, and then communicate between departments about those potential threats.

Detection is the process by which organizations identify insider threat activity and safeguard their resources. Focus areas include counterintelligence, managing the risks associated with information and data transmission, and security auditing and monitoring. This strategy works to protect an organization’s resources from threats and actively seeks to identify suspicious activity.

Finally, neutralization is the means by which organizations respond to hostile insiders, as well as additional threats and vulnerabilities. This is achieved through surveillance and monitoring, the use of informants and employing preventive measures. When threats are detected, organizations must investigate the source in order to bring an end to the current situation and take steps to prevent similar attacks or breaches from occurring again.

The specific vulnerabilities and risks vary with each organization. That is why it is important to develop an overall framework to address insider threats once a company’s strategic objectives and focus areas are mapped out.

Big Sky Associates recently helped the U.S. Army’s Deputy Chief of Staff for Intelligence develop a strategic planning framework in the wake of the Fort Hood shootings and WikiLeaks debacle—two cases in which an insider caused considerable harm to the organization. After an inventory of on-going work and the steps in place to mitigate insider threats, Big Sky developed a concept for the Army using the deter, detect and neutralize model. The framework included the final step of effecting change once the first three were completed.

The Army established objectives for each initiative, beginning with enhancing their deterrence procedures by improving personnel security and information sharing, as well as better education and training. To better detect threats, the Army turned to the use of leading technologies, which allowed the organization to manage information faster and more effectively.

To neutralize and exploit threats, the Army relied on its existing security programs while actively working to identify new methods and techniques. And with the final goal, effect change, the Army partnered with internal and external stakeholders to implement the vision of the strategic planning framework and improve the effectiveness of the new security program.

Big Sky also helped the Army create a database to track funding across each of the initiatives within the scope of the security project. And, the company developed risk scenarios and recommended courses of action, as well as a portfolio management methodology to help the Army measure the effectiveness of the new initiatives against the status quo.

Today, the Army’s intelligence operation has a strategic planning framework in place to address the insider threats, and the processes are being shared across the Department of Defense as a potential leading practice to be adopted by other groups.

The objectives developed for the Army can serve as a guide for commercial organizations to address their own security concerns and reduce the risk of insider threats.

John Dillard is president and co-founder of Big Sky Associates, a management consulting firm. Prior to Big Sky, Dillard was an intelligence officer with the U.S. Navy and a lieutenant with the U.S. Navy Reserve, where he is currently listed as inactive reserve.

by: Guest Blogger - Monday, June 11, 2012

Editor's note: This post is a response from J.C. St. John to my initial post about the debate over the use of the word "guard" versus "officer" when discussing private security professionals.

Another example of language getting sloppy. Since the words can be traced back to origins that had more specific meaning at one point, deciding to diverge from that meaning without good reason seems to be just plain, bad English.

If the words were used more true to their past, the word "officer" would be reserved for someone who had powers representative of a parent authority (not just a parent entity but one of authority). A police officer is empowered by the Sovereign with an arrest authority and immunity from certain related liability for arrests and reasonable/authorized use of force. Probation officers represent the Sovereign. Corrections officers represent the Sovereign. There are a number of other public officers. All represent the Sovereign and generally have some degree of protection from liability for acts under the color of authority.

In a related sense, a corporate officer is empowered by a corporation—itself empowered by the Sovereign (though not as a power representative of the Sovereign itself obviously)—with powers relating to the corporation and some degree of protection from personal liability for acts done on behalf of the corporation.

So, with any security personnel, the question as to whether or not they are an "officer" is dependent on the power they have and from whence it came. Security personnel who are empowered by some sort of state or federal scheme and authorized to arrest under some authority of the state (outside of a common law citizen's arrest) could be accurately called "security officers." Really, though, they should also be granted some level of immunity for official acts. (Notice how "official" has the same root.)

Operating in the Commonwealth of Virginia, I see this nomenclature sloppily applied on a regular basis. Security personnel are called "security officers" by the state regulatory agency. Unarmed security "officers" are not granted any extraordinary arrest authority (but they are trained and registered under the state schema). Unarmed "officers" are trained to "deter, detect, and report." Armed security officers are trained to be more engaging and they supposedly have "arrest authority"—though it's one that is very limited (largely related to retail loss prevention) and without any immunity from liability. So, for registered armed security officers in Virginia, the title is just barely appropriate.

Guards (and guardians) have a protective duty that doesn't assume any sort of engagement that isn't directly related to protective actions—and their authority isn't necessarily derived from a higher authority. One can hire private guards to protect assets, but that doesn't mean that those guards have any authority (outside of the usual citizen's authority) to the conduct of their protective actions. Here too, though, the root and historical use of the word isn't precisely connected to more modern usage. Traditionally, guardians not only had the power to protect something/someone but also a legal DUTY to do so. (See also "fiduciary" and compare to "agency.") I suspect that a lot of modern day "guards" aren't also liable when they fail to protect.

So, to summarize, officers assert an authority granted to them by some greater power (usually a sovereign power—directly or indirectly) and guards protect things or people not neccessarily with a grant of power from the Sovereign or a greater power. If you are a private citizen with no recognition or empowerement from the Sovereign and you're doing protection work for a private entity then chances are you're a guard. If you have been empowered by the Soverign to assert some level of authority (like arrest authority) or you work as an agent of the Sovereign, then calling you an "officer" isn't inaccurate.

by: Guest Blogger - Friday, May 25, 2012
Renae Leary
Tyco Integrated Security

Business operations in today’s market increasingly take on a global approach. Many of today’s growth-oriented businesses tend to extend operations to other states and countries once solidifying success in existing markets, and this trend will only continue to accelerate. Corporations conduct business with a number of entities in a variety of locations and their customers can be as close as Poughkeepsie or as far as Peru.

The global approach to business drives a need, desire and requirement for a streamlined approach to security. Technologies, services and procedures need to be managed from a centralized location to bring not only increased security and safety, but deliver long-term ROI and business efficiencies to the customer. A security systems integrator dedicated to providing a high-level of service and innovative technologies to multinational customers is an ideal partner for an enterprise security leader. Therefore, such a customer’s security program requires a structured approach from a single service provider to bring a worldwide security program together successfully.

One Worldwide Partner
Whether you’re a C-level executive at a large, multinational enterprise or a smaller corporation with various locations, it is ideal to rely on a single set of security standards and ideally a single service provider to fulfill security needs. With one systems integrator, there is no more searching through databases to determine who to call for a specific need or looking for someone to address critical concerns quickly. When an organization partners with a global vendor, they are provided with one point of contact for all their needs, while streamlining technology and service deployments across the globe.

As security solutions have become more complex, IT-centric and network-based, a knowledgeable solutions company can execute cohesive logical and physical security installations across the globe, which is critical to ensure consistent and cost-effective operations. This approach also lends itself to more efficiency in the enterprise and assists in defining management objectives. With this in mind, enterprise organizations are an ideal candidate to contract a single integrator for all its physical and logical security solutions. An experienced service company will provide one team for all plans and devise cohesive and well-executed loss prevention, security, business management, and risk assessment goals and strategies.

There are many options available to the enterprise that wants to leverage logical and physical security on the network. Software platforms, such as physical security information management systems, can be deployed and managed in-house or in the cloud. IP or analog surveillance is another consideration, as well as access control ranging from simple single door control to managed access. The possibilities for effectively managing physical security and logical network controls are endless and it takes a comprehensive solutions provider to provide a robust plan and the personnel needed to effectively deploy a worldwide security program. A single-source technology and service provider that is experienced in global operations connects the end user enterprise to all the efficiencies of the network and streamlines business on the IT network.

A dedicated, experienced security systems integrator will also know and easily grasp the pain points of global customers. These providers critically understand the local and regional regulations and legalities of overseas operations; effectively plan and execute, and communicate regularly; consistently follow project status; and update and maintain services and software. This frees management of these day-to-day tasks to allow enterprise security teams to focus on their vision and roadmap of building a successful security and business analytic program across the globe.

Building a ‘standard’ system    
Consider a sole integration company your single source of command and control. A single source provider that acutely understands business here and abroad can help organizations standardize technology and services no matter where a company conducts business or has facilities. A dedicated team focuses on delivering integrated enterprise security projects in a consistent solution. Hands down, customers who standardize on products and services realize immediate and long-term cost efficiencies and improved levels of security. By partnering with a security integrator that can deliver a consistent level of support and security systems across the world, customers have access to dedicated account management, and the latest updated product and services specifically tailored to an organization’s needs.

Trusting a security program to an experienced systems integrator delivers the same type of service in one location as it can at another 5,000 miles away, and allows security practitioners to realize significant savings in time, resources and money. The real value to a global company is the consistent integration of systems to provide central control through a single point of contact, delivering peace of mind to the security team and C-level executives.