State of the Security Profession: A Q&A with ASIS President Ray O'Hara
YARMOUTH, Maine—Ray O'Hara began his one-year tenure as president of ASIS International last January. Since then, he's helped navigate the organization, which represents more than 37,000 security professionals worldwide, through the shaky global economy, the political turmoil in the Middle East and the professional challenges closer to home.
Whit Richardson, managing editor of Security Director News, spoke with O'Hara—a former Los Angeles Police Department detective who is currently executive vice president of international services and the consulting and investigations division of Andrews International—about the professionalization of the security practitioner, the value of a law enforcement background in the private sector, his take on the best higher education degree for a security practitioner, and his advice for his successor, the incoming ASIS International president, Eduard Emde, who will be the first non-U.S. security professional to assume the role. The following interview was edited for clarity and length.
Security Director News: Looking back at 2011, what was the biggest trend that emerged in the security profession?
Ray O'Hara: Well, certainly 2011 was a challenging year from an economic standpoint. It tasked all of us in the industry to be more proficient and efficient with the things we're doing, sometimes with significant budget constraints. Compounding that is certainly the continuing move to globalize the world economy, and the many ups and downs that come with that. The turmoil we had in the Middle East and employees and others traveling and sometimes stuck in locations with no communication. It becomes very troubling and I think it reminded us all that we better have an updated crisis plan that gets tested periodically, not sitting on a back shelf collecting dust.
And then the sidebar there as well is the significance of the Internet and ability for penetration, and trade secrets and intellectual property loss. The social networks have become so prominent now. We saw several times this year that demonstrations can be organized on a social network in an hour.
SDN: The security profession is in a transitional period, from being primarily a second-career option for former government agency and law enforcement officials to a more professionalized first-career option for young people. What's your assessment of where that transition is?
O'Hara: I think you're exactly correct, Whit. We're in transition and we're seeing more and more of that. We're seeing more people from the public sector looking for opportunities in the private sector and preparing themselves ahead of time with a certification of some kind. My sense is we're well on the way to getting a stable of first-career professionals. In fact, John Turey [director of security for ITT in White Plaines, N.Y.], who joins the board in January 2012, has no law enforcement background. Security is his profession, so it's kind of exciting to see that transition in action with measurable results.
SDN: I'm not familiar with the makeup of the ASIS board over the years. Has it always consisted of mostly former law enforcement officers?
O'Hara: Yes, it's been a combination of law enforcement, military and other agency-type work at the federal and state level. John actually came out of college into the profession early in his career and is still in the career and he's doing very well at it. We're very happy to see him on the board of directors.
SDN: This isn't the first time a first-career security professional has been on ASIS's board, right?
O'Hara: No, but it's the first in this transition period that we're seeing. There certainly have been others and I don’t mean to shun anybody else that made it to the board without [law enforcement] background, but this is 2011 turning into 2012, so I think it's exciting.
SDN: Given that so many security professionals enter the profession with a law enforcement, military and/or government agency background, do you see that experience as important to be a good security director or CSO?
O'Hara: Well, I think it's one of the things that may potentially make a person standout, based on the fact that in police and the military you get a good understanding of what people are like when you deal with them every day. There are plenty of other people that end up as a CSO that have a different background and different education, so [law enforcement] isn’t a mandatory background.
SDN: Many times the people making the hiring decisions, though, don't know about ASIS or the security profession. I think the general belief is that if you're a former police chief then you must make a perfect CSO. How do you educate those people outside the profession that a law enforcement background is not all it takes?
O'Hara: It's an interesting question. You're exactly right. How do you educate that population and say, 'wait a minute. There are more qualities to this position than being a former this or a former that'? Sometimes that's not articulated well in the job description, the job responsibilities and/or the job doesn’t report to the right position in an organization. I'll mention the workplace violence standard we just did with SHRM, the Society of Human Resource Managers. We had a large crowd putting together that standard, so hopefully some of that education they had access to in working shoulder to shoulder with us changed some of their minds about what a CSO really needs to look like.
There's an excellent job available today in Los Angeles and some of the qualities not overly excitable to the hiring people are any law enforcement background. They're looking more for a businessperson that could work in their organization that has physical security and other skills that would blend in better from a C-suite standpoint. So we're starting to see a little bit of that, which is good.
SDN: Do you envision a day when security is a true first-career profession or will it always be a mix of first-career and second-career?
O'Hara: I think it's going to be both. I think some of today's law enforcement professionals, wherever they are, are realizing that it's not a career for them and they get out early and then they get into the private sector and just find that's the right niche for them and they appreciate the five or six years they spent and the training they got in [the law enforcement] profession.
SDN: When it comes to education, there's a gap between the actual educational level of most private security employees and the level of higher education required for security director/CSO positions. How do you see the industry bridging that gap?
O'Hara: Well hopefully they're not reading the newspaper that shows that most people with an MBA can't get a job. I think that the higher-level education is somewhat arbitrary as it comes to the CSO position. I don't know if you were in Orlando and saw the open forum we had on Thursday, where Tim Williams [director of global security for Caterpillar] was a proponent of a security professional having an MBA and the GW professor said [an MBA] doesn't matter [as long as they] understand business skills. Now wait a minute: Here's a GW professor saying that a MBA isn't that important, and then Tim Williams—one of our premier CSOs in the country—saying that it is important. They actually came to some mutual ground, and said what [security professionals] really need to understand is how business operates and that's why Tim was using an MBA as an example and the professor was saying that they really need to understand management principles that apply in a business organization.
If you stood shoulder to shoulder, a bachelor’s-degree person and an MBA person that had similar backgrounds and were both vying for the same job, I don’t know that the MBA person would win 50 percent of the time. I think at that point it comes down to the fit with the organization, how they understand the culture of the organization and so forth.
SDN: What do you think is the most valuable college degree for tomorrow's security professional (i.e., security management, homeland security, business, IT, etc.)?
O'Hara: It's hard to say. My advice to anybody today is you really have to learn what business is all about. So figure out how to learn that and then figure out what education you need that supports that. I think as we transition to the CSO level that a security management bachelor’s degree isn't probably as valuable as a business management degree.
SDN: Do you think private sector security professionals receive enough training?
O'Hara: If they have a certification they are required to get certification points to maintain their certification over the years. As you may know, we've tightened those controls down more and more on the certification exams. So the continuing education becomes a component of their day-to-day activities, and many of the certifications in other agencies or other companies or other certification bodies are doing the same thing. In the business organization there is training that goes on every day for business managers and that involves a security function. Ongoing education is important.
SDN: What do you think about the wide disparity among the states of the training requirements for security professionals?
O'Hara: That generally surrounds licensing issues and unfortunately just about every state has different requirements. It's a challenging area because it'd be nice if there was one set of guidelines or standards for people to go through that would work in all 50 states, but in the economy that we're in I don’t that will never happen because many of these licensing issues are able to draw money from the candidates so I don’t think we'll see much change in that.
SDN: Besides the ASIS certifications, are there other professional certifications out there that security professionals should pursue?
O'Hara: Certainly in the environment we are in, and are going to be in, the IT security arena is a very important one. And as you see the transition of CSOs and the CISOs into cohabitating in the same organization, the CISSP [Certified Information Systems Security Professional] that is sponsored by ISC2 is certainly very important and has gained significant traction in the last several years. And then ISACA has a couple new ones: The CISM [Certified Information Security Manager] has done well. All of those things are good for a well-rounded security practitioner and professional.
SDN: What are you most proud of during your tenure as ASIS president?
O'Hara: Well there's several things that we did this year that just happened to be the year I was president that I don’t take full responsibility for, but the Women in Security group was important and we made a lot of traction with it. The Young Professionals group was a trend we were into and we substantiated that this year. Both of those drew large numbers of people in Orlando and our annual seminar. The relationship we struck up with ISC2 was long in coming and I'm certainly proud of the fact we were able to exhibit and provide education to both of our membership in Orlando, and you'll see more of that in years to come.
One significant disappointment was the Wounded Warrior program. I don’t think we got as much traction as I was hoping we would get in providing jobs to the wounded warriors. We financially support them as we have in the past and I was hoping we'd get in a little deeper. It certainly isn’t a one-year initiative, it's an ongoing one. So maybe in a couple years we'll see the fruits of that display themselves.
SDN: What are the trends you'll be watching out for in 2012?
O'Hara: Globalization and virtualization. Everyone wants to do everything wherever they are, 24 hours a day, seven days a week, whether they're in Kabul or Lahore, Pakistan, or in Bangladesh. So that's a challenge because of intellectual property issues, and then having the support functions that support someone 18 hours away from headquarters, wanting to get in to look at some intellectual property. As the world gets smaller and the turmoil we saw in the world today, it doesn’t look like it has much end in sight and will challenge all of us in the world we live in from a protection standpoint.
SDN: What goals will ASIS have for the next year?
O'Hara: We're very interested in the international aspect. Last week, we approved two more international chapters: One in Seoul, Korea, and one in Juarez, Mexico. So our international membership is growing and that’s important to all of us. The Young Professionals and the Women in Security groups are ongoing initiatives that we'll continue to grow and will be supported by those that come behind me. We're continuing our CSO Roundtable penetration into the community. That's done very well. And we'll continue to provide special education around the world for people interested in that.
SDN: The incoming president, Eduard Emde, is first non-U.S. security practitioner to serve in that position, so that's a milestone. Do you have any advice for him?
O'Hara: He and I were together last week for a few days and my first piece of advice was 'enjoy it.' It's a lot of fun and you'll meet people around the world that you haven’t met before or re-meet some people that you haven’t met in a long time or have only met on the phone. He has a strategic plan, but it doesn’t change all that much every year so he's very interested in internationalization and delivering value to the membership of ASIS—those that are members today and those that want to be members tomorrow. I fill in the role of chairman for 2012, so I'm a sounding board to help him as we continue to penetrate issues around the world together.