Filling the Talent Gap in Cyber Security

B-Endicott-Popvsky-by-marc-studer-(1)[1].jpg

The Great Conversation interviewed the Executive Director for the Center of Information Assurance and Cybersecurity (CIAC), Dr. Barbara Endicott-Popovsky, to review her background and her passion for creating the next generation of cybersecurity leaders. Barbara will be sharing her perspective on filling the talent gap at The Great Conversation in Security on March 4 & 5 in Seattle, Washington.

What is the Center for Information Assurance and Cybersecurity?

The center is an NSA/DHS Center of Academic Excellence in Cyber Defense Education and Research. This designation is earned by demonstrating to a jury of peers our alignment with stringent Federal government standards. Through the years, we have received national and international recognition from our U.S., European and Asian academic and business partners for excellence in thought leadership.

To provide you some history, we were ranked at #10 for best places in the United States to study cybersecurity by the Ponemon Institute in 2014. Our graduates have become Chief Information Security Officers (CISO’s) and Chief Privacy Officers (CPO’s) in government and industry, as well as senior consultants, analysts, and entrepreneurs.

What was the reason for establishing the center?

We were responding to the well documented deficit in cybersecurity talent in the U.S.

In a great conversation, thought leaders leverage and build on the work of others. How was this principle applied in designing this program?

We leveraged the interdisciplinary science and system-activity approach ingrained in the theory and methodologies of physical culture science and advanced sports pedagogy, applying that construct to cybersecurity education.

The principle worked. In the sports world, it allowed individuals to find their appropriate physical activity aligned with their level of performance, authentic nature, and unique abilities. This inevitably leads to superior performance and a fulfilling sport career, culminating in the athlete’s personal happiness and sense of well-being.

Historically, sport orientation and selection science were rooted in psycho-physiological research from professional orientation studies, especially for selecting those for high risk, stressful, performance-demanding careers like airline pilot, special-forces military, and air traffic controller. A colleague from sport pedagogy and I hypothesized that the field of cybersecurity, being similarly stressful, would benefit from the application of this same research and have spent over a decade in actualizing this idea through individual courses and programs, writing extensively about our results in numerous publications. That work has been synthesized into a repeatable methodology and a cooperative learning model designed to address developing and producing ‘breach ready’ graduates. This has become the foundation for CIAC.’s work

Why are you speaking at The Great Conversation?

Whether you are in the cybersecurity industry, or some other field, as a leader you recognize that you are only as good as your ability to identify, hire, manage and measure good people. Our methodology can be applied, not only to the cyber world, but to any other field. Ultimately, this work provides a roadmap for filling the talent gaps we all are experiencing.

The Dangers of Drones

It is estimated by the FAA that seven million drones will be hovering over the US by 2020. Drones are being used by hobbyists, realtors, videographers, and companies seeking more rapid deliveries. Yet, with all of this innovation comes some trepidation. What happens when drones are used for darker purposes?

Scott Klososky, a futurist, speaker, and founding partner of TriCorps Technologies, has provided us a podcast for your review and enjoyment. You can find it here

An Interview with Scott Koslosky

In The Great Conversation in Security, we seek thought leaders across multiple domains of knowledge. From enterprise security risk management to intelligence and from leadership to organizational change.

Scott Koslosky opens The Great Conversation on Monday, March 4 with a challenge that promises to touch on many of our educational tracks. We sat down with him in preparation for the forum and here is what we learned:

Why are you participating in The Great Conversation in Security?

SK3.jpg

I really want to help Security Leaders have a better understanding how technology is going to change the threat landscape and our ability to manage risk inside of organizations. This includes helping people have a better sense of the integrated security model and how that works.

What have you learned this year, that you can share with us that is important for executives involved in their organization’s security and risk programs to know?

I have learned the best tactics for changing from a siloed security model to an integrated model in medium to large organizations.

I have learned about the machine intelligence in security both for defense and offense.

I have learned about new threats that are being created by digital tools and concepts.

I have also learned a lot about how to manage the internal risks now created from employees stealing IP or data.

What is the most successful leadership model you have seen in our industry?

An integrated security model overseen by a CSO that has a physical, electronic and cyber expert reporting to them. This provides the foundation for integrated security.

Then assign the leader to manage both internal and external security risks. Define analytics so that security performance can be measured.

How will cyber threats impact the security ecosystem: (consultants, integrators, and technology vendors)?

It will change the skills that security people are required to have.

It will cause a new breed of consultant and vendor to be critical to managing risk and events.

It will cause traditional security companies to add cyber talent and resources so that they can fully help to manage security risks that have components of physical, electronic and cyber in the attack.

Tell us a little bit about your presentation and why it is important and/or what will attendees learn from it to take back to their own organizations

My presentation and discussion will be important because it will introduce new thinking, models, and processes to the CSO’s. I will challenge the traditional ways we have provided security and will paint a picture of the future that will be undeniable. I come from the technology side of security back to the physical side, so I have a good ability to speak their language and I understand what they deal with every day. Using this knowledge, I will give them practical advice as to improvements that can be made in 2019 at both strategic and tactical levels.

Note: Scott has written a number of books. The most recent: Did God Create the Internet?: The Impact of Technology on Humanity.

Here is a brief description: Technology includes an incredibly powerful set of tools that surround our lives. We are chained to our devices, connected permanently through the Internet, and depend on a variety of software applications to manage our days. The power these tools give us would seem magical if shown to people just thirty years ago. The integration of digital tools into our lives most certainly changes us. The seminal question is whether we will ultimately be happy with the changes technology introduces. The impact as we integrate humanity and technology will reverberate for hundreds of years; whether it will propel us forward or cripple us as a species remains to be seen. We now stand on the precipice of the digital transformation with the outcome unknown. We do have influence on the outcome, but we can only guide it in ways that benefit humanity the most if we understand the consequences of augmenting our lives with technology.

Excellent Culture: A Great Conversation with Shawn Galloway

Shawn 8x10.jpg

The Great Conversation asked Shawn Galloway, one of our keynote speakers on March 4 & 5 in Seattle, Washington, to provide us a way to self-assess our strategy for security before our forum. We all agreed that the following assessment is a great start. You can find and download the entire assessment and article here.

We also have provided a link to his book that is referenced in the article here.

Shawn will be available to sign and talk about his book and his unique strategy for aligning your culture, strategy and plan during the conversation.

Read the following and then go to his website for further information.

How complete and comprehensive is your safety strategy? Does it have the right ingredients? Do you even have a safety strategy?

"Not paying attention to strategy is expensive. Each year organizations waste millions of dollars in time, resources, and effort. In our consulting practice we continue to see confusion: misunderstanding of strategy, real problems not addressed, misdirected effort, lack of personnel alignment, directionless short-term fixes, forgettable training, over-complexity, poor communication, cookie-cutter programs in place of strategic thinking, muddled motivation, poor incentives, not understanding what an existing organizational culture will tolerate or accept, misinterpretation of data, and attention to results without a clear understanding of how they came about. And these are just a few of the unproductive situations we encounter in our work. But most of all we see a lack of focus on generating and measuring ongoing contribution to value throughout the organization." (Inside Strategy: Value Creation from Within Your Organization, Galloway & Mathis, 2016).

After reviewing countless corporate, division and location-specific safety strategies, ten essential considerations were frequently excluded. (See diagram here)

  1. No clear vision — It must be clear what new success will look like. What would the results be, what would be common within the culture, what would people see and hear that confirms why the results were obtained? This vision should serve as a qualifier that future decisions are made against.

  2. Not using data to prioritize — While strategy begins as a hypothesis, data must drive the decisions. What does the data tell you about the opportunities for both safety performance and culture? Are injuries or risk mostly with new employees or seasoned? Run a trend analysis on all commonly tracked variables from incident and injury investigations. What beliefs and behaviors are not aligned currently? What are the common experiences and stories that need to change?

  3. Not considering the culture — Are programs deployed with current and future culture in mind? Culture will be why your compliance or advanced efforts fail. It will also be why your overall strategy succeeds or fails.

  4. No roadmap — The priorities and initiatives must paint a clear picture of where we are going and why, and what the steps are along the way.

  5. Not planning across multiple years — There should be a minimum three to five year time horizon that decisions are charted across. What can you really do in year one? What should be deferred to subsequent years? Taking on too much and not following through is a common execution trap.

  6. Not aligned with the business strategy/trajectory — Safety strategy must support rather than hinder the overall trajectory of the business decisions. Will growth occur organically or through mergers and acquisitions? Safety should be part of the business decisions, and business leaders should be part of the safety strategy decisions. Safety strategy should not be delegated to the safety leaders.

  7. Lacking balanced scorecard — Measurements should prompt, direct, align and motivate actions towards the goals, not just tell you end results. There should be leading indicators as well as transformational indicators that validate the efficacy of your choices and the value derived between actions and results. Measurements must explain the why behind a change in results.

  8. Actors do not know their individual roles, responsibilities and results — Individuals at all levels need to see themselves as actors in the strategy, aligned toward the strategy, and held accountable for the performance needed from them to affect the results.

  9. No continuous marketing plan — You have to market for discretionary effort. What is the brand and how do you position it? How will you listen and respond to the voice of the customers of your strategy and reinforce the decisions to buy in? The "What's in it for me?" question never goes away, although the answer changes over time. If you have a great strategy and no one knows it, it isn't a great strategy.

  10. Not regularly updating the customers and stakeholders on the progress and current position in the plan — Your strategy customer needs to know where they are in the strategy as time passes. It is vital to explain why you now pursue the next area of focus and how it fits within the plan already created.

Are You Ready for a Roadmap to Innovation and Change?

The Great Conversation in Security™ agenda is influenced by the conversations we have with security executives who are attempting to keep pace with risk, budget optimization and technology in an evolving threat landscape.

This year a persistent theme emerged around the hidden costs of security. It is being influenced by the growing realization that the very technology that was supposed to address the threat and lower the cost is becoming an anchor that very few companies can carry. The hidden costs also contain the competitive landscape for hiring subject matter expertise in hardware, networks, integration, and application software that drives the use case for access control, video management and communications.

Add to this, the need for the security team to become more of a strategic advisor to the owner’s of risk such as the line of business executives, HR and Finance.

To begin to address this requires a strategic model for managing your people, process and tools as well as your business partnerships on the road to the digital transformation of your department and your organization.

As always we sought out the thought leaders and the security executives that were tackling these issues that led to the agenda for Seattle.

  • Scott Klososky, who was a featured speaker at GSX 2018, will provide a compelling call to action around an integrated security model.

  • Dr. Zafar Chaudry, the CIO for Seattle Children’s, one of the leading hospitals and research institutions in the country, will provide his insights into integrating security into the fabric of the organization’s digital transformation roadmap

  • Ed Bacco, the former head of security at Amazon.com and currently the CSO of the Enterprise Risk Security Group of ADT|ASG, will outline the burden of the hidden costs of security and be joined by security executives who are facing this as well.

  • Cheryl Michaels, the Senior Director of Security at Seattle Pacific University, will help describe how their efforts at creating an integrated security model helped them when the worst case scenario occurred at their campus: an active shooter.

  • Shawn Galloway, a noted author and subject matter expert in creating cultures of excellence that can be applied to security and safety, will provide us a path to cultural excellence; the greatest leverage we have in our organizations.

  • Claude Yusti, Partner of the Public Sector Watson AI and Data Platform Group at IBM Global Business Services, will attempt to demystify AI and show how it is being adopted and adapted in applications today and how we might prepare our organization for expanding AI uses tomorrow.

  • Barbara Endicott-Popovsky Ph.D., Executive Director, Center for Information Assurance and Cybersecurity at the University of Washington, has direct experience in attempting to build a bridge in understanding for executives and risk owners on how to think about cyber security. She will be sharing a cutting edge learning model for our review.

  • Michael Foynes, the Global Lead for the Center of Innovation at Microsoft, leverages his 15 years managing global operations for security to help us understand the imperative to digitally transform our profession, our industry and our organizations. And provides us a way to think about the way to achieve it.

  • Interspersed throughout the two days are case studies delivered by security executives who had to face a problem, organize a team of internal and external stakeholders to address it, and then deploy a technology against a use case to ensure the problem could be addressed. These studies are always a lesson in leadership, management and measures of performance. But we will also invite technology leaders to share with us their insights on the future roadmap for access control, video surveillance, intelligent communications, identity management and data aggregation, storage and communication in a sensor driven world.

As always, The Great Conversation is an invitation into a community dedicated to the advancement of the industry, the profession and to our individual and collective pursuit of excellence within our organizations. A nation depends on us to keep our people safe, our economy stable, and our assets protected.

We thank you for your voice as it joins with your peers in a great conversation.

Addressing the Silos that Define Us

On March 4&5, 2019, in Seattle, Washington, we intend to address the perceived constraints that are keeping executives from taking their programs to the next level. We will follow this up with a forum in Texas in the month of May.

We are holding private conversations with CSOs and their teams to tap into their front of mind issues and opportunities. Along with our qualitative and quantitative research, we will use these conversations to inform and infuse the forum.

We are also helping Lynn Mattice, a former CSO and industry thought leader, to conduct a conversation with senior leaders on November 12, during OSAC week. Dave Komendat, the CSO of Boeing, has graciously opened his doors at The Boeing Company’s facility in Arlington, Virginia for an exclusive and private discussion on some of the most important issues facing our profession. We call this an “Executive Summit Series”. Please let us know if we can help you get connected to this important community.

Lynn has been on a mission to aggregate case studies from his contacts in the industry that we can use to help define an approach to creating value and mitigating risk. We like to think about this exercise as setting the stage for best practices and then using that platform to improve on best practices. After all, the enemy of great is the acceptance of good enough.

One of the case studies we would like to see would be a strategy and execution plan for bridging the value between the CISO and the CSO. There are very few strategic resources to help them build bridges between their domains. We think the Summit and The Great Conversation’s role will be to elevate the necessity for this bridge to occur. The lack of one constrains us in so many dangerous ways.

Let us know if you have a compelling story that can contribute to your industry’s value. We would be honored to help you document it for your internal use and to share confidentially under Chatham House rules.

Looking forward to a great conversation.

Are You Ready for the Truth?

What I have learned about safety, security and life from my 90-year old in-laws has been a wake-up call for me. It not only has informed my future, but it has made me question my present. Let me explain.

On Saturday, we received a call from my mother-in-law asking that we come over to their retirement home because my father-in-law needed to go to urgent care. Of course, we asked them "Why?"

It turns out they followed a protocol from the retirement home that recommended that a call be made to the on-call nurse at the facility if they believed they needed help. The nurse then would arrive at the apartment and assess the situation and make the appropriate recommendation. In this case they had recommended "urgent care". Urgent care centers provide easy access to quality healthcare for the times when your primary care physician’s offices are closed. They are not considered appropriate for emergencies. 

When the nurse arrived at approximately 2pm, she witnessed a man in a fetal position on a bed who was having difficulty breathing and had been in this state since the morning. His lungs appeared to be rattling. 

What the retirement home's nurse did not have was any data on any of the residents in the home. No data on whether they could drive, their ability to make informed decisions (cognitive capability, dementia, etc.), their mobility, their general health or medicines. Without any of this information the nurse provided a recommendation for urgent care and then left. We got the call a few minutes later. 

It took us 40 minutes to arrive. Once we saw him we knew: Call 911. Upon arrival the EMT made their assessment and took him to the Emergency Room at the local hospital. They immediately put him on oxygen and began to triage the symptoms. They began to treat him for pneumonia. And they began to prepare us for his death. The EMT and the ER doctors could not believe that the nurse had recommended urgent care. 

I could only ask myself: How did we get to this moment?

What I have not told you is for some time my mother-in-law has been showing signs of dementia and has also become increasingly prone to falling. My father-in-law has restricted mobility and depends on an electric wheel chair to get around. Their ability to care for one another has increasingly been getting more difficult. And, to make it worse, they still believe they can. He still has his car keys and attempts to make runs to Costco. He has neuropathy and cannot feel his feet. She struggles to get out of the car and stand at the entrance while he parks. It is tough to believe that the way you have always been may not be the way you should now be. And their children have not been able to make a collective case for change. 
The retirement home and their residents are blissfully unaware of the state of their security and safety. The entry points are not monitored although a PC flickers unattended displaying video of key hallways. As I already have mentioned, resident information is not available to their internal "first responders". The first responders have no protocol for helping activate their recommendations: ("Can I call your son-in-law?") They have handed out alert fobs, but they cannot even track the signal to a specific room. 

So, I asked myself: How will I be ready for the truth when I am at that age? And who will I listen to for advice on how to be safe and secure? How can I avoid false assumptions of security and safety?

And that became an aha! moment. I could apply many of these questions to the security industry. Many companies today have provided their employees an assumption of safety and security. But the assumptions lack definitive roles, processes and technology to perform when an incident occurs. And the "advisors" are unable to break through the assumptions based on a variety of things including: 1) The business model. Example: The retirement home would not spend money on a comprehensive risk assessment that would outline the key gaps in the safety and security of their residents. 2) A lack of understanding of their own processes and communication that leads to the false assumptions around safety and security. 3)The resident's naivete in properly assessing and ranking their housing investment especially regarding safety and security. How many employees, students, residents or patients, consider security as part of their scorecard for evaluating their workplace, education or healthcare? 4) A value of privacy and independence that constrains or prevents adequate care. Examples: I don’t want a camera monitoring me. I don’t need to wear an identity card. I can tailgate my way into the facility. 

This is not a retirement home issue. This is a cultural issue. And an individual responsibility issue. 

Who can and will tell us the truth about our security and safety programs and ourselves? And who can connect that truth to the reality of our personal and professional lives? And who can make the value proposition to the entire ecosystem of investors, business executives, employees and customers so that safety and security becomes the new norm, not a reaction to an incident?

My father-in-law nearly died. My wife and I sat down with the executive director of the retirement home to do a "hot wash" of what had happened. We did the same with our family. Promises of action and remediation were made. But you get the sense that what really needed to happen for things to change in the business model and the behavior was for my father-in-law to die and a subsequent law-suit to be filed and prosecuted. Sound familiar?

There is a better way. Isn't there?
 

Breaking Down Silos Creates a New Value Proposition for Security

Aristotle had it right. Whether it is philosophy or security, every system of performance is made up of smaller parts. In this sensor driven world, devices provide data. People or other systems perform a task leveraging that data and produce an output or outcome.

In  a complex process, all of those tasks need to be coordinated; they need to ultimately work together towards a common goal or what is often called in our industry: a common operating picture where the whole becomes greater than the sum of its parts. 

When it comes to purchasing technology, how often do we leverage a framework for assessing the risks and threats to develop innovative new approaches to manage our people performing roles in a process using technology? 

Does interoperability of systems drive the interoperability of silos of performance we have in our organization today; in both business and security?

Can we find a way to create a scorecard and measure the whole vs. the individual parts? Can we then take that and drive interoperability as a strategy and as a value multiplier? 

The quantification could include the time-to-value for given tasks (the mean time for actionable response), lowered costs for managing and translating slioed activities, and a adaptible systems approach to continually respond to dynamically changing threats and technology. This is not new. It is just new to security. 

Here is one example from our conversations the other day. If the mean average response time of a on premise guard to the scene of an incident is 12 minutes.  And the average incident is 2-5 minutes long, we have a potential performance problem. Our ideal response is real time. Working from that premise, if we have the ability to use video, anomolous behavior or analytics engines, and audio to identify an incident  before or as it unfolds, then we have the opportunity to interrupt the psychology and behavior of the perpetrator. 

The real direct costs of the incident could include one or more of the following:

  • Damage to the campus or building

  • Injury to campus or building occupants

  • Cost of the response

  • Cost of disrupting operations

  • Brand dilution of the organization

  • Legal costs

  • Insurance costs

In this scenario, the organization might have had forensic video, but it could not impact the average mean time of the response, and therefore did not add value to the equation. If they had video in addition to a Security Operations Center, it is still questionable they could proactively stop or mitigate the incident. If they had guards reacting to the SOC, it still does not impact the final result. With analytics you have understanding without the real time response. With audio, video, and analytics or anomolous recognition engines, you could see and speak into the incident. And by using the OODA principle, possibly buy time for first responders or guards to engage and/or disrupt the incident. 

Quantify and monetize the mean average cost of an incident that does not have a common operating picture and the ability to respond in real time. 

And then leverage the power of the sum of the parts. 

 

Seattle Children’s Hospital Bridges Its Communication Gap

This campus didn’t need to replace its duress system. It just needed to better utilize and integrate the technologies that were already there.

Panic alarms are designed to deliver emergency alerts quickly to campus security personnel so that they can promptly respond to issues.

Recently, however, security technology stakeholders at Seattle Children’s Hospital realized their duress buttons lacked redundancy. Additionally, it could take officer pagers as long as three minutes to receive messages, which would delay incident response.

No redundancy and a three-minute delay in emergency message delivery were not acceptable, so Children’s Hospital tasked Aronson Security Group (ASG) with identifying a solution.

It was determined that Children’s existing IP intercom system made by Vingtor-Stentofon and existing IP Motorola radio system had the capabilities to bridge the gap in communications and work seamlessly together through an interface with Lenel.

Integrator Leverages Previously-Installed Technology

In 2012, Children’s Hospital invested in Vingtor-Stentofon’s critical communication solutions. They installed the manufacturer’s IP-based Turbine intercom stations in their parking areas, which enabled communication with high definition quality audio. These stations amplify the sound and provide noise reduction and echo cancelling technology.

While upgrading to new multi-function smart card technologies are full of exciting and cost-efficient potential, such a transition can seem like a daunting undertaking. This Executive Brief aims to take a good hard look at some of common concerns and debunk the top five myths surrounding multi-function Smart Card migration and implementation.
With this security technology already in place, a team was assembled to validate the system upgrades operated properly utilizing Children’s existing systems. The group consisted of Security Director Jim Sawyer, Physical Security Program Manager Dylan Hayes, Children’s IT department and the radio communications officer. ASG was designated as integrator/consultant that would establish the system interoperability, investigating and tying all the technology together. Vendor participation was also critical in the project.

“We had the full cooperation of Vingtor-Stentofon,” says Larry Minaker, ASG client manager for Children’s. “We assigned this to our Advanced Integration Services (AIS) team who worked with their support center out of Kansas City.”

Scott Hanson, one of the AIS managers, took the lead. He was encouraged that Vingtor-Stentofon had certified an integration through Lenel’s Open Access Alliance Program (OAAP), which allows a manufacturer to develop a software interface for Lenel’s OnGuard integrated platform that was already installed. Every interface is factory-certified to support OnGuard functionality.

The Children’s Hospital team assembled the radio hardware components for testing in ASG’s lab in Renton, Washington. The key elements included Lenel certified integrations with Vingtor-Stentofon, including the master station, AlphaCom, their IP Audio Remoter I/O unit (IP-ARIO) and the Motorola Mototrbo Radio. ASG provided fully functional Lenel and Stentofon systems and integrated all the radio, intercom and access control equipment together.

Upgrades Resolve Delays, Deliver More Functionality

ASG successfully worked with the system manufacturers to configure and deploy a functional end-to-end “proof of operation” in the lab. The configurable alert notifications reached the radio in seconds instead of minutes. Additional benefits included two-way voice connection between officers in the field utilizing handheld radios and officers stationed at the intercom master station. Another benefit is the capability to receive immediate notifications for any other critical input, such as refrigerator alarms or doors forced open.

“Many hospitals are not able to staff a security operations center 24 hours a day, seven days a week”, says Minaker. “Children’s identified an opportunity, prioritized the need for resolution and then assembled a team to identify how to resolve it. One important component was that Children’s invested in evaluating the core technologies they already owned in order to protect their existing investment and identify a more effective way the technology could operate together. Finally, [we were] able to work with manufacturers to determine the best method to integrate equipment and deploy it in ASG’s lab infrastructure. At the end of the day, not only was a solution tested and validated that maximized Children’s existing investments, it also added operational functionality and communication redundancy.”

These important benefits will bridge the gap between time-sensitive communications and staff response. The solution has expanded the capability to monitor and respond to critical infrastructure alarms, further enhancing the culture of safety at Children’s Hospital.

 

Smartphone Mobile Access in Your Campus Security Plan

Let’s face it, smartphones and tablets are everywhere. As a society, we do almost everything with our mobile devices. These handheld supercomputers deliver our news, entertain us, keep us connected, and even act as flashlights, cameras, and GPS systems. And this societal shift to constantly-connected handheld devices is most prevalent with today’s student population.

As locks, access control systems, and smartphone functionality continue to advance, we’ve seen a big increase in interest regarding the use of mobile devices within access control systems — specifically for college and university campuses.

There has been an interest in mobile device integration for several years. What's changed over the past year or so is that devices have become so widely used, and Bluetooth connectivity has become so easy, stable, and secure, schools now see mobile access as a very real and viable possibility.

Students and faculty alike are aware of a mobile phone’s ability to pair easily with compatible devices, so it’s a natural expectation that the same experience would apply to locks and access control systems. IT departments and facility managers see a no-infrastructure, no-cost way to advance the use and convenience of their systems, but there are still questions and concerns to address.

Early Adopter Risks?

Most of the inquiries about the transition to mobile are from campuses who already manage card-based access control systems. They want to know how to migrate their credentials from a card to a phone. Primarily, these are very progressive schools that have already deployed a variety of electronic access control technologies, including wireless.

While it's great that schools are asking about mobile, and yes, they can use a mobile device to present credentials, we need to put this into context. The discussion is really about using electronic access control. It doesn't matter whether you use a card or phone. 

We recommend starting with a card-based system, and then migrating toward a mobile credential implementation plan. Without proper planning, there is risk in not having proper policies and procedures in place. What happens if an employee is fired, or a student is expelled? How do you revoke credentials? What happens if a phone is lost? How is all this best managed?

Where to Begin

Schools currently using brass keys and considering piloting a card lock system typically want to test a system for a few months before making a final decision. We suggest testing mobile access the same way. A college or university who already has access control in place and is interested in mobile access should pick an area — a single wing, building, or floor perhaps — and test it before rolling it out campus-wide.

If the school is new to access control, that's a bigger transition. They would have no access control experience in the first place, which means there is a lot to manage at the same time.

It’s wise to take small steps, but don't be afraid to get started. Remember that the ultimate goal is protecting the students. If mobile is a driver for access control, start by deploying a card-based system and move away from brass keys. Once the card-based system is up and running, it’s much easier to make the move to mobile.

Private/Public Security

There are often concerns, because a brass key or a proximity card is owned and controlled by the institution, but with mobile access the smart phone belongs to an individual. Although a smartphone belongs to the student or faculty member, keep in mind that the phone is merely a device that can be used to hold the credential. The credential can easily be issued or revoked regardless of who owns the phone. 

Some institutions don't even want to consider mobile, because they charge a fee to issue and replace key cards. With a large campus and residence hall system, this turns into a significant revenue stream for the school. How will that revenue be replaced?

One university conducted a pilot with mobile, where students could choose a card for access at no charge or choose to use their mobile device for a $50 fee. They had a good number of students opt in and pay the fee for the convenience of using their smartphone.

Another important consideration is that students or employees might lose a key, or lose a card, but they rarely lose their phones. Phones are always in hand. People don’t share them, loan them or even let them out of their sight. Our phones are almost always conveniently within reach, and for this reason alone, phones may have the upper hand from a security point of view.

Connectivity Choices

For years, we’ve had the ability to support mobile access using Near Field Communication, or NFC. To date, NFC has been challenging, because the device manufacturer, the network operator, and the Trusted Service Manager all want a portion of the service. This involves extra costs, complexity, and a chain of systems that could result in reliability issues.

With today’s Bluetooth Low Energy (BLE) connectivity, any Bluetooth phone can be paired with a Bluetooth-enabled lock without any middleman, additional infrastructure or costs.  

While BLE has clearly been an impetus for mobile access, new developments with NFC could provide us with two very solid technology options. Regardless of what course this takes, ASSA ABLOY is ready to support your campus with a broad range of locks that support mobile access using both BLE and NFC. As with any security upgrade, we recommend a future-proof solution that can support rapidly evolving technologies and the growing needs of your campus. 

Additional Considerations

If you are considering going mobile, first, keep in mind the big picture. Mobile access is exciting, convenient, safe and something that people want, but remember the first priority is deploying access control to provide a safe and secure environment for your campus. The best way to do this is to start with a card-based system, and then bring in mobile access at a later date.

Also, note that not all mobile access is created equal. Do your homework - make sure the credentials within the phone are highly secure and that your locks will support inevitable changes in mobile technology. 

And as far as going entirely mobile, we don't yet know what that experience will be like. With the sharp increase in interest regarding mobile devices, I’m sure we’ll see our first all-mobile access control deployment very soon.

About the Author

Angelo Faenza is the General Manager, PERSONA and Vice President of Campus Electronic Access Control Security Solutions, ASSA ABLOY Door Security Solutions. ASSA ABLOY

Adapt to the Shifting Landscape: Maturing Technology Markets Call for Platform Innovation

The IP video revolution has resulted in noteworthy levels of security industry growth and innovation over the last decade or so. Many companies were built, and many innovative products and solutions were introduced to the market. We saw a wide range of great technologies, business strategies, and go-to-market models — each enjoying fast growth and profitability.

Along with the industry-leading companies and products, there have also been less-well-planned ventures and offerings that came along for a good ride. Now, however, as the IP video market matures, and the pace of industry innovation and growth begins to slow, these companies are finding the currently greater competitive environment very challenging.

What’s happening is that today’s IP video market is maturing and experiencing a natural consolidation. It is no longer easy to compete with average or below-average products and business strategies. This industry maturation and consolidation bring about product price wars and other short-term competitive strategies. Companies that lack any real differentiation or fail to deliver genuine value to the market often react with price reductions, resulting in race-to-the-bottom behavior. This is a disruption to the business cadence our industry had become accustomed to.

So, if it’s no longer fast growth and ‘easy money’ like the early phases in a technology’s lifecycle, what are the new business models that must be developed to encompass the next generation of market disruptions? An open platform community offers a framework to succeed — together with our partners — by leveraging each other’s innovations and successes.

If you equate the so-called ‘easy money’ days to the ‘Scale’ stage of an industry lifecycle curve, we are seeing that the physical security market is maturing, and we are nearing the ‘Compete’ stage. I strongly believe that the community of innovative, third-party solutions can greatly extend the Scale stage of that curve.

An open platform delivers the ability to fortify the Scale stage of consolidation by leveraging innovation from many community partners and deliver forward-thinking solutions to the market, together. For companies that can articulate the long-term value proposition of an open platform architecture and a community of innovative, complementary solutions, there is still a lot of business ahead.

In contrast, companies that go to market proclaiming stand-alone, narrowly scoped products, with me-too features differentiated only by price will have a hard time competing. For them, their glory days indeed may well be over, and their business models may lead them down the back side of the ‘Consolidation Curve’, into decline, as is already happening to some.

Many businesses talk about being open but fail to deliver on the true value proposition of this approach. They choose instead to battle it out on price, and this is their downfall. If they would instead articulate the value of a platform with a community of innovation to deliver on that message, they could differentiate themselves and change the conversation in the marketplace. 

Consequently, it's not that the IP video industry’s glory days are over, but rather that the easy money days are coming to an end. The maturing market for security in fact demands more of our solutions. For companies like Milestone and our diverse global community of integration partners working together to embrace the open platform, we can define a stronger future ahead.

Tim Palmquist, Vice President of the Americas for Milestone, is the author of this blog and will be available for further conversations at The Great Conversation in Security

Survivor Informs our Risk Planning and Post-Incident Response at 2018 TGC

On April 16, 2007, on the campus of Virginia Polytechnic Institute and State University in Blacksburg, Virginia, United States. Seung-Hui Cho, a senior at Virginia Tech, shot and killed 32 people and wounded 17 others in two separate attacks (another six people were injured escaping from classroom windows), approximately two hours apart, before committing suicide. 

At that time, it was the deadliest shooting in U.S. history. 

11 years later, the question remains, how to protect our schools. But there is another question lingering behind the scenes that has sparked many great conversations: "How do we provide better intelligence, better situational awareness, and better actionable response.?"

What if one of the survivors were able to speak to us, not from just the pain, but also from a studious examination of the facts that led up to the event as well as the aftermath? What lessons could be learned that would inform and infuse our strategic plan and our core processes and tools?

One of our keynote speakers at The Great Conversation in Security was a survivor. More importantly, she has dedicated her life to advancing the goals of her non-profit: The Koshka Foundation:

  • Improving campus safety

  • Empowering student activism

  • Forging connections between survivors of various causes

Her name is Kristina Anderson and she is the Executive Director of Koshka. 

Kristina was shot 3 times. She returned to graduate from Virginia Tech with a degree in International Studies and Foreign Languages, and is now a resource to school administrators, teachers and students within higher education and K-12 regarding violence prevention initiatives and ways to increase individual personal safety awareness. The Koshka Foundation also partners with law enforcement agencies and first responders to provide educational presentations on surviving an active shooter from a survivor’s perspective, and best practices in incorporating lessons learned. 

Her presentation will create an incredible conclusion to two full days of conversations with some of the brightest minds in security. 

Beyond the politics and the pain, are steps everyone of us can take to protect the people in our organization.

 

Security, Safety and the Experience of the Consumer

Mall Plaza has a deep connection with its customers. Because of this, they take security seriously.. Although they originally shared this story with us a few years back, it is more than relevant today given the incidents shopping malls have had around the country. Zenitel was a trusted technology platform in this deployment and will be featured at The Great Conversation in Security. 

Executive Overview
Mall Plaza is one of the main shopping center chains in Latin America, and a member of the Falabella group. It is characterized by its deep connection with its customers, very strong potential for growth, high efficiency, innovation, and sustainability. It has a broad commercial offering which includes, in addition to the latest trends and services, continued cultural and entertainment options which contribute to its differentiation in the industry.

Mall Plaza currently operates 21 shopping centers in the region: fifteen located in Chile, five in Peru, and one in Colombia, which are distributed in twelve cities. Of special note among them are Mall Plaza Egaña, Chile’s first sustainable shopping center, located in the city of Santiago, and Mall Plaza Copiapó, the first shopping center in the Atacama Region, and the first built with sustainability standards located outside the country’s capital.

In addition, Mall Plaza is developing five projects which will open during the next few years.

The Pain and the Opportunity
The following case study studies the centralization of all security and operations systems of all the shopping centers in operation in Chile, Peru and Colombia in a single control room located in Mall Plaza Norte (Santiago, Chile) in order to maximize the operational efficiency and risk mitigation efforts of the Mall Plaza chain.

In 2009, Mall Plaza came up with the idea of centralizing the security systems and standardizing the subsystems of the central control area of all the shopping centers in operation in Chile, mainly due to the difficulty of having access to reliable and timely information that would allow real-time decision making, in particular under a disaster scenario.

The 8.8 earthquake which affected the central-southern region of Chile on February 27, 2010, emphasized Mall Plaza’s need for a command center capable of remotely running and centralizing the management of emergency, and real time decision making.

Project Objectives
Mall Plaza’s executive team outlined their objectives before organizing a team of internal and external resources.

  • Increase the operational efficiency of our shopping centers.

  • Make a responsible and efficient use of energy.

  • Optimize operating costs of shopping centers.

  • Increase security levels of each Mall Plaza shopping center.

  • Define the High Level Requirements

Mall Plaza created a high level baseline of their situation followed by an action list and requirements summary before they chose external vendors to work with them. Their work defined their mission as well as the support elements needed to make their vision a reality. Note the strong emphasis on the customer in the following elements outlined below:

Statement of Purpose
Mall Plaza has two customers, guests and lessees. Mall Plaza defines as a strategic objective the need to improve both the experience of guests who visit the shopping center, and the experience of lessees in terms of security and operation of the shopping center. In order to meet said objectives, we have defined some conditions which the shopping center needs to meet, such as:

  • Improve the operational efficiency of the shopping center.

  • Control the operation of the outsourced security services.

  • Supervise the operation of systems which are important for the flow of people and guest experience, such as verifying that entry gates and/or doors are working correctly, that people counting systems are operational, and that escalators are working in the proper direction.

  • Improve the security of lessees in relation to criminal acts.

  • Improve the security of the office sector with security access control, video surveillance, and intercom system.

  • Improve the sense of security of guests ensuring a minimum response time in the event they require assistance.

  • Improve the quality of information and minimize decision making times in the event of disasters such as earthquake, fire, or flooding.

  • Improve communications with emergency services such as police, fire department, and ambulances.

Create the Team
Before the earthquake, Schneider Electric had contacted Mall Plaza in 2009 to work on a BMS solution that would meet the aforementioned requirements.They visited several countries worldwide looking for a similar solution to be used as a basis, but were unable to find anything similar.

Mall Plaza decided to call for tenders for a solution and invited different world-renowned manufacturers to participate, Schneider Electric among them. In the end, the offer from Schneider Electric, supported by Vingtor-Stentofon by Zenitel Group, was the only one which met the standards required by the client.

Mall Plaza realized that, in order for a project with these characteristics to be successful, it must include: direct backing from the technology manufacturers; Schneider Electric and Vingtor-Stentofon. They knew they needed in-country support, training for the different user levels (operator, supervisor, maintenance employees), network of technology partners (systems integrators with the backing of the brand) to offer coverage during installation, and countrywide support.

The external and internal team that was created included:

Schneider Electric        

  • Jorge Martinez, Schneider Electric BMS Manager: Jorge was in charge of the assessment and the BMS design effort.

  • Alvaro Labrana, Schneider Electric Video Manager: Alvaro was in charge of the assessment and design of the video system.

Vingtor-Stentofon

  • Paul Rux, Director of Sales for Latin America and the South Central Region of the United States. Paul provided commercial support and was the key contact person for Vingtor-Stentofon

  • Bennie Cooper, Operations Manager. Bennie was the technical advisor and support contact for Vingtor-Stentofon.

MKM: System Integrator

  • Christian Maennle, Head of Support and Technology. Christian was MKM’s installation engineer and was involved in the commissioning of the Vingtor-Stentofon System

Mall Plaza Management

  • Mario Inostroza / Head of Operations Center (Operations Management)

  • Antonio Braghetto / Operations Manager

Define the Solution
Given the requirements collected from the Schneider assessment and the collective feedback from the team a solution was advanced that consisted of the use of the BMS platform from Schneider Electric called SmartStruxure. This would be the platform to integrate the different shopping center systems, create an integrated sustainable energy and security plan and optimize the shopping experience of the customer. This included the following enterprise applications:

  • CCTV.

  • Fire detection.

  • Intercom system (Vingtor-Stentofon).

  • Security guard radio communications (Vingtor-Stentofon).

  • Access control.

  • Panic buttons in retail spaces.

  • Communications with Police (Alfa-2).

  • Audio evacuation.

  • People flow counters.

  • Escalator monitoring.

  • Metering and management of energy

The communication platform premise included three elements:

  • Intelligibility: the ability to hear, be heard and be understood in any and all situations

  • Interoperability: the ability to seamlessly integrate with other critical enterprise applications

  • “Ilities”: Mall Plaza’s values included sustainability, but their optimization and cost structure demanded reliability, availability and maintainability

Collaborating with Schneider, Vingtor-Stentofon and the integrator allowed Mall Plaza to design an integrated command center that served multiple locations.

In the command center, each operation station is flexible enough to be configured to operate one, two or three shopping centers. In this way, the operator on duty can take control of up to three shopping centers in a single station. In the event that the operator is absent from his or her workplace when an event takes place, it can escalate to another previously defined operator station.

The implementation of the solution required a team comprised of Mall Plaza Operations personnel, Mall Plaza brand representatives, systems integration companies specialized in the systems, and third-party consultants.

As a result, Schneider Electric designed the initial solution, with the support of the technical department of Vingtor-Stentofon in the United States and Norway. EcoXpert (the systems integrator certified by both companies) was in charge of the implementation and launch of the solution.

Other technology vendors chosen were

  • Video surveillance by Pelco Endura and Digital Sentry, with Pelco and third-party cameras Fire detection is by Notifier

  • Retail space alarm central is by DMP

  • Communications networks are by CLARO.

Benefits
Mall Plaza has been able to document the impact of the project on operational efficiencies including the following:

  • Savings of 40% on operating costs of control rooms.

  • Savings of 8% on energy costs.

  • Centralized operations room with capacity for the remote monitoring and operation of 72 shopping centers.

  • Data centralization allows the immediate availability of the right decision-making and crisis management information, ensuring operational continuity and improving the security of both guests and lessees.

  • 50% reduction in the number of third-party operations personnel in control rooms.

  • The backing of two world-class leaders such as Schneider Electric and Vingtor-Stentofon providing assurance of long term support and continuing innovation

  • The support of an EcoXpert network, certified by both manufacturers, which ensures the quality and continuity of processes.

  • The reassertion of Mall Plaza’s leadership in innovation.

  • Visibility of all facilities in a single location.

  • State-of-the-art control center with a crisis management room and controlled environment.

  • Achieved a 15% reduction in motor vehicle theft in the shopping centers

  • In four of Mall Plaza’s shopping centers they were able to achieve a 36% reduction of crimes against retail spaces.

  • Identify any new capabilities and future plans that the customer has as a result of the solution.

Future Plans
In the future, the Schneider Electric platform will incorporate energy management, parking space monitoring, integration of new shopping centers in Chile, and expansion to the region with Peru and Colombia. In the end, Mall Plaza has a standardized solution for all future shopping centers, which will allow savings in design and engineering.

Since the first project was finished, 14 other shopping centers have been migrated to the new platform, and 12 have been centralized in a Central Operations Center. In relation to Peru and Colombia, Mall Plaza is in the process of data collection and technical feasibility analysis in order to be able to migrate and centralize at the local level (in each country), monitoring the security and control systems from Chile.

“Schneider Electric Chile recognized quickly the value of the Security Function as fundamental to Mall Plaza Norte’s business continuity processes. In choosing Vingtor-Stentofon they were able to find the best of breed solution to add the benefits of voice communications to their CCTV system to increase their protection of People, Property, and Profits.” Paul Rux, Director of Sales for Latin America and the South Central Region of the United States.

Production SLA's and Intellectual Property Drive Security Performance Measures

Tyrone Chambliss, Director of Brand Protection & Security Systems, Flex will be speaking at The Great Conversation in Security on March 5 & 6 in Seattle, Washington. We discovered he had taken into account the 'ilities' (IT's mandate for systems that support mission critical requirements of the organization including availability, reliability, scalability, maintainability, and cyber defensibility). His experience is documented in this case study on deploying enterprise video storage. 

Case Study

In today’s ultra-connected world, new business models bring highly profitable routes to
revenue. To seize these opportunities, modern organizations are undergoing a digital
transformation that is placing intensified demands on IT departments. Flex Inc., founded in
1969 as Flextronics Inc., has skillfully navigated this new paradigm to become the second
largest electronics and original design provider in the world, providing innovative engineering, manufacturing, real-time supply chain insight and logistics services to a wide range of customers, including some of the largest, most well-known brands in business, such as Apple, Cisco, Microsoft, Lenovo, Dell, Nike and Barracuda.

Today, Flex is a highly differentiated technology solutions company that serves more than
a dozen markets and has deep technical expertise and leading-edge facilities around the
world. One of its notable differentiators is its “Sketch-to-Scale™” platform, which enables
customers to reduce development costs and lead time to commercialization, while accelerating time to market and time to scale.

The Challenge

The ability to provide both physical security of production processes through video
surveillance and access control, as well as to protect the valuable intellectual property of
both the company and its customers, are critical to Flex. The failure to meet requirements
because of poor system performance, changing environments, failed hardware/data loss,
etc., would compromise their ability to meet customer service level agreements (SLAs).

It was in this environment that Flex embarked on a massive upgrade of its video surveillance
system across their global facilities. Key evaluation requirements included scalability,
reliability, and the ability to seamlessly integrate with leading video management software
in use by Flex.

“We conducted proof-of-concept testing with enterprise SAN and direct-attached storage
NVR vendors, but it was Pivot3’s hyperconverged technology that caught our attention. It
outperformed other systems and integrated exceptionally well with our video management
software,” said Tyrone Chambliss, Director of Brand Protection & Security Systems, Flex.

The Solution

Flex selected Pivot3’s hyperconverged platforms, which are specifically optimized for
video surveillance workloads to provide the highest levels of performance, resiliency and
scalability. With Pivot3, Flex is able to store critical video surveillance data without loss,
protected from failures and always available when needed. Flex has deployed more than 75
Pivot3 appliances at more than a dozen Flex locations worldwide, securely storing over 7PBs
of video data from roughly 5,000 cameras.

“Our Pivot3 video surveillance storage solution protects our video data, allows us to proactively monitor our systems, alerts us to any issues and works seamlessly with our video
management software,” said Chambliss. “We can now monitor activity in real-time and see
what is happening across the video network so we can prevent issues, rather than deal with
them after they’ve already occurred.”

“Our expectations have progressed from real-time video monitoring to immediate alarm
response with video integration,” said Chambliss. “NVRs can’t deliver that type of solution,
and enterprise SANs don’t give you that level of performance. Pivot3’s approach combines a
VMS-agnostic system with performance and resiliency to meet our requirements.”

While traditional video surveillance is vital to brand protection and security, Flex is also
moving towards using video surveillance as a more advanced business tool. To verify
employee attendance, Flex uses video surveillance and their time tracking solution together
to provide video of employees clocking in and out of work. In another unique application,
Flex is considering video surveillance for what Chambliss calls “product accounting.” The
surveillance solution is used to ensure that all parts that enter a manufacturing line are
present at all stations on the line and match the production at the end of the line. Said
Chambliss, “If we start with a 10,000 piece order at the beginning, we need to ensure we
have 10,000 pieces at the end of the line. If not, we can use our surveillance system to
find the variance and identify the station where the incident happened. This type of loss
prevention has immediate business benefit.”

The Results

“Video surveillance is vitally important to our business,” said Chambliss. “Pivot3 plays a
critical role in ensuring our data is protected, properly backed up and readily available when
needed.”

Pivot3’s ability to linearly scale capacity and performance allows Flex to meet growing data
storage needs as it expands operations, adds camera counts, shifts toward higher resolution
models and meets extended data retention requirements. The unique architecture of
Pivot3’s HCI surveillance solution ensures all video data is accessible centrally regardless of
physical location. In the event of hardware failures, virtual servers automatically restart on
another appliance with no user intervention. With Pivot3’s built-in server failover, previously
recorded video and security data remains fully accessible.

“My centralized team can easily monitor the status of my Pivot3 infrastructure around the
world, including all servers, CPU, memory, system performance, and power using Pivot3’s optimized vCenter plug-in,” said Chambliss. “Since we deployed Pivot3, it’s proven to be
very reliable and the customer support has been exceptional. It has also exceeded our
expectations from a performance level. We plan to deploy Pivot3 HCI solutions in more
locations to protect our video investments, allowing us to ensure the same high comfort
level across our sites.” At the same time, the Pivot3 architecture simplified administration for
Flex and reduced the need for its staff to have advanced IT skills.

Pivot3's management capabilities allow multiple Flex teams to share ownership of the
solution. "Our ability to manage our video surveillance solution across IT, security and other
departmental teams is essential to ensuring the system not only works technically, but also
is solving our day-to-day business challenges effectively and efficiently,” noted Chambliss.

“Our customers have extremely high expectations for us, and we now have an ideal
infrastructure in place to support their needs,” concluded Chambliss. “Equally important,
beyond the technology, the Pivot3 team itself has been exceptional. Pivot3’s knowledge
of video surveillance is unique. They deeply understand our business requirements and
actively work with us to ensure we have the optimal solution to meet and exceed our
customers’ requirements. We consider Pivot3 a true partner.”

About Pivot3
Pivot3 improves the simplicity and economics of the enterprise datacenter with industry-
leading hyperconverged technology. By collapsing storage, compute and networking on
commodity hardware, Pivot3 provides a software-defined solution that enables customers
to scale to massive volumes and gain twice the performance of competing solutions, all at
drastically reduced infrastructure requirements. The result is predictable, prioritized data
and application performance based on business value. Pivot3 has over 2,200 customers
around the world and has deployed more than 16,000 hyperconverged infrastructures in
multiple industries such as healthcare, government, transportation, security, entertainment,
education, gaming and retail.
 

 

 

Building a Smart Security Program

We asked AMAG, a participant in The Great Conversation in Security on March 5 & 6 in Seattle, Washington, to provide us an example of how organizations are deploying a platform strategy for integrating all the technology silos within their security program. They provided an overview of a case study in response:

Northwestern Mutual Combines Modern Access Control Technology with Top-Notch Security Officers for a more Efficient Security Program

Fortune 500 company, Northwestern Mutual, not only changed the Milwaukee skyline when it built a new high-rise and three-floor Learning Center, it also improved the way it delivers security at both its downtown Milwaukee, WI campus and suburban Franklin, WI campus.
The downtown campus consists of an area of 2.5 million square feet with five buildings, including the new high-rise, Learning Center and commons space, that bolsters a workforce of over 3,000. The Franklin (Milwaukee suburb) campus has an area of 1.1 million square feet and two buildings that hold a workforce of 2,100.

Faced with the challenge of disparate systems for access control, alarm, video, intercom and visitor management, Northwestern Mutual used the building project to upgrade their security program. The goal was to work smarter by automating manual processes and streamlining security using one system. With several hundred sales reps visiting at once for week long continuing education classes, managing those visitors was a challenge.  

AMAG Technology worked together with an integrator to secure the company’s downtown Milwaukee campus and Franklin campus using the Symmetry Access Control – Enterprise System and Symmetry GUEST visitor management system, along with security personnel. Visitors check in quickly, improving lobby traffic flow, and the system provides an audit trail of who is in the building. The security team now works in a more streamlined fashion to deliver exceptional security.

Challenges:

  • Disparate security systems

  • Manage up to several hundred guests at a time without audit trail

  • Control costs of securing new building

  • Quality of security officer failed to meet expectations

Solutions:

  • Symmetry - Enterprise Access Control system combines alarm management and all security data into one system

  • Symmetry GUEST visitor management system and G4S Secure Solutions Security Officers at all entrances ensures professional operations

  • Symmetry – Enterprise Access Control and Symmetry GUEST easily expands to secure new high rise

  • G4S Secure Solutions (USA) Security Officer training and experience level corresponded to assigned post

Result of Solution:

  • Symmetry – Enterprise Access Control interoperability secures both campuses, saving time and money

  • Symmetry GUEST visitor activity data allows Northwestern Mutual to adjust staff as demand dictates

  • Symmetry – Enterprise Access Control and Symmetry GUEST allowed Northwestern Mutual to leverage technology to reduce risk, streamline its activities and not add headcount when the new tower opened

  • Security Officer qualifications correspond to unique needs of Northwestern Mutual

By choosing AMAG Technology’s Symmetry GUEST Visitor Management System and G4S Secure Solutions’ Security Officers, Northwestern Mutual was able to benefit from the synergies of working with one company for all its security needs. Symmetry GUEST allowed security officers to work smarter, not harder, and as result, no additional security headcount was needed for the new high rise. 

The Active Shooter Dilemma: There is a Better Way.

It was Valentine's Day; a day to celebrate love. But for Marjory Stoneman Douglas High School in Parkland, Florida, it would be a day that would go down in infamy as one of the most deadly mass shootings in American history. With at least 17 dead, the Valentine's Day shooting is worse than the Virginia Tech and Columbine shootings.

Jeff Slotnick, CPP, PSP, was interviewed twice as a Risk Consultant by Q13 News in Seattle to reflect on the situation and attempt to bring some insights. We asked him to provide us some insights as well. 

When I have been asked to be on the air and comment on tragic situations like this, I usually have very little time to prepare. But I do know this, most people have 3 very basic questions:

  1. What just happened?

  2. How does it inform my future?

  3. What action can we take before we encounter this again?

We know that this active shooter was displaying anomalous and dangerous behavior. There were incidents with family, with friends and with the school that, if pieced together, would have potentially led to some preemptive action.  

We also have enough experience with these situations to know that this behavior can be monitored, measured and processed through a protocol and escalated, if needed, to deter or thwart an attack. .With the dismal state of mental care in this country we have not yet admitted to ourselves that this is the new normal with new responses needed. 

We have the tools to do this. 

Let me paint a new normal scenario for your consideration.

Every organization (schools, churches, businesses, etc.) should have the means to monitor and measure the behavior of their community. Every community should develop a protocol for how they would use information gathered from their stakeholders to properly protect their stakeholders. Human Resource professionals need to work closely with their security teams to ensure this happens. Let me provide one use case:

Any Facebook post of guns and death threats should involve law enforcement. As well, the organization should immediately place that individual on a watch list that can be used by the administration and security to identify them and take appropriate measures.

Video surveillance and analytics is now within reach to recognize the approach of suspicious vehicles and people. This can be monitored by "Virtual Security Officers", remotely, much like we can monitor our homes today. If the officers can identify activity early enough they can take preemptive actions that could save lives or the assets of the community. We now have the ability to combine voice with the video to speak into a situation and provide much needed communication to the stakeholders. Voice (intercom) can be used for lock down, instructions on exits and private communication in key areas of the building or campus. The same video can be shared with first responders to provide situational awareness and actionable response. 

There is a psychological reaction to interrupting a potential active shooter. It is articulated well in what is called the "OODA Loop". In law enforcement training I have often called this by the founder of the theory: "Boyd's Loop". 

Boyd theorized that we become linear in our thinking when we decide to embark on an action. In this case, an intruder or potential active shooter. To disrupt this, you must move their psychological state to "Observe and Orient". They now have to react to a new normal for them, the fact that someone has interjected themselves into the situation. I am saying this could be a physical act by a security or law enforcement officer, or it could be through a virtual observer using video and voice. 

If your voice technology can be heard clearly, no matter the environmental circumstances (screaming, gun shots, traffic, etc.) then you have what we call 'intelligibility'. If the voice technology is integrated with other technologies like access control, video, etc. as well as your protocols, you have achieved the highly efficient and measurable term: 'interoperability'. If it is reliable, scalable, and highly reliable, then you are subscribing to IT's mandate for mission critical applications. 

So now we get to the key question. What can we do, today, to help mitigate these incidents? The human and material expense of this incident, including the cost of law enforcement and recovery, would have more than paid for the technology I am talking about. But we continue to have to experience the pain before we take the necessary action. People will continue to use their weapons of choice to cause injury and death. Eliminating weapons may be an option in a future world. But it will not happen tomorrow. We must stop reacting and begin to plan for the new normal.

Jeff Slotnick has been a part of many Great Conversations providing his insights and subject matter expertise to attendees.

What does “Network Security” mean to you?

Your first answer might be about the prevention of unauthorized access to a computer network, or the encryption of the traffic on the network. But think deeper, and you’ll hit upon the evolving and broader definition of the term - the use of existing network infrastructure to more cost-effectively enable physical security of people, equipment, and data.

Recent developments in physical security systems have enabled us to expand access control using IT infrastructure. It began with IP-enabled cameras and evolved to edge panels operating on the LAN – a trend that represented a major advance in technology and practice.

The latest access control technology enables us to design all the components of a lock – including card readers and sensors – into a single integrated system accessible from your Ethernet network. That means the elimination of additional wiring, greater flexibility and scalability, all in a standards-based open architecture.

Why IP?
By eliminating the need for hard wiring to a central panel or controller, IP-based systems enable installations that are non-proprietary, flexible and scalable. This means not only a more versatile solution, but also a more cost-efficient one. A network-based system can be enlarged by one door, and one reader, at a time. This is unlike some traditional systems where controllers or panels often support multiple openings even if only one opening is required.

Typically, legacy access control solutions are closed systems that require hard-wiring several discrete components – card reader, lock, door position switch, request to exit sensor, access control panel, and power supply – with RS-485 cable into one central panel or controller. These proprietary systems can limit the user’s choices to a single provider of hardware and software. More challenging yet, these solutions tend to be very complex and require expert personnel to handle installation and configuration.

What’s more, expanding traditional systems is complicated and expensive. A typical central controller is built to accommodate a specific number of doors – usually 4, 8, 16 or 32. That not only makes the system inflexible but also makes it difficult for facilities to match their requirements with available products. Simply put, if your access control project calls for 9 or 17 doors, you’re going to pay for more capacity than you need. 

This lack of flexibility translates into high initial costs, which can reduce the total number of doors you’re able to secure during an initial deployment. The ability to add more openings in the future depends on proximity to the currently deployed hardware. An opening on another floor, for example, may not be cost effective, due to the point to point wiring requirements of these systems.

Now that we’ve seen how legacy access control systems can be expensive, inflexible and labor-intensive, let’s take a closer look at some of the benefits of an IP-enabled approach:

•    IP lets you leverage existing infrastructure – Because it uses the existing IEEE 802.3af or 802.11 infrastructure, IP eliminates the need for additional power supplies or wiring.

•    IP is easy to install – Because cabling is reduced to a minimum or not needed at all, the entire installation process is streamlined and cost is reduced.

•    IP is flexible – Open architecture ensures future flexibility to meet changing needs.

•    IP is scalable – From adding a single door in a small office to integrating a large-scale facility, IP is an ideal fit for small and large installations alike.

•    IP is standards-based – IP solutions are based on international industry standards. That means the ability to pick and choose between components – reader, door controller and software – that best satisfy your needs and preferences. This freedom of choice makes the system future-proof and means you no longer have to rely on a single brand or supplier.

•    IP is secure – Data security is ensured through standard encryption techniques (AES 128-bit encryption) and WiFi solutions support current WiFi network security standards.

As you can see there are many important benefits associated with IP-enabled access control.

To learn more about how you can use your IT infrastructure to expand access control easily and affordably, download Network Security Redefined , an eBook from ASSA ABLOY.

Empower your Public Safety Teams

The realities and risks of public safety are evolving. And no one knows this better than a city’s front-line personnel—the police officers, firefighters, 911 call center operators, emergency response personnel, and all those who serve to keep our communities safe. Every day, they team up to respond to unexpected situations or protect big city events. But too often, siloed systems create a disconnect between systems and agencies. And, operators struggle to make sense of all the data they receive from various sensors and solutions.

What these public safety departments need is a common operating picture and a deeper understanding of what’s happening in their city. They need a solution that allows them to have a complete view of an evolving situation so that they can better coordinate their efforts.

Seeing the City of Chicago through one shared lens

The Chicago Police Department recently implemented a new decision support system, Genetec Citigraf™. This application unifies and connects a city’s most important public safety systems. Citigraf analyzes and correlates data from once standalone systems, detects patterns, and transforms raw data into actionable insights. It then distributes these insights across teams and departments. Citigraf gives everyone from call center operators to first responders a clear perspective on a situation which strengthens their collaboration.

Proven to reduce response time by 39%

At the Chicago Police Department, the decision support system combines their computer-assisted dispatch (CAD), 911 calls from residents, gunshot detection sensors, and other disparate systems. The goal is to reduce the response time for reported shootings and crime in six police districts. Jonathan Lewin, Chief of Technical Services for the Chicago Police Department, shared the results: “Since rolling out Genetec Citigraf [one year ago], response times from dispatch to 'on-scene' arrival time, have been reduced by 39% and 24% respectively, in our two most at-risk districts. Shootings are down 22% in these districts compared to 2016. [This] helped us send a strong message to the community that crime and gun violence get a swift response.”

Learning from the past to prepare for the future

While Citigraf is proven to enhance collaboration and speeds up response time, it does even more. The system gives city officials a new way to measure and determine the effectiveness of procedures or specific campaigns. For example, a police department could run a report to quickly compare crime rates before and after installing new cameras in a specific location. Or, emergency managers can review responses to past events to better prepare their staff in handling certain situations.

Bring your public safety teams together

A common operating picture helps public safety teams better detect, respond, plan and prevent disturbances in a city. And now with Citigraf, getting a shared operational view is affordable and easy.

The Anixter Wireless Business Solutions Center

In many cases, the last mile of a risk, resilience and security architecture is deploying a wireless infrastructure. We approached Anixter with some ideas how we might create a ‘solution center’ at The Great Conversation.

 Why Anixter? Anixter is a leading global distributor of Network & Security Solutions, Electrical & Electronic Solutions and Utility Power Solutions. They help build, connect, protect and power valuable assets and critical infrastructures. From enterprise networks to industrial MRO supply to video surveillance applications to electric power distribution, they offer full-line solutions, and intelligence, that create reliable, resilient systems that sustain businesses and communities. Through their global distribution network along with their supply chain and technical expertise, they help lower the cost, risk and complexity of their customers’ supply chains. So naturally, they might know a few people…

 I contacted the President and CEO of Airopath, Brad King, to learn more about his organization. “We work with clients to help them understand their wireless needs and assist in developing their corporate wireless standards”, said King. “Our engineers utilize RF modeling software that allow both site and application specific wireless designs for new construction as well as legacy buildings. We also provide post installation validations services on behalf of our clients insuring that the systems were installed and operating per the specification.”

 Scott Umemoto is the Director of Strategic Technologies at Day Wireless Systems. They are a full-service wireless integrator covering a wide-range of products and services including equipment sales, service, engineering design, project management, and FCC licensing. “There is a great demand for public safety which includes in building coverage for cellular”, said Umemoto. “We supply iBWave, Distributed Antenna System (DAS) design, coverage testing, system optimization and certifications services for any DAS system.” They also are one of the largest Motorola partners in the United States, specializing in two-way radio.

Just Do It! Engaging the Culture and Creating Value for Security

Tyson Aiken, Senior Director, Global Security for Nike, Inc. was introduced to The Great Conversation in Security in March 2017 as an attendee. After striking up a conversation with our Managing Director, Ron Worman, between sessions, it became apparent to us this was a next generation leader that was influencing the culture and the performance of security with a very different mindset. 

We were able to sit down with him before he set off on a cross country ski adventure and ask him a few questions related to his experience and his participation in the 2018 Great Conversation. 

"I think there is a certain type of creative magic that happens when you get different perspectives in the same room to converse, listen, and share", said Aiken.  "That is only beneficial if you come back over time to see how those adjustments work in the real world and start the process again.  Returning to The Great Conversation is part of that process of re-evaluation."

In many of our interviews throughout the year, we ask senior leaders what they have learned. Sometimes our learnings come from our failings. "Failure is how we learn, and how we grow", said Aiken. "Even when your head is in the right place, you can still fail, but if you’re working in the right direction, you fail forward, and still advance the work in interesting ways.  When we wait to be perfect, we fail without moving the needle at all."

These learnings come from experiences as well as from watching how others lead. When Aiken thinks of models of leadership, he thinks about love. "Protect what you love", he says. "Teaching people the WHY of protection many times inspires them to love that thing, and work to protect it."

Great models of leadership often have a framework that anchors their approach to security. For many in this industry that framework is Enterprise Security Risk Management (ESRM). To Aiken, ESRM makes sense. "Because true success in this industry only comes when you approach every situation with a critical eye, cast over the entire problem", he said.  "Holistic risk management teaches the discipline to do this. Nothing happens in complete isolation.  We view ESRM as one important aspect of overall Enterprise Risk Management (ERM), which is for us, anything that has the potential to impact business operations.  Incidents that do impact operations happen, and you have to plan for how you’re going to modify your business to ensure that you meet your goals."

Aiken delivered a key note entitled The Culture of Security. He will be exploring how and why we need to engage the culture to create a powerful force multiplier for security and the organization. 

"Security has to compete with the other components of the business for scarce resources, and it is necessary to be seen as a business enabler, rather than a distant outsider" said Aiken.  "Aligning yourself with the corporate culture allows you to do just that, in ways that help those same business components truly understand the value proposition of security."