The Great Conversation interviewed Steven Antoine, the Chief Security Officer and Director of Global Assets Protection for Yum! Brands, Inc., a world leading franchisor and Fortune 500 company.

Steven spent 15 years in the U.S. State Department before joining Yum! Brands.

Steven attended the last Great Conversation in March 2018. Since that time, we have been working with him (or should we say “for him”) to bring the peer to peer executive forum to their Center for Restaurant Excellence in Plano, Texas.

Why do we need a Great Conversation in Security?

Thought leadership. You are in a room where the conversation is askew from the normal conversations we tend to have. It is a space where people can be creative; hear ideas and explore avenues that may not be comfortable or safe but, because we are all being transparent under Chatham House rules, it becomes energizing.

The bottom line: The Great Conversation allows you to be comfortable with being uncomfortable.

Many of our executives leave the conference with ‘learnings’ that they activate when they return to their organization. What was yours?

I found validation and confidence in my direction. For some time, I have been on a mission to redefine the terms and understanding of ‘security’.

For example: here are some traditional notions or terms we use in our profession everyday and my alternative rendering to my organizational leaders and my team:

• Safety=Prevention, guards and policy. What if we redefined this to mean the absence of acceptable risk?

• Risk=Danger, geo-politics, violence and hardship. But what if we redefined this as constraints and obstruction to strategic objectives?

• Loss=Theft and/or slippage. What if we redefined this as an efficiency metric where time, money and opportunity are the measures of performance?

All our professional domains are evolving along with the risk and business landscape. If we stay in our silos, we have a hard time seeing the whole picture. Then you add the technology domain that is digitally transforming our organizations and it becomes an imperative. Tapping into all these ‘silos’ creates a force multiplier in understanding, perspective, knowledge and wisdom.

Why did you decide to host The Great Conversation in Security in Plano, Texas within your facility?

Yum! Brands appears to be a franchisor of fast food brands like Kentucky Fried Chicken and Pizza Hut. That is true. But there is so much more. We have become an information management company. We are being digitally transformed. It is essential that we transform risk, resilience and security within this evolving business landscape.

As well, I am a member of a profession. All the security professionals should be lending their voice to our community. For me, I am selfish. I wanted to help drive the conversation. What better way to do that then to help host it!

You are right! Not only are you hosting it, but your CEO felt compelled to kick off the day with a keynote of his own. What can we expect from him?

Without ruining the surprise, let me ask you a question: “What does every CSO want out of his CEO?” I think you will have an answer on May 21.

The Great Conversation caught up with Shawn Galloway, one of our forum faculty members for March 4 & 5 in Seattle, Washington. We asked him if there might be an opportunity to have our community take a self-assessment before they arrive for the forum.

Shawn gave us a link to his website that you can use to read and then take the assessment. You can find it here as well as at the end of this short prelude to the full blog.

You also can find his books, including a special bundle price here.

Self-Assess Your Current Safety Strategy

How complete and comprehensive is your safety strategy? Does it have the right ingredients? Do you even have a safety strategy? "Not paying attention to strategy is expensive. Each year organizations waste millions of dollars in time, resources, and effort. In our consulting practice we continue to see confusion: misunderstanding of strategy, real problems not addressed, misdirected effort, lack of personnel alignment, directionless short-term fixes, forgettable training, over-complexity, poor communication, cookie-cutter programs in place of strategic thinking, muddled motivation, poor incentives, not understanding what an existing organizational culture will tolerate or accept, misinterpretation of data, and attention to results without a clear understanding of how they came about. And these are just a few of the unproductive situations we encounter in our work. But most of all we see a lack of focus on generating and measuring ongoing contribution to value throughout the organization." (Inside Strategy: Value Creation from Within Your Organization, Galloway & Mathis, 2016).

After reviewing countless corporate, division and location-specific safety strategies, ten essential considerations were frequently excluded.

Read More

The following is an excerpt from an interview with Jim Hoffpauir, President of the Americas for the Zenitel Group. (Vingtor-Stentofon).

Is your market changing?

The intercom market’s value has been diminished by encouraging end users and integrators to look at the technology as only a standalone mass communications or emergency stanchion solution. Essentially an afterthought. But if you study the core processes inside a security department, as well as their evolving need to become relevant in meeting the rest of the organization’s goals, you suddenly realize the need for an order of magnitude difference in intelligibility and interoperability that cannot be achieved by the standard “API” approach.

The scorecard for intelligent communications will be the absolute mandate for clarity in all circumstances; to hear, be heard and be understood. We call this ‘intelligibility’. Secondly, the need for a formal program of interoperability with the key systems that are deployed in the security market like access control, video management systems, and multi-modal communications. And finally, the need to translate what is happening in the IoT world that is driving the platform suppliers like Microsoft. This means we need to drive a new topology that will support the Infrastructure-as-a-Service (IaaS) model that Ed Bacco, the CSO for the Enterprise Security Risk Group is talking about.

Is the end user and the integrator prepared for this? Some are. You have to realize, the integrator is often at a disadvantage. They are not necessarily called upon to study the workflows of their prospects and clients. It is within these workflows that true process and budget optimization occurs. More often they have RFPs that force them to act on a perception of value that is tied to pricing. In many cases, they turn to something they know, instead of investigating the root cause of the organization’s motivation behind communications.

You mentioned IaaS. Do you believe organizations will begin to outsource management, maintenance and measurement of their security infrastructure?

Many will have to. First, it is not the core of what they do. And secondly, they are not solving their core issues around process and budget optimization. That is why we work so hard to create a higher level of interoperability through an established program with core, strategic partners and are changing the topology of our implementations. We have shed the need for a separate server, for example. You can start with one station that has server functions embedded in it. You can exponentially scale without ever buying a stand-alone server. We will continue this intelligence at the edge strategy within a company or outside a company with a virtual SOC or a managed services vendor.

What is the one thing that is always mentioned about your suite of communication devices?

Everyone knows us as the “Rolls Royce” of audio. But little do they know, that applies not only to the clarity of our audio, our interoperability and our cyber defensibility, but also to our value equation. We have been told by integrators and consultants that have really dug into how their clients are attempting to communicate operationally or in an emergency, that we are the best value in the market.

The Great Conversation in Security has a very clear mission: To create personal, professional and organizational value in the risk, resilience and security industry. It starts with the customer experience: The leaders and their teams that assess the risk, understand their organization’s mission, and create the strategy, planning and performance metrics to mitigate risk and create value. It takes leadership, execution and technology to make that happen.

The Great Conversation is not an event. It is a collective; a congress of best practices that are evolving with the times. Throughout the year we attempt to have as many conversations as we can with the ecosystem, studying their transactions of value, their constraints and the emerging threats that are creating their sense of urgency.

We would like to provide a short summary of this year’s congress. We hope this will help the executives and their teams anchor their thoughts and inspire their actions.

We used a mobile engagement platform to provide a virtual conversation with our forum leaders and faculty. One of our core performance metrics is whether any of our faculty were able to provide ideas that were actionable. The good news:

• 100% of the attendees intend to activate one or more ideas from the forum with 51% saying this will be immediately

• 89% believe the way they manage their program was impacted by the content

We believe from our attendees’ feedback we know why this is happening:

• The research

• Which informs the content

• Which sources the faculty (i.e., the subject matter experts)

• Which align with the educational tracks that form the backbone of the conversation.

Some of the highest rated content revolved around the following:

Your Security Program is a Business Model and it is being disrupted.

This hit home with many executives since it painted a picture of a rapidly changing landscape that challenges our current notions of how we organize people within roles in our core processes using technology. It also challenges our definition of our value and promises a bright opportunity for those who can adapt and change.

The State of the Industry

An industry panel that included two former CSOs, a current CSO and a Risk Management Services Organization, provided a global perspective of leadership and a response to the shifting landscape that was articulated in the opening keynote. That is, it was a grounding experience to hear how these executives were “re-balancing” their leadership competency and capability to respond to change.

The Uberization of Security: Customer Experience, complexity and cost drive disruption – where is this hidden cost?

A panel of Security Executives talked about the increasing complexity, cost, customer experience and skill shortage driving a new security business model

Lessons Learned from an Active Shooter

This was a riveting step by step story of a small university that had prepared their people and their culture for an incident. As well, they had created a technology infrastructure and process that most larger companies have never achieved. The result: saving lives, creating resilience and, most importantly, anchoring the trust in the process they had spent years developing, training and measuring.

Industry Case Studies followed by Technology Roadmaps

We featured 3 on the first day that were some of the highest rated in the conversation:

Creating the Enterprise Security Intelligent Platform

GoDaddy’s security executive and LenelS2’s CTO worked together to provide insights into how to construct an information management platform and how we might think about the roadmap over the months ahead.

Video Management: A Path to a Service Architecture

A Security Executive from a high-profile airport provided his insights into the highly leveraged implementation of video for operational performance and for risk mitigation. It was followed by an educational primer on how executives can begin to evolve their video management platform into a service architecture to streamline operational, budget and risk performance.

Intelligent Communications in the Intelligent Organization

A Security Executive provided a roadmap on how to construct a Security Operations Center that can provide situation awareness and actionable intelligence and can trigger multi-modal (voice, public address, text, digital signage and desktop alerts) with a push of a button. It was followed by a roadmap on the age of voice and how to create intelligent outcomes through intelligent communications.

Creating a Safety and Security Mindset

This was a strong reminder that culture will be the key to long term success in our security and safety program. The ability to get great results, the ability to repeat great results, the ability to gain insights into what led to those results will be impacted by the cultural mindset leaders establish around continuous improvement. An Excellence Evolution Model was broken down into discrete elements that provided a roadmap to best practices in security, safety and leadership.

The Need for a New Learning Model for Security

Our academic partner, the University of Washington, provided a thought leader in disrupting how we prepare our next generation knowledge workers and leaders for the changing landscape of risk. It stimulated a lively discussion around how to get started and created valuable touch points from the entire ecosystem.

A Case Study on Mercedes Benz Stadium: Home of the 2018 Super Bowl

The executive leader of security described the venue and the challenge, and his trusted partner described the unique security technology infrastructure that keeps the attendees, the players and the media safe.

A Case Study on the Power of a Cloud Managed Security Solution at Gonzaga University.

The security leader described the risk and the opportunity and the trusted advisor the deployment with a focus on the evolution to a cloud-based video management architecture.

A Case Study on High Definition Situational Awareness

This study featured the trusted advisor and the manufacturer, that illuminated the force multiplier of a high definition video camera implementation.

Smart Buildings

We featured three specific segments on the evolving smart building trend which reinforces an integrated security model:

Smart Company, Smart Building: Security’s Value Proposition is Changing.

A CIO of a major hospital is leveraging domain expertise in physical security to leverage and augment his smart hospital vision and mission. The stakes are high. The customer experience and the mitigation of risk will dictate the performance measures of one of the best brands in the industry.

Revolutionizing the Future of Smart Buildings

An industry panel including a CEO of a “smart switch” organization and a subject matter expert in the deployment of smart buildings, provided detailed view of the elements of the smart building approach

Securing the Potential of Smart Buildings

A building that was designed from the ground up to be intelligent was the subject of a case study that detailed phenomenal metrics for security, safety and competitive advantage. The cost savings were also compelling.

Path to Digital Transformation

We turned to one of the largest software manufacturers in the world, Microsoft, to show us how to create a digital transformation roadmap and, most importantly, why. It was an excellent conversation to end the congress

Final Thoughts

What I heard over and over as we networked over a hosted bar and appetizers, is how intense but productive the conversation was, with many of the new attendees essentially admitting they “had no idea how important and valuable this was”.

Many also acknowledged the insights we have after 16 years of facilitating these conversations. One of the insights was when our emcee, Ron Worman, noted that in 2003, there were no women in the audience. He asked for all the women to stand and be recognized to the applause of the industry stakeholders in the room.

We are now headed to Plano, Texas on May 21. Urge your peers to lend their voice to leadership, innovation and change by attending.

Then we are headed to Washington DC for the Executive Summit Series, an invitation only leadership forum held during OSAC week. The date is Monday, November 18 at The Boeing Company in Crystal City. It is a great launching point for OSAC and the other associations holding events that week.

Dylan Hayes, Manager, IT Security | Enterprise Security Technology at Seattle Children's Hospital – Research - Foundation, has been part of The Great Conversation community for some time. He has contributed his lessons learned willingly, and is an attentive student of his peers as they share as well.

This year, he will be joining a discussion around the current budgeting model of security and how it might be changing, as well as contributing his lessons learned in creating an information management platform that will serve the needs of the business now and into the future.

Dylan recently took a role under the CIO of Seattle Children’s

Why do leaders need a Great Conversation?

Leaders need a Great Conversation to continue to evolve synergy throughout the business, the community and the industry eco-system. Through challenge, collaboration, analysis, sharing of successes and mistakes and new ideas, this leadership forum is crucial to drive strategy, improvement, innovation and efficiency. The sharing of wisdom, concepts and skills is necessary to fine tune and perfect outcomes, operations and experience. Liken this to becoming a master of an art or professional athlete.

How does the mission and vision of your organization impact how you develop your security program?

Our security program must align with our value-based culture (specific values) and the fundamental objectives that directly impact the mission and vision initiatives.

What is the greatest constraint you have today, that if you overcame it, would take your program to an exponential level of performance?

Internally managing the performance, service and health of our system and components.

Why did the CIO want a physical security professional like you in his organization?

Technology, information and integration aligns with IT. It is a natural alignment of enterprise technology, strategy, service and support.

What do you hope to learn in this year’s great conversation?

The roadmap of the industry and the forward thinking strategy to manage the evolving technology landscape, provide exceptional customer service, and drive value to the business.

Morgan Harris is the senior director of Enterprise Solutions for ADT Commercial. He is a certified technology professional with extensive experience in managed services. His certifications cover infrastructure solutions from a variety of IT and Physical Security technology vendors.

Fundamentally, Morgan must be adept at gathering, analyzing, and defining business and functional requirements that inform and infuse the engineered design that will replace or augment the core processes of his clients.

With this background, he will be attending The Great Conversation and providing his insights into new models of outsourcing and managing physical and logical infrastructures.

At the end of the day, he is trying to help us move beyond what we will not see, hear or even mention because we feel stuck with budget constraints, people constraints, and organizational denial.

Below are some excerpts from a recent article he wrote for the January/February issue of Security Today. You can read the entire article through the link provided.

Tackling the Challenges

It should come as no surprise that cybercrime is one of the biggest threats organizations of all shapes and sizes face today. There were purportedly 918 data breaches compromising nearly 2 Billion data records in just the first six months of 2017. No organization, be it a Fortune 500 company or small business, is beyond the reach of today’s sophisticated hacker.

______________

With the constantly evolving campaign strategies cybercriminals are adopting like ransomware-as-a-service, it’s no wonder that 87% of board members and C-Level Executives state they lack confidence in their organization’s level of cybersecurity preparedness.

______________

Back in the late 1990s and early 2000s, there was much talk about the convergence of physical and digital security as IP-enabled devices started to come into the scene. That convergence was never fully realized in the manner that the industry experts thought should or would come to fruition.

As we fast approach the 2020s, cybercrime may prove to be the catalyst that reignites the drie to bring the two sides together, redefining convergence.

____________

Let’s look at the various resources that are available to you. It is safe to say that firewalls and anti-virus software are fairly well known and understood, but have you considered embracing a managed and monitored firewall and anti-virus program? Engaging a third party provider to deliver these services can help ensure that your solutions are always up to date, communicating with each other and monitored for potential breaches 24/7/365.

Relatively new on the scene are managed detection and response (MDR) services. General characteristics of MDR services are:

• Vendor provided technology for threat detection

• Monitoring and analysis by human security analysts

• Using threat intelligence or data analytics

Read more at Security Today

We like to profile our faculty through interviews and their thought leadership. Joe Fairchild has been active in The Great Conversation for years and will be addressing the forum community on Tuesday, March 5. He also will be part of a panel discussing the hidden costs of security and new models that can address this increasingly burdensome issue.

Joe joined Microsoft Global Security as a contractor in 2008. In 2010, Joe was hired by Microsoft as the Regional Security Manager for Global Security Operations in the US and Canada. Since that time, he has held a myriad of roles within the Global Security team including; Event Security, Access Management, Security Consulting, Technology, and has overseen a Project Management Office (PMO).

 In recent years, Joe has been tasked with the execution of the Digital Transformation vision for Microsoft Global Security. In September 2018, Microsoft Global Security merged with the Microsoft Real Estate & Facilities team, creating the Real Estate and Security Center of Innovation. Joe currently has the role of Technology Lead and Solution Development for this new organization.

 Joe is a veteran of the US Army, worked as Police Officer for the city of Redmond. Joe has a Bachelor’s degree in Psychology and a Master’s degree in Organizational Studies degree from Stanford University, where he also played for the football team.

Here is a short interview we had with him recently.

Why do leaders need a Great Conversation?

A safe place to learn, exchange ideas, and to compare ideas is critical to staying on top of the latest risks and to continuing to drive innovation around security people and assets.

How does the mission and vision of your organization impact how you develop your security program?

Our mission at Microsoft Is to enable every person and every organization on the planet to achieve more. Fundamentally this is a mindset where success frequently means you are not being recognized for all the hard work it takes. This is a mindset that is very similar to being in a protective role. Whether it be as a football player or as a successful security professional.

What is the greatest constraint you have today, that if you overcame it, would take your program to an exponential level of performance?

Distractions and time. Each distraction brings with it a moment of stepping out of flow and producing my best work.

What will you be sharing with your peers at the March forum?

Physical security has traditionally been rooted in a paper culture, employing a reactive approach to security threats where the norm is to respond to events after they have occurred. In these responses, much of the action taken is focused on adding safeguards to infrastructure such as additional walls or badges in an effort to reduce risks. However, digital transformation challenges the status quo of physical security, enabling the shift from a reactive, paper culture to a data-led, predictive physical risk model. Digital transformation will help physical security focus on how to obtain data and utilize that data correctly in order to mitigate the impact before a threat occurs, including cyber security threats in addition to physical ones.

What do you hope to learn in this year’s great conversation?

More about what is happening in the security industry at large and how people are thinking about physical logical convergence and the intelligent cloud.

Editor’s note: We will be providing a digital white paper to attendees at the conference entitled: “The Digital Transformation Playbook” from Microsoft Global Security.

Our technology partners in The Great Conversation supply us information that extends our imagination on how we might apply technology to today’s problems. We felt this was an interesting story that was published in Security Today and is provided by permission of the publisher. It profiles two technologies and vendors that came together in a holistic solution that will be featured at The Great Conversation.

Bigger is Getting Better

SMG/The Moscone Center undertaking complete security renovation

By Ralph C. Jensen, Editor, Security Today

There are a handful of amazing things that set San Francisco apart from other world class cities. Notably, there is the Golden Gate Bridge, Alcatraz Island, Fisherman’s Wharf and Chinatown; the Twin Peaks overlooking the city, San Francisco Bay, and yes: The Moscone Center.

Just how does a convention center fit into the list of places to see in beautiful San Francisco? It is the largest convention and exhibition complex in San Francisco. It includes three main halls spread out across three blocks and 87 acres in the South of Market neighborhood. The convention center originally opened in 1981 and has gone through several renovations. It is currently upgrading its security system to reflect a best-of-breed, state-of-the-art solution.

Securing the Facility

Security at the SMG/Moscone Center is handled similar to the security at a Tier 1 airport; however, clients who use the facility are required to provide their own inside security. When the doors are open to the public it plays host to people who want to come in and look around.

“We are responsible for facility security inside and on the perimeter outside. This is considered a soft target, so we do everything possible to harden the security,” said Damion Ellis, director of security at the SMG/Moscone Center. “The time is right for us to take out the old security system, including the old analog camera system. Our new security system will provide analytics, and the ability to look at the images in real time.”

Like any major metropolitan area, there are issues that have to be dealt with that aren’t pleasant and keeping track of the homeless population and what they are doing is one such issue.

“We are able to place the new IP cameras in places where the homeless population congregates on the outside, in dark corners of the facility,” Ellis said.

The Moscone Center complex consists of three main halls. Moscone South is located to the south of Howard Street and is three stories tall.

Read More at: Security Today

The Great Conversation interviewed the Executive Director for the Center of Information Assurance and Cybersecurity (CIAC), Dr. Barbara Endicott-Popovsky, to review her background and her passion for creating the next generation of cybersecurity leaders. Barbara will be sharing her perspective on filling the talent gap at The Great Conversation in Security on March 4 & 5 in Seattle, Washington.

What is the Center for Information Assurance and Cybersecurity?

The center is an NSA/DHS Center of Academic Excellence in Cyber Defense Education and Research. This designation is earned by demonstrating to a jury of peers our alignment with stringent Federal government standards. Through the years, we have received national and international recognition from our U.S., European and Asian academic and business partners for excellence in thought leadership.

To provide you some history, we were ranked at #10 for best places in the United States to study cybersecurity by the Ponemon Institute in 2014. Our graduates have become Chief Information Security Officers (CISO’s) and Chief Privacy Officers (CPO’s) in government and industry, as well as senior consultants, analysts, and entrepreneurs.

What was the reason for establishing the center?

We were responding to the well documented deficit in cybersecurity talent in the U.S.

In a great conversation, thought leaders leverage and build on the work of others. How was this principle applied in designing this program?

We leveraged the interdisciplinary science and system-activity approach ingrained in the theory and methodologies of physical culture science and advanced sports pedagogy, applying that construct to cybersecurity education.

The principle worked. In the sports world, it allowed individuals to find their appropriate physical activity aligned with their level of performance, authentic nature, and unique abilities. This inevitably leads to superior performance and a fulfilling sport career, culminating in the athlete’s personal happiness and sense of well-being.

Historically, sport orientation and selection science were rooted in psycho-physiological research from professional orientation studies, especially for selecting those for high risk, stressful, performance-demanding careers like airline pilot, special-forces military, and air traffic controller. A colleague from sport pedagogy and I hypothesized that the field of cybersecurity, being similarly stressful, would benefit from the application of this same research and have spent over a decade in actualizing this idea through individual courses and programs, writing extensively about our results in numerous publications. That work has been synthesized into a repeatable methodology and a cooperative learning model designed to address developing and producing ‘breach ready’ graduates. This has become the foundation for CIAC.’s work

Why are you speaking at The Great Conversation?

Whether you are in the cybersecurity industry, or some other field, as a leader you recognize that you are only as good as your ability to identify, hire, manage and measure good people. Our methodology can be applied, not only to the cyber world, but to any other field. Ultimately, this work provides a roadmap for filling the talent gaps we all are experiencing.

It is estimated by the FAA that seven million drones will be hovering over the US by 2020. Drones are being used by hobbyists, realtors, videographers, and companies seeking more rapid deliveries. Yet, with all of this innovation comes some trepidation. What happens when drones are used for darker purposes?

Scott Klososky, a futurist, speaker, and founding partner of TriCorps Technologies, has provided us a podcast for your review and enjoyment. You can find it here

In The Great Conversation in Security, we seek thought leaders across multiple domains of knowledge. From enterprise security risk management to intelligence and from leadership to organizational change.

Scott Koslosky opens The Great Conversation on Monday, March 4 with a challenge that promises to touch on many of our educational tracks. We sat down with him in preparation for the forum and here is what we learned:

Why are you participating in The Great Conversation in Security?

I really want to help Security Leaders have a better understanding how technology is going to change the threat landscape and our ability to manage risk inside of organizations. This includes helping people have a better sense of the integrated security model and how that works.

What have you learned this year, that you can share with us that is important for executives involved in their organization’s security and risk programs to know?

I have learned the best tactics for changing from a siloed security model to an integrated model in medium to large organizations.

I have learned about the machine intelligence in security both for defense and offense.

I have learned about new threats that are being created by digital tools and concepts.

I have also learned a lot about how to manage the internal risks now created from employees stealing IP or data.

What is the most successful leadership model you have seen in our industry?

An integrated security model overseen by a CSO that has a physical, electronic and cyber expert reporting to them. This provides the foundation for integrated security.

Then assign the leader to manage both internal and external security risks. Define analytics so that security performance can be measured.

How will cyber threats impact the security ecosystem: (consultants, integrators, and technology vendors)?

It will change the skills that security people are required to have.

It will cause a new breed of consultant and vendor to be critical to managing risk and events.

It will cause traditional security companies to add cyber talent and resources so that they can fully help to manage security risks that have components of physical, electronic and cyber in the attack.

Tell us a little bit about your presentation and why it is important and/or what will attendees learn from it to take back to their own organizations

My presentation and discussion will be important because it will introduce new thinking, models, and processes to the CSO’s. I will challenge the traditional ways we have provided security and will paint a picture of the future that will be undeniable. I come from the technology side of security back to the physical side, so I have a good ability to speak their language and I understand what they deal with every day. Using this knowledge, I will give them practical advice as to improvements that can be made in 2019 at both strategic and tactical levels.

Note: Scott has written a number of books. The most recent: Did God Create the Internet?: The Impact of Technology on Humanity.

Here is a brief description: Technology includes an incredibly powerful set of tools that surround our lives. We are chained to our devices, connected permanently through the Internet, and depend on a variety of software applications to manage our days. The power these tools give us would seem magical if shown to people just thirty years ago. The integration of digital tools into our lives most certainly changes us. The seminal question is whether we will ultimately be happy with the changes technology introduces. The impact as we integrate humanity and technology will reverberate for hundreds of years; whether it will propel us forward or cripple us as a species remains to be seen. We now stand on the precipice of the digital transformation with the outcome unknown. We do have influence on the outcome, but we can only guide it in ways that benefit humanity the most if we understand the consequences of augmenting our lives with technology.

The Great Conversation asked Shawn Galloway, one of our keynote speakers on March 4 & 5 in Seattle, Washington, to provide us a way to self-assess our strategy for security before our forum. We all agreed that the following assessment is a great start. You can find and download the entire assessment and article here.

We also have provided a link to his book that is referenced in the article here.

Shawn will be available to sign and talk about his book and his unique strategy for aligning your culture, strategy and plan during the conversation.

Read the following and then go to his website for further information.

How complete and comprehensive is your safety strategy? Does it have the right ingredients? Do you even have a safety strategy?

"Not paying attention to strategy is expensive. Each year organizations waste millions of dollars in time, resources, and effort. In our consulting practice we continue to see confusion: misunderstanding of strategy, real problems not addressed, misdirected effort, lack of personnel alignment, directionless short-term fixes, forgettable training, over-complexity, poor communication, cookie-cutter programs in place of strategic thinking, muddled motivation, poor incentives, not understanding what an existing organizational culture will tolerate or accept, misinterpretation of data, and attention to results without a clear understanding of how they came about. And these are just a few of the unproductive situations we encounter in our work. But most of all we see a lack of focus on generating and measuring ongoing contribution to value throughout the organization." (Inside Strategy: Value Creation from Within Your Organization, Galloway & Mathis, 2016).

After reviewing countless corporate, division and location-specific safety strategies, ten essential considerations were frequently excluded. (See diagram here)

1. No clear vision — It must be clear what new success will look like. What would the results be, what would be common within the culture, what would people see and hear that confirms why the results were obtained? This vision should serve as a qualifier that future decisions are made against.

2. Not using data to prioritize — While strategy begins as a hypothesis, data must drive the decisions. What does the data tell you about the opportunities for both safety performance and culture? Are injuries or risk mostly with new employees or seasoned? Run a trend analysis on all commonly tracked variables from incident and injury investigations. What beliefs and behaviors are not aligned currently? What are the common experiences and stories that need to change?

3. Not considering the culture — Are programs deployed with current and future culture in mind? Culture will be why your compliance or advanced efforts fail. It will also be why your overall strategy succeeds or fails.

4. No roadmap — The priorities and initiatives must paint a clear picture of where we are going and why, and what the steps are along the way.

5. Not planning across multiple years — There should be a minimum three to five year time horizon that decisions are charted across. What can you really do in year one? What should be deferred to subsequent years? Taking on too much and not following through is a common execution trap.

6. Not aligned with the business strategy/trajectory — Safety strategy must support rather than hinder the overall trajectory of the business decisions. Will growth occur organically or through mergers and acquisitions? Safety should be part of the business decisions, and business leaders should be part of the safety strategy decisions. Safety strategy should not be delegated to the safety leaders.

7. Lacking balanced scorecard — Measurements should prompt, direct, align and motivate actions towards the goals, not just tell you end results. There should be leading indicators as well as transformational indicators that validate the efficacy of your choices and the value derived between actions and results. Measurements must explain the why behind a change in results.

8. Actors do not know their individual roles, responsibilities and results — Individuals at all levels need to see themselves as actors in the strategy, aligned toward the strategy, and held accountable for the performance needed from them to affect the results.

9. No continuous marketing plan — You have to market for discretionary effort. What is the brand and how do you position it? How will you listen and respond to the voice of the customers of your strategy and reinforce the decisions to buy in? The "What's in it for me?" question never goes away, although the answer changes over time. If you have a great strategy and no one knows it, it isn't a great strategy.

10. Not regularly updating the customers and stakeholders on the progress and current position in the plan — Your strategy customer needs to know where they are in the strategy as time passes. It is vital to explain why you now pursue the next area of focus and how it fits within the plan already created.

The Great Conversation in Security™ agenda is influenced by the conversations we have with security executives who are attempting to keep pace with risk, budget optimization and technology in an evolving threat landscape.

This year a persistent theme emerged around the hidden costs of security. It is being influenced by the growing realization that the very technology that was supposed to address the threat and lower the cost is becoming an anchor that very few companies can carry. The hidden costs also contain the competitive landscape for hiring subject matter expertise in hardware, networks, integration, and application software that drives the use case for access control, video management and communications.

Add to this, the need for the security team to become more of a strategic advisor to the owner’s of risk such as the line of business executives, HR and Finance.

To begin to address this requires a strategic model for managing your people, process and tools as well as your business partnerships on the road to the digital transformation of your department and your organization.

As always we sought out the thought leaders and the security executives that were tackling these issues that led to the agenda for Seattle.

• Scott Klososky, who was a featured speaker at GSX 2018, will provide a compelling call to action around an integrated security model.

• Dr. Zafar Chaudry, the CIO for Seattle Children’s, one of the leading hospitals and research institutions in the country, will provide his insights into integrating security into the fabric of the organization’s digital transformation roadmap

• Ed Bacco, the former head of security at Amazon.com and currently the CSO of the Enterprise Risk Security Group of ADT|ASG, will outline the burden of the hidden costs of security and be joined by security executives who are facing this as well.

• Cheryl Michaels, the Senior Director of Security at Seattle Pacific University, will help describe how their efforts at creating an integrated security model helped them when the worst case scenario occurred at their campus: an active shooter.

• Shawn Galloway, a noted author and subject matter expert in creating cultures of excellence that can be applied to security and safety, will provide us a path to cultural excellence; the greatest leverage we have in our organizations.

• Claude Yusti, Partner of the Public Sector Watson AI and Data Platform Group at IBM Global Business Services, will attempt to demystify AI and show how it is being adopted and adapted in applications today and how we might prepare our organization for expanding AI uses tomorrow.

• Barbara Endicott-Popovsky Ph.D., Executive Director, Center for Information Assurance and Cybersecurity at the University of Washington, has direct experience in attempting to build a bridge in understanding for executives and risk owners on how to think about cyber security. She will be sharing a cutting edge learning model for our review.

• Michael Foynes, the Global Lead for the Center of Innovation at Microsoft, leverages his 15 years managing global operations for security to help us understand the imperative to digitally transform our profession, our industry and our organizations. And provides us a way to think about the way to achieve it.

• Interspersed throughout the two days are case studies delivered by security executives who had to face a problem, organize a team of internal and external stakeholders to address it, and then deploy a technology against a use case to ensure the problem could be addressed. These studies are always a lesson in leadership, management and measures of performance. But we will also invite technology leaders to share with us their insights on the future roadmap for access control, video surveillance, intelligent communications, identity management and data aggregation, storage and communication in a sensor driven world.

As always, The Great Conversation is an invitation into a community dedicated to the advancement of the industry, the profession and to our individual and collective pursuit of excellence within our organizations. A nation depends on us to keep our people safe, our economy stable, and our assets protected.

We thank you for your voice as it joins with your peers in a great conversation.

On March 4&5, 2019, in Seattle, Washington, we intend to address the perceived constraints that are keeping executives from taking their programs to the next level. We will follow this up with a forum in Texas in the month of May.

We are holding private conversations with CSOs and their teams to tap into their front of mind issues and opportunities. Along with our qualitative and quantitative research, we will use these conversations to inform and infuse the forum.

We are also helping Lynn Mattice, a former CSO and industry thought leader, to conduct a conversation with senior leaders on November 12, during OSAC week. Dave Komendat, the CSO of Boeing, has graciously opened his doors at The Boeing Company’s facility in Arlington, Virginia for an exclusive and private discussion on some of the most important issues facing our profession. We call this an “Executive Summit Series”. Please let us know if we can help you get connected to this important community.

Lynn has been on a mission to aggregate case studies from his contacts in the industry that we can use to help define an approach to creating value and mitigating risk. We like to think about this exercise as setting the stage for best practices and then using that platform to improve on best practices. After all, the enemy of great is the acceptance of good enough.

One of the case studies we would like to see would be a strategy and execution plan for bridging the value between the CISO and the CSO. There are very few strategic resources to help them build bridges between their domains. We think the Summit and The Great Conversation’s role will be to elevate the necessity for this bridge to occur. The lack of one constrains us in so many dangerous ways.

Let us know if you have a compelling story that can contribute to your industry’s value. We would be honored to help you document it for your internal use and to share confidentially under Chatham House rules.

Looking forward to a great conversation.

What I have learned about safety, security and life from my 90-year old in-laws has been a wake-up call for me. It not only has informed my future, but it has made me question my present. Let me explain.

On Saturday, we received a call from my mother-in-law asking that we come over to their retirement home because my father-in-law needed to go to urgent care. Of course, we asked them "Why?"

It turns out they followed a protocol from the retirement home that recommended that a call be made to the on-call nurse at the facility if they believed they needed help. The nurse then would arrive at the apartment and assess the situation and make the appropriate recommendation. In this case they had recommended "urgent care". Urgent care centers provide easy access to quality healthcare for the times when your primary care physician’s offices are closed. They are not considered appropriate for emergencies. 

When the nurse arrived at approximately 2pm, she witnessed a man in a fetal position on a bed who was having difficulty breathing and had been in this state since the morning. His lungs appeared to be rattling. 

What the retirement home's nurse did not have was any data on any of the residents in the home. No data on whether they could drive, their ability to make informed decisions (cognitive capability, dementia, etc.), their mobility, their general health or medicines. Without any of this information the nurse provided a recommendation for urgent care and then left. We got the call a few minutes later. 

It took us 40 minutes to arrive. Once we saw him we knew: Call 911. Upon arrival the EMT made their assessment and took him to the Emergency Room at the local hospital. They immediately put him on oxygen and began to triage the symptoms. They began to treat him for pneumonia. And they began to prepare us for his death. The EMT and the ER doctors could not believe that the nurse had recommended urgent care. 

I could only ask myself: How did we get to this moment?

What I have not told you is for some time my mother-in-law has been showing signs of dementia and has also become increasingly prone to falling. My father-in-law has restricted mobility and depends on an electric wheel chair to get around. Their ability to care for one another has increasingly been getting more difficult. And, to make it worse, they still believe they can. He still has his car keys and attempts to make runs to Costco. He has neuropathy and cannot feel his feet. She struggles to get out of the car and stand at the entrance while he parks. It is tough to believe that the way you have always been may not be the way you should now be. And their children have not been able to make a collective case for change. 
The retirement home and their residents are blissfully unaware of the state of their security and safety. The entry points are not monitored although a PC flickers unattended displaying video of key hallways. As I already have mentioned, resident information is not available to their internal "first responders". The first responders have no protocol for helping activate their recommendations: ("Can I call your son-in-law?") They have handed out alert fobs, but they cannot even track the signal to a specific room. 

So, I asked myself: How will I be ready for the truth when I am at that age? And who will I listen to for advice on how to be safe and secure? How can I avoid false assumptions of security and safety?

And that became an aha! moment. I could apply many of these questions to the security industry. Many companies today have provided their employees an assumption of safety and security. But the assumptions lack definitive roles, processes and technology to perform when an incident occurs. And the "advisors" are unable to break through the assumptions based on a variety of things including: 1) The business model. Example: The retirement home would not spend money on a comprehensive risk assessment that would outline the key gaps in the safety and security of their residents. 2) A lack of understanding of their own processes and communication that leads to the false assumptions around safety and security. 3)The resident's naivete in properly assessing and ranking their housing investment especially regarding safety and security. How many employees, students, residents or patients, consider security as part of their scorecard for evaluating their workplace, education or healthcare? 4) A value of privacy and independence that constrains or prevents adequate care. Examples: I don’t want a camera monitoring me. I don’t need to wear an identity card. I can tailgate my way into the facility. 

This is not a retirement home issue. This is a cultural issue. And an individual responsibility issue. 

Who can and will tell us the truth about our security and safety programs and ourselves? And who can connect that truth to the reality of our personal and professional lives? And who can make the value proposition to the entire ecosystem of investors, business executives, employees and customers so that safety and security becomes the new norm, not a reaction to an incident?

My father-in-law nearly died. My wife and I sat down with the executive director of the retirement home to do a "hot wash" of what had happened. We did the same with our family. Promises of action and remediation were made. But you get the sense that what really needed to happen for things to change in the business model and the behavior was for my father-in-law to die and a subsequent law-suit to be filed and prosecuted. Sound familiar?

There is a better way. Isn't there?
 

Aristotle had it right. Whether it is philosophy or security, every system of performance is made up of smaller parts. In this sensor driven world, devices provide data. People or other systems perform a task leveraging that data and produce an output or outcome.

In  a complex process, all of those tasks need to be coordinated; they need to ultimately work together towards a common goal or what is often called in our industry: a common operating picture where the whole becomes greater than the sum of its parts. 

When it comes to purchasing technology, how often do we leverage a framework for assessing the risks and threats to develop innovative new approaches to manage our people performing roles in a process using technology? 

Does interoperability of systems drive the interoperability of silos of performance we have in our organization today; in both business and security?

Can we find a way to create a scorecard and measure the whole vs. the individual parts? Can we then take that and drive interoperability as a strategy and as a value multiplier? 

The quantification could include the time-to-value for given tasks (the mean time for actionable response), lowered costs for managing and translating slioed activities, and a adaptible systems approach to continually respond to dynamically changing threats and technology. This is not new. It is just new to security. 

Here is one example from our conversations the other day. If the mean average response time of a on premise guard to the scene of an incident is 12 minutes.  And the average incident is 2-5 minutes long, we have a potential performance problem. Our ideal response is real time. Working from that premise, if we have the ability to use video, anomolous behavior or analytics engines, and audio to identify an incident  before or as it unfolds, then we have the opportunity to interrupt the psychology and behavior of the perpetrator. 

The real direct costs of the incident could include one or more of the following:

• Damage to the campus or building

• Injury to campus or building occupants

• Cost of the response

• Cost of disrupting operations

• Brand dilution of the organization

• Legal costs

• Insurance costs

In this scenario, the organization might have had forensic video, but it could not impact the average mean time of the response, and therefore did not add value to the equation. If they had video in addition to a Security Operations Center, it is still questionable they could proactively stop or mitigate the incident. If they had guards reacting to the SOC, it still does not impact the final result. With analytics you have understanding without the real time response. With audio, video, and analytics or anomolous recognition engines, you could see and speak into the incident. And by using the OODA principle, possibly buy time for first responders or guards to engage and/or disrupt the incident. 

Quantify and monetize the mean average cost of an incident that does not have a common operating picture and the ability to respond in real time. 

And then leverage the power of the sum of the parts. 

This campus didn’t need to replace its duress system. It just needed to better utilize and integrate the technologies that were already there.

Panic alarms are designed to deliver emergency alerts quickly to campus security personnel so that they can promptly respond to issues.

Recently, however, security technology stakeholders at Seattle Children’s Hospital realized their duress buttons lacked redundancy. Additionally, it could take officer pagers as long as three minutes to receive messages, which would delay incident response.

No redundancy and a three-minute delay in emergency message delivery were not acceptable, so Children’s Hospital tasked Aronson Security Group (ASG) with identifying a solution.

It was determined that Children’s existing IP intercom system made by Vingtor-Stentofon and existing IP Motorola radio system had the capabilities to bridge the gap in communications and work seamlessly together through an interface with Lenel.

Integrator Leverages Previously-Installed Technology

In 2012, Children’s Hospital invested in Vingtor-Stentofon’s critical communication solutions. They installed the manufacturer’s IP-based Turbine intercom stations in their parking areas, which enabled communication with high definition quality audio. These stations amplify the sound and provide noise reduction and echo cancelling technology.

While upgrading to new multi-function smart card technologies are full of exciting and cost-efficient potential, such a transition can seem like a daunting undertaking. This Executive Brief aims to take a good hard look at some of common concerns and debunk the top five myths surrounding multi-function Smart Card migration and implementation.
With this security technology already in place, a team was assembled to validate the system upgrades operated properly utilizing Children’s existing systems. The group consisted of Security Director Jim Sawyer, Physical Security Program Manager Dylan Hayes, Children’s IT department and the radio communications officer. ASG was designated as integrator/consultant that would establish the system interoperability, investigating and tying all the technology together. Vendor participation was also critical in the project.

“We had the full cooperation of Vingtor-Stentofon,” says Larry Minaker, ASG client manager for Children’s. “We assigned this to our Advanced Integration Services (AIS) team who worked with their support center out of Kansas City.”

Scott Hanson, one of the AIS managers, took the lead. He was encouraged that Vingtor-Stentofon had certified an integration through Lenel’s Open Access Alliance Program (OAAP), which allows a manufacturer to develop a software interface for Lenel’s OnGuard integrated platform that was already installed. Every interface is factory-certified to support OnGuard functionality.

The Children’s Hospital team assembled the radio hardware components for testing in ASG’s lab in Renton, Washington. The key elements included Lenel certified integrations with Vingtor-Stentofon, including the master station, AlphaCom, their IP Audio Remoter I/O unit (IP-ARIO) and the Motorola Mototrbo Radio. ASG provided fully functional Lenel and Stentofon systems and integrated all the radio, intercom and access control equipment together.

Upgrades Resolve Delays, Deliver More Functionality

ASG successfully worked with the system manufacturers to configure and deploy a functional end-to-end “proof of operation” in the lab. The configurable alert notifications reached the radio in seconds instead of minutes. Additional benefits included two-way voice connection between officers in the field utilizing handheld radios and officers stationed at the intercom master station. Another benefit is the capability to receive immediate notifications for any other critical input, such as refrigerator alarms or doors forced open.

“Many hospitals are not able to staff a security operations center 24 hours a day, seven days a week”, says Minaker. “Children’s identified an opportunity, prioritized the need for resolution and then assembled a team to identify how to resolve it. One important component was that Children’s invested in evaluating the core technologies they already owned in order to protect their existing investment and identify a more effective way the technology could operate together. Finally, [we were] able to work with manufacturers to determine the best method to integrate equipment and deploy it in ASG’s lab infrastructure. At the end of the day, not only was a solution tested and validated that maximized Children’s existing investments, it also added operational functionality and communication redundancy.”

These important benefits will bridge the gap between time-sensitive communications and staff response. The solution has expanded the capability to monitor and respond to critical infrastructure alarms, further enhancing the culture of safety at Children’s Hospital.

Let’s face it, smartphones and tablets are everywhere. As a society, we do almost everything with our mobile devices. These handheld supercomputers deliver our news, entertain us, keep us connected, and even act as flashlights, cameras, and GPS systems. And this societal shift to constantly-connected handheld devices is most prevalent with today’s student population.

As locks, access control systems, and smartphone functionality continue to advance, we’ve seen a big increase in interest regarding the use of mobile devices within access control systems — specifically for college and university campuses.

There has been an interest in mobile device integration for several years. What's changed over the past year or so is that devices have become so widely used, and Bluetooth connectivity has become so easy, stable, and secure, schools now see mobile access as a very real and viable possibility.

Students and faculty alike are aware of a mobile phone’s ability to pair easily with compatible devices, so it’s a natural expectation that the same experience would apply to locks and access control systems. IT departments and facility managers see a no-infrastructure, no-cost way to advance the use and convenience of their systems, but there are still questions and concerns to address.

Early Adopter Risks?

Most of the inquiries about the transition to mobile are from campuses who already manage card-based access control systems. They want to know how to migrate their credentials from a card to a phone. Primarily, these are very progressive schools that have already deployed a variety of electronic access control technologies, including wireless.

While it's great that schools are asking about mobile, and yes, they can use a mobile device to present credentials, we need to put this into context. The discussion is really about using electronic access control. It doesn't matter whether you use a card or phone. 

We recommend starting with a card-based system, and then migrating toward a mobile credential implementation plan. Without proper planning, there is risk in not having proper policies and procedures in place. What happens if an employee is fired, or a student is expelled? How do you revoke credentials? What happens if a phone is lost? How is all this best managed?

Where to Begin

Schools currently using brass keys and considering piloting a card lock system typically want to test a system for a few months before making a final decision. We suggest testing mobile access the same way. A college or university who already has access control in place and is interested in mobile access should pick an area — a single wing, building, or floor perhaps — and test it before rolling it out campus-wide.

If the school is new to access control, that's a bigger transition. They would have no access control experience in the first place, which means there is a lot to manage at the same time.

It’s wise to take small steps, but don't be afraid to get started. Remember that the ultimate goal is protecting the students. If mobile is a driver for access control, start by deploying a card-based system and move away from brass keys. Once the card-based system is up and running, it’s much easier to make the move to mobile.

Private/Public Security

There are often concerns, because a brass key or a proximity card is owned and controlled by the institution, but with mobile access the smart phone belongs to an individual. Although a smartphone belongs to the student or faculty member, keep in mind that the phone is merely a device that can be used to hold the credential. The credential can easily be issued or revoked regardless of who owns the phone. 

Some institutions don't even want to consider mobile, because they charge a fee to issue and replace key cards. With a large campus and residence hall system, this turns into a significant revenue stream for the school. How will that revenue be replaced?

One university conducted a pilot with mobile, where students could choose a card for access at no charge or choose to use their mobile device for a $50 fee. They had a good number of students opt in and pay the fee for the convenience of using their smartphone.

Another important consideration is that students or employees might lose a key, or lose a card, but they rarely lose their phones. Phones are always in hand. People don’t share them, loan them or even let them out of their sight. Our phones are almost always conveniently within reach, and for this reason alone, phones may have the upper hand from a security point of view.

Connectivity Choices

For years, we’ve had the ability to support mobile access using Near Field Communication, or NFC. To date, NFC has been challenging, because the device manufacturer, the network operator, and the Trusted Service Manager all want a portion of the service. This involves extra costs, complexity, and a chain of systems that could result in reliability issues.

With today’s Bluetooth Low Energy (BLE) connectivity, any Bluetooth phone can be paired with a Bluetooth-enabled lock without any middleman, additional infrastructure or costs.  

While BLE has clearly been an impetus for mobile access, new developments with NFC could provide us with two very solid technology options. Regardless of what course this takes, ASSA ABLOY is ready to support your campus with a broad range of locks that support mobile access using both BLE and NFC. As with any security upgrade, we recommend a future-proof solution that can support rapidly evolving technologies and the growing needs of your campus. 

Additional Considerations

If you are considering going mobile, first, keep in mind the big picture. Mobile access is exciting, convenient, safe and something that people want, but remember the first priority is deploying access control to provide a safe and secure environment for your campus. The best way to do this is to start with a card-based system, and then bring in mobile access at a later date.

Also, note that not all mobile access is created equal. Do your homework - make sure the credentials within the phone are highly secure and that your locks will support inevitable changes in mobile technology. 

And as far as going entirely mobile, we don't yet know what that experience will be like. With the sharp increase in interest regarding mobile devices, I’m sure we’ll see our first all-mobile access control deployment very soon.

About the Author

Angelo Faenza is the General Manager, PERSONA and Vice President of Campus Electronic Access Control Security Solutions, ASSA ABLOY Door Security Solutions. ASSA ABLOY

The IP video revolution has resulted in noteworthy levels of security industry growth and innovation over the last decade or so. Many companies were built, and many innovative products and solutions were introduced to the market. We saw a wide range of great technologies, business strategies, and go-to-market models — each enjoying fast growth and profitability.

Along with the industry-leading companies and products, there have also been less-well-planned ventures and offerings that came along for a good ride. Now, however, as the IP video market matures, and the pace of industry innovation and growth begins to slow, these companies are finding the currently greater competitive environment very challenging.

What’s happening is that today’s IP video market is maturing and experiencing a natural consolidation. It is no longer easy to compete with average or below-average products and business strategies. This industry maturation and consolidation bring about product price wars and other short-term competitive strategies. Companies that lack any real differentiation or fail to deliver genuine value to the market often react with price reductions, resulting in race-to-the-bottom behavior. This is a disruption to the business cadence our industry had become accustomed to.

So, if it’s no longer fast growth and ‘easy money’ like the early phases in a technology’s lifecycle, what are the new business models that must be developed to encompass the next generation of market disruptions? An open platform community offers a framework to succeed — together with our partners — by leveraging each other’s innovations and successes.

If you equate the so-called ‘easy money’ days to the ‘Scale’ stage of an industry lifecycle curve, we are seeing that the physical security market is maturing, and we are nearing the ‘Compete’ stage. I strongly believe that the community of innovative, third-party solutions can greatly extend the Scale stage of that curve.

An open platform delivers the ability to fortify the Scale stage of consolidation by leveraging innovation from many community partners and deliver forward-thinking solutions to the market, together. For companies that can articulate the long-term value proposition of an open platform architecture and a community of innovative, complementary solutions, there is still a lot of business ahead.

In contrast, companies that go to market proclaiming stand-alone, narrowly scoped products, with me-too features differentiated only by price will have a hard time competing. For them, their glory days indeed may well be over, and their business models may lead them down the back side of the ‘Consolidation Curve’, into decline, as is already happening to some.

Many businesses talk about being open but fail to deliver on the true value proposition of this approach. They choose instead to battle it out on price, and this is their downfall. If they would instead articulate the value of a platform with a community of innovation to deliver on that message, they could differentiate themselves and change the conversation in the marketplace. 

Consequently, it's not that the IP video industry’s glory days are over, but rather that the easy money days are coming to an end. The maturing market for security in fact demands more of our solutions. For companies like Milestone and our diverse global community of integration partners working together to embrace the open platform, we can define a stronger future ahead.

Tim Palmquist, Vice President of the Americas for Milestone, is the author of this blog and will be available for further conversations at The Great Conversation in Security

On April 16, 2007, on the campus of Virginia Polytechnic Institute and State University in Blacksburg, Virginia, United States. Seung-Hui Cho, a senior at Virginia Tech, shot and killed 32 people and wounded 17 others in two separate attacks (another six people were injured escaping from classroom windows), approximately two hours apart, before committing suicide. 

At that time, it was the deadliest shooting in U.S. history. 

11 years later, the question remains, how to protect our schools. But there is another question lingering behind the scenes that has sparked many great conversations: "How do we provide better intelligence, better situational awareness, and better actionable response.?"

What if one of the survivors were able to speak to us, not from just the pain, but also from a studious examination of the facts that led up to the event as well as the aftermath? What lessons could be learned that would inform and infuse our strategic plan and our core processes and tools?

One of our keynote speakers at The Great Conversation in Security was a survivor. More importantly, she has dedicated her life to advancing the goals of her non-profit: The Koshka Foundation:

• Improving campus safety

• Empowering student activism

• Forging connections between survivors of various causes

Her name is Kristina Anderson and she is the Executive Director of Koshka. 

Kristina was shot 3 times. She returned to graduate from Virginia Tech with a degree in International Studies and Foreign Languages, and is now a resource to school administrators, teachers and students within higher education and K-12 regarding violence prevention initiatives and ways to increase individual personal safety awareness. The Koshka Foundation also partners with law enforcement agencies and first responders to provide educational presentations on surviving an active shooter from a survivor’s perspective, and best practices in incorporating lessons learned. 

Her presentation will create an incredible conclusion to two full days of conversations with some of the brightest minds in security. 

Beyond the politics and the pain, are steps everyone of us can take to protect the people in our organization.