I know some of you already know the answer to this. Just bear with me while I explain it to those who seem confused. First, let’s begin with telling you why I’m even bothering. Through various social media accounts I participate on, I have come across folks who seem to believe their education and/or sort-of-relative experience makes them experts in physical security. As I have explained earlier, I am certainly not qualified to call myself an expert but I have a swath of experience and knowledge that allows me to adequately determine someone’s expertise in my field. Because of this, I have run across a many of people who the media and others have extolled as subject matter experts on everything from active shooters to in-depth espionage cases. It seems the loftier the person’s former or current professional title is the more they seem to call on them to give their commentary. As you might imagine, I have become angry and dismayed by what I have perceived as reckless de facto expertise certifications given to people who are often woefully unqualified. Let me explain:Just because you were Special Forces or even a spy doesn’t mean you’re an expert on all-things related to security. I LOVE special operations folks. They do stuff other people can’t and only dream of doing in the name of God, country, and duty. They are elite and deserve all of the praise and accolades that come from doing awesome work in their field. Let me explain. I’m not taking anything away from people who could kill me from a thousand yards away or who kill bad people in far away lands. However, not every special operations person knows about alarm systems, CCTV, CPTED, security operations, video analytics, or a host of other things I cover here to the level where they are the only people qualified to speak on physical security matters. Some do because their mission may require it. Just like I’m familiar with special operations because I had a job that required some knowledge of them doesn’t mean that I’m an “expert” in special operations. This doesn’t stop our media and a few Fortune 500 companies from proclaiming some of these folks who “look and sound the part”, yet have never worked a single security project, as experts.They have a Ph.D in Middle Eastern Literature and Art and know about every major terrorist attack in the region and have a blog their peers think is top-notch. Coincidentally, they know everything there is about active shooters, CCTV footage, small arms, and small unit tactics. Folks, seriously, after every active shooter event, spy story, or terrorist attack, there’s a deluge of these folks through my various social media feeds. These are excellent folks in their field. They’ve got more education and background in studying terrorism than I could ever dream to have. Many of them are great people who only want to share knowledge. For those who have done that with me, I’m extremely grateful. However, there’s another segment of this population who often come across as belittling in their demeanor. I appreciate all opinions. I truly do. I won’t even pretend like I know everything (even on things where I may know a bit more than I let on) because I don’t. I enjoy discourse and exchange of ideas. What grates on mine and other security professionals’ nerves are non-native academic “experts” who come as though your opinions are somewhat flawed because you haven’t taken their course or written a paper on it. I’m sorry – I got my experience in the field and learned what little I do know by seeing the world through the lens of a person actually doing the job you allude to know so much about but never did.They’ve read a bunch of blogs, some books, seen a few DEFCON talks, and follow some guys who pick locks. Sounds legit. That’s great. But that doesn’t make them an expert. In my opinion, expertise is derived from a multitude of professional experiences and in some cases, academic knowledge on the topic. I appreciate their enthusiasm but they can call me when they’ve suffered their first physical breach from an armed adversary at a facility the’ve been entrusted to protect. The world I operate in is much different than those books, articles, DEFCON or TED talks could convey adequately. That doesn’t mean their opinion isn’t worthy. I wouldn’t dream of making that kind of determination. In your dialogue with professionals in this field, don’t assume things you’ve read about physical security related topics are true or accurate. Assume you may not know everything either. If you’re a reporter, never assume because a guy wrote a book on terrorism he understands why a 15 year old boy shoots up his school. Take into account not everything that goes boom in America was made because “they hate freedom”.Your “security expert/guru/prophet” is a cyber-security dude who does encryption, firewalls, and IDS. That’s great. But just like I know basic stuff about that stuff, unless they’ve worked on or designed physical security systems or apparatus, that doesn’t necessarily make them an “expert” either. Chances are they’ve also never done a bag search, searched a vehicle for IEDs, detained shoplifters, or a host of other events physical security professionals have had to encounter. In the cyber world, they’re awesome. This does not mean they understand burglaries, forced entry, active shooters, or property trespassers, though some may.They’ve been referred to as a “security expert” but their experience is almost invisible. I’ve seen major corporations shell out some serious money to make guys who “sound smart” about security the “face” of their security initiatives. This is VERY bad. It undermines the strides we’ve made in this industry to standardize what it means to have expertise in this field, when major companies assign people as their “subject matter experts” when they have minimal experience doing anything in security. If I just touched a hammer yesterday for the first time, would you make me the foreman of the crew building a high-rise today? Your expert has certifications. I’m not impressed. Actually, that’s not entirely true. If your expert has certifications that they earned, I’m impressed. The American Society of Industrial Security, Inc. does an awesome job of certifying people based on merit and performance. This is why their certifications are the best in the industry to have, in my opinion (and a few others). I’m not saying everyone else’s certification is bad. Some are really good. I’m thinking of getting a few non-ASIS certifications myself. However, let’s not be naive. There are certifications you can buy to make yourself seem more qualified than you are. This is dangerous yet is also HIGHLY ignored in some instance. The best place to witness this disgusting hoax is on LinkedIn. I LOVE LinkedIn but there are some profiles which are full of self-aggrandizement. Don’t believe the hype, folks. Do your due diligence.Your expert is a former cop who never did security details when he was working and his degree is in a non-related field. Being a cop is VERY cool. I’m a bit prejudiced but I think cops are more diversified than we acknowledge. That being said, I have found where security managers are former cops (those looking for a post-retirement job) who haven’t worked security prior, they have found the transition to be more difficult than they or management may have imagined. The personnel, the jurisdiction size, and overall authority are different. The mission is also different. Yet I have seen companies hire people from law enforcement solely because management sees an intersection of subject matter expertise which may not even exist. Law enforcement and security are different species of the same animal in some respects.I hope no one takes offense to this post. I’m just a bit wary of countless people peppering social media with facts and ideas which are unfounded and dangerous. Most times, these people are ignorant of the damage they’re doing. Many believe that “expertise” is a subjective term and they have as much credibility as anyone else to give their commentary to masses they believe need to hear it. This is all very true. I have almost no issues with this. Many of them didn’t want to be considered “experts”. Often, there is a void of “experts” for the media and others to call on and so the people who “sound the part” get called. Perhaps, we need to move beyond our acceptance of “anyone can do security” to one where we recognize and respect the professionalism that is required to do this job and those who actually do it.
A Totally Awesome DIY Security Project – Raspberry Pi Face Recognition Treasure Box
As you know, I’m currently working on a few DIY security projects to share with you guys. My favorite place to go for inspiration has been, Make. These folks do some seriously awesome DIY projects. Most of them beginner to intermediate-level DIYers can do themselves. While perusing their site, I found this gem:Raspberry Pi Face Recognition Treasure Box – MAKE
If I Had To Design A Parking Lot, This Is How I’d Do It
The other day, I noticed in a discussion group someone asked about designing a parking lot access control system. This got me to thinking about why security officials are often tasked with designing and deploying these systems and why they are flawed many times. Here’s the response I gave.There is no technological answer for this. This would be dependent upon METT-TC (Mission, Enemy, Terrain, Troops—Time, Civilians). The best parking plans I’ve seen first started by looking at the mission of the facility.This immediately beckons you to ask if any of the vehicles parked are or will at some point need to be mission critical. In other words, if this is a hospital, would it be prudent to have access control measures which take into account emergency vehicles? Will you have sufficient room in the lot to accomodate them and an emergency egress? I would also determine who NEEDED to be able to park in this lot. Not everyone needs to park in your lot though they may want to. This should create a decent entry authorization list wherein you can identify who will need an expedient, yet effective means of gaining access. How critical is the facility? Tech is great but sometimes having a guy at the gate is more prudent, with respect to handling visitors, LEOs/first responders without access control tags, etc. It is also really helpful to not interfere with the mission of your facility, when designing your access control system whether for the parking lot or anywhere else. Seriously. I can’t overstate this enough. DO NOT make your system so cumbersome or strict that it impedes on the mission of those who do the work that pays you and your personnel. I have seen parking plans so restrictive that mission-essential personnel have been denied access to their facilities for things such as day-old expired vehicle tags and hours-old expired vehicle passes. Make sure your plan is flexible enough to accommodate those who need access right away but need to get their credentials in order. Be wary of making it susceptible to social engineering, though. I find the best way to mitigate this is through codification of your policies with exceptions allowed to accommodate those whose credentials may be lacking but can be verified. NEVER allow anyone access without verification. Ensure your access control system has authenticators, whether it be electronic or solely paper-based. However, ensure your authenticators are never discussed with anyone. I’d suggest making this a definitive terminable offense. I’d also consider your threat profile. Who has an interest, as a nefarious actor, to gain entry to this lot or through this lot to your facility? How can you mitigate this, bearing in mind how they could obtain entry feasibly? Seriously. Don’t plan on ninjas and SOF to make entry if that’s not your threat. Plan physical measures with this in mind.What’s the size of your lot? Has your lot grown to an extent where it requires fencing? If it does, how often do your security officers check that fence? No sense in having a fence if you’re not checking it. Remember fences are a demarcation AND a detection piece of your plan. Also determine if your lot is situated with any physical obstructions wherein you can’t observe who may have circumvented your parking plan. Consider CCTV or even a roving patrol to help if needed. Also, I find that if you use stickers, a few things tend to happen. One, people tend to park illegally and need to be towed. This takes up precious time and resources. And it could create confusion depending on how “creative” your sticker plan is. If you use stickers, keep it simple and wheel lock. Give each of your patrolmen a wheel locks and authority to deploy on cars illegally parked in select spots. Also address parking violations on a stakeholder basis as well. Talk to them about the potential loss in revenue should responders be delayed because of illegal parking in their reserved spots. Also describe what you’re trying to accomplish and how a sound parking plan can be a force multiplier (Boss, if our plan works, I can reduce the number of patrols and increase security efficiency and efficacy by x-amount).Start thinking about how you want to accommodate vehicles in terms of their egress and entry. How long should it take them to leave and get in? Are there any chokepoints in the plan that can cause congestion and make for additional security heartaches?Finally, consider the impact your plan could have on civilian or non-business related entities such as neighbors. Will you have to consider parking off campus? Will your plan cause congestion that impacts them? Will your plan address neighbors and their parking plans? Will your plan have a demarcation for neighbors to know where your property extends?
- « Previous Page
- 1
- …
- 4
- 5
- 6
- 7
- 8
- …
- 16
- Next Page »