tag:blogger.com,1999:blog-371782332024-02-28T11:08:53.093-08:00The Security ConsultantWritten by a court-recognized security expert and consultant, this blog contains practical and conceptual commentary related to security, loss prevention, the protection of assets, and related legal issues.
The thoughts expressed by the primary writer are based on his personal knowledge and experience which includes more than 30 years as a security professional.The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.comBlogger65125tag:blogger.com,1999:blog-37178233.post-6185795517978931742018-04-09T08:08:00.003-07:002018-04-09T18:01:18.018-07:00Not Just Guns And LawsI feel as bad and outraged about the shooting at Marjory Stoneman Douglas school in Parkland, Florida as anyone – I truly do. And I understand the frustration of the students and parents and staff at this school and others across the country who want something – anything – done to prevent such incidents in the future. I have listened to and read the heated comments about this incident, the calls for banning guns and more “gun control” (whatever that means). But I am outraged as much about what I haven’t heard or read.<br /><br />Because of what I do for a living, I have dissected and analyzed this incident (and most of the others like it) both frontwards and backwards. And what I rarely see (the shooting from Mandalay Bay Resort in Las Vegas being a notable exception) is any outrage directed toward the place where the shooting occurred…in other words, the lack of security which allowed such an event to happen.<br /><br />Consider just these few issues related to Stoneman Douglas school:<br /><br />· There was nothing or no one to identify, prevent, restrict or impede the armed shooter from being on the school grounds – no outdoor access control. <br /><br />· There was nothing or no one to monitor, identify, screen, prevent, restrict or impede the armed shooter from getting into the school – no perimeter access control. <br /><br />· There was nothing or no one to monitor, screen, prevent, restrict, impede or limit the armed shooter from roaming through the school once he got in – no interior access control or response plan. <br /><br />· There was the questionable response from the school resource officer who failed to immediately enter the school to engage the shooter. <br /><br />But of course the measures needed to remedy these shortcomings – which are unfortunately common at most schools across the country – require more resources, and nobody wants their taxes raised or additional fees imposed.<br /><br />The point I am trying to make is that there is no single or simple fix to prevent these types of incidents. We need to expend resources to reasonably harden our schools and other “soft targets.” We need to assure that we have adequate plans in place to respond to these kinds of incidents because there is no such thing as perfect or absolute security and such situations will surely be attempted in the future. And perhaps most importantly we need to expend resources to identify and deal with the kinds of aberrant people and behaviors which commit these heinous acts. <br /><br />What we don’t have to do is focus all the blame and attention on banning guns and creating more gun laws, because to do so ignores the real roots of the problem.<br />
<br />The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-75376808678083943412017-11-22T10:01:00.000-08:002017-11-22T10:01:11.073-08:00Security In Today’s World
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
We claim to be winning the war on terrorism; and we base
this claim on the fact that there have been relatively few significant
terrorist acts in the recent past.<span style="mso-spacerun: yes;">
</span>(This does of course make a distinction between extremist/radical
terrorism and homegrown domestic violence/terrorism – although the lines are
becoming more and more blurred.) <!--[endif]--><o:p></o:p></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
But our sense of accomplishment and almost-victory is belied
by reality.<span style="mso-spacerun: yes;"> </span>The bad guys – whatever
their ilk – are in fact winning.<span style="mso-spacerun: yes;"> </span>To
make my point, consider the following:</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt 0.25in; mso-list: l0 level1 lfo1; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->Heavily armed law enforcement officials patrol downtown
areas and sporting venues and public buildings and transportation hubs and
election sites.<span style="mso-spacerun: yes;"> </span>The Super Bowl is
classified as a National Security Event.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<!--[endif]--></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt 0.25in; mso-list: l0 level1 lfo1; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->The airplane experience has no resemblance to what it
used to be:<span style="mso-spacerun: yes;"> </span>removing shoes, physical
body searches, extensive baggage screening, waiting lines to enter plane areas
and board are now the norm.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<!--[endif]--></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt 0.25in; mso-list: l0 level1 lfo1; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->The places we went to feel safe and to “get away from
it all” – the movie theatres and restaurants and resorts and public parks and
shopping malls are now the scenes of cruel and deadly attacks and murders.<span style="mso-spacerun: yes;"> </span>We now go armed to those places.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<!--[endif]--></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt 0.25in; mso-list: l0 level1 lfo1; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->The places we went for comfort and solace and healing
and education – schools, churches, hospitals, day care centers, rehab
facilities – are now places where the bad guys know they can prey upon the
defenseless.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
So with all these changes to the way we feel and the way we
must now live, can we really say that we are “winning” the war on terrorism?<span style="mso-spacerun: yes;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<!--[endif]--><o:p></o:p></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
I think there is some comfort and consolation in knowing
that bad events are still relatively infrequent.<span style="mso-spacerun: yes;"> </span>But I also think that we must never let our sense of comfort
overshadow our sense of realization that we still live in an unpredictable and
not-so-safe world. </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-54714163046783797492017-01-03T08:47:00.002-08:002017-01-03T08:49:16.648-08:00Being An “Expert”<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
In the security profession<span style="mso-spacerun: yes;">
</span>– or in any discipline really – being an “expert” or “expert witness” is
usually not a position to which one aspires at an early age.<span style="mso-spacerun: yes;"> </span>It often comes first as an ancillary
endeavor, then perhaps as a full-time profession.<span style="mso-spacerun: yes;"> </span>It usually comes mid-career, and often endures past career prime
and even past normal retirement time.<span style="mso-spacerun: yes;">
</span>So how does one “become” an expert?<span style="mso-spacerun: yes;">
</span>Is there a course or test that must be taken to “become” an expert?<span style="mso-spacerun: yes;"> </span>Here’s the reality:</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
One does not necessarily seek
recognition as an “expert;” and “expert” is not a connotation or designation
bestowed on oneself – it is status or standing in one’s profession as attested
to and recognized and conferred by others.<span style="mso-spacerun: yes;">
</span>Therefore, there is – and really can be – no course of study or training
program or test that culminates with the title of “expert” since a true
“expert” does not become so until the expertise is recognized by others.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
An “expert” is generally recognized for a composite of
professional education, training, experience, expertise, analytical skills,
writing skills, presentation skills, involvement in professional organizations,
involvement in professional activities as a volunteer, professional and
personal integrity, professional and personal credibility – and having a good
track record in all the aforementioned.<span style="mso-spacerun: yes;">
</span>And in addition to these attributes, “experts” usually have some other
traits that are acknowledged by others:<span style="mso-spacerun: yes;">
</span>He is the “go-to” guy within his organization;<span style="mso-spacerun: yes;"> </span>he is a “go-to” guy within one’s industry and/or among one’s
professional peers;<span style="mso-spacerun: yes;"> </span>he is actively
sought to help with resolving problems or improving operations or developing
strategies or developing policies and procedures – being sought to do for
others what they should/could be doing for themselves.<span style="mso-spacerun: yes;"> </span>He is regarded as the person who will almost
undoubtedly do the right thing or have the right answer at the right time.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
So being the smartest man in the world by self-appointment –
even if true – does not make one an “expert” as the term is being used
here.<span style="mso-spacerun: yes;"> </span>Rather, it is the acknowledgement
by others that one is the right person to do a particular job that
distinguishes one as an “expert.” </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 6pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-33906643705169502016-06-29T13:27:00.000-07:002016-06-29T13:29:53.750-07:00Words To Live – Or Stay Living – By<span style="font-family: "arial"; mso-fareast-font-family: "Times New Roman";"></span><br />
<span style="font-family: "arial"; mso-fareast-font-family: "Times New Roman";">In the world of security, as in many facets of life, an old adage is absolutely true:<span style="mso-spacerun: yes;"> </span>It is better to have it and not need it than to need it and not have it.</span><span style="font-family: "times new roman"; font-size: 12pt;"><br />
<br />
<br />
<br />
</span>The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-35721847026046112932016-01-28T09:44:00.000-08:002016-01-28T09:44:04.289-08:00The Concept Of “Reasonable Security”
<span style="font-family: Arial; font-size: 10pt; font-weight: normal; mso-bidi-font-size: 12.0pt;"></span><br />
<span style="font-family: Arial; font-size: 10pt; font-weight: normal; mso-bidi-font-size: 12.0pt;">Every organization has a legal obligation to provide a safe
environment, based on the concept of “reasonable security.”<span style="mso-spacerun: yes;"> </span>The owner/landlord does not have to
guarantee absolute security.<span style="mso-spacerun: yes;">
</span>However,<span style="mso-spacerun: yes;"> </span>reasonableness and adequacy
of security must be affirmatively demonstrated.<span style="mso-spacerun: yes;"> </span>This basic concept is founded in most states’ case law (and, in
some states, in statutory law).<span style="mso-spacerun: yes;"> </span>In
today’s world, there is virtually no place that can claim that no security is
adequate.<o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<!--[if !supportEmptyParas]--><span style="font-family: Arial; font-size: 10pt; font-weight: normal; mso-bidi-font-size: 12.0pt;">The implementation or existence of a
security program in and of itself does not guarantee that the program is
adequate and sufficient, since the standard by which a security program will be
judged is reasonableness with regard to foreseeable threats and risks at a specific
place.<o:p></o:p></span></div>
<!--[endif]--><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial; font-size: 10pt; mso-bidi-font-size: 12.0pt;">“Reasonable security” has been consistently defined by
premises security case law to mean that appropriate security measures must be
implemented commensurate with risks which are reasonably foreseeable at a
specific place.<span style="mso-spacerun: yes;"> </span>And a reasonable consideration
of foreseeability has been determined to include the nature of the premises;
the history of incidents at the premises; the history of incidents in
geographic surroundings; and<span style="mso-spacerun: yes;"> </span>any
relevant industry standards.<o:p></o:p></span></div>
<!--[endif]--><br />
<div class="MsoBodyText" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial; font-size: 10pt; font-weight: normal; mso-bidi-font-size: 12.0pt;">Adequacy of security is legally
defensible only when<span style="mso-spacerun: yes;"> </span>vulnerabilities
and risks are assessed via some conscious or formalized process to determine
foreseeability, and commensurate security measures then<span style="mso-spacerun: yes;"> </span>implemented to reasonably address those
identified foreseeable risks (this is the usual standard by which adequacy and
sufficiency of security is determined by courts).<o:p></o:p></span></div>
<span style="font-family: Arial; font-size: 10pt; font-weight: normal; mso-bidi-font-size: 12.0pt;"> <!--[endif]--><o:p></o:p></span><br />
<span style="font-family: Arial; font-size: 10pt; mso-ansi-language: EN-US; mso-bidi-font-size: 12.0pt; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;">A good process for developing a sound security
strategy has dual benefits:<span style="mso-spacerun: yes;"> </span>The program
will be designed to protect the organization’s assets; and the program will be
legally defensible should it be challenged in court.</span><br />
<span style="font-family: "Times New Roman"; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;"> </span><br />
<h1 style="margin: 0in 0in 0pt;">
<span style="font-family: inherit; font-size: small;"></span> </h1>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-72435802417601983352015-06-12T07:42:00.000-07:002015-06-12T08:00:02.399-07:00SOMETIMES...<br />
<span style="font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";"><span style="font-family: Verdana, sans-serif;"><span style="font-family: "Trebuchet MS", sans-serif;"><strong><em>SOMETIMES...</em></strong>
</span></span></span><br />
<span style="font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";"><br />
</span>good security means doing things that are not politically correct – you can’t always have it both ways;<br /><br /> doing the right thing is more important than following the rules or being politically correct;<br /><br /> the perception of good security is as good as or better than the reality;<br /><br /> there isn’t a good choice – sometimes you must choose between the best of the bad choices;<br /><br /> the end does justify the means;<br /><br /> it’s better to be judged by 12 than carried by 6;<br /><br /> popularity of an issue does not equate to fairness or justice;<br /><br /> a verdict has nothing to do with a good or bad prosecution strategy or a good or bad defense strategy –sometimes a verdict is based simply on facts and evidence;<br /><br /> “justice” fueled by public opinion and media and political pressure is not really justice;<br /><br /> “justice” is not what someone wants it to be – sometimes justice is simply what is;<br /><br /> the cutest puppy has the meanest growl and the sharpest teeth;<br /><br /> you get what you want, but sometimes you get what you deserve.<br />
<span style="font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";">
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></div>
</span><span style="font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";"><span style="font-family: Verdana, sans-serif;"><span style="font-family: Times New Roman;"><strong><em><span style="font-family: "Trebuchet MS", sans-serif;">AND ALWAYS…</span></em></strong><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: "Trebuchet MS", sans-serif;">
</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: "Trebuchet MS", sans-serif;">there is virtually nothing that is purely or simply black or
white.</span><br />
</div>
</span></span></span>The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-74689342704389673182015-02-11T11:50:00.000-08:002015-03-30T12:06:57.888-07:00Value In “Dummy” Surveillance Cameras?<span style="font-family: inherit;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">As both a former Director of Security and now an independent
security consultant, I have rarely been a proponent of using “dummy” cameras as
part of a security strategy.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">Real cameras are used for several general purposes:<span style="mso-spacerun: yes;"> </span>To monitor areas/events in real time to
(hopefully) initiate appropriate response as needed; and/or to record
areas/events for investigative/documentation purposes; and/or to provide a
visible deterrent to inappropriate activities;<span style="mso-spacerun: yes;">
</span>and/or to provide a heightened sense of security to the area’s
legitimate users.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">With that being the case for real cameras, here are the
operational downsides of using “dummy” cameras:<span style="mso-spacerun: yes;"> </span>Obviously, there is no real-time monitoring of areas/events
possible, so appropriate response to problems is not possible (and it would be
cost-prohibitive – and economically foolish – to try to replace cameras with
personnel); and obviously, there is no recording of events for
investigative/documentation purposes (the chances of personnel being able to
provide comparable information are slim).<span style="mso-spacerun: yes;">
</span>On the plus side, there might be a comparable visible deterrent to
inappropriate activity, especially if the cost savings of “dummy” cameras vs.
real cameras is used to provide additional “dummies.”<span style="mso-spacerun: yes;"> </span>But even that deterrent value might be negated if poor-quality
“dummy” cameras (an oxymoron?) are used which are easily identified as
“dummies” because of no lights or wiring connections.<span style="mso-spacerun: yes;"> </span>(NOTE:<span style="mso-spacerun: yes;"> </span>the only time I
have ever used “dummy” cameras was to add the impression of even more cameras
to an application of real cameras which already covered everything I wanted
covered.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<span style="font-family: inherit;"><div class="MsoNormal" style="margin: 0in 0in 0pt;">
But to me, the primary problem with the use of “dummy”
cameras is an unnecessary and thus unacceptable<span style="mso-spacerun: yes;"> </span>increase in liability.<span style="mso-spacerun: yes;">
</span>The heightened sense of security for legitimate area users is totally
negated when it is learned that there is no real protection being afforded.
Legitimate users will feel betrayed and tricked when the truth is learned (and
it will be – someone will find out somehow). And the worse-case scenario will
be when an incident occurs and a victim questions and learns why there was no
ready response or at least visual documentation of the event.<span style="mso-spacerun: yes;"> </span>I have been involved in such cases as an
expert witness (this would most probably evolve as a premises security
liability lawsuit based on inadequate security) and have been able to opine
that the “dummy” cameras created a false sense of security that did not truly
exist, and this is actually worse than having no cameras of any kind:<span style="mso-spacerun: yes;"> </span>at least if there are no cameras present,
legitimate users will not have any expectations as to the level of security and
may thus be more aware of their own responsibility for personal security; where
on the contrary a legitimate user may be less aware of personal security issues
since he believes that he is being “helped” by real cameras.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Bottom line for me:<span style="mso-spacerun: yes;">
</span>“Dummy” cameras have the potential to cause more problems than they
solve.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
</span><div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">
</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">
</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">
</span></div>
<span style="font-family: inherit;">
</span>The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-37010902259217177112014-11-13T07:27:00.000-08:002014-11-13T14:01:38.027-08:00“Predicting” Violent Behavior<br />
We currently live in a society that is “an environment
conducive to criminality:”<span style="mso-spacerun: yes;"> </span>virtually
all aspects of the most popular forms of entertainment involve violence and
anti-social behavior (movies, television, video games, etc.); the news media
thrives on violence and anti-social behavior (count the number of such stories
versus “good” or “nice” news); society by and large has come to accept violence
and anti-social behavior (we abide such behaviors in our neighborhoods and
schools, our criminal justice system is virtually an ineffective revolving
door, etc.); and we expend resources to protect ourselves usually only after a
tragic event has occurred.<span style="mso-spacerun: yes;"> </span>In other
words, we may not like it, but we actually do – or can do – little about it.<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
We try to find reasons for violent behavior, and try to find
ways to “predict” it in hopes of preventing it.<span style="mso-spacerun: yes;"> </span>But is such a lofty goal even possible?<span style="mso-spacerun: yes;"> </span>Or does the concept of preventing problems exist only in theory,
not reality or practicality?<span style="mso-spacerun: yes;"> </span>Consider:</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
“Behavior modification” is a great term and concept –
provided that we have some idea as to whose behavior we are attempting to
modify.<span style="mso-spacerun: yes;"> </span>When the threat is external to
an organization, how can we begin to know which of the next 732 persons to
enter a facility is the one whose behavior needs modifying?<span style="mso-spacerun: yes;"> </span>How can we begin to know if the “behavior
modification” techniques that might work on 731 of those persons will work on
the 1 who will actually be the next shooter?<span style="mso-spacerun: yes;">
</span>If none of those 732 go on a shooting rampage today, does that mean that
our “behavior modification” techniques were successful – or that none of them
simply chose today as the day to shoot?<span style="mso-spacerun: yes;">
</span>Etc. etc. etc.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
We see examples of our efforts to find a new way to predict
the next shooter every time another incident occurs (and by the way, nothing
PREDICTS behavior – certain behaviors may be indicated, but none can be
PREDICTED).<span style="mso-spacerun: yes;"> </span>But the reality is that
there is virtually nothing we can do because, even when some people see the
signs, nothing is done because “if you see something, say something” is not
socially acceptable, or is contrary to HIPAA (when the see-er is a mental or
medical health professional), or is something that “…I was going to do later…”
or whatever.<span style="mso-spacerun: yes;"> </span>Families, bosses,
co-workers, fellow classmates, etc. see things every day that are indicators of
potential violent behavior, but do nothing because it is simply not politically
correct or they’re busy or they did not realize what they were seeing or a
million other excuses.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
After every new incident comes another discussion of the
same things, and the results are always the same – nothing gets changed,
because nothing can really be changed.<span style="mso-spacerun: yes;">
</span>Because even when problems are indicated before they occur, we still
almost never do anything about them until after they have occurred.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Security professionals do not control organizational purse
strings or the magic key to the CEO’s psyche, so we cannot implement the things
which we know will pretty much stop the bad guys from doing most bad things
most of the time. <span style="mso-spacerun: yes;"> </span>And all of the
studies and nice terminology and fancy graphs will never change that fact.<span style="mso-spacerun: yes;"> </span>(And while agencies such as the U.S. Secret
Service do a great job of behavioral analysis, remember that they have an
entire division of professionals who do nothing but behavioral analysis and
have the resources to investigate and check out their findings and leads and
have to “only” protect a handful of key assets.)</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
So in the end,<span style="mso-spacerun: yes;"> </span>all
we as security professionals can really DO (as opposed to discussing theory and
hypothesis) is do the best we can with resources our bosses choose to expend –
that is, protect to the best of our abilities, with whatever resources we have
been allotted, whatever our bosses have decided are our key assets. Period.</div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-31693235371796978062014-10-03T13:26:00.000-07:002014-11-13T14:01:52.379-08:00Academic vs. Practical Security Knowledge<span style="font-family: inherit; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;"></span><br />
<span style="font-family: inherit; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;">Regardless of the extent of knowledge acquired
via formal education or academic pursuit, it is almost always most beneficial
to retain a security consultant or expert witness who has practical, hands-on
experience in the subject matter at hand.</span><br />
<span style="font-family: inherit; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;"></span><br />
<span style="mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;"><span style="font-family: inherit; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;">When a particular situation or case needs
someone to interpret or present information that is based solely on scientific
or theoretical fact, an expert with only an educational or academic background
might be most suitable.<span style="mso-spacerun: yes;"> </span>But in
circumstances requiring expert OPINION – knowledge of specialized information and
its application to a specific scenario – an expert with practical experience is
most valuable.<span style="mso-spacerun: yes;"> </span>In such cases, an expert
who has been personally involved in the application of the relevant subject
matter to a variety of diverse situations will be best able to provide the
comprehensive insight that is needed to best assist the organization or
attorney because he has had to not only know the subject matter, but has had to
apply that knowledge to the situational nuances of the real world (a skill not
generally found in experts who only possess academic or theoretical knowledge).</span></span><br />
<span style="mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;"><span style="font-family: inherit; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;"></span></span><br />
<span style="mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;"><span style="mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;"><span style="font-family: inherit; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;">The primary value that a security consultant or
expert witness brings to an organizational situation or legal case is his
ability to apply general security principles to a specific situation because he
has been there and done that.</span></span></span>The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-44276192179636460712014-05-12T07:18:00.000-07:002015-03-30T12:09:35.463-07:00Business Size And The Need For Security
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial; font-size: 10pt; mso-bidi-font-size: 12.0pt;">Regardless of the size and sophistication of a business –
from the sole proprietor of the neighborhood bar to the international
conglomerate – the concept of providing a reasonably safe premises remains the
same:<span style="mso-spacerun: yes;"> </span>namely, a business must provide
reasonable security commensurate with reasonably foreseeable threats and risks;
and reasonable foreseeability is generally determined by a conscious analysis
of the inherent nature of the business and the history of general criminal acts
at and around the business.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial; font-size: 10pt; mso-bidi-font-size: 12.0pt;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial; font-size: 10pt; mso-bidi-font-size: 12.0pt;"></span><span style="font-family: Arial; font-size: 10pt; mso-bidi-font-size: 12.0pt;">While large organizations may meet their obligation to
provide a safe environment via sophisticated security programs with designated
personnel and formalized policies and procedures, even small businesses must do
something proactively to meet their obligation – they must still take into
account the kinds of problems that they will likely encounter given their
particular situation (i.e., location, nature of business, clientele, prior
problems, etc.).</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial; font-size: 10pt; mso-bidi-font-size: 12.0pt;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial; font-size: 10pt; mso-bidi-font-size: 12.0pt;"></span><span style="font-family: Arial; font-size: 10pt; mso-bidi-font-size: 12.0pt;">Many small businesses erroneously presume that their small
size will somehow either preclude problems or somehow absolve them of their
legal obligation to provide a safe environment.<span style="mso-spacerun: yes;"> </span>But statistics continue to show that small businesses – bars,
apartment buildings, retail stores, etc. – are the venues where criminal
activities are most likely to occur and consequently the kinds of places most
likely to be sued for inadequate security.<span style="mso-spacerun: yes;">
</span>And the settlements and awards stemming from these lawsuits should give
business owners and operators cause for concern.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial; font-size: 10pt; mso-bidi-font-size: 12.0pt;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial; font-size: 10pt; mso-ansi-language: EN-US; mso-bidi-font-size: 12.0pt; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;">This information is important for 2
reasons:<span style="mso-spacerun: yes;"> </span>First, it is prudent for businesses to understand that proactive attention to security matters is
better and ultimately less expensive than after-the-fact litigation; and
businesses that may find themselves involved in premises security liability cases need to remember that the criteria by which security is
assessed will be the same regardless of the size of the business at which an
incident has occurred.</span></div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-15831676301268297182014-03-09T07:17:00.000-07:002014-03-09T07:17:34.554-07:00The Paradox of “Soft Targets”
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">There is both an irony and conundrum related to active
shooter scenarios at soft targets: These types of places – and by the way,
“soft targets” refers not only to places that customarily have minimal or at
least non-aggressive security programs but also to places where the site’s
users customarily have some sense of it being a safe place (so even personal
security awareness is low) – almost “create” their desirability as targets
because they consciously choose (or, “make business decisions”) to maintain a
low security posture. And while these “reasons” are sometimes economic, that is
not always the full story: there still seems to be some prevalent thought among
proprietors of soft targets that the appearance of aggressive security somehow
conveys an impression of impending danger. And isn’t that ironic – some people
actually believe that more security equates to or implies greater danger. (I
may be wrong, but I never thought that banks were inherently dangerous because
they have armed guards!?!</span></div>
<span style="font-family: inherit;"><div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
No one deserves to
be a target for violence. But I tend to feel a bit less sorry for places at
which violence occurs when it is learned that those place consciously chose to
do little if anything to minimize or mitigate their vulnerability.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
</span><div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-35470371507120917302014-01-14T10:09:00.000-08:002014-01-14T10:09:20.439-08:00Can Security Programs Really Do More With Less
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Can we almost always find ways to do a little more with a
little less? Certainly, as we have all experienced.<span style="mso-spacerun: yes;"> </span>But here’s the downside: The reality is that we really don’t do a
“little more” – we may do a “little more” in quantity, but actually do a
“little less” in quality. And every “little less” that we do results in
decreased service and increased liability (the old and true “you can pay me now
or pay me later” adage).</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
When we talk about “working smarter” or better utilizing
technology, we usually mean the replacement of people with machines and
systems.<span style="mso-spacerun: yes;"> </span>Automation is not a
significant part of this problem (smaller budgets for security), contrary to
what many “new school” practitioners and security product vendors would have
you believe. Surely automation can make security somewhat easier, but it
doesn’t necessarily make it better, because people will always be part of the
equation and people will always be a significant and costly and on-going budget
line item.<span style="mso-spacerun: yes;"> </span>Virtually all of the types
of services routinely provided by security personnel – preventive patrol,
evicting trespassers, opening doors, providing escorts, conducting
investigations, problem intervention, etc. – could not be accomplished without
people. Can technology help? Sure. But successful conclusions to security
incidents and problems rarely can occur without security personnel.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Other business operations don’t have the same problems as
Security: When sales are down, marketing and advertising costs go up; when
customer service complaints rise, personnel hiring costs go up; when floors get
too dirty and equipment breaks down, housekeeping and maintenance costs rise.
But even when security is at stake and problems and/or liability increase, the
budget for security gets cut.
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
The panacea is not all the latest technologies and bells and
whistles or even more operational security personnel. What we need is better
security executives who can credibly sell security service based on accurate
data collection and analysis, and who have the fortitude to strongly support
and defend their positions even when such may not be politically- or
career-correct (or wise).</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-26498319188048741642013-11-14T14:13:00.000-08:002013-11-14T14:13:08.396-08:00The Re-Branding of Security
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">There has been an effort over the past several years to
change the titles of persons who perform security functions within an
organization: I have seen such persons in various industries called “asset
protection specialists,” “loss prevention associates,”<span style="mso-spacerun: yes;"> </span>“protection officers,” “doormen,”<span style="mso-spacerun: yes;"> </span>“ushers,”<span style="mso-spacerun: yes;">
</span>even “ambassadors.”<span style="mso-spacerun: yes;"> </span>But
regardless of a company’s job title nomenclature, these persons all perform, to
some degree,<span style="mso-spacerun: yes;"> </span>the function of
security:<span style="mso-spacerun: yes;"> </span>namely, protecting the assets
of that company.<span style="mso-spacerun: yes;"> </span>And the function is
more important than the title.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">Perhaps companies believe that the word “security” has
somehow taken on a negative connotation, that the presence of “security”
somehow implies an admission that problems exist (the PR department’s
nightmare).<span style="mso-spacerun: yes;"> </span>But in reality – especially
in our post-9-11 world – the very concept of “security” should be embraced as a
comfort.<span style="mso-spacerun: yes;"> </span>So maybe the root problem is
that there is a misperception and misunderstanding of what “security” really
is.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<span style="font-family: inherit;"><div class="MsoNormal" style="margin: 0in 0in 0pt;">
I think that most people’s primary exposure to and
perception of what “security” is comes from the uniformed guards that they see
wherever they go (it’s getting to be the Holiday Season, so perhaps the armed
guards at the front door of Toys-R-Us will be back!).<span style="mso-spacerun: yes;"> </span>And because the guards in uniform look like police officers in
uniform – whose primary job (people think) is patrolling and responding to problems
– they equate the two types of personnel to that similar job function.<span style="mso-spacerun: yes;"> </span>But just as there is so much more to law
enforcement work than the visible patrol officer, so too is there much more to
“security” than observe and respond (which is amazingly ironic, since a good
percentage of security personnel are only supposed to observe-and-report as
opposed to observe-and-respond).<span style="mso-spacerun: yes;"> </span>And to
compound the confusion, since police officers are usually seen in the aftermath
of a crime that has already been committed, that ascription of similar function
makes people believe that “security = problems.”<span style="mso-spacerun: yes;"> </span>But those in our profession know that the opposite is really the
truth – that the foundation and raison d’etre of security is finding ways to
identify and prevent (or at least mitigate) problems before they occur.<span style="mso-spacerun: yes;"> </span>The underlying principle of security should
be to create a safe, inviting environment for all the persons who visit a
company and have dealings with it.
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
So for those companies that have tried to be politically
correct by re-branding the persons who try to keep them safe and to try to
convey the impression that problems do not exist, that is certainly your
choice.<span style="mso-spacerun: yes;"> </span>But I for one am comforted
whenever I visit a place that proudly announces that it has good and strong
“security.”</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
</span><div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"></span> </div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-80857528636889225062013-08-28T14:20:00.002-07:002013-09-09T03:46:46.305-07:00The Building Blocks Of Security<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
From the first tower of a toddler to the most sophisticated
building in the world, no structure can be put together properly without a firm
foundation of building blocks.<span style="mso-spacerun: yes;"> </span>And if
we equate the infrastructure of a business to a building and presume that part
of that infrastructure is a sound security program to make sure that the
business doesn’t collapse, the same holds true – we need a firm foundation of
building blocks.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Here are the building blocks that will result in a sound
security program:
<br />
<br />
<div class="MsoBodyText" style="margin: 0in 0in 6pt 0.25in; mso-list: l3 level1 lfo16; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->If I need to protect my business and my stuff and my
liability, I need to know exactly what my business and my stuff and my
liability are.</div>
<br />
<div class="MsoBodyText" style="margin: 0in 0in 6pt 0.25in; mso-list: l3 level1 lfo16; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->If I need to protect my business and my stuff and my
liability, I need to know all of the potential problems and threats I might
encounter that might put them at risk.</div>
<br />
<div class="MsoBodyText" style="margin: 0in 0in 6pt 0.25in; mso-list: l3 level1 lfo16; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->If I’ve identified all my potential problems and
threats, I need to know how likely it is that each of those problems and
threats might occur so that I can prioritize them.</div>
</div>
<div class="MsoBodyText" style="margin: 0in 0in 6pt 0.25in; mso-list: l3 level1 lfo16; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->If I’ve determined the likelihood of occurrence of each
of my potential problems and threats, I need to know what the impact would be
to my business, stuff and liability if any of those potential problems or
threats occurred so that I can prioritize them.</div>
<br />
<div class="MsoBodyText" style="margin: 0in 0in 6pt 0.25in; mso-list: l3 level1 lfo16; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->If I’ve gathered all the information about my business
and stuff and liability and prioritized them,<span style="mso-spacerun: yes;">
</span>and prioritized all the problems and threats that may occur, I need to
determine if a security plan is needed.<span style="mso-spacerun: yes;">
</span></div>
<br />
<div class="MsoBodyText" style="margin: 0in 0in 6pt 0.25in; mso-list: l3 level1 lfo16; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->If I already have a plan to protect my business and
stuff and liability, I need to know if any safeguards I currently have in place
are adequate and sufficient.</div>
<br />
<div class="MsoBodyText" style="margin: 0in 0in 6pt 0.25in; mso-list: l3 level1 lfo16; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->If I don’t already have plan to protect my business and
stuff and liability, I need to develop one based on the information I’ve
gathered, and I need to implement the appropriate safeguards.</div>
<br />
<div class="MsoBodyText" style="margin: 0in 0in 6pt 0.25in; mso-list: l3 level1 lfo16; tab-stops: list .25in; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span><!--[endif]-->If I have a plan and safeguards to protect my business
and stuff and liability, I have to assess and adjust them regularly to assure
that they remain adequate and sufficient in relation to changing circumstances.</div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
A firm foundation usually assures that what is on top of and
around it is strong.</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com1tag:blogger.com,1999:blog-37178233.post-52759313002486542862013-07-16T03:54:00.000-07:002015-03-30T12:09:49.019-07:00What Is “Profiling” – And Is It Inherently Bad
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
From the never-ending hunt for terrorists to the George
Zimmerman/Trayvon Martin criminal case, the term “profiling” is much in
everyday news and media.<span style="mso-spacerun: yes;"> </span>But do we
fully understand the concept?</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
If memory serves me correctly, “profiling” was initially
intended to connote an unwarranted singling out of a particular group for
excessive or intense scrutiny.<span style="mso-spacerun: yes;"> </span>The term
was primarily focused on law enforcement practices,<span style="mso-spacerun: yes;"> </span>and was usually translated to mean the surveillance of persons of
color by white police officers for no particular or specific reason other than
the color of their skin.<span style="mso-spacerun: yes;"> </span>The term was
then expanded:<span style="mso-spacerun: yes;"> </span>“surveillance” was
expanded to include practices such as stopping, questioning, detaining, and
harassing; and “color of their skin” was expanded to include certain names,
ethnic groups, religious affiliations and neighborhoods.<span style="mso-spacerun: yes;"> </span>Used in that narrow and straightforward
context, “profiling” is not a good concept or effective law enforcement strategy.<span style="mso-spacerun: yes;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span>HOWEVER:<span style="mso-spacerun: yes;"> </span>With the
advent of sophisticated data collection practices and tools,
information-gathering has become the norm rather than the exception, so the
“simple” concept of profiling is no longer so simple and straightforward.<span style="mso-spacerun: yes;"> </span>Now there are empirical ways to gather and
analyze data to single out and categorize specific groups for specific reasons
– the perpetrators of every type of crime or terrorist act can be specifically
identified and correlated to specific kinds of incidents.<span style="mso-spacerun: yes;"> </span>This categorization of individuals who are
undeniably linked to particular kinds of crimes and incidents creates groups
who need to be more intensely scrutinized than groups who have little if any
relationship to those crimes.<span style="mso-spacerun: yes;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span>Hypothetical case in point:<span style="mso-spacerun: yes;">
</span>I am the Security Manager for a store with a significant theft
problem.<span style="mso-spacerun: yes;"> </span>I have competently performed
my due diligence and gathered and analyzed information from 5 years worth of
theft statistics including surveillance video and apprehensions and
investigations and interviews, and the resulting empirical data shows that 95%
of my theft problems have been caused by well-dressed white women over the age
of 50.<span style="mso-spacerun: yes;"> </span>Is it not then good practice to
pay special surveillance attention to well-dressed white women over the age of
50 who come into my store?<span style="mso-spacerun: yes;"> </span>And if so,
then watching for those women is NOT “profiling” in the bad sense, it is good,
reasonable and appropriate security practice which I would be remiss to ignore.<span style="mso-spacerun: yes;"> </span>But have I singled out (“profiled”) a
particular group for enhanced observation?<span style="mso-spacerun: yes;">
</span>Certainly.<span style="mso-spacerun: yes;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span>Profiling is not inherently a bad practice.<span style="mso-spacerun: yes;"> </span>It is bad only when used in a haphazard,
uneducated, unsubstantiated manner.<span style="mso-spacerun: yes;"> </span>So
the intensified scrutiny of young Middle Eastern men by those concerned with
terrorism detection and prevention, or the focused scrutiny of an unrecognized
young black man by a neighborhood watch volunteer are not intrinsically bad
things.</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-45286618723343842362013-06-28T04:21:00.000-07:002013-06-28T04:21:13.278-07:00Righting 4 Profeshunals
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
You can probably read and understand the title of this post,
but that doesn’t make it right…</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
I currently belong to a number of online professional forum
groups; and I’m active in the groups, so I see many posts from persons with lots
of letters after their names including those denoting professional
certifications and Masters Degrees and Doctorates.<span style="mso-spacerun: yes;"> </span>Yet I continue to be amazed at the quality of communication from
many persons who share their thoughts in these posts because,<span style="mso-spacerun: yes;"> </span>with all due respect, the quality of the
written words frequently is not commensurate with what I expect from
professionals.<span style="mso-spacerun: yes;"> </span>Spelling errors (which
can largely be avoided with Spell Check), grammatical usage errors, use of
incorrect words and terms (“then” for “than,” “there” for “their” or “they’re,”
etc.), poor (if any) punctuation, etc. etc. seem to be the norm rather than the
exception.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
So why is this important, you ask?<span style="mso-spacerun: yes;"> </span>This is only going to be seen by others on the forum, you
say?<span style="mso-spacerun: yes;"> </span>Maybe!!<span style="mso-spacerun: yes;"> </span>But I have a hard time believing that the same people who cannot
write a coherent sentence to fellow practitioners and professionals take the
time and make the effort to do any better when they’re writing “official”
documents, reports and memos.<span style="mso-spacerun: yes;"> </span>And how
do we know that the very people who we should be trying to impress – like
bosses, clients, professional adversaries, etc. – aren’t also reading what we
write?</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Habits are difficult to break, especially when it comes to
speaking and writing.<span style="mso-spacerun: yes;"> </span>If someone is
used to using colorful, vulgar language in everyday speech, sooner or later one
of those colorful terms is going to slip out at exactly the wrong moment – like
when having a conversation with a corporate executive or a client.<span style="mso-spacerun: yes;"> </span>If someone is used to writing careless and
sloppy postings on a forum (like texting “shorthand”), sooner or later that
same level and quality of writing is going to be used in a document being read
by a company president or local District Attorney or Judge.<span style="mso-spacerun: yes;"> </span>Based on some of the posts on these forums,
it’s sometimes difficult to get to and appreciate the content of a post because
of all the distractions from poor format.<span style="mso-spacerun: yes;">
</span>And yes, I realize that many professionals have someone else to do their
formal writing. But professionals do – or should – proofread any work done on
their behalf, which is hard to do if the professional himself is lax in writing
skills (it’s hard to find errors when reading if you can’t write any better
yourself).<span style="mso-spacerun: yes;"> </span>And even those professionals
with assistants to do most of their writing occasionally write for themselves
(like in these forums) and the deficiencies become glaring.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
And one other reason why this is important:<span style="mso-spacerun: yes;"> </span>Professionals are frequently judged on first
impressions, and first impressions are frequently made based on what we say or
on something we’ve written.<span style="mso-spacerun: yes;"> </span>If we
communicate well, our actions may not be scrutinized as closely because we will
be perceived as intelligent, knowledgeable people. But if we communicate
poorly, our actions – even the good ones – can be diminished because of what we
have said or written.<span style="mso-spacerun: yes;"> </span>The quality of
communication – either verbal or written – is just as important as the
content.<span style="mso-spacerun: yes;"> </span>And with the proliferation of
online forums where everything everyone writes is preserved for posterity, it
becomes a simple matter for anyone – like an opposing attorney – to dig up a
file full of posted faux pas in an attempt<span style="mso-spacerun: yes;">
</span>to disparage professionalism and credibility (an avoidable problem, thus
inexcusable).</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
One of the best compliments I have ever received during my
tenure as a Director of Security was being told by a District Attorney that
the reports written by my security personnel were far superior to those written
by the local police.<span style="mso-spacerun: yes;"> </span>I have seen cases
lost because of poor communication (documentation).<span style="mso-spacerun: yes;"> </span>But in 30+ years, neither I nor my staff have ever lost a case
for that reason.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Meant as constructive criticism, and to generate thought…</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com1tag:blogger.com,1999:blog-37178233.post-34221570070739819052013-04-23T03:29:00.000-07:002013-04-26T06:33:21.109-07:00Conducting Emergency Preparedness Drills<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">There is increasing awareness and understanding of the need
for adequate and proper planning for emergencies.<span style="mso-spacerun: yes;"> </span>Preparedness for any type of emergency (natural or man-made,
accidental or deliberate, criminal or terrorist) really requires not only the
development of an appropriate strategy and plan with commensurate policies and
procedures, but 2 additional, separate but equally important activities:<span style="mso-spacerun: yes;"> </span>a desktop exercise, and a live/physical
drill.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">The desktop exercise will be of significantly longer
duration than the live drill (because activities will be discussed
consecutively rather than occurring concurrently) and should include all
stakeholders, all of whom should participate in all aspects of the
exercise.<span style="mso-spacerun: yes;"> </span>The agenda should include
verbalization and visualization (maps, charts, etc.) of all steps that would be
taken during each phase of an actual emergency.<span style="mso-spacerun: yes;"> </span>Key decision-makers and responders for each phase should take the
lead in the discussions, but the discussions should also include immediate
analysis, feedback and critique from all participants to assure that as many
nuances and potential problems as possible are brought to light (the different
perspectives from persons usually not directly involved in a particular aspect
can be very helpful and insightful).</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">To be effective and a true learning and preparedness
experience, a live/physical drill must include everyone that would normally be
involved at the time of a live incident (and that includes random types of
non-employees who would normally be present at the scheduled time of the drill)
and should be conducted in real time – some organizations erroneously believe that
only certain employees need to participate in an emergency drill and those only
need to slowly act out or verbalize their motions during the drill.<span style="mso-spacerun: yes;"> </span>But such is not productive, since it is
important to learn/know what the scope of chaos and extent of time will be
during an actual event, both of which are critical for successful mitigation of
a real emergency.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">As in any facet of real life, theoretical knowledge is
important; but actual hands-on participation is a key component of assuring
that emergency plans are truly workable.</span></div>
<span style="font-family: inherit;"><div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
</span><div class="MsoNormal" style="margin: 0in 0in 0pt;">
<br /></div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-2869185940430539072013-03-20T13:41:00.001-07:002013-03-20T13:46:39.615-07:00What Is “Success” In Security?<br />
There is one unequivocal certainty in the world of
security:<span style="mso-spacerun: yes;"> </span>There is no such thing as
absolute security (defined as some strategy or system that will fully protect
everything against everything all the time) – given sufficient resources,
motivation and opportunity, any/every security strategy and system can
eventually be breached.<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
So…since we know that even the best security may be
breached, how do we measure success?</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
For purposes of this commentary, we have to re-define some
terms that are usually pretty straightforward – “success” and “failure.”</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Let’s begin with “failure.”<span style="mso-spacerun: yes;">
</span>In the world of security, we can have occasional “failures”
(independent, isolated incidents in which the security plan was not fully
effective), without having “FAILURE” (a complete and continuing collapse of
protection due to an ineffective security strategy).<span style="mso-spacerun: yes;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span>The same holds true for “success.”<span style="mso-spacerun: yes;"> </span>We can have recurring “successes” (times during which protection
efforts are adequate and sufficient to meet extant security needs), even while
realizing that we can never achieve “SUCCESS” (the continuous state of
everything being adequately and sufficiently protected against everything).</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
When trying to assess whether security has been a “success”
or a “failure” based on these definitions, we must also add another component
to the mix: "legal defensibility" (a security strategy that includes the elements
that a reasonable person would utilize to provide reasonable security at a
particular place and time under a given set of circumstances).<span style="mso-spacerun: yes;"> </span>The addition of this concept raises another
interesting conundrum:<span style="mso-spacerun: yes;"> </span>Even when
security efforts are occasionally “successful,” they may not be "legally
defensible" (because the security strategy may not withstand legal scrutiny when
an incident occurs).<span style="mso-spacerun: yes;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span>So back to the original question: What is success in
security?<span style="mso-spacerun: yes;"> </span>The answer is really not
that difficult:<span style="mso-spacerun: yes;"> </span>Success in security is
the existence of a strategy which protects most things most of the time; and
which will endure legal/forensic analysis during challenges which result from
short-lived “failures.”</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
As always we should hope for the best, but we must plan for the worst.</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com1tag:blogger.com,1999:blog-37178233.post-82461986360247199602013-02-18T14:23:00.002-08:002013-02-18T14:23:55.442-08:00Challenges To Effective Security
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Here are some facts that I have found to be unequivocally
true during my 30+ years of providing security service and counsel to a wide
variety of organizations:</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
We <strong><u>ARE</u></strong> a reactive culture.<span style="mso-spacerun: yes;">
</span>For a variety of reasons, primarily economic, we do not do the things
proactively that would make us less attractive targets; and we naively believe
that “it can’t happen to me.”</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
There <strong><u>ARE</u></strong> bad people in this world, bad for a variety of
reasons, who do bad things; and many of those bad people are not recognized
preemptively because we again naively believe in the inherent goodness of all
people and tend to and want to overlook anything that deviates from that rosy
perspective.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
There is <strong><u>NO SUCH THING</u></strong> as absolute security – nothing can be
done to assure that nothing bad ever happens.<span style="mso-spacerun: yes;">
</span>The best that can be achieved is security that protects from most bad
things most of the time – and even that level requires continuous attention.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
People intent on doing bad things <strong><u>WILL</u></strong> find a way to achieve
their objective – they <strong><u>WILL</u></strong> find the resources and opportunity to perpetrate
bad things, regardless of what stumbling blocks – i.e., good security – are
imposed.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Those are the downsides; here are the upsides:</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Even being reactive is <strong><u>BETTER</u></strong> than ignoring security
problems completely and continuously.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<strong><u></u></strong> </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<strong><u>IF</u></strong> we stop always trying to be politically correct and <strong><u>IF</u></strong> we
make informed, judicious, prudent use of tools like “profiling” we <strong><u>WILL</u></strong> be more
able to proactively identify more bad people.<span style="mso-spacerun: yes;">
</span>And after my lengthy experience in this business,<span style="mso-spacerun: yes;"> </span>I totally despise the currently-in-vogue
concept of “profiling” – if empirical data suggests that 95% of my problems
are caused by xxx people, then watching for xxx people is <strong><u>NOT</u></strong> profiling, it is
good, reasonable security practice which I would be remiss to ignore.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<strong><u>IF</u></strong> we harden targets appropriately, having adequate and
sufficient security will not stop all bad things from happening, but it <strong><u>WILL</u></strong>
stop most of the worst things most of the time.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Even bad persons usually hope to achieve 2 things: accomplishment of their bad deeds, and concluding the accomplishment of their bad deeds in the way they desire (usually either anonymous escape, or suicide).<span style="mso-spacerun: yes;"> </span>Good security <strong><u>WILL</u></strong> reduce the“environment conducive to criminality” at a given place so that the bad person might choose to do his bad things elsewhere.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
A whole other facet of this issue may divert into a
discussion of who is best able to provide security guidance and assistance to
the places that most need it.<span style="mso-spacerun: yes;"> </span>Once
again – as usually is the case – economics dictates to many organizations that
security planning assistance comes from a little- or no-cost resource, which is
frequently the local law enforcement agency.<span style="mso-spacerun: yes;">
</span>But with all due respect to my law enforcement colleagues who provide
heroic and loyal service on a daily basis,<span style="mso-spacerun: yes;">
</span>they are usually not the best source of advice on <em>security</em> matters, if
for no other reason than that is not their primary job focus.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Better security can be achieved anywhere…but it comes at a
cost and requires a commitment.</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-19254098299911962012013-01-10T07:19:00.000-08:002013-01-10T07:19:34.878-08:00Sandy Hook Tragedy - Response, Part II
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
The tragedy at Sandy Hook Elementary School seems to have
offended our sensibilities more than other such tragedies because of the ages
of the victims.<span style="mso-spacerun: yes;"> </span>But in reality, this
tragedy was not significantly different or worse than other such events –
innocent lives should never be lost at the hands of a crazed or deranged
person.<span style="mso-spacerun: yes;"> </span>The term “gun violence” is
always a prominent part of stories about these events, and the anti-gunners
capitalize on that fact to put their emphasis on the wrong word:<span style="mso-spacerun: yes;"> </span>the crux of the problem is violence, not
guns.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
While not the warm and fuzzy, politically correct
philosophical ideal, it is nonetheless an absolute fact that it is simply and
literally impossible to identify all the people who will do bad things and/or
to accurately predict what bad things they will do and/or when and where they
will do them.<span style="mso-spacerun: yes;"> </span>Period.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Since bad things will undoubtedly happen regardless of our
wishes, intentions and preventive efforts (because there is no such thing as
absolute security, meaning some system/strategy that will protect against any
conceivable or possible threat at all times), it behooves us to have the best
mitigation, response and recovery strategies in place to protect everything
important (meaning people, physical things and information).</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Security must be considered at least as important and
necessary as our attitudes and endeavors related to fire, which we have
embraced and incorporated wholeheartedly:<span style="mso-spacerun: yes;">
</span>While it is nice to idealize that people and things won’t burn and hope
that “…it can’t happen here,”<span style="mso-spacerun: yes;"> </span>yet we
still design and implement (and pay for) reasonable and sometimes mandated fire
protection precautions into our buildings; and install fire control systems and
have fire response equipment in our buildings; and have regular fire system
inspections; and have extensive fire plans that are reviewed and updated
regularly; and have regular fire drills; and have internal personnel properly
trained to deal with fires; and have Fire Departments to come and put out fires
when they occur; and have plans to maintain and/or resume operations after a
fire event. Why is the same not so for security? </div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Why are places with adequate and sufficient fire control
systems and procedures not considered “fire traps,” but places with adequate
security systems and procedures are considered “armed fortresses?” When I walk
into a building and see sprinklers on the ceiling and fire extinguishers at key
places and evacuation route maps and “No Smoking” signs on the walls and a fire
truck parked outside, I get a feeling of comfort – the thought never crosses my
mind that this building must pose some grave fire danger.<span style="mso-spacerun: yes;"> </span>Why do we not put commensurate emphasis on
security?<span style="mso-spacerun: yes;"> </span>Why do we not see alarm
systems and CCTV cameras and monitors and uniformed – perhaps armed – security
personnel as an indication of concern for our safety and security?</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Logic and consistency do not seem to be traits held in
esteem by anti-gun proponents, because in virtually no other situation do they
condemn the tool used in a bad consequence as the cause or culprit:<span style="mso-spacerun: yes;"> </span>When a porch pulls away and falls from a
house killing/injuring partygoers, the hammer is not blamed.<span style="mso-spacerun: yes;"> </span>When a pedestrian is killed by a drunk
driver, the car is not blamed.<span style="mso-spacerun: yes;"> </span>When an
editorial or cartoon is written that enflames and angers the masses, the
typewriter/computer is not blamed Only
when it comes to guns is the tool rather than the actor condemned.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
We learned (or should have learned) from Benghazi that
diplomatic and bureaucratic and philosophic options are meaningless at the time
of an attack, because without proper response capability good people die.<span style="mso-spacerun: yes;"> </span>When my family is being threatened with
grave harm and I am not present to intervene, I do not want a philosopher or
psychologist or social worker or a book of social ills analysis there – I want
“…rough men (who) stand ready in the night to visit violence on those who would
do us harm.”</div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<o:p></o:p></div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-11764031517959945552012-12-27T07:03:00.000-08:002013-01-10T07:19:56.388-08:00Sandy Hook Tragedy - Response, Part I<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">Once again a tragedy involving a firearm has struck the U.S.
(Sandy Hook Elementary School in Connecticut); and the aftermath brings the
usual spate of comments and solutions to avert such tragedies in the future,
most of which deal with additional regulation of guns.<span style="mso-spacerun: yes;"> </span>But let’s not forget that most of the
rhetoric related to guns and gun laws is spouted by both individuals and media
who have little if any true knowledge or experience with either.<span style="mso-spacerun: yes;"> </span>Cases in point:</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">Many/most of the current diatribes make frequent use of the
terms “assault rifle” and “semi-automatic” and paint them with the same
negative brush. In reality, an “assault rifle” (as available to civilians) is
nothing more than a cosmetically-different rifle (configured to resemble a
military weapon), most of which are “semi-automatic” which simply means that 1
bullet is fired with each pull of the trigger and the next bullet is fed into
the firing chamber without manual manipulation (strictly speaking, even a
revolver operates in a “semi-automatic” manner!).</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">There are literally tens of thousands of gun-related laws in
the U.S., ranging from Federal law to local/municipal law. Virtually every
facet of owning, carrying, transporting and using a gun is either directly
regulated in some way or is covered under the umbrella of some related law
(e.g., a general law relating to disorderly conduct would encompass the act of
unnecessarily brandishing a gun).</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">Deliberate gun violence (crime) and inadvertent gun harm
(accidents) are not the “epidemic” that might be expected due to the civilian
ownership of approx. 300 million guns in the U.S. – approx. 8% of all violent
crimes are committed by a person known to have a gun, and approx. .5% (1/2 of 1
percent) of all fatal accidents involve guns.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">Guns are used approx. twice as often for self-defense as
they are to commit crimes; and crime and murder rates are generally lower in
states with established concealed-carry laws.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">Two of the cities with the strictest regulation of gun
ownership and possession in the U.S., Washington, D.C. and Chicago, IL, have
crime and murder rates involving handguns significantly higher than the
national average for the same offenses; and both cities had significant
increases in their crime and murder rates after the more stringent gun laws
went into effect.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">There is no way to predict anti-social or psychopathic
behavior (the root causes of the vast majority of gun misuse); and there is no
way to assure that a person unfit to own, possess or use a gun will never do
so.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;">So…guns are not inherently evil, they are simply tools for a
variety of purposes; there are sufficient gun laws on the books if they would
be administered/enforced strictly and consistently (the vast majority of
gun-related crimes are diminished or pled down during criminal proceedings);
the vast and overwhelming majority of guns in the U.S. are owned and used
lawfully and responsibly.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: inherit; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;">Here is a rhetorical question for the anti-gunners: If
guns are so inherently bad, why do you immediately want a gun on scene (in the
hands of a trained professional) to respond to and mitigate some evil action?
It would seem that that in itself is a tacit admission that it is not the gun
itself that is inherently bad…</span></div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com1tag:blogger.com,1999:blog-37178233.post-27421808111104295012012-11-13T07:23:00.000-08:002012-12-27T08:49:41.795-08:00The "Environment Conducive to Criminality"<span style="font-family: Arial, Helvetica, sans-serif;"></span><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">In most states in the U.S., landlords/proprietors have some
basic obligation to provide a reasonably safe and secure environment for
tenants, patrons and other invitees.<span style="mso-spacerun: yes;">
</span>This obligation may arise from specific laws/statutes, or from general
laws/statutes relating to negligence, or from case law.<span style="mso-spacerun: yes;"> </span></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span><span style="font-family: Arial, Helvetica, sans-serif;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span><span style="font-family: Arial, Helvetica, sans-serif;">In any event, the obligation to provide a safe environment
virtually always uses the concept of <i>reasonable security</i> based on <i>foreseeability</i>
as the test for adequacy and sufficiency of security when some incident
occurs.<span style="mso-spacerun: yes;"> </span>In simple terms, this means
that a landlord/proprietor must take the precautions that a reasonable person
would take under the same/similar conditions and circumstances after giving due
consideration to factors affecting the premises (namely:<span style="mso-spacerun: yes;"> </span>the inherent nature of the premises; the
history of problems at the premises; the history of problems in the area
immediately surrounding the premises; and any industry standards that may exist
relating to the premises).<span style="mso-spacerun: yes;"> </span>This
definition thus presupposes that some “one-size-fits-all” approach to security
will usually not be adequate or sufficient since circumstances are different at
every premises.<span style="mso-spacerun: yes;"> </span>But the single factor
which exists in the majority of times when some security incident occurs at
some specific place is what I refer to as the “environment conducive to
criminality.”</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial, Helvetica, sans-serif;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">Let me here make a disclaimer:<span style="mso-spacerun: yes;"> </span>There is no such thing as absolute security (meaning continuous,
constant, total, complete and unqualified protection and safety of a given
asset) – any security system or strategy can be compromised given sufficient
motivation, opportunity and resources.<span style="mso-spacerun: yes;">
</span>So, since security breaches can occur even when adequate and sufficient
security exists, then the primary purpose of any security strategy is to
control as many variables as possible to limit the opportunity for criminal
acts to the extent reasonably possible, i.e., make it as difficult as possible
for crime to occur successfully.<span style="mso-spacerun: yes;"> </span></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span><span style="font-family: Arial, Helvetica, sans-serif;"> </span></div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
<span style="mso-spacerun: yes;"></span><span style="font-family: Arial, Helvetica, sans-serif;">Except for crimes of passion (which generally occur
spontaneously), criminals usually seek 2 conditions when deciding
how/when/where to commit a crime:<span style="mso-spacerun: yes;">
</span>environment/circumstances which allow greatest probability of the
criminal act succeeding; and environment/circumstances which allow greatest
probability of committing the criminal act without being stopped, caught or
identified.<span style="mso-spacerun: yes;"> </span>This means that criminals
generally choose the circumstances and places which provide the greatest
opportunity for successful accomplishment of the crime – they choose a place
which has an “environment conducive to criminality.”</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"></span><br />
<div class="MsoNormal" style="margin: 0in 0in 6pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">As noted above, every place is
different and has different conditions to consider when determining security
needs.<span style="mso-spacerun: yes;"> </span>But regardless of place or
conditions, an “environment conducive to criminality” usually has some common
traits:</span></div>
<ul><span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">no formal or careful consideration has been given to security needs (nothing has been done to assure that appropriate security measures have been implemented commensurate with foreseeable threats)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">no formalized security plan exists (security measures, if any even exist, have been chosen and applied haphazardly with no formal strategy or objective)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">area has easy access (a place which has a perimeter which cannot readily be secured or which has access controls which can be easily defeated)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">area is unkempt (making it difficult to determine if something is missing or providing places to hide or move furtively)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">area is dark (a place where crime can occur undetected and persons cannot be readily seen or identified)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">area is not routinely surveilled either by technological means (such as cameras) or persons (a place where crime can occur undetected and persons cannot be readily seen or identified)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">area has no regulatory or warning signage prominently displayed (information is not provided to advise patrons of proper or prohibited behaviors, to publicize security measures as a deterrent to inappropriate/criminal activity, and/or to warn of the penalties for engaging in inappropriate/criminal activity)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">there is no ready security response when problems occur (no plan is in place or competent personnel available to deal with inappropriate persons or activities)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">employees, even those ostensibly having security responsibilities, are not selected or trained properly (personnel are not competent to identify suspicious persons or respond to inappropriate/criminal activity)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">records/documentation related to security are not maintained (history of security issues is not kept or reviewed to ascertain that security measures are adequate and sufficient)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><div style="text-align: left;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span>
<li><div style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;">security is not given adequate management attention (nothing is routinely done to assure that security measures are adequate and sufficient for current or changing security needs)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></ul>
<span style="font-family: Arial, Helvetica, sans-serif; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;">In summary and conclusion:<span style="mso-spacerun: yes;"> </span>When a place fails to identify its security needs and fails to
take reasonable steps to provide reasonable security, the result is usually a
place where persons go to engage in inappropriate and criminal activities with little concern for being stopped, identified or caught – a place with an “environment conducive to criminality”. </span>The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-8762554789718866632012-10-11T03:51:00.000-07:002012-10-11T03:51:42.341-07:00The Lesson from Benghazi
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
The tragic – and apparently avoidable – death of an
Ambassador and 3 other officials is another grim reminder of both an endemic
and systemic problem:<span style="mso-spacerun: yes;"> </span>the United States
is a reactive country.<span style="mso-spacerun: yes;"> </span>And this is a
significant problem for both national security strategy and business
security.<span style="mso-spacerun: yes;"> </span>Loss of life is certainly far
more important than the loss of physical or intellectual assets, but the
underlying principle is basically the same:<span style="mso-spacerun: yes;">
</span>we fail to provide adequate security.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
As a nation and in the business sector, we tend to be more
reactionary than proactive – we have a long history of “not closing the barn
door until after the horse has run off.”<span style="mso-spacerun: yes;">
</span>We believe that bad things can happen, but only somewhere else or to
somebody else;<span style="mso-spacerun: yes;"> </span>and even when we
recognize that something bad may happen, we rarely expect the worst-case
scenario to occur.<span style="mso-spacerun: yes;"> </span>We tend to look only
at the immediate past for the information with which we make our decisions
regarding the immediate future.<span style="mso-spacerun: yes;"> </span>So
when there are few actual, everyday problems or incidents, security becomes an
afterthought and again becomes relegated to the status of “necessary evil.”</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
We fail to recognize that the law of averages and the intent
of our enemies will ultimately affect everybody. We rely on our God or Lady
Luck or whatever to keep us safe from “the big one.” The security assessors and
planners are always viewed as the naysayers,<span style="mso-spacerun: yes;">
</span>the ones who bring negativism to the table because, while everybody else
is talking about peace and détente and political correctness, the person
charged with looking for the bad things will raise his hand and ask “...But
what if...?”<span style="mso-spacerun: yes;"> </span>And all the shaking heads
will turn in that person's direction and his views will be looked on as the
ramblings of someone who isn't really with the team or on the bandwagon because
"...those things just won't happen to us." But they can...and they
will...and they usually do happen.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
The major cause for having inadequate security is readily
apparent:<span style="mso-spacerun: yes;"> </span>the people who do the
security assessments and create the security plans (in other words, the people
who are the most likely to know what to expect) are never the ones in complete
control of security. Responsible and accountable and scapegoat-able, yes. In control,
no. Why? Because someone else always controls the decision to implement the
plans and policies, the money and the resources. Some bureaucrat or executive
always has to look at what the security readiness plan will entail and cost and
determine – usually in a completely uninformed way – if the imposition of
inconvenience and expenditure is really worthwhile, and if the funds and other
resources are really most wisely spent on something that may never happen.<span style="mso-spacerun: yes;"> </span>So with this fiscal attitude, bolstered by
our naïve and erroneous belief that it can't happen to us, the will and the
money and the resources we need for truly adequate security are never in place
when we need them most – preferably before, but at least at the beginning of
some disaster.<span style="mso-spacerun: yes;"> </span>And we suffer
again.<span style="mso-spacerun: yes;"> </span>Needlessly.</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 0pt;">
Both our nation and the business world need to recognize the
importance and value of security.<span style="mso-spacerun: yes;"> </span>Our
post-9/11 world,<span style="mso-spacerun: yes;"> </span>coupled with the
realities of today’s economy, makes the practice and implementation of adequate
security a virtual necessity.<span style="mso-spacerun: yes;"> </span>No longer
can the protection of our people and our assets be relegated to good fortune
and happenchance.<span style="mso-spacerun: yes;"> </span>Rather, a systematic
approach to assure that everything reasonable is being done to guarantee our
nation’s and our business organizations’ safety and financial well-being is of
vital and strategic importance.<span style="mso-spacerun: yes;"> </span>And the
marketing and selling of the concept of adequate protective efforts is a job
that must be continually and relentlessly pursued by security professionals,
since bureaucrats and executives are most often concerned only with the things
that undermine the ability to provide good security.</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-43706081697772794182012-09-05T17:44:00.002-07:002012-09-05T17:44:44.839-07:00A Lesson from the Past<br />
<div class="MsoNormal">
I think the adage “If no order, chaos” is truly applicable
in the security world – not necessarily to the security function per se, but to
the overall concept of security, loss prevention and asset protection within
business organizations.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
I am old enough to remember the days when order and
discipline was the rule of thumb in the business world: Executives set goals and broad strategies;
management made policies and rules to support and implement the strategies; and
employees were expected – nay, REQUIRED – to follow and implement the rules and
procedures and policies. Each of those
three tiers had its inherent authority, responsibility and accountability. If a particular person in a particular tier
did not properly exercise his role, he would be disciplined – formal discipline
on his record, or demotion, or termination.
Everybody clearly understood his particular defined role in the
organization, its concomitant responsibilities, and the penalties for
failure. Supervisors and managers were
responsible for assuring compliance – they actually supervised and
managed. This was the very concept and
essence of ORDER.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
In those days, there was far less opportunity for internal
security problems within a business organization because there was a defined
system of checks and balances, and there were people in place to assure that
the system functioned properly and successfully. The thought and belief was “Even if Big Brother (i.e., Security)
was not watching, my boss was.” I had
to perform and behave, or I’d be gone.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Today, that scenario does not exist. Everybody does everything, so nothing really
gets done thoroughly or correctly (another true adage: “When everyone is responsible, no one is
responsible”). Executives don’t have
time to formulate sound goals and strategies because they’re too busy and
worried about what is now the end-all and be-all of business: next week’s
profits. So management muddles along,
trying to support the executives’ “goal” of next week’s profits. And the employees do whatever their job-of-the-day
happens to be. EVERYONE gets
frustrated. There is NO sound
management or supervision. So there is
lots of time and opportunity to devise devious schemes for “getting my fair
share” and doing things in the easiest, simplest way possible, which results in
errors and mistakes and an I-don’t-care attitude. This is the very concept and essence of CHAOS.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Some organizations still focus primarily on “old” security
ideas like preventing, mitigating and managing external problems. But that is because there was a time when
focusing on external problems (like theft, trespassing, vandalism, bad checks
and credit cards, etc.) was pretty much the sole extent and focus of the
security function because there just weren’t that many other issues for
Security to be concerned about, because when there was ORDER the internal
systems worked and resulted in efficiency, correctness…and low levels of loss.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
But now in the land of CHAOS there are many more things to
be concerned about in terms of protecting an organization, many (most?) of
which are internal, because Security has been charged with cleaning up the mess
created by the broken systems that were broken by someone else. And in order to fix this pervasive problem,
we have to first repair the broken windows before we can make sure that they
don’t get broken again.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Oh for the simple life of the past……</div>
The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0tag:blogger.com,1999:blog-37178233.post-54658479708534077112012-07-13T05:54:00.000-07:002012-07-13T05:54:15.728-07:00Value of a Diverse BackgroundWhen selecting an organizational security executive, an independent security consultant or a security expert witness, the nature and diversity of the individual’s background should be given thoughtful and careful consideration.<br />
<br />
In general, security professionals should have practical rather than (or at least in addition to) theoretical experience. While a knowledge of security concepts and theories is helpful and necessary, it is generally more valuable for a person who will manage or review security operations to have “…been there, done that.” In other words, a professional who has actually worked with the principles he is expected to administer or review (a practitioner) generally brings a more comprehensive perspective than someone who has only studied the principles in theory (a researcher or academician). <br />
<br />
In addition, many organizations feel that a person with public law enforcement experience will necessarily make a good security executive, but then do not take into account the nature of the law enforcement experience. With the inherent difference between law enforcement and security – a reactive mindset vs. a proactive mindset – it is important to assure that the law enforcement candidate being considered has some practical experience with the kinds of activities most likely to be encountered in the business setting. This concept holds true in the selection of an independent consultant or expert witness.<br />
<br />
As an example, my professional background is unique because it brings a practical knowledge of my field from 3 distinct perspectives: I have served as a Director of Security for 3 organizations, assessing security needs from a subjective standpoint, developing, implementing and managing security programs; I have served as an independent Security Consultant to a wide variety of private and public sector organizations assessing security needs from an objective standpoint, recommending strategies for risk mitigation; and I regularly serve as a court-recognized Security Expert, evaluating adequacy and sufficiency of security programs and operations from a forensic standpoint. <br />
<br />
Diverse experience guarantees both broad knowledge and analytical insight.<br />
<br />The Security Consultanthttp://www.blogger.com/profile/11187332630488385461noreply@blogger.com0