Now, there’s the rub! Is the consultant addressing topics relevant to the client’s perceived need, or just addressing his/her area of expertise?
We live in a world where organizations face a diverse array of threats. The daunting task of the Security discipline is assessing the associated risk and prioritizing limited resources to address mitigation. During the discovery process, sometimes I can see clients running through the inventory in their heads… controlled access, monitored access/intrusion, forensic or active video surveillance, hardening networks, improving identity management, information security (etc.). The validity of such an assessment depends heavily on understanding the values and mission of an organization. Protecting assets can take many forms: human, equipment, financial and intellectual resources, even a company’s reputation.
How does a prospective client determine which potential partner can provide the greatest value in addressing their needs?
The key deciding factor should be a demonstrable understanding of the unique environment in which each organization operates and the challenges faced. As specific expertise seems to be required, the understanding narrows to smaller and smaller subsets of potential threats… and relevance slowly diminishes.
The majority of end-users depend on their partners (consultants/contractors) to help them understand their vulnerabilities and address them effectively. In a security continuum where there are so many competing messages, most value propositions tend become garbled and difficult to evaluate. Let’s look at perceived value defined for a few different disciplines:
Dealing with theft, external and internal violence, unauthorized access to critical areas, vandalism (etc.), a physical security focus brings the tried and true principles of detect, delay and deter concepts. There tends to be numerous vulnerabilities in this category that require experience and training to address. The complexity of designing site, building perimeter and interior security solutions can be difficult to perform effectively, requiring years of experience with cameras, sensors, reader technologies and their integration.
In my opinion, this is a category unto itself. I have run into very few physical security professionals that understand this discipline well. Identity management is NOT printing a photo on an access control badge. It represents using Active Directory Services to achieve authentication in BOTH LAN/WAN/Cloud data communication and Physical Protection System (PPS) environments.
Encryption, Encryption, Encryption. Why are IP networks fully encrypted, while access and intrusion monitoring data infrastructure is not? Food for thought, 128 bit AES encryption is not the highest order of encryption… Is physical access to switches and servers strictly controlled?
I am now being asked, “do software apps managing access control use open source code?” Do IP Edge devices (controllers, cameras, etc.) have protection schemes for Denial of Service (DOS & DDOS) Attacks? Does all data communication utilize password protected encryption keys? Is dual authentication available? Can credential technology support network identity management? There is an answer for each of these questions in both network and application environments. Let’s get engaged and begin the discussion…
Relevance is TEAMWORK!
The most difficult transition I had to make in my long career, was moving from an individual to team performance focus (topic for another article). The complexity of leading technologies, latest software and evolving threats demand specialists able to address these areas both individually and together. Any one person working independently is unlikely to grasp the entire picture. The answer is to bring a team together with a basic understanding of these disciplines and capable of coordinating design and deployment to deliver the best solutions addressing the client’s broader needs.
So, which discipline offers the greatest security value? None individually… the best risk mitigation will always come from effective multi-discipline teams!
This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.