How is Security Consulting/System Design Changing?

331-security-breach

Is Security ONE Discipline?

In speaking with end-users, I never cease to be amazed at the expectation for a consultant’s knowledge-base and skill-set. I have been working in physical security for over 30 years and I feel just recently I have begun to grasp the full picture in the overall security category. When I share this observation, the response is often surprise.

Physical Security is impacted by threat assessment, risk analysis, vulnerability assessment, formulation of¬†mitigation strategies, development of processes and procedures, changing technology, network infrastructure, information security, system design, etc. How does one person gain an “expert” level understanding of all these elements?

Who are “Security” Consultants?

  • Physical security threat and vulnerability assessment is often handled by Ex Law Enforcement/Intelligence Personnel.
  • Risk analysis is usually performed by legal counsel and/or insurance actuaries.
  • Mitigation strategies and physical security processes and procedures are best devised by physical security specialists (CPP).
  • Physical protection systems should be designed by security engineers (PSP).
  • Technology management, planning and data infrastructure is best handled by automated systems engineers: Electrical Engineers (EE), Professional Engineers (P.E.), Network Infrastructure Engineers (RCDD).
  • Information security and hardening of data transport should be handled by system software and coding/encryption experts (nod to CISSP).

In even three lifetimes, I am not sure one person could put this kind of experience together.

End-User Discovery & Needs Assessment

The critical developing need is for an individual who has enough experience to provide program management for all these disciplines. I have begun creating design development tools… there are too many related concerns that must be incorporated into integrated security design: checklists, process schedules, best practices review, etc.

Honestly, I am not sure the program manager role would be best handled by my discipline, but then who should it be? Can architects and/or construction managers offer this capability? Maybe, by assembling massive teams… but this approach is not financially viable for any other than the largest projects and corporations. So, which discipline will become the project leader capable of providing a cross-discipline needs assessment and assist in funding prioritization? This may be where some of you can help me? I have seen a new class of consultant pop up, calling themselves “Technology Consultants” and offering design services for ALL low-voltage automated systems (security, fire, A-V, telephony, etc.). These companies are growing out of construction engineering consulting and industrial automation engineering firms.

Convergence

All these different disciplines are growing together, being driven by end-user need. Personally, I have learned more about data technology and security in the last year, than in the previous thirty combined. It has been out of necessity. I am being asked questions by I.T. Directors that I have never heard before:

  • Have your IP controllers been penetration tested?
  • Can your IP controllers support typical network encryption strategies?
  • Are your drivers and firmware using open source-code and if so, has it been properly vetted?????????

Speaking to other security industry professionals here… continuing education is a bigger priority than at any time I can remember. It will be critical to learn not just your area of specialty, but also an overview of related disciplines. Client patience for excuses in this area has been precious little.

If you would like to discuss this, or other security topics, please contact Doug via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be a personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

Advertisements

About Doug Levin

Doug is a certified (PSP, AHC, LEED AP), experienced business development professional with a focus on the physical security industry. With a diverse background that includes delivering products & services through multiple channels (manufacturing, distribution, specialty & general contracting), he brings a broad industry perspective that adds greater value for his clients. Having decades of experience with sales engineering and design-build of low-voltage automated systems, he also offers a strong emphasis on technical knowledge and consulting services. His career has included responsibility for: profit & loss, operations and sales management with front-line experience in estimating, sales/marketing, project management and developing security design documents & spec writing.
This entry was posted in Cybersecurity, Data Security, Information Security, Physical Security, Technology, Technology Convergence and tagged , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s