Is Security ONE Discipline?
In speaking with end-users, I never cease to be amazed at the expectation for a consultant’s knowledge-base and skill-set. I have been working in physical security for over 30 years and I feel just recently I have begun to grasp the full picture in the overall security category. When I share this observation, the response is often surprise.
Physical Security is impacted by threat assessment, risk analysis, vulnerability assessment, formulation of mitigation strategies, development of processes and procedures, changing technology, network infrastructure, information security, system design, etc. How does one person gain an “expert” level understanding of all these elements?
Who are “Security” Consultants?
- Physical security threat and vulnerability assessment is often handled by Ex Law Enforcement/Intelligence Personnel.
- Risk analysis is usually performed by legal counsel and/or insurance actuaries.
- Mitigation strategies and physical security processes and procedures are best devised by physical security specialists (CPP).
- Physical protection systems should be designed by security engineers (PSP).
- Technology management, planning and data infrastructure is best handled by automated systems engineers: Electrical Engineers (EE), Professional Engineers (P.E.), Network Infrastructure Engineers (RCDD).
- Information security and hardening of data transport should be handled by system software and coding/encryption experts (nod to CISSP).
In even three lifetimes, I am not sure one person could put this kind of experience together.
End-User Discovery & Needs Assessment
The critical developing need is for an individual who has enough experience to provide program management for all these disciplines. I have begun creating design development tools… there are too many related concerns that must be incorporated into integrated security design: checklists, process schedules, best practices review, etc.
Honestly, I am not sure the program manager role would be best handled by my discipline, but then who should it be? Can architects and/or construction managers offer this capability? Maybe, by assembling massive teams… but this approach is not financially viable for any other than the largest projects and corporations. So, which discipline will become the project leader capable of providing a cross-discipline needs assessment and assist in funding prioritization? This may be where some of you can help me? I have seen a new class of consultant pop up, calling themselves “Technology Consultants” and offering design services for ALL low-voltage automated systems (security, fire, A-V, telephony, etc.). These companies are growing out of construction engineering consulting and industrial automation engineering firms.
All these different disciplines are growing together, being driven by end-user need. Personally, I have learned more about data technology and security in the last year, than in the previous thirty combined. It has been out of necessity. I am being asked questions by I.T. Directors that I have never heard before:
- Have your IP controllers been penetration tested?
- Can your IP controllers support typical network encryption strategies?
- Are your drivers and firmware using open source-code and if so, has it been properly vetted?????????
Speaking to other security industry professionals here… continuing education is a bigger priority than at any time I can remember. It will be critical to learn not just your area of specialty, but also an overview of related disciplines. Client patience for excuses in this area has been precious little.
This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be a personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.