The main hurdle for professionalization is one mainly hampered by established notions about what background a security manager should have
Law enforcement and pure problem-solving
skills will play less of a role for the future
security director

Much effort has been put down in the professionalisation of security work. Not only is it a recurring topic of conversation at events for security professionals, but also a formal topic of concern for ASIS – having active task forces devoted to the promotion of professionalisation and academisation of security practice as well as a recently updated standard (ANSI/ASIS CSO.1-2013) describing the competence profile of a Chief Security Officer (CSO).

The outer driving forces for this effort are well-known; for example the increase of uncertainties relating to cyber-security threats, industrial espionage, activism and business-related risks when operating in hostile environments. In parallel with this trend, the demands for a formal, ongoing and cost-effective coordination of security work has further increased. Also on the list of organisational demands are clearer and improved business processes that cut across functional and operational value-creating activities, and increased use and sharing of security-supporting technologies. Furthermore, our research shows that physical security since long is a well-established business process within larger firms and a further development of security management would seem a natural development.

Distinctive for well-established professions are commonly agreed methodologies, techniques and terminology among professionals. Furthermore, a uniform and considerable quality assurance process is often in place in the form of higher education and/or formal licencing. Prime examples of professions often referred to are medical doctors and lawyers. In short, a professional from one country should more or less be able to communicate with colleague in another part of the world.

Establishing a higher education in security management is tightly coupled with the question on what would be general research direction for security management
There is an uncertainty regarding the academic orientation that security management should have

For security management there exists no such well-established equivalent. Institutions of higher education that offer security management are Edith Cowan University in Australia and the specialisation in Security Management that is offered at Wharton at University of Pennsylvania with ASIS as supporting body.

Engineering, criminology or business/management?

For any higher education with a clear identity and recognition the fundamental (research) question of whom or what we are is agreed upon. In effect, establishing a higher education in security management is tightly coupled with the question on what would be general research direction for security management. This is an important question – both short-term and long-term. In the short-term it is important to know what universities and schools to target, and long-term to guarantee the profession a development in the right direction and with the intended legitimacy.

A crude division can be made by dividing research and higher education into three general orientations; the first (1) being an orientation towards engineering and problem-solving; the second (2) being social scientific and criminology orientation that concerns itself with addressing overarching crime development and underlying structure and motives for criminal behaviour; and third (3), a business/management orientation that is concerned with balancing and setting business priorities in a corporate landscape of limited resources. None of these orientations are mutually excluding of one another – all higher education is a mix of a major subject and support subjects. However, some form of declaration of will and consensus about the general orientation is necessary. Worst-case effect might be that security management ends up being academically and institutionally weak as is sometimes the case with over-specialized degrees. When educating security managers, should the general orientation be on of engineering/problem-solving, criminology or business and management? In Sweden, the Higher Education Authority have for example assessed the Security Management degree in Australia as being one in engineering (assessment made 08/05/2008).

More business, management and new technology

From the research conducted within the LUSAX research program at the Institute of Economic Research at Lund University a clear majority of survey respondents working corporate security management expresses a need for increased skills of business and management, but also a need to understand novel technology to some extent. Law enforcement and pure problem-solving skills will play less of a role for the future security director. If asking security directors, the answer would be to follow the business/management orientation.

Some form of declaration of will and consensus about the general orientation is necessary. Worst-case effect might be that security management ends up being academically and institutionally weak as is sometimes the case with
over-specialised degrees

A third possibility is to position security management as focusing mainly on criminology and behavioural sciences. No explicit and direct demand from security directors was made regarding the need for criminology. However, we believe criminology and behavioural science is an important support subject to security management. A final alternative would be to position security management as a corporate legal activity, but we argue that the legal alternative is one that can be considered of being constraint or factor within the business and management orientation. Also, some security directors have expressed concerns in sorting security management under the legal corporate branch due possible risks of conflicts of interests.

Our research further suggests that the security manager needs further resource enforcement for areas like budgeting, procurement, cost-benefit analysis, new technology and business to mention a few examples. From that point of view, the choice of orientation clearly points to a direction of hosting security management within a business and management orientation. All in all, this could be described as the will for professionalisation from the ones within the profession.

Security Management and its corporate environment

For a more complete analysis it is not sufficient to include only the within-professional will for professionalisation. External forces outside the control of security professionals also govern the answer for the development of the profession. Since the start of LUSAX in 2006 we have repeatedly experienced corporate recruitment of security managers being mainly driven by a corporate interest searching for senior security candidate with a clear and solid law-enforcement background. This is more noticeable in North America and in the United Kingdom where Executive Protection often lies within the scope of security management. This is evident also in industry sectors where physical security is not typically part of the core business – like media, banking and consultancies.

In summary, in this article we have pointed out that there is an uncertainty regarding the academic orientation that security management should have. We are saying that it is necessary to choose a purposeful academic platform that over times generates the positive effects of professionalisation, for example wide corporate influence, clearer career paths and increased rewards in term of salary and perks. Our answer is to aim for security management to be positioned within a business and management orientation.

Finally, we have also pointed out the importance of changing the environmental attitudes concerning security management. We believe the main hurdle for professionalisation is one mainly hampered by established notions about what background a security manager should have. These notions lies outside the control span of the typical security manager, but are pivotal for the professionalisation of the profession.

Download PDF version

Author profile

Markus Lahtinen Researcher and Lecturer at Lund University, LUSAX Security Informatics

Markus Lahtinen holds a Master’s degree in Informatics (2001) and a Bachelor's degree in Business Administration and Economics (2006). The past ten years he has been active as lecturer at the Department of Informatics at the School of Economics and Management, teaching mainly Interaction Design but also given classes on Decision Support Systems, UML, IT and organisation, and supervising theses work for students at Bachelor and Master level.

In case you missed it

What are the obstacles to adoption of mobile credentials for access control?
What are the obstacles to adoption of mobile credentials for access control?

Using a smart phone as an access control credential is an idea whose time has come – or has it? The flexible uses of smart phones are transforming our lives in multiple ways, and the devices are replacing everything from our alarm clocks to our wallets to our televisions. However, the transformation from using a card to using a mobile credential for access control is far from a no-brainer for many organisations, which obstacles to a fast or easy transition. We asked this week’s Expert Panel Roundtable: When will mobile credentials dominate access control, and what are the obstacles to greater adoption?

How to choose the right security entrance for effective customer security
How to choose the right security entrance for effective customer security

Security and systems integrators across the nation are recommending and providing long-term security solutions to their customers. But when it comes to physical security entrances, integrators can easily fall into the trap of simply fulfilling an end user’s exact request without much pushback. Why? We believe the complexity and variety of entrances available makes it difficult to consult on the best solution, but also because there are a lot of assumptions at play. 1) Ask questions to determine the correct security entrance solution There is confusion in the security industry on the meaning of the word, “turnstile.” End users, when requesting a solution, tend to use the word “turnstile” to describe anything from an old fashioned, 3-arm turnstile to a high-tech optical turnstile to a security revolving door. We encourage security integrators to ask questions to discover how their clients want to mitigate the risk of unauthorised entry or “tailgating.” This can help determine the correct security entrance solution to meet the end user’s goal and budget. By asking the right questions and offering true solutions, you can enhance a relationship built on trust and consultation leading to potential repeat business. Below are four physical security goals—crowd, deterrence, detection, and prevention—accompanied by the type of “turnstile” and its capabilities. This breakdown can help the integrator to confidently address an end user’s request for a “turnstile,” and then recommend a solution that truly fulfills their security goals. 2) Explore options for crowd control Typically seen in stadiums, amusement parks, universities, and fitness centres, tripod turnstiles are considered a low security solution for crowd management. Designed for counting employees or slowing down high traffic volume to collect tickets or payments, tripod turnstiles are built to withstand the most abusive of conditions. Here’s what security integrators should know about tripod turnstiles: Low capital cost, but high annual operating cost due to needed 24/7 guard supervision Lack of sensors can lead to defeat – turnstiles can be crawled under or jumped over without alarm/notification to guard staff Little to no metrics capabilities available – no sensors or alarms if defeated High throughput, handling 30 persons per minute in one direction Full height turnstiles are a tall, robust solution for perimeter fence lines, metro stations or parking garages 3) Choose an effective deterrent A physical deterrent to infiltration, full height turnstiles are a tall, robust solution for perimeter fence lines, metro stations or parking garages. While full height turnstiles do physically stop tailgating (an unauthorised person following someone in the next compartment), they have no means to prevent piggybacking. Two people in collusion can gain access through the full height turnstile by badging once and then squeezing into the same compartment. Here are some other things to note about full height turnstiles: Low capital cost, low annual operating cost Guard supervision is up to the user Little to no metrics capabilities available – no sensors or alarms if defeated Moderate throughput, handling 18 persons per minute in one direction 4) Ensure your chosen turnstile can detect tailgating A staple in lobby security to accommodate visitors, optical turnstiles utilise complex sensors to detect a tailgating attempt. Most models available today offer sliding or swinging barriers. A very common assumption in the security industry is that optical turnstiles prevent unauthorised entry, which isn’t true. In fact, once the barriers are open, a second user can slip through. Or, in the case of a wide lane for disabled use, two people can walk through side by side. In either case, an alarm is generated and supervision is therefore essential in order to respond swiftly. The cost of 24/7 supervision must be factored into the security budget. Here are some other points to make note of: Moderate capital cost, but high annual operating cost due to need for 24/7 guard supervision Sensors detect tailgating and sound an alarm for post-tailgating reaction, but turnstiles can still be defeated Moderate metrics capabilities available (for example, # times tailgating occurred, passback rejection) High throughput, handling up to 30 persons per minute in one direction 5) Determine prevention tactics for staff and visitor safety The entry solution of choice for Fortune 1000 companies, security revolving doors and mantrap portals completely prevent tailgating due to their working principle, ensuring the safety and security of staff and visitors. Commonly used at employee-only entrances, security doors are an unmanned entrance solution that cannot be defeated; sensors in the ceiling prevent tailgating (following in a trailing compartment). Optional piggybacking detection systems are also available (preventing two people in the same compartment from entering). The benefits of utilising a truly unmanned door are unparalleled: guard staff can be reduced or reallocated, and this entrance offers an ROI of just 1-2 years. Here’s more information security integrators should know about security revolving doors and portals: High capital cost, low annual operating cost due to no required guard supervision Sophisticated metrics capabilities available, allowing the end user to prove the value of their security investment Security revolving doors = 20 persons per minute, simultaneously in two directions; Security portals = 6 persons per minute in one direction Biometric devices and bullet-resistant glass can be incorporated for an even higher level of security As we’ve demonstrated here, “turnstile,” in the eyes of an end user, is a complex term that can range from a low security, crowd control solution to a high security, tailgating prevention entrance. Security integrators need to first accurately determine the security goals of their customers and then break down the “turnstile” barrier of confusion to recommend the best solution for fulfilling those goals.

Why security customers should buy products and services from SMBs
Why security customers should buy products and services from SMBs

In 1973, a brilliant economist named E.F. Schumacher wrote a seminal book titled ‘Small Is Beautiful:’ taking an opposing stance to the emergence of globalisation and “bigger is better” industrialism. He described the advantages of smaller companies and smaller scales of production, highlighting the benefits of building our economies around the needs of communities, not corporations. In almost every industry or market that exists in the world today, you're likely to find a difference in size between companies. Whether it’s a global retail chain versus a small family-owned store, a corporate restaurant chain versus a mom-and-pop diner or a small bed and breakfast versus a large hotel chain — each side of the coin presents unique characteristics and advantages in a number of areas. Disparity in physical security industry Customers are drawn to products and services from large enterprises as the big names typically imply stability This disparity very clearly exists in the physical security industry, and differences in the sizes of product manufacturers and service providers could have important implications for the quality and type of the products and services offered. All too often, customers are drawn to products and services from large enterprises, as the big names typically imply stability, extensive product offerings and global reach. And that's not to say that these considerations are unwarranted; one could argue that larger companies have more resources for product development and likely possess the combined expertise and experience to provide a wide range of products and services. But the value that a company’s products and services can bring isn’t necessarily directly related to or dependent on its size. In an age where the common wisdom is to scale up to be more efficient and profitable, it’s interesting to pause and think about some of the possible advantages of small- and medium-sized businesses (SMBs). Typically, “small” companies are defined as those with less than 100 employees and “medium” with less than 500. Providing social mobility  Schumacher argued that smaller companies are important engines of economic growth. Indeed, according to the Organisation for Economic Cooperation and Development (OECD), a group of 36 member countries that promotes policies for economic and social well-being, SMBs account for 60 to 70 percent of jobs in most OECD countries. Importantly, SMBs provide resilience in that there are often large economic and social impacts when big companies fail. Smaller companies are better for regional economies in general, as earnings stay more local compared to big businesses, which in turn generates additional economic activity. SMBs are also better at providing social mobility for disadvantaged groups by giving them opportunities and enabling them to realise their potential. Smaller companies are often more innovative, bringing to the market novel technologies and solutions such as Cloud, analytics, AI, and IoT New companies introduce new technologies There's no denying the role of start-ups when it comes to innovation. In the security industry, many new technologies (e.g. Cloud, analytics, AI, IoT) are first brought to the market by newer companies. In general, smaller companies’ products and services often have to be as good or better than others to be competitive in the marketplace. They are therefore often more innovative, bringing to the market novel technologies and solutions. And these companies are also more willing to try out other new B2B solutions, while larger companies tend to be more risk-averse. Customer service Aside from the quality of products and services, arguably one of the most important components of a security company’s success is its ability to interact with and provide customers the support that they deserve. Smaller companies are able to excel and stand out to their customers in a number of ways: Customer service. Customers’ perceptions of a product’s quality are influenced by the quality of support, and smaller manufacturers often possess a strong, motivated customer service team that can be relatively more responsive to customers of all sizes, not just the large ones. A superior level of support generally translates into high marks on customer satisfaction, since customers’ issues with products can be resolved promptly. Flexibility. SMBs have a greater capacity to detect and satisfy small market niches. While large companies generally create products and services for large markets, smaller companies deal more directly with their customers, enabling them to meet their needs and offer customised products and services. And this translates to adaptability, as SMBs become responsive to new market trends. By having a pulse on the market, smaller companies have much more flexibility in their supply chain and can adjust much faster in response to changing demand. Decision-making. Smaller companies are much more agile in decision-making, while larger enterprises often suffer from complex, tedious and lengthy decision-making processes. Communication is easier throughout SMBs, as smaller teams enable new ideas to flow and can solve problems faster. Job satisfaction Employees working for SMBs connect more directly with the company's goals and objectives, which in turn increases motivation and job satisfaction Employees working for SMBs connect more directly with the company's goals and objectives, which in turn increases motivation and job satisfaction. SMBs are also generally more connected to local communities and participation in community activities leads to a greater sense of purpose. Additionally, SMBs have a much smaller impact on the environment, which is increasingly becoming an important consideration for today’s employees and customers. Though Schumacher's book takes a much deeper dive into the large global effects of scale on people and profitability, the general impact of a company’s size on its products and services is clear. It’s important for all players in the security industry to remember that the commitment and dedication to product quality can be found in businesses of all sizes. Ensuring safety of people, property and assets Large manufacturers may catch your eye, but small business shouldn’t be forgotten, as they can offer end users a robust set of attributes and benefits. While all security companies are aiming to achieve a common goal of providing safety for people, property and assets, smaller businesses can provide extensive value when it comes to driving the economy, innovating in the industry, providing quality employment and offering superior customer service.