Security and safety practitioners responding to evolving threats make decisions every day based on uncertainty, insufficient information, and too few resources for textbook solutions. Unsurprisingly, Chief Security Officers report that critical thinking, decision making, and communications skills are key characteristics for job success. But do we really understand what critical thinking is and how to improve our skillset?

Key components of critical thinking

Good thinking skills are really not all that complicated, but you need a bit of knowledge and continuing practice to turn the learned skills into instinctive habits. Successful critical thinkers are judged by results that almost always involve deliberation and intuition, logic and creativity. Long-time CIA methodologist Jack Davis recognised this in defining critical thinking as the “adaptation of the processes of scientific inquiry” to your environment and its special circumstances. The key components of critical thinking include:

  1. Asking the right questions.
  2. Identifying your assumptions.
  3. Reaching out to sources of information beyond those readily available.
  4. Evaluating data for accuracy, relevance, and completeness.
  5. Assessing the data and forming hypotheses.
  6. Evaluating the hypotheses, particularly looking for conflicting data.
  7. Drawing conclusions.
  8. Presenting your findings

Structured analytic thinking techniques

Structured analytic thinking techniques make critical thinking explicit. They externalise internal thought processes to make them clear and transparent enough to be shared, improved, and critiqued. They save time in the long run and add rigor, imagination and accountability by:

  • Ensuring your framework is as solid as possible
  • Considering differences in opinion
  • Providing procedures for qualitative analysis of uncertainties
  • Facilitating collaborative teamwork

    Structured analytic thinking
    techniques externalise internal
    thought processes to make them
    clear and transparent enough to be
    shared, improved, and critiqued

You may say that you do not have time to learn, practice, or use specific thinking techniques, particularly when you are facing a pressing decision or crisis, but that is exactly when you need the skills to overcome the cognitive biases that can lead you astray. When the stakes are high that you might be catastrophically wrong, you do not have time NOT to stop and reflect. You need to think in terms of the PREmortem—what might go wrong and how—to avoid the POSTmortem.

5 Key critical thinking skills

We teach that great security decisions are based on five key critical thinking skills that enable you to assess hard security problems, anticipate the unexpected, and avoid disastrous mistakes.

1. Challenge your key assumptions: This is a systematic effort to explicitly list and challenge the fundamental presuppositions or mental model that underlies your interpretation of evidence or reasoning. List your working assumptions, then assess whether each is solid (i.e. you would commit resources based on it), requires some caveats (may be true in most instances but not in all), or is unsupported (your “key uncertainties”). You refine the list as you learn more or circumstances change and consider whether your key uncertainties should be converted into collection requirements or research topics.

2. Consider alternative explanations: Our brains are amazing organs that can “make sense” of situations based on few pieces of information, but not considering missing data and potential alternatives can lead us down a wrong path from which our natural biases will prevent us from recovering. Our mindsets become entrenched and we only see the situation in one way. You can easily develop alternative explanations by:

  • Stating your lead hypothesis (or educated guess) and brainstorming alternatives that span the full range of possibilities from most negative to most positive.
  • Breaking your lead hypothesis into its key components, following a framing structure like the journalist’s “Who,” “What,” “How,” “When,” “Where,” and “Why” to evaluate all critical dimensions, and develop alternative combinations for consideration.

Creating a null hypothesis by establishing in your mind the opposite of your lead hypothesis: something IS or it IS NOT (i.e. guilty or not guilty). The NOT hypothesis becomes a bin for what appears to be anomalous data that may later prove far more diagnostic.

Critical thinking techniques help you deal with security problems including cyber and insider threats to protecting sensitive facilities
Critical thinking skills enable you to make better decisions and collaborate more efficiently

3. Look for inconsistent data: This is the crux of the scientific method; you do not have to be a scientist performing a controlled experiment to use it. Your brain will naturally try to fit disparate pieces of data into a story or lead hypothesis, but if you have more than one hypothesis you can assess the data against each possibility to see which data is disconfirming and how significant it is in challenging the common wisdom. This can save you a lot of time in sorting through complex possibilities and multiple pieces of data; if you encounter a piece of data that is compellingly inconsistent with one of the hypotheses—for instance, a solid alibi—you can quickly discard that possibility and direct your attention to more likely solutions.

4. Identify key drivers: Characterising the driving forces at play in a situation can help you anticipate the future and reduce the chances you will be taken completely by surprise. Varying the weights of these key drivers can generate credible alternative scenarios that capture the range of possible outcomes. You can track which scenario is developing through indicators that meet five criteria: Observable and Collectible, Valid, Reliable, Stable, and Unique. Uniqueness is difficult to meet, but should be a goal.

5. Understand the context: Learning to stop and reflect on the overarching context is the fifth skill, but arguably perhaps the most critical. You are better off learning how to “think above your pay grade” at the start by putting yourself in the shoes of your managers, colleagues, and clients. Ask yourself: “What do they need from me?” How can I help frame the issue?” and “Do I need to place their questions in a broader context?” Simple framing techniques help get and keep you and your colleagues in sync; it helps ensure that coordination is as easy as possible and avoids having to reconceptualise projects when they are well underway.

These critical thinking techniques help you deal with the full range of security problems—from cyber and insider threats to protecting sensitive facilities. You can make better decisions, collaborate more efficiently, and be prepared for the worst if you frame projects, avoid analytic traps, stimulate creative alternatives, and make compelling arguments for countermeasure enhancements.

Download PDF version

In case you missed it

ASSA ABLOY's Yale celebrates 175 years, smart locks and new partnerships
ASSA ABLOY's Yale celebrates 175 years, smart locks and new partnerships

When Linus Yale Sr. invented the pin tumbler cylinder lock, it was the start of an iconic security brand that would eventually be known all over the world. What began in a lock shop in Newport, New York, would eventually evolve into the global presence of the brand “Yale” that we know today. The Yale brand was purchased in August 2000 by the Swedish lock manufacturer ASSA ABLOY Group, which expanded Yale’s global presence in the ensuing years and recently has led the way into smart locks and building automation. This year, ASSA ABLOY is marking the 175th anniversary of the Yale brand. Global home security brand “People all over the world trust the brand to protect what they love most in their homes,” says Kate Clark, Managing Director of Yale EMEA at ASSA ABLOY. Although Yale has a successful commercial sector business in the United States, in the rest of the world Yale is a residential brand. The Yale brand is well known in 130 countries from Australia to the Czech Republic to Colombia, and is popular in Africa, too. In the EMEA (Europe, Middle East and Africa) market alone, Yale has around 20,000 products; that’s without counting products sold in the Asia-Pacific and Americas regions. Yale is familiar as a generic term for “lock” in some areas and is one of the largest home security brands in the world. Expansion into digital locks Good old-fashioned cylinder locks still look nice and cost the right amount of money, so they are in demand “I think we stand for safety, quality and reliability, and that hasn’t changed,” says Clark. “It’s as important now as ever. We have tried to pioneer new technology in the industry, new innovations. The rate of acceleration has increased, and there are so many technologies we have to understand and work with.” Growing beyond its heritage in mechanical locking systems, Yale is now expanding into digital locks that can protect homes with a high level of security synonymous with the Yale brand. The current selection of locks includes partnerships with tech brands such as Nest Labs (Google) and Alexa (Amazon). There is a rapid acceleration of growth in the electro-mechanical lock market. But even as the focus expands to smart locks and partnerships with tech companies, Yale continues to dedicate time and resources to the design of their core mechanical products. Good old-fashioned cylinder locks still look nice and cost the right amount of money, so they are in demand. Yale padlocks and bike locks also keep the name top-of-mind. There’s an ongoing education process as home locks expand beyond the use of mechanical devices and even personal identification (PIN) codes. Beyond mechanical locks and PIN codes “It’s important for people to know that we have been around a long time, and we want to celebrate that,” says Clark. “It’s a fantastic story around the brand and what we have achieved. Internally we have a lot of people doing a lot of great things with the brand. We inspire people working with the brand and show them that this is the pedigree, and it should be cherished. We are also raising awareness among younger people, so they know that we are still relevant.” We have an obligation to show people that the new technologies are just as secure as mechanical locks" There’s an ongoing education process as home locks expand beyond the use of mechanical devices and even personal identification (PIN) codes. “We have to take people on a journey,” says Clark. “We have an obligation to show them that the new technologies are just as secure as mechanical locks. If we eliminate PIN codes, we have to do it in a secure and safe way. Then suddenly access to your home can be made available by a company you trust.” Smart home security “We have a responsibility to do our best job with the new technology – it’s wonderful, but it needs to be used correctly,” says Clark. “I personally feel a responsibility to do that in the right way.” For example, in working with Amazon and Alexa to remotely authorise the delivery of a parcel to a home, concerns of security must be weighed carefully along with issues of convenience. “It’s important that we get the balance right,” says Clark. “We need to know the right person is giving the right voice command to lock a lock. We have to be true to our core as ‘security first.’” Will Yale be here another 175 years? Clark says she doesn’t expect to be around to find out but will do her best to preserve and promote the brand until she hands it off to a new caretaker.

Smart home access control growth and the future of door security
Smart home access control growth and the future of door security

There’s growing noise around smart homes and smarter security. You’ve probably heard it. But there is a place where access control and more have been smart for decades: the workplace. Home automation and IoT are still playing catch-up with the commercial sector. A new insights report from ASSA ABLOY and IFSEC Global — “The Smart Door Locks Report 2018” — measures just how fast consumer smart technology is running. According to a survey conducted for the report, 61% of households now claim to own at least one smart home device or system. Energy monitors, home CCTV cameras, intruder alarms and smart door locks are the most popular, according to the report. All these functions, of course, have been available to businesses for years.61% of households now claim to own at least one smart home device or system Educating the smart home consumer Paradoxically, report data also questions how much consumers really know about their smarter home. A surprising 42% of those surveyed, for example, were unaware they could control a smart door lock from their phone. In fact, many leading smart door lock models offer this feature, delivered by Wi-Fi or Bluetooth and an app. Despite a wealth of features offered by the latest smart door locks — remote and location-based locking/unlocking; voice activation; timed access; emailed entry alerts; and integration with smart camera and lighting systems — most people still have limited knowledge of their capabilities.  Smart technology is increasingly becoming the new norm in terms of home security  Only 14% of survey respondents described themselves as “very familiar” with what a smart lock can do. Even though most of them probably use smart access control solutions at their workplace. Secure homes through smart technology Monitoring and security are not the only drivers for smart home adoption. We humans also love convenience, and modern living presents us with problems that smart home technology can solve. Ironically, given the report’s findings, it takes a smartphone to really unlock the convenient possibilities of smarter living. The device that’s “always to hand” is central to the newest generation of smart door locks.A smart door lock is a convenient way for a landlord or agency to offer round-the-clock check-in and check-out If homeowners wish to remotely manage property access for friends and family, many smart door locks oblige. You let in guests remotely, send them a virtual digital key, or provide a temporary or single-use PIN to unlock the door. It is just as easy to revoke a digital key, if you don’t want its owner to come around anymore. This is a significant improvement over sharing physical keys — or hiding one under the doormat. We cannot be totally sure where a metal key ends up and have no way to track or cancel it once it’s “out in the wild”. Commercial access control offers such functionality as standard, of course.  In addition, smart door locks offer more than just stand-alone operation and clever functions. In a domestic setting, magic happens when locks work in harmony with a home automation system, connected by protocols like Z-Wave, ZigBee or Wi-Fi. "Smart" security on the move  The smartphone is becoming a remote control for managing a connected life beyond just home (and even workplace) security. According to Accenture, the parcel delivery services market will grow by $343 billion by 2020. Just like home security, convenience is a major driver of change. Homeowners can send guests a virtual digital key to their phones, or provide a temporary or single-use PIN to unlock the door A recent PostNord pilot in Sweden aimed to remove the inconvenience of waiting home for a postal delivery. Selected customers of some major Scandinavian e-retailers could choose to have parcels delivered inside their front door, if it was equipped with a Yale smart door lock.  Home delivery is among potential smart services covered in “The Smart Door Locks Report 2018 ”. When asked whether the ability to receive parcels securely in a porch or lobby would make them more likely to invest in a smart door lock, 79% said it would.It is easy to revoke a digital key, if you don’t want its owner to come around anymore Holiday rentals and smart home tech ASSA ABLOY research published in 2017 forecasts continued growth in the European holiday rentals sector (at 5.8% CAGR). Smart door locks are also making an impact here, at both ends of the market: for service providers — agents and homeowners — and for travellers. A smart door lock is a convenient way for a landlord or agency to offer round-the-clock check-in and check-out, without creating extra work or staff costs. Both Intersoft, in Croatia, and Hoomvip in Spain have built holiday rentals management systems around an app and the ENTR® smart door lock. Agents issue, revoke, track and manage virtual keys for all their guests, saving everyone time and hassle. Travellers use their phones and an app to unlock their apartment. For these visitors the smartphone is already an essential travel accessory. It is a boarding pass, a credit card, a travel guide, and a postcard home... why not a door key, too? And if this key is backed by a trusted home security brand — and a company with vast experience in the mature market for commercial “smart” security — better still.

Bosch startup SAST addresses need for evolved solutions in security industry
Bosch startup SAST addresses need for evolved solutions in security industry

Security and Safety Things GmbH (SAST) is a new company that has announced its vision for an Internet of Things (IoT) platform for the next generation of security cameras. The Bosch startup plans to build a global ecosystem for the development of innovative security camera applications. Based on the Android Open Source Project (AOSP), SAST provides libraries, an API framework, and codecs for developers to work with. The SAST App Store will allow developers to build and market new applications, similar to today’s app stores for smartphone applications. We presented some questions to Nikolas Mangold-Takao, VP Product Management and Marketing, about the new venture, and here are his responses: Q: Why a new company now? What technology innovations have made this a good time to launch this company? The time is right to bring market needs and technological innovations together on one platform"Mangold-Takao: From a technical perspective we see two main drivers: increasing computing power at the edge and increasing internet connectivity, which will enable devices to directly communicate with each other and bring new technologies such as artificial intelligence also to the security and safety industry. At the same time, we see that this industry and its users are hungry for more innovative solutions – addressing new security needs while at the same leveraging the possibility to improve business operations for specific verticals, e.g. retail and transportation. The time is right to bring market needs and technological innovations together on one platform for this industry. Q: Why does SAST need to be a separate entity from Bosch? Mangold-Takao: SAST is setup as a wholly owned subsidiary of the Bosch Group. We wanted to make sure that SAST is able to underline its role as an industry standard platform across multiple players. SAST is open to get additional investors and is being setup as a startup in its own offices in Munich to foster the environment where speed and innovation can more easily take place. Having said that, several entities of the Bosch Group are very interesting partners for SAST. The SAST App Store will allow developers to build and market new applications, similar to today’s app stores for smartphone applications Q: Please explain your "value proposition" to the industry. Mangold-Takao: We will bring new innovations and possibilities to the security and safety industry by providing an open, secure and standardised Operating System for video security cameras, to also address pressing issues such as cyber security and data privacy concerns. Devices that run then with the SAST operating system will work with an application marketplace provided and operated by SAST. Integrators and users can then use these apps from this marketplace to deploy additional functionality on these devices. With our platform we will be able to build up a community of app developers, including the ones not yet developing for this industry who have expertise in computer vision and artificial intelligence. Q: It seems what you are doing has parallels with the Apple and Android "app" stores. How is your approach the same (and how is it different) than those approaches? We are setting up SAST as a user-centric company and involve selected users very early on in the process"Mangold-Takao: The approach is similar in the way that we plan to generate revenue by operating the application marketplace and thus participate in the app revenue. The difference is that there is much more needed than apps and cameras to create a complete working solution addressing a user problem in this industry – we need to make sure that our own platform as well as the new applications being created will work as a part of an end-to-end solution. Q: "Critical mass" and wide industry participation seem to be requirements for your success. How will you achieve those goals? Will you involve integrators, consultants, or other parties in addition to manufacturers (to drive awareness)? How? Mangold-Takao: SAST is in close exchange with device manufacturers, integrators and consultants, as well as application developers and large end-users at the moment to ensure that we are building the right platform and ecosystem for this industry. We are setting up SAST as a user-centric company and involve selected users very early on in the process. We will run dedicated programs and hackathons to attract app developers, already active and new to our industry. We will also run selected pilots with end-users throughout 2019 to ensure we have all partners involved early on. SAST sees the industry is hungry for more innovative solutions – with the retail vertical market a target for these solutions Q: What timeline do you foresee in terms of implementing these initiatives? Mangold-Takao: While we start with first app development programs and plan our first pilots already for this year, we are planning our commercial launch for end of 2019. Q: How does your new company relate to the new Open Security & Safety Alliance (OSSA)? Mangold-Takao: The Open Security and Safety Alliance has been working very closely with SAST over the past year, defining some important concepts and elements required. One of the most important elements is an open and standardised Operating System, specific to this industry, which will then bring forward new innovative technologies and solutions. SAST is actively working on this Operating System, based on Android Open Source Project (ASOP), but is evolved and hardened with industry-specific features. Q: What's the biggest thing you want the security industry to understand about SAST? What is your "message" to the industry? Mangold-Takao: Our message is simple: let’s build better security and safety systems – together! But for real, innovating an industry is a joint effort, we can only bring new innovation to this industry with partners who share our vision and are excited about new technology. At the same time, we strongly believe that our platform allows every partner to bring forward what they do best but also invite new partners to our industry.