Articles by Dave Tyson
From my vantage point, it would appear that the acquisition of goods and services related to security controls and measures remains healthy at the end of 2015. Although the time associated with evaluations and overall procurement processes, I am told, has become a bit lengthier. Mergers and acquisitions of both security industry providers and the merger of national and international companies are the biggest unexpected things to have an impact this year. Forbes reported that “From the $55 billion Charter-Time Warner deal to the nearly-$50 billion Heinz-Kraft merger and everything in between, the first half of 2015 has been a busy time for merger and acquisition activity.” According to data from Thomson Reuters analysed by PricewaterhouseCoopers, the U.S. saw 4,654 M&A deals worth a whopping $875 billion from the start of the year through May 31st. But what might be even more remarkable is that, according to the same analysis by PwC, the M&A market is just getting warmed up, and 2015′s merger market could turn out to be the best for the U.S. since the financial crisis. These activities include the mergers and acquisitions of security companies and of security operations. This should translate into increased activity associated with not only the issues of managing disparate systems across huge enterprises, but also a lot of activity surrounding HR and procedural and compliance issues. I believe it is likely to spawn healthy growth for those companies in the enterprise security integration sector as well as security thought leadership especially for organisations like ASIS International. Internet connected devices & digital strategies The IoT, Internet of Things, a much talked and written about trend, will continue to be felt in the security industry with all types of devices joining the ubiquitous computer/Internet environment. The impact of digital marketing will drive businesses to embrace new disruptive technologies that will change how organisations go to market, interact with consumers and operate their supply chain; Machine-created content, augmented reality systems, block chain programmable commerce environments, personal virtual assistants (PVA), and autonomous vehicles will have make their mark. The impact of IoT and digital strategy will place greater emphasis on businesses protecting their brands, assets & intellectual property Digital vandalism will likely become a greater challenge for businesses, as investments ramp up on digital assets and organisations will need to increase their capability to protect the brands and intellectual property. Changing regulations for vehicles & drones as platforms for service delivery Motor vehicles all of kinds are quickly becoming a platform for the delivery of services, whether it’s as hosts for user apps or the vehicle as its own mobile payment platform; complexity will surely ramp up with these trends. The risks and benefits of drones, whether commercial or personal, will continue to evolve, and a changing regulatory environment will need to mature to define exactly how companies and individuals utilise and protect themselves from these devices. Finally, manufacturing organisations are ramping up their factory and “supply chain of the future” strategies, and this will no doubt dramatically increase the sophistication of these environments, many of which are still at a low level of technical maturity. In short, companies who embrace this trend will be winners with many opportunities, and those who do not keep pace will be facing challenges and increased risk. ASIS 60th anniversary ASIS marked its 60th anniversary year with the release of two ANSI standards - Investigations and Risk Assessment; the addition of new certificate courses; and the recognition of ACE® for our three board certifications. This year also marked the Fifth anniversary of (ISC)2’s colocation with our Annual Seminar and Exhibits. Security professionals from both the operational and cyber sectors have derived great value from the opportunity to learn and network with their colleagues. ASIS and the ASIS Foundation donated $122,000 in products and services to an Anaheim elementary school in September and invested $485,000 in education for security professionals. In 2015 ASIS released two ANSI standards, added new certificate courses and received recognition of ACE® for three board certifications The New Year will bring much more of the same, as ASIS continues to focus on the needs of security management practitioners around the globe. New ANSI standards have been initiated, and a stakeholder meeting of organizations from across the security, fire, and safety industries will take place in January to discuss active shooters. ASIS will partner with IE Business School, Europe’s leading Business School, to deliver an executive education program in Spanish. Finally, ASIS will welcome a new CEO in January 2016, as current CEO Michael J. Stack retires after a 22- year tenure. Evolving solutions, standards & guidelines The evolution of solutions, parts, pieces, and best practices as well as standards and guidelines have improved the landscape for companies old and new whose business plans include capitalising on the needs of the security market. The ubiquity of cloud computing, big data, analytics and the speed of communications will aid organisations large and small to realise and manage Security Operations Centers (SOS) both virtual and located in corporate security operations. The virtual SOC will not only provide sustainability but also enhanced presentation and aid in forensics, trend analysis and human and material asset management and security. See the full coverage of 2015/2016 Review and Forecast articles here
“Winners” in 2015 will be multinational security solutions companies and recruiters for mid-to senior-level employment placement ASIS International 2014/2015 Review and Forecast: Spending on security systems was up in 2014: In general, it seems that there was an increase in capital projects for 2014. Two likely contributing factors are a slightly better economic outlook, and the previous capex holding patterns of many organisations wanting to move out of that position. World events such as ISIS, Ebola, the Israel-Gaza conflict, Ukraine/Russia, the disappearance of Malaysia Airlines 370, and multiple active shooter incidents resulted in the lifting of spending restrictions. There were significant investments made in personnel, training, and emergency preparedness. The general 2014 increase in M&A activity has been part of the picture as well, with physical security (access control, video, and intrusion) for the acquired properties getting attention. Video systems seem to be greatest category of expenditurePart of the access control spending increase was to replace end-of-life access control systems—in particular, Casi-Rusco. Many of the major access control companies (Lenel, Honeywell, and AMAG, for example) released upgrade kits or conversion programs that allow upgrades of the front-end servers, and in some cases field control panels, without having to rip and replace door control hardware and readers. Analogue product demand is droppingMany integrators dropped key analogue product lines due to increased customer demand for IP-based products. Video products constitute the bulk of this change. There was an increase in security system purchases for U.S. healthcare and college campuses (not noticeably so for K-12), to establish higher levels of security. There was also an increase in security system expenditures across U.S. pharmaceutical companies. There is also an expanded interest in security management academic and course curriculums at colleges and universities Diversity of security personnel within the industry continued to growThere is also an expanded interest in security management academic and course curriculums at colleges and universities. Integrators heighten interest in security assessmentsThere seems to be a higher level of interest in security assessments on the part of security integrators. I believe this is due to both the availability of more educational sessions designed for integrators and an increased requirement for security practitioners to relate their security investments to the risk picture. While this probably relates to a minority of integrators, it’s a trend in the right direction that will be an important as a differentiating competitive factor. I know of several integrators that hired personnel with assessment experience, and some who sent personnel for training. The availability of online training in the future may be a factor supporting this trend, as it’s hard for integrators to take personnel out of the field for extended out-of-town training. For the most part, these are threat and vulnerability assessments, light on the threat part and heavy on the vulnerability aspect (i.e. not full-blown risk assessments). This is the state that IT security was in a little over a decade ago. However, it’s a start and certainly better than no assessment at all. Using Advanced Video Management Systems (VMS) as “Basic PSIMs”Previously access control and alarm monitoring systems were the default base security monitoring operations application. Then along came PSIM (Physical Security Information Management) as a new name for security operations and response software that integrates the many system components of a security technology infrastructure. However, PSIM is complicated to deploy and expensive (typically over $500K), making it feasible for only the largest organisations and critical infrastructure. This year, high-end VMS manufacturers have increased their claims about serving as a light PSIM application, and at 10 percent of the cost of the big-name PSIM applications. Support for mobile devices both for video, text, and voice communications is a contributing factor. Now that megapixel video has improved the quality of video, and now that petabyte capacity storage is affordable for large systems, this trend may well continue. International security breaches call for protocol reviewUnexpected events including a breach at the White House and Canadian parliament buildings gave way for review of protocols. Interest in cloud solutions is increasingIntegrators and consultants both report a high level of interest in cloud solutions. Cloud solutions are viewed as an alternate approach to huge capital reinvestment for aging systems, and as a way to establish standardization across the enterprise at a reasonable cost. Previously access control and alarm monitoring systems were the default base security monitoring operations application Cloud security is a very high and real concernI know of two organisations (one integrator group, one large end-user company) who engaged a team of cybersecurity experts to evaluate cloud-based video storage solutions. In both cases, a large number of relatively small, but important, video applications were involved; all of the cloud services evaluated could be seriously compromised within 15 minutes of the first attempt (i.e. hackers could view customer video). Some of these were “big name” services. A failure on the part of physical security cloud service businesses to address security for their offerings could be a significant stumbling block for those companies, bringing the risk that a serious incident could set back the business development efforts for security industry cloud services in general. The reason that these two organisations invested significantly in their cybersecurity teams is that cloud-based services have the potential to let them significantly expand and improve the value of their technology deployments at a fraction of the cost. Increase in cybersecurity spendingIncreases in cybersecurity spending are on a trend to quickly outpace spending on traditional security (corporate, physical). This feedback comes from large and small integrators who have CSO/Corporate Security Director practitioners as customers. The high level of media coverage for the many large-scale data security breaches has elevated cybersecurity concerns over those of traditional security concerns. It is completely unlikely that companies will start publicising the extent and impacts of their physical security breaches, just to help the traditional security industry get media coverage! There seems to be a higher level of interest in security assessments on the part of security integrators Cybersecurity vulnerabilities of critical infrastructure, especially the electrical power grid, are also overshadowing traditional security concerns. Large integrators, in particular, are concerned about the implications for traditional security spending going forward. Key question are: if the economy begins to significantly improve, what portion of security spending will go to cybersecurity over traditional security? And, could traditional security spending remain weak if there is a strategic shift in security investments over to cybersecurity? How will the business change over the next year? Businesses will need to prepare employees to be resilient as the incidents of home-grown terrorists, hate crimes, and protests will continue to rise in 2015. Organisations are encouraged to engage in public-private partnerships, if they have not already done so. It will be a necessity. As noted in my previous comments, threats to customer information will continue to be a trend in the New Year, requiring businesses to reevaluate their internal processes and systems. Social media will be a tool that organisations can use in their security operations, from investigations to real-time update on occurring events. Increased interest by countries to develop more pervasive monitoring could put companies’ proprietary information at risk. A number of countries have either passed or are reviewing legislation that gives them more legal rights domestically to review and assess electronic communication on telecommunication networks, whether public or private. Who will be the “winners” and who will be the “losers”? I predict the “winners” in 2015 will be multinational security solutions companies and recruiters for mid-to senior-level employment placement. Heightened areas of concern will remain the security of personal information and travel risks. See the full coverage of 2014/2015 Review and Forecast articles here
O’Neil will succeed Michael J. Stack, who will retire at the end of 2015 following a 22-year tenure as CEO ASIS International (ASIS) recently announced that Peter J. O’Neil, FASAE, CAE, has been confirmed as its new Executive Vice President and Chief Executive Officer. ASIS International (ASIS) is the largest membership organisation for security management professionals that crosses industry sectors. O’Neil will succeed Michael J. Stack, who will retire at the end of 2015 following a 22-year tenure as the organisation’s CEO. Driving business forward “It is a critical time for our association and our industry-at-large as unique threat scenarios continue to arise globally driven by world events and advances in technology. As adversaries are multiplying and becoming more sophisticated, our role in preparing security management practitioners worldwide to mitigate threats to their people, property and information has become more vital than ever before,” said ASIS President Dave N. Tyson, CPP. “Peter is definitely the leader we need at this point in time to take our organisation forward. Beyond his remarkable leadership and management skills, he has clearly demonstrated an exceptional aptitude for business and a rare passion for professional advancement.” O’Neil is currently the CEO of the American Industrial Hygiene Association (AIHA), an international professional society representing 10,000 occupational and environmental health and safety professionals. Located in Fairfax, VA, the association is supported by nearly 50 staff and has 73 chapters. The organisation has a consolidated $21m annual operating budget. In addition to AIHA, O’Neil also has management responsibilities for three limited liability companies, a related education oriented foundation, a foundation that establishes guideline values for exposure limits, and a newly formed Product Stewardship Society. “ASIS is an outstanding organisation with a solid, rich history of achievement and exceptional resources,” observed O’Neil. “I am honoured to have this opportunity to lead a talented staff of professionals and to collaborate with a vibrant global network of volunteer leaders and members to advance and grow the association in the months and years ahead.” Background Over the past ten years, O’Neil has served in leadership positions with the US Chamber of Commerce, Greater Washington Society of Association Executives (GWSAE), American Society of Association Executives (ASAE), and The Center for Association Leadership. He is a past chair of ASAE and a past chair of the ASAE Foundation. He received the Certified Association Executive (CAE) certification in 1998 and was named as an ASAE Fellow in 2006. An author, O’Neil frequently presents, facilitates, and speaks at various conferences. O’Neil graduated from Syracuse University in 1991 with a Bachelor of Science in International Relations. Additional post-graduate work was conducted in public administration, knowledge management, and association management. He resides with his family in Arlington, VA.
The event will feature 33 high-level educational sessions divided over three parallel tracks ASIS International, the world’s premier organisation for security professionals, has announced that it is accepting applications from industry leaders interested in presenting at its 7th Middle East Security Conference & Exhibition (ASIS Middle East 2016) that will take place on 21-23 February 2016 in Dubai, UAE. ASIS Middle East 2016 is expected to attract more than 600 senior security management professionals and government officials from all over the region and beyond for three days of networking, professional development and learning opportunities. The event will feature 33 high-level educational sessions divided over three parallel tracks that will cover a wide range of security issues such as: oil & gas security, critical infrastructure protection, cyber security, supply chain security, loss prevention, hotel security, intellectual property, maritime piracy, terrorism, executive protection, internal theft and fraud, competitive intelligence, brand protection, physical security, investigations, due diligence and global business issues. ASIS - perfect meeting place for practitioners, policy-managers & stakeholders Mohammad Al Shammary, Senior Regional Vice President for the Middle East at ASIS International said: “Speaking at ASIS Middle East 2016 presents a rare opportunity for practitioners and industry leaders to improve how business is conducted and to contribute to the quality of the security profession by sharing their knowledge and expertise with a very engaged community of security professionals, regulators and technology and solutions providers. ASIS offers a perfect meeting place for practitioners, policy-managers and stakeholders, who are dependent the latest information and insights in their daily work.” Dave Tyson CPP, President of ASIS International said: “As we all work together to advance the security profession, the participation of presenters of the highest caliber at the conference is very important. Speaking at ASIS Middle East offers security professionals an opportunity to be recognised as thought leaders worldwide." ASIS Middle East 2016 will also feature a summit for Chief Security Officers (CSOs) organised by the CSO Roundtable of ASIS International as well as a trade exhibition with leading organisations and companies showcasing cutting-edge security technology and solutions.
The event will be organised around 3 days of educational sessions, keynote speakers, trade exhibition and more ASIS International, the global organisation for security professionals, has announced that it will hold its 15th European Security Conference and Exhibition on 6-8 April 2016 in London. ASIS Europe 2016 - A unique business security summit The ASIS 15th European Security Conference and Exhibition (or ASIS Europe 2016) is a unique business security summit that is expected to attract around 600 senior security professionals from all over Europe and beyond. Participants will be able to share and learn effective strategies and solutions for securing their organisations' people, property and information in today's challenging global security environment. The event will be organised around 3 days of educational sessions, keynote speakers, professional visits to leading organisations in the Greater London Area, a summit for Chief Security Officers (CSOs) organised by the CSO Roundtable of ASIS International and a trade exhibition featuring cutting-edge security technology and solutions from a select group of leading companies. A significant element of the event will be the various networking opportunities offered along the event such as the Welcome Party, the President’s Reception the lunches and networking breaks. Global exchange of best practices and experience Sir Edward Lister, Deputy Mayor of London, said: “We are delighted that ASIS International has chosen London as the destination of its 2016 European meeting. We look forward to welcoming back this world-class event for security professionals” Dave Tyson CPP, President of ASIS International, said: “We look forward to returning to London with our 2016 European Security Conference & Exhibition. London is one of the world’s leading hubs of culture, business and finance with its own unique security challenges. ASIS Europe 2016 will be an excellent occasion for a global exchange of best practices and experience regarding those challenges”. “The security profession in Britain is one of the most developed around the world and we believe that the decision of ASIS International to return to London reflects this" Andy Williams CPP, Chairman of the ASIS UK Chapter, said: “The security profession in Britain is one of the most developed around the world and we believe that the decision of ASIS International to return to London reflects this. We look forward to working with all like-minded organisations to make this important event a great success.” Proposals for presentation on all security related topics ASIS International has invited subject matter experts to participate in the conference programme by submitting a proposal for a presentation. The organisation will accept proposals on all security related topics, including: supply chain security, loss prevention, hotel security, intellectual property, maritime piracy, terrorism, executive protection, internal theft and fraud, competitive intelligence, brand protection, physical security, cyber security and convergence, investigations, due diligence and global business issues.
ASIS International showcased Europe’s leading suppliers of security technology and solutions ASIS International held its 14th European Security Conference & Exhibition on 29-31 March 2015 at the Messe Frankfurt Congress Centre in Frankfurt, Germany. Almost 500 attendees from 46 countries gathered to take part in a rich programme composed of exciting networking events, key industry presentations with exceptional keynote speakers and an industry exhibition showcasing Europe’s leading suppliers of security technology and solutions. The event kicked off on Sunday 29 March with professional tours of the Headquarters of Deutsche Bank and the Operation and Security Center at the Messe Frankfurt and meetings of the European Advisory Council of ASIS International and the organisation’s region and chapter officers. This was, followed by the Welcome Party – Powered by Nedap. Comprehensive overview of security situation On Monday 30 March, the conference opened with a keynote presentation by Dr. Thomas de Maizière, Federal Minister of the Interior of Germany. The Minister gave a comprehensive overview of the security situation in particular for industry and introduced the economic security architecture in Germany. This included focus areas of the security authorities such as countermeasures against crime and espionage, also in cyberspace. This was followed by a day of educational sessions on topics such as “the future of security technology”, “protecting soft targets from hardline Terror”, “social media - how does policing respond to mass data in crisis” and “eliminating Syria’s chemical weapons – the security challenges for the OPCW”. In the evening delegates gathered for the President’s Reception, hosted by ASIS President Dave Tyson CPP and sponsored by Tyco Integrated Fire & Security at the Palmengarten Gesellschaftshaus. Keynote presentation on security excellence Professor Martin Gill, Britain’s foremost criminologist, opened the next day’s programme with a thought provoking keynote presentation on security excellence, after which the conference continued with sessions such as “the rise of the jihadists - the second stage of the Arab Spring”, “security awareness - sharing best practices” and “a pharmaceutical's approach to mitigating the insider threat”. The conference was closed by Axel Petri, SVP Group Security Governance at Deutsche Telekom AG, Germany, who spoke about the impact of the Snowden revelations on the telecoms industry and need to regain the trust of the consumer. Both conference days also featured a CSO Roundtable Summit, organised by the CSO Roundtable, the forum for the most senior security officers of the world’s leading organisations within ASIS International.
Check out the research available from the ASIS Foundation. It is proving to be right on the button.When the Guardians of Peace hacked Sony Pictures Entertainment late in 2014, they crashed the studio’s email, leaked films and scattered personnel data across the Internet. By mid-December, four class-action lawsuits had hit Sony, claiming that the company had not taken adequate cyber-security precautions. How about your company? Are you prepared to withstand a cyber-attack? Are you at least worried? If not, you probably should start to worry. In August of last year, a prescient research report from the ASIS Foundation and the University of Phoenix, “Security Industry Survey of Risks and Professional Competencies,” declared that cyber-security would rank as the top security risk for the next five years. The ASIS Foundation is a non-profit arm of ASIS International. It awards scholarships to students pursuing a career in security management and conducts high-quality contemporary research designed to serve the security profession. The University of Phoenix takes an interest in security through its College of Criminal Justice and Security. “The ASIS Foundation and University of Phoenix have been doing great work,” said Dave Tyson, CPP, CISSP, president of ASIS. “On the research side, they produce crisp academic studies with conclusions that make sense.” The “Survey of Risks” interviewed 483 respondents carefully selected from 1,800 ASIS members who indicated an interest in participating in the survey. The 483 respondents ranked the top enterprise security risks for the next five years as: cyber-security, crime, mobile technology, natural disasters, and globalisation. The report pointed to cyber-security risks from organised external groups, such as the Guardians of Peace, rogue hackers, terrorists or internal personnel with criminal intentions. Crime risks, as always, arise from theft, fraud and violence from inside and outside of organisations. The proliferation of mobile technology, of course, poses risks to proprietary data. The increased frequency of natural disasters such as floods, earthquakes and wildfires is creating ever-greater risks. Finally, the globalisation of commerce gives rise to physical and intellectual property risks related to geopolitical conflicts. The respondents also ranked 22 core competencies considered critical to responding to these risks. Topping the list of competencies are decision-making, oral communication, anticipatory thinking, maximising the performance of others, collaboration, self-regulation and persuasive influencing. The ASIS Foundation and University of Phoenix conducted a similar survey in 2013 and came away with similar results. The same five risks topped the 2013 list. Cyber-security topped the list back then as well, although the other four were in different order. Mobile technology risks, which might be considered a category of cyber, ranked second in that survey. Globalisation, natural disasters and crime, in that order, followed. The 483 respondents ranked the top enterprise security risks for the next five years as: cyber-security, crime, mobile technology, natural disasters, and globalisation The 2013 survey also cited a similar list of competencies: enterprise risk management, business and financial management, diverse leadership and communication skills, anticipatory and strategic thinking and technological knowledge and ability. Both reports recommend viewing the top competencies as a way to guide training and educational efforts for individuals preparing for careers in security. The competency rankings can also provide a frame of reference for personnel decisions. Moving forward, the focus of ASIS Foundation and University of Phoenix training is shifting, according to ASIS President Tyson. “The next step is to develop a career ladder for security professionals,” he said. “If you are a security officer today, what is the next position up the ladder for you? If you are managing a guard company, today, and you want to become a chief security officer, what are your next steps? This is the Foundation’s focus now.”
The one hour self-paced training module will be presented online ASIS International (ASIS) and the National Centre for Missing & Exploited Children® (NCMEC) will present details of a new training focused on what private security professionals need to know about child victimisation. The presentation will take place on Friday, Jan. 23 beginning at 9 a.m. at the Ritz Carlton Pentagon City in Arlington, Va. ASIS is the leading organisation for security management professionals worldwide. NCMEC is the leading 501(c)(3) nonprofit organisation working with law enforcement, families and the professionals who serve them on issues relating to missing and sexually exploited children. “Security management professionals are highly trained to observe and take appropriate action in response to many different forms of risky behavior,” stated ASIS President Dave N. Tyson, CPP. “This specialized training further expands the scope of their knowledge and heightens their ability to protect and secure children globally. We are very proud of the work that has been done in collaboration with NCMEC and law enforcement agencies to bring this important training to fruition.” Kristen Anderson, NCMEC Executive Director of Training, sees it as a win-win venture. “The National Centre for Missing & Exploited Children is pleased to be working with ASIS International and the private security industry on this initiative. Through this training, we will be able to harness the vast human resources of private security professionals to help make children safer.” The one hour, self-paced training module will be presented online. It will discuss the nature and scope of missing and exploited children in the United States, what the private security officer needs to know in order to assist law enforcement, and aspects of victim behaviour and how to access additional resources. Covenant Aviation Security, LLC and G4S Secure Solutions (USA) Inc. hosted face-to-face pilots of the developing program to assist ASIS and NCMEC in finalising content.