Penetration testing of physical security systems is used to evaluate if a company’s security measures operate as intended. From a technology angle, penetration testing (pen testing) assesses whether the totality of the systems operate as designed, rather than testing each individual component. Does the system work with the officers, the policy and procedures that are in place? A session at ISC East, Nov. 20 in New York, will address the need for and benefits of penetration testing (also known as red teaming). The session, titled “We Sneak into High Security Buildings and Get Paid for It”, will be presented by Michael Glasser, President, Glasser Security Group. He has two decades of experience providing security design strategic planning, implementation oversight, auditing and penetration testing. “Penetration testing determines whether people and systems are providing the protection you think they are,” says Glasser. Various system components should come together into a solution that works for the client. People, technology and architecture are all components of successful security systems. His motto: “Stop guessing and starting testing". Test-driving security systems “You can compare it to driving a car,” says Glasser. “You want to be sure the brakes work and the engine works, but then somebody has to test-drive the car.” Stop guessing and starting testing" The concept of penetration testing goes back to the Cold War, when the military had “Red Teams” and "Blue Teams”, competing squads that used their skills to imitate attack techniques enemies might use. More recently, the term “pen testing” has become common in the cybersecurity industry, often referring to “white hat” hackers that test the effectiveness of cybersecurity measures. Applying the concept to physical security in corporate America brings the concept full circle. “People think their controls work, but they realize they really need to see if it all works together,” says Glasser. Pen testing in corporate America “You can go to any military base or nuclear power site and you see pen testing,” says Glasser. “But often it doesn’t happen in corporate America.” Sometimes physical pen testing is approached as an extension of cybersecurity testing because addressing physical threats is an element in cybersecurity, too. “It’s the same service, except to make sure the physical house is in order,” says Glasser. Glasser’s session will be among the SIA Education@ISC East presentations scheduled at the education theaters on the show floor at ISC East, Nov. 20-21 at the Javits Center in New York. The process If you believe the movies, Glasser’s job is all fun and excitement, like a “bunch of kids having fun”. The reality is more mundane, he says. “People think it’s fun, but it’s work, not fun.” The process is front-loaded with weeks of research and surveillance to determine possible vulnerabilities before attempting a break-in. Research is based on threat modelling: What is a company worried about? Who is the bad guy? What do they want to do? What are the threats? The process is front-loaded with weeks of research and surveillance to determine possible vulnerabilities Among other tools, Glasser uses Open Source Intelligence (OINT), which is collection and analysis of information gathered from public, open sources, such as media, the Internet, public government data, etc. Glasser comes from a physical security industry family – both his mother and father were employed in the security industry – and he attended his first ISC East show in the 1990s when he was 11 years old. As a security consultant and security expert witness for more than 20 years, he has previously spoken at GSX and various ASIS International events.
In addition to providing the Northeast’s largest security trade show, ISC East will include free conference sessions and keynote speeches right on the show floor and several paid workshops. The Nov. 20-21 event at New York’s Javits Center will also include vendor solution sessions from Axis Communications, Hikvision and NAPCO. Wide variety of paid workshops An advantage of the International Security Conference & Exposition in New York is that much of the programming is complimentary to registered attendees, and location of the sessions on the show floor means attendees don’t have to leave the exhibition to take in a session. The paid workshops include technology sessions about cyber terminology for physical security integratorsThe paid workshops include an Active Shooter Workshop and technology sessions about cyber terminology for physical security integrators; and basic installation and configuration of video surveillance solutions. An OSDP (Open Supervised Device Protocol) Boot Camp Short Course will also be offered. As a smaller show, the topics of ISC East conference sessions are broader and of more general interest, rather than organised into focused “tracks” as at ISC West. Attendance at sessions can provide continuing education (CE) credits with organisations that partner with ISC East – one credit for each hour-long session. Attendees can use their Certificate of Attendance from any session to self-report their education hours to relevant industry bodies: ALOA (AEU education credits), ASIS (CPE continuing professional education credits) and NICET (CPD Continuing Professional Development points). An advantage of the International Security Conference & Exposition in New York is that much of the programming is complimentary to registered attendees Keynote sessions at the Main Stage The Main Stage will be the venue for keynote sessions delivered by Deanne Criswell, Commissioner, New York City Emergency Management (on Day 1 – Nov. 20); and Angela Stubblefield, Chief of Staff at the Federal Aviation Administration (FAA) (on Day 2 – Nov. 21). The two SIA Education@ISC East educational theaters on the show floor will be booked up both days with a variety of interesting topics. A new session covers penetration testing for physical security, presented by Michael Glasser of Glasser Security Group. A session on LiDAR (Light Detection and Ranging) sensors will be presented by Frank Bertini, UAV and Robotics Business Manager, Velodyne LiDAR. Another popular topic is Safe Cities, and FLIR will present a session on moving from secured to smart cities with intelligent, connected systems. New addition is Active Shooter Workshop The Active Shooter Workshop is a new addition to the ISC East programme. It has been a popular session at ISC West for three years now. At ISC East, presenters of the workshop will be David LaRose, System Director Public Health, Lee Health; and Ben Scaglione, Director of Healthcare and Security Programming, Lowers and Associates. At the end of the workshop, an additional hour of programming will be the “Stop the Bleed/Save a Life” session presented by Jerry Wilkins, Co-Owner of Active Risk Survival. The Main Stage will be the venue for keynote sessions delivered by Deanne Criswell, Commissioner, New York City Emergency Management, and Angela Stubblefield, Chief of Staff at the Federal Aviation Administration Woman in Security event A Women in Security Forum breakfast event will be held on Nov. 21 (Thursday). It’s the second annual event and this year will focus on diversity and inclusiveness in the workplace of the future. Valerie Anderson, President of Boon Edam, will lead a discussion on “Diversity 2.0: Next Steps for Creating an Empowered Workforce”Moderator Valerie Anderson, President of Boon Edam, will lead a discussion on “Diversity 2.0: Next Steps for Creating an Empowered Workforce”. Panelists are Lisa Terry of Allied Universal, Andrew Lanning of Integrated Security Technologies, Elaine Palome of Axis Communications and Dawne Hanks of Milestone. The Women in Security event is likely to attract up to 100 attendees. SIA’s Women in Security is an active organisation, with monthly meetings and a newsletter that recognises prominent women in the security industry. “It’s really a group for both men and women,” says Mary Beth Shaughnessy, Event Director, ISC Events at Reed Exhibitions. “There are many programmes, recruiting efforts, and professional and networking opportunities. They are a robust group of people who are active in making a difference. It’s important to support women in the security industry, which is 95% male, and to develop a new generation of women to be a part of the industry’s future.” The keynote addresses at ISC East will also highlight two high-profile women.