Kelly Murray, the associate director at CISA, discusses the best ways to secure chemical facilities, which can be popular targets for dangerous actors. Watch her interview on SM Live with Security Management Editor-in-Chief Teresa Anderson below.
ASIS International
GSX Learnings: How to Meet the Safety Needs of Today’s Remote, Hybrid and On-Site Workforce
By Susan Friedberg
Over the past two years, workers around the globe have reconstructed their workplaces, as driven by health guidelines to prevent the spread of COVID-19. Many employees are not back at the office and instead continue to work from home remotely or work hybridly, reporting to an office on a part-time basis. Regardless of where the employee works, the security policies and procedures that were in place when 100% of the workforce was in the office no longer apply to the current workforce.
The GSX session, “Adapting Workplace Violence Strategies to Accommodate a Modern Flexible Workforce,” explored how workplace safety needs have changed and discussed how security leaders are now able to integrate learnings from the past two years to build new programs that protect employee and company safety. Even if employees are not in the physical office, employers are still responsible for providing a safe workplace.
Presenters Deb Andersen, PSP (Security Administrator, Physical and Cyber Security at MWI Direct) and Robert Achenbach (CSO and Director, Corporate Security and Safety at First National Bank of Omaha) shared how the core principles of developing a security program have adapted and evolved to support a new, diverse, workforce.
Leverage the Environment and Understand the Impact
Access management is considered the first line of defense for protecting onsite workers and employees. Security providers must first consider: who are we responsible for and where do they operate?
Classifying occupants and identifying the risks that come with where they report is a good place to start. Determine where employees sit – are they on or offsite, and depending on their seat, what sort of security privileges or access to physical assets or cyber information do they have? Does access to information and tools need to be different if they are in the office or working remotely?
Look at how traffic has changed in and out of the office. Employees that are reporting to an office are decreasing in number, but they may not be the only ones accessing an office building. Security leaders must continue to prioritize all categories of occupant access and their associated inherent risks. Many offices share a building with other tenants, who may have varying degrees of access to the building. Additionally, vendors, technicians, and other support staff will still need intermittent access. Guests that come onsite, whether preplanned or not, need to be monitored, and if the office has public access, office security must also continue to consider unplanned arrivals.
Understanding the Workplace Environment, Pre- and Post-Pandemic
When employees were completely in the office, security teams had direct, physical access and the ability to monitor activity and engage in safety-related activities. Pre-pandemic, employers could directly communicate in the office via speaker systems, run onsite drills and emergency planning, and understand the flow of employee traffic via access controls.
Today, those practices need to be adapted for the remote workforce; we may not always know where employees are seated, whether in their home office or elsewhere, but employers can continue to monitor the information they are accessing while remote. Security teams are also now considering societal stress levels that have become commonplace for remote employees, from social isolation, reduced resources, supply chain delays, and changed communication access to their teams, management, and leadership. Larger companies may have had the resources to provide a comfortable at-home workplace, but most employers needed to adapt existing resources to fit the needs of their teams.
Ultimately, the most important prevention measure for mitigating workplace stress is to build trust within the workplace, provide open communication channels with key leaders, and have open and transparent policies. For example, new communication technologies available today can deploy mass notifications or provide secure communication channels via an employee’s phone. No worker needs to feel isolated in their own home – smart policies can continue to engage them and ensure they feel seen and heard.
Changing the Training Environment for Onsite and At-Home
As there is no longer a singular workplace, there is no longer a one-size-fits-all approach to safety training. Employers need to have a full view of who is on-site to protect them against workplace safety risks and to provide them with training and resources to respond safely or evacuate.
For occupancy-related emergencies, onsite employees need to continue emergency response training, from locating first aid or fire extinguishers, knowing evacuation routes, and assigning and identifying team members who have a specialized role in emergency management, such as de-escalation or mental health emergency training.
Offices with a force protection team may need to update their training based on how many people are in the office on a given day. New technologies, such as unmanned check-in or access points, or AI-driven identification cameras, can help establish occupancy and access and streamline response efforts. Force protection teams can continue to conduct site surveys and identify new operational vulnerabilities and any consequent gaps in employee training, policies, or security equipment.
Communication is key for offsite workers, and employers can adopt new strategies to engage all employees. Hybrid workers who are not available onsite for training may need access to virtual simulations and office blueprints. Remote employees may benefit from internal newsletters with regular updates on security tips – from reminders about password management, clean desk policies, and any new information or policies they need to consider as they remain fully remote. In an emergency, remote workers can be relied upon for business continuity and should also understand how to support the company in the event of an emergency or event that would otherwise prevent their access and communication with leadership, management, and fellow employees.
All departments of a company, from security, legal, HR, and leadership, must come together for a complete approach to reaching all employees, regardless of their location. Each team has its own line into company risks and vulnerabilities and has a department-level approach to incident response and post-event recovery. All parties and approaches need to be considered if the company is to take a converged approach to safety and policy enforcement.
Holistic Security Brings Onsite, Offsite, and Hybrid Security Models Together
Security leaders and employers create healthy, safe working environments when they continually test all aspects of their security program, share information, and adjust, adapt, plan, and execute. In return, security leaders and teams build better relationships, meet the expectations of the leadership, and get to keep a finger on the pulse of their organization’s vulnerabilities and needs.
Our current and future workplace is supported through leadership and security partnership and transparency, with the objective to continually improve the organization’s security and posture while complying with workplace safety regulations and promoting a healthy and safe place to work. Remote work remains a new model, and regulators are now beginning to assess what standards need to be in place to protect offsite or remote workers, as employers remain responsible for their safety and well-being.
New security elements being explored include ensuring employees have the tools to be successful and supported, from access to secure Wi-Fi networks, appropriate equipment, cybersecurity, and access control. But beyond the tools that an employee needs to complete their job, employers are now considering how their duty of care is evolving, and how to check in with employees to ensure their home workspaces are safe from domestic violence or unrest, that their workplace tools are secured against theft or damage, and if employees need access to new employee assistance programs or mental health resources to support their transition into a fully remote work environment.
Today’s workplace is diverse and will continue to evolve, and security providers understand there will never be a silver bullet resource that addresses all elements of security, from protecting critical assets, information, and people. Workers around the globe have been able to enjoy the benefits of a remote or hybrid work model, and employers want to continue to provide this resource, but not at the expense of the company or their employees’ safety. By continually assessing the security landscape and taking advantage of innovative technologies, security providers and companies can support workers where they perform best and support continual operational health and growth.
For more information, contact:
Deb Andersen, PSP, Security Administrator, Physical and Cyber Security at MWI Direct (LinkedIn)
Robert Achenbach, CSO and Director, Corporate Security and Safety at First National Bank of Omaha (LinkedIn)

Susan Friedberg is the Director of Communications at Pronto.ai and Pollen Mobile and an ASIS Member. Reach her on LinkedIn.
Genetec Exhibitor Booth | SM Live @ GSX 2022
Charles Pitman, Product Marketing Manager Unified Platform for Genetec, shares some of the challenges facing security professionals, and how Genetec is working to meet those needs. Watch his interview on SM Live with Security Management Editor-in-Chief Teresa Anderson below.
Calling All Presenters!
Global Security Exchange gathers hundreds of security professionals from all over the world to share their knowledge and insights on trends, and best practices related to the security profession. We invite you to apply for a presentation slot for GSX 2023. GSX 2023 will take place from September 11th to September 13th in Dallas, Texas. This is your opportunity to align with the world’s largest and most prominent association for security management by bringing your knowledge to the GSX stage! The Call for Presentations is open now and will close on 23 January 2023. Click here for more information on the application.
We hope to see you all next September in Dallas!

Matthew Porcelli, CPP, GSX 2023 Selection Committee Chair
Antoinette King, PSP | SM Live @ GSX 2022
Antoinette King, PSP, the founder of Credo Cyber Consulting LLC, discusses how security professionals can learn through failure. Watch her interview on SM Live with Security Management Editor-in-Chief Teresa Anderson below.
GSX Learnings: Yes, Even Security Should Embrace Failure
By Mike Gips, CPP
At GSX 2022, I moderated a panel called Learning From Failure. Featuring renowned security practitioners Jeff Slotnick (Setracon), Antoinette King (Credo Cyber Consulting), and Ricky Davis (RICE Security and Consulting), the presenters shared some of the most painful failures in their career, but also explained how those letdowns became professional turning points or led them to wisdom and success they wouldn’t have obtained otherwise. We then offered guidance on how to turn failure to success.
Other industries welcome, even embrace, failure. Not security. Amazon founder Jeff Bezos famously blessed innovation through failure when he said, “If you are going to take bold bets, they’re going to be experiments. And if they’re experiments, you don’t know ahead of time if they’re going to work. Experiments are by their very nature prone to failure.”
Take Amazon’s delivery drones. It’s been at almost 10 years since Amazon promised them, but recent crashes in testing have delayed the rollout. Fortunately, the crashes have not caused any injuries.
News like that makes us security practitioners practically tremble at the word failure. We’ve been trained that no news is good news. When we think of failure, we often go to worst case scenarios: an active assailant that got past our officers; a background check that didn’t flag a fraud artist in our midst; a hack that cost the company invaluable proprietary information and incalculable reputational loss. Or a delivery drone injuring a child.
Our panel emphasized that we don’t have to think about success and failure as all or none. Obviously, we don’t want to fail when the stakes are high—a TSA officer failing to detect explosives that take down a plane is obviously unacceptable—but as long as we limit the potential consequences, failure can be our friend. In fact, it could lift us up to greater levels than we would have reached otherwise. After all, Amazon’s drone crashes have been occurring during testing. That’s the time to fail, so their drones can soar higher, metaphorically, at least.
In our session, Jeff shared a profound learning experience from his days stationed in the U.S. Army in Europe. He was tasked with writing a nuclear spill response plan for an Army civilian military engineer, which he labored on over an IBM Selectric typewriter. Two days after he turned it in, the civilian called Jeff into his office and handed him the document—which was “bleeding green from his felt-tip marker,” Jeff recalls. “I threw the report on his desk and said, ‘If you think you can do it better, then you do it,’ and I turned to leave. He called me back in a tone I was not used to hearing from a civilian and read me the Riot Act.”
By swallowing his pride, Jeff transformed his career and life. “The skills he taught me in writing, management, and leadership have lasted a lifetime,” Jeff says, starting with three Army promotions. He uses those skills today to write standards, prepare reports, mentor executives, and lead teams. Best of all, decades later he remains friends with his one-time nemesis.
Antoinette’s failure came from the opposite problem: not having enough confidence. She told the audience about her entry into the security field as an installation technician. “Unbeknownst to me, it was highly unusual for a woman to be a technician pulling cable, installing devices, and building head ends,” she says. As the only woman on a typical job, she would blend in or try to become invisible. “For the next several years I did everything in my power not to be seen. This resulted in many missed opportunities.” She eventually realized that her differences made her valuable, and today she spends time mentoring women in technology and ensuring that they don’t minimize themselves like she did.
Probably the most inspirational parts of the session occurred when we invited audience members to share their stories of failure—whether they led to redemption or not. One attendee related how he had recently been turned down for a prestigious credential, but the feedback he received in the process showed him that he needed to evolve from an operational to strategic mindset.
Ricky, Antoinette, and Jeff then discussed how to grow from setbacks, such as by acknowledging failure, accepting responsibility, pausing and reflecting, seeking advice and criticism, extracting lessons, keeping perspective, making incremental changes, staying positive, and taking care of yourself. They then turned toward a more clinical approach to overcoming failure, exploring topics such as process inadequacy, task challenge, process complexity, and hypothesis testing.
Today’s security professionals are risk managers. Though we manage risk and usually don’t try to eliminate it, risk gives us anxiety. But we also know there is no reward without risk. So how do we adjust our risk tolerance to accept failure?
Akshay Bhargava, Chief Product Officer at Malwarebytes, developed a philosophy called Failing Toward Zero, and it can work for security professionals of all types. He writes that “Failing toward zero is a state in which each security incident leads to a successive reduction in future incidences of the same type.” In corporate security, this may mean reducing the number of tailgating incidents, security policy violations, or incidences of theft successively over time. It involves identifying the source or cause of the failure and remediating it, iteratively improving security and yielding better results. But be careful not to focus on the results alone. Sometimes good processes yield bad results and bad processes yield good results. It’s improving the process that’s key. In short, test, tweak, and test again.

Michael Gips, JD, CPP, CSyP, CAE, is the Principal of Global Insights in Professional Security, a consultancy focusing on security thought leadership, content, strategy, research, insights, and influence within the profession. Reach him on LinkedIn.
Rya Manners + Erwin Van de Weerd, APP | SM Live @ GSX 2022
Rya Manners, a Director of Solutions at Securitas Security Services, and Erwin Van de Weerd, an Area Physical Security Manager BeNeLux at SAP, talk about the future of the security industry and the role of upcoming professionals. The two also announce a big change – the ASIS Young Professionals Community will now be called NextGen. Watch their interview on SM Live with Security Management Editor-in-Chief Teresa Anderson below.
GSX Learnings: Applying Security Practices to the American Electoral Process
By Susan Friedberg
The security of the American electoral infrastructure is of critical national interest. Free, fair, and safe elections are a vital priority of the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA), which supports the state and local election communities and the American public to ensure they have the necessary tools to manage risk and build resilience in the nation’s election infrastructure.
In the GSX presentation, “Combatting Insider Threats in Election Infrastructure,” Chris Piper,
(COO, Elections Group), Kim Wyman (Senior Election Security Lead at CISA), Amanda Grandjean (Director of Elections, Deputy Assistant Secretary of State at Ohio Secretary of State’s Office), and Matt Crane (ESI Subject Matter Expert Consultant at CISA) shared their collective experience implementing and advancing security tools and techniques for elections, to prevent any intentional or unintentional harm.
Understanding the Business of Elections
Departments of elections are continually assessing threats to their processes, conducting resilience training, and updating their standard operating procedures. The speakers discussed three primary security considerations: cybersecurity, physical security threats, and insider threats, including the spread of misinformation.
Grandjean said election security leaders are faced with the challenge of creating a comprehensive election infrastructure for a decentralized system. State and local elections may vary in the types of ballots, the voting timeframe, and the cadence of elections. Comprehensive election security cannot be focused on one single area, but rather must be a program with multiple layers.
Utilizing Federal Resources to Strengthen Elections
Regardless of the size of the election resources in a city or county, local election officials have the resources to investigate any threats to their election. Wyman shared information about the Help America Vote Act of 2002, which established the Election Assistance Commission (EAC). This organization is dedicated to assessing and improving voting systems and voter access and provides funding to help states meet mandatory minimum election administration and security standards.
CISA also works with local governments to quickly identify and mitigate any threats and provide year-round training for local election officials to identify common threats and harden their security posture.
Deploying a Layered Approach to Election Security through Standard Operating Procedures
Piper emphasized that multiple security techniques and processes need to be in place to help cover various security considerations at each election, starting with robust standard operating procedures, hardened access control, strict chain of custody, and zero-trust security.
With standard operating procedures, election officials recognize quickly when a task or role deviates from protocol. Piper shares that election officials can learn from the security community to create these SOPs and execute them.
Every community that holds elections must also have a policy in place for access control. CISA helps election officials create SOPs that document the chain of custody of election equipment and ballots. A zero-trust security approach eliminates implicit trust and continuously validates every stage of the voting – from ballot printing to post-election audits. For example, this end-to-end technique is applied to how a voting tabulator is stored, tested, transported, and deployed, and to securing, transporting, and counting ballots. Election officials strictly document this process to show that the chain of custody has been met perfectly.
Addressing Constantly Evolving Election Security Challenges
Security directives are continually updated, incorporating advancing cybersecurity techniques and reflecting the desire from voters for transparency. For example, security approaches include stress testing software, increasing physical on-site security with the latest surveillance technology, enforcing additional logging, deploying seals to voting equipment, and securing devices with double-locking keys.
Poll workers also undergo special training, reflecting new security directives, and are mandatory reporters should they observe any wrongdoing. Insider threats are continually monitored so that polling workers and their efforts can also stand under scrutiny.
Building Public Trust Through Transparency
According to CISA, “securing election infrastructure from new and evolving threats is a vital national interest that requires a whole-of-society approach.” American voters have many open avenues to connect and learn about election security practices. Grandjean shared an infographic from the Ohio Secretary of State that describes to voters the core tenets of the voting security process. CISA also has a public library of election security resources for the public.
Every speaker emphasized that boards of elections and election officials must also include public relations as a part of their role. Ultimately, whenever there is a public demand or question of election security, election officials will have the tools, checklists, and transparent processes to demonstrate their commitment and compliance with federal election standards.

Susan Friedberg is Marketing Communications Consultant based in San Francisco and an ASIS Member. Reach her on LinkedIn.
Sherrod DeGrippo | SM Live @ GSX 2022
Sherrod DeGrippo, the Vice President of Threat Research and Detection at Proofpoint, Inc., discusses how security professionals can become better at protecting their organizations from outsider threats. Watch her interview on SM Live with Security Management Editor-in-Chief Teresa Anderson below.
Jim Sawyer, CPP | SM Live @ GSX 2022
Jim Sawyer, CPP, discusses the importance of diversity, equity, and inclusion in the security world. Watch his interview on SM Live with Security Management Editor-in-Chief Teresa Anderson below.
Lida Citroen | SM Live @ GSX 2022
Lida Citroen, CEO of Lida360, discusses personal branding and how you can build trust in your security brand. Watch her interview on SM Live with Security Management Editor-in-Chief Teresa Anderson below.
GSX Learnings: Preventing Societal and Retail Crime with Established Security Approaches and New Technologies
By Susan Friedberg
Communities around the world struggle with retail theft and crime, from petty theft to flash mobs, and retailers are increasingly shutting their doors in favor of protecting their operations and avoiding further losses. A greater challenge for retailers is that they are not always able to call upon law enforcement for support and defense. Under-resourced police departments are increasingly unable to respond and follow through with investigations, leaving retailers with the responsibility to build their own security programs and policies that provide a positive shopping experience for their customers and create a safe workplace for their employees, all while deterring and defending against theft and losses.
It’s a tall order to ask for, but not an impossible one; share the presenters of the GSX session, “Solving the Increase in Societal Crime Issues through Physical Security Design: Why the Current Wave of Crime is a Wake-Up Call for Security Professionals.”
Moderator Antoinette King, PSP (Founder, Credo Cyber Consulting) was joined by panelists Jeffrey Slotnick, CPP, PSP (Founder and President, Setracon, Inc.), Mike McGovern, PSP (Business Development Manager, North America, ASSA ABLOY Entrance Systems), and Mark Folmer (President, Robotic Assistance Devices), to share their collective experience with integrating technologies and security strategies for their retail customers and clients, that support their business goals.
Retailers, the speakers agree, can integrate simple and effective deterrence architecture and technologies to prevent crime, stay open to serve their communities, and remain profitable.
The Costs of Staying Open
Today, retailers are closing at high rates, both due to a pivot to digital retail experiences as well as to prevent any further losses. According to MSNBC, “Year to date (as of March 2021), retailers in the U.S. have announced 3,199 store openings and 2,548 closures, according to a tracking by Coresight Research. The firm tracked a whopping 8,953 closures, along with just 3,298 openings, last year (in 2020), as the pandemic upended the retail industry and pushed dozens of businesses into bankruptcy.” Additionally, Insurance costs are rising, sales taxes are lost, brands are being devalued, and the cost of theft is raising the final price tag for customers. Retailers who have experienced petty theft, to organized crime are seeing more reason to call their losses and shut their doors.
However, this is the “defeatist attitude,” which the speakers emphasized can be avoided through smart security practices. Retailers must first assess the total cost of risk when they start by considering the loss of revenue as a part of their calculation, and from there, understand a reasonable spend for security.
Creating Safe Workspaces by Putting the Machine as the First Line of Defense
From internet sleuthing to AI-driving technologies, retailers can access a variety of technologies to monitor criminal activity before and during any event and to utilize the information for post-event investigation and prosecution.
The speakers spoke to the trend of flash mobs, where a group of individuals suddenly congregate, enter a store together, steal as much as they can as quickly as they can, and leave. Stores can experience profound losses through this quick and effective mode of theft. Many flash mob participants have even taken to filming and posting their theft on social media – adding further insult to injury. The speakers consider security practitioners to begin monitoring social media for signs of activity in the area through social listening tools.
Retail crime is not victimless, shared the speakers, as retailers must also consider employee safety and security and create a positive workplace environment. Stores today are beginning to integrate autonomous technology, such as self-checkout, to help employees focus on helping shoppers in-store rather than at the register – the speakers emphasize that “often time the interaction between machine and person is less conflictual.”
Additionally, high-end retailers are beginning to offer “shopping by appointment” experiences, where they can pre-register a customer and understand better who is entering and exiting their facilities with the intention to shop, or otherwise.
Depending on the store’s budget, cameras and camera screens can be placed at entry points of a store, so shoppers see themselves on camera as they enter the facility – which the speakers describe as a more psychological deterrence. More advanced retailers are deploying AI-driven cameras with facial recognition. With video analytics, security teams can detect certain behaviors, watch buyer behavior patterns and be able to observe behavior patterns exhibited by a thief. With consideration of the area’s laws, facial recognition has also been an effective tool to ensure repeat offenders do not re-enter a facility or to build evidence in cases where petty theft may not be prosecuted, but compounding theft of more than a certain amount will lead to more serious criminal charges.
With these technology-driven approaches, retail workers can then focus on deploying another smart, non-technological technique – welcoming visitors into the store. When shoppers enter, they are greeted, being recognized – and while many appreciate a warm welcome, it is also a tactic for security to see who is coming and going into and out of the store.
Hardening Physical Barriers and Creating Smart Architecture
Physical security measures, the speakers share, may be low tech but provide high value for the retailers. Some examples the speakers shared included installing roll-up screens to protect against overnight vandalism, placing bollard posts at entry points to prevent forced entry by large vehicles, hardening entry points by placing screens on windows and skylights, and developing landscape architecture that ensures a visual line of sight for the store to observe outside the movement.
Inside the store, retailers can design their layout to include turnstiles, create a circular flow, or one-way traffic that moves shoppers on a specific path. A common practice for retailers is to place high-value items at the furthest point away from the exit and invest in good lighting.
Adopting a Community-Driven Mindset and Approach
The speakers concluded by assuring us that retailers are an integral part of serving our communities, adding culture and economic improvement, and fulfilling essential needs. As retailers of all sizes focus on maintaining profits and protecting their operations, security professionals can come together to extend our understanding of crime prevention and advance the techniques and technologies which retailers can use to stay open.
It should also be noted that according to Mark Doyle, president, Jack L. Hayes International, which oversees a leading annual retail theft survey, “When it comes to shoplifting, the survey (released earlier in 2022) showed many retailers moved away from apprehensions in 2021 and focused more on recoveries. Our survey revealed shoplifting apprehensions were down 16.2% in 2021, while overall shoplifting recoveries (from apprehended and non-apprehended thieves) were up a staggering 30.8%. Survey respondents noted the pandemic environment, staff safety, lower police response, and higher risks as some of the reasons for less shoplifter apprehensions. There was an increase in 2021 in both dishonest employee apprehensions and recovery dollars, 6.0% and 29.8% respectively.”
From mom-and-pop pharmacies and grocery stores to larger retailers and local service providers, by protecting our communities and retailers, we create an environment for our neighbors and visitors to feel safe and respected, fulfill their needs, and better our economies.

Susan Friedberg is Marketing Communications Consultant based in San Francisco and an ASIS Member. Reach her on LinkedIn.