29 September - 1 October, 2025
NEW ORLEANS, LOUISIANA, USA
Orange County Convention Center (OCCC) Security Supervisor and ASIS member Sandra Dailey, CPP, welcomes you to the OCCC in Orlando, Florida. Watch this short video to learn more about the health and safety precautions in place at the OCCC.
Thank you to Sandra and the rest of the team at the OCCC for facilitating the safest environment possible for GSX 2021 attendees, exhibitors, and speakers!
By Luann Edwards
Security professionals: You might not realize this, but you have a superpower. It helps you predict the future, enhance physical security, and generate return on investment. It’s your data, and with it you can demonstrate and deliver measurable value for your organization.
At GSX+ on Wednesday 23 September, Louis Boulgarides of Ollivier Corporation and Jonathan Moore of AMAG Technology presented The real story of how analytics affect physical security. This session looked at security systems data, the capabilities of new analytics technology, and how insights from these can deliver organizational ROI. (If you missed the session, you can watch it on demand here until December 31st.)
“Data analytics take sources from multiple systems in the organization and analyzes behavior and other trends to yield important information.”
Moore set the stage by outlining the sources of data that exist within the security function: access control, video surveillance, alarm management, and incident management systems are just a few. Analytics have grown increasingly sophisticated in this space. They give today’s security professional the ability to analyze the past, predict the future, and help you identify ways to solve problems you might not have realized even existed.
“Security tech is helping educate the larger business on how to analyze and become more proactive for better decision making,” shared Kristin Lennardson, protective intelligence programs with the Association of International Risk Intelligence Professionals.
As I attended this session, two important themes became clear: Security systems data can paint a complete picture that benefits the entire organization. And, it is critical that you build relationships with leaders across departments to understand their needs and challenges to identify where your own data can help.
Consider this hypothetical scenario: You’re in a Zoom meeting with your counterparts from across the organization, and you note that more employees are entering your building each week per data from your building access system. Your facilities management team takes this information to identify where they need to increase cleaning protocols in high-traffic areas due to COVID-19. Your IT colleagues can factor this in as they ensure that their cyber security efforts and connectivity levels align with the number of remote workers versus those in-house. And if an employee is accessing the building at times that are outside of his normal routine, it might give human resources an indication that he’s considering leaving the company. One data insight, multiple applications.
Not surprisingly, the information that your colleagues can share with you can inform your own program. With strong relationships and communication across departments, you can understand your colleagues’ unique challenges and motivations and create real value through aggregated data. This shift changes the view of the security function from one of overhead to that of a strategic partner. The speakers outlined the likely needs of key players in an organization to help you visualize how this collaboration might look.
One of the greatest opportunities for security technology and data is presented through this “new normal” of COVID-19, as Boulgarides explained. Security professionals are now creating “security, safety and health programs – the scope has broadened a great deal.”
Social distancing, monitoring the number of people in a location, contact tracing, and assessing mask-wearing compliance tend to be manual tasks, but those with the technology in place will be able to automate some of those activities. Think about a turnstyle or an access control system that can also count how many people enter or exit.
“Security is still viewed as a grudge purchase, especially in the economic times like we find ourselves in now.” Edward Baes, head of security consulting at BUROHAPPOLD, shared with ASIS recently.
When security systems provide data that saves an organization money and automates processes in addition to its security objectives, the value is right there in the analytics.
Luann Edwards is a social media marketing consultant and blogger. She is the founder of Socially Professional, a social media marketing consultancy, based in Providence, Rhode Island, USA.
by Randall Rosenbaum, Executive Director, Rhode Island State Council on the Arts
I’m the director of the Rhode Island State Council on the Arts, and as such, the director of public art for the State of Rhode Island. In September, I “attended” a Global Security Exchange Plus (GSX+) virtual presentation by Art Hushen, the President of the National Institute of Crime Prevention in Tampa, FL. Art was going to talk about “Corporate and Public Art as a CPTED Strategy”.
Since my degree is in music education I had to first discover what CPTED stood for, what it meant, and how public art applied to Crime Prevention Through Environmental Design.
Art did a masterful job connecting the dots for me as an arts professional and advocate for public art in our community. We advocate for public art as a way to enhance and enliven a community, and so does Art. What Art adds to the conversation are all the arguments that we should be using in convincing people to support the inclusion of art – in all its forms – into and around their buildings and communities. As budgets grow tighter, the resistance to art increases. The added benefits of art, as explained by Mr. Hushen, may help those who don’t entirely “get” art, and may not be enthusiastic about spending money from their budget to commission work.
I understand the concept of “Territorial Reinforcement” (although never by that name), and how art can and should be a reflection of the community in which it resides. I never in a million years would have thought about “Natural Surveillance” as a benefit of public art, and the way that art, strategically placed, can help focus people’s attention so that it focuses attention – even of passersby – and helps promote a safe environment.
I was particularly taken with Art’s examples of work that helps extend the footprint and designate entrances to buildings (“Celebrated Entryways” and “Focal Points”) while at the same time promoting a safe and secure environment. And his examples of the placement of human-like sculptural pieces and murals that mimic an apartment house façade with people looking out the windows, all designed to discourage “bad behavior” from unruly folks, was particularly enlightening. It made me long for statistics that measure the decline in police activity around areas where such artwork is located.
I came away from Art’s presentation with a new vocabulary to use in my work, one borrowed from a field that is highly respected and different from the fields in which I operate. I can’t wait to employ this language in my next meeting with a potential public art client.
By Security Management Senior Editor Megan Gates
The concept was a bit daunting at first. How to take a major security conference held in a bustling convention center full of approximately 20,000 people and put it into a virtual format that was enlightening, engaging, and entertaining—all in just a few months’ time.
But the ASIS community rose to the challenge to create GSX+, full of keynote speeches from security leaders, education sessions from subject matter experts, and networking opportunities, with a few celebrity guest appearances thrown in for good measure. And thousands of security professionals from more than 80 countries tuned in.
“The COVID-19 interruption to our event was significant obstacle to contend with. And I know I can speak for everyone, when I say that GSX+ provided security professionals with all the benefits of our regularly scheduled event,” said John Petruzzi, Jr., CPP, executive vice president of the Northeast Region of G4S Secure Solutions NA, and ASIS International president-elect.
Throughout the week of GSX+, the Security Management team was hard at work bringing attendees analysis and updates via the GSX+ Daily. Here are some of the highlights we covered—many of which feature On Demand presentations available to All-Access Pass holders for viewing until 31 December 2020.
GSX+ kicked off with a strong opening keynote by Juan Manuel Santos, former president of Colombia, who helped broker an unprecedented peace deal—a move that earned him the Nobel Peace Prize.
In his remarks, which covered the COVID-19 pandemic and subsequent economic impacts, climate change, and more, Santos discussed the need to never lose hope.
“Never succumb to fear, because fear is the mother of all negative and destructive systems,” Santos said. “And never forget in times of difficulty and uncertainty, like the times we are living, we must find guidance in our values and our principles. They will show us the way. That’s what we did in Colombia to end the last war in the Western Hemisphere with the strongest guerilla.”
ASIS International President Godfried Hendriks, CPP, shared how he was preparing for GSX+ and his admiration for the security community, which has come together as never before during the COVID-19 pandemic.
“I have never been more proud to be an ASIS member. Watching how our members came together to share information and insights with one another on a regular basis throughout 2020 is a testament to the power of our network,” Hendriks said. “From the beginning of this pandemic, our network immediately embraced technology that would better connect our members locally, nationally, regionally, and globally. It has been quite inspiring to see firsthand how our network has come together more than ever before.”
On Tuesday, leaders from Solvay Group—a multinational chemical company operating across 60 countries—discussed the long-term effects 2020 may have on the business and how security is playing a role in ensuring the organization’s future preparedness and risk management strategy.
French criminologist and national security expert Alain Bauer also stressed on Tuesday the need to reinvest in security apparatuses to prepare for future threats, including the next pandemic.
Later in the week, retired four-star U.S. Army General Stanley McChrystal shared the leadership lessons he learned when facing al Qaeda in Iraq while commanding the Joint Special Operations Command.
“When we think about leaders creating an organization, what they’re doing is creating an environment or an ecosystem in which the people in the organization—the junior leaders and even the most junior people—can do that which only they can actually do, which is accomplish the mission,” McChrystal said. “It’s a different role for the leader; it’s a little less ego-based… but the reality is it’s the most effective way to build an organization that’s fast and adaptable. It creates leaders that help create more leaders, and leaders that help to create success.”
And on Thursday, GSX+ sessions focused on cybersecurity and how innovation is changing the security threat landscape. In her keynote address, Keren Elazari, CISSP, former hacker and security researcher, shared how hackers can act as the immune system for the Internet—encouraging security professionals to address vulnerabilities in their systems.
In a Game Changer session, hacker and Snyk Application Security Advocate Alyssa Miller shared how bad actors can leverage increasingly accessible deep learning neural networks to manipulate media—potentially impacting organizations’ reputations and futures.
GSX 2021 is scheduled to take place 27-29 September 2021 in Orlando, Florida, USA. Provided it’s safe for us to meet again, I look forward to seeing you there!
Dedrone, the market leader in airspace security, announced the launch of a new radio sensor for drone detection. In connection with Dedrone’s DroneTracker software, the RF-360 detects, classifies and localizes unwanted or malicious drones and their remote controls on the basis of their radio signals at great distances and in areas with high radio traffic, for example in cities or at airports. The successor to the RF-300 automatically connects to the Internet and is quick and easy to install.
“Dedrone continues to innovate and meet the airspace security needs at the world’s most critical operations, including utilities, correctional facilities, government and defense operations,” shares AD Devarakonda, CEO of Dedrone. “The RF-360 provides our customers the data they need to protect their operations against unwanted drones.“ In the past year, the COVID-19 shutdowns accelerated use-cases for drones, and with more drones in the skies, come more exposed vulnerabilities. With this new sensor, Dedrone customers will continue to maintain complete airspace domain and manage their drone risk.”
New features of Dedrone’s RF-360 include:
Much has been made of generational differences and their effects on the workplace. Few generations have not found fault with those who came before or followed after, but the acceleration of technology and services has forced many organizations to contend quickly with the need to recruit and retain a digital native workforce. Security is no exception.
Here, Security Management connected with Angela J. Osborne, PCI, PSP, regional director for Guidepost Solutions and an advisor to the ASIS Young Professionals Community, to discuss multigenerational management and how recruiting a diverse workforce can benefit security departments and organizations—as well as some pitfalls to avoid.
Want to learn more about this issue? Hear more from Osborne, plus Jairo Borja and Michael Brzozowski, in their session How to Recruit and Retain Gen Z in Security Organizations on Monday, 21 September, at GSX+.
Security Management. How does having multigenerational talent—Generation Z in particular—bring value to an organization?
Angela Osborne. Having multigenerational talent in security departments is highly useful as we bring distinct perspectives based on our shared experiences as members of different generations. Our baby boomer colleagues often bring institutional memory, experience in working in the field, and an understanding in how to get things done within an organization. These individuals often know where the landmines are placed and the past interactions with different departments and stakeholders.
Gen X is a bridge between baby boomers and millennials, and GenXers often have the ability to translate baby boomer expectations and explain the rationale behind the department’s structure, the method of working, and the means to navigate the entity.
For millennials, they bring a diversity of live experience, savviness with technology, and understanding of perceptions on how security guidance can be understood by millennials and Generation Z colleagues. Gen Z, in particular, is known for its openness, focus on practicality and fiscal responsibility, and digital nativism.
A strong team will focus on having representatives across these groups due to the fact that our organizations and client bases are made up of these different groups. In security, much of our work is on training and awareness, gaining compliance on security protocols, and achieving buy-in to security culture. We need to present guidance and plans for our organizations by considering these distinct groups, keeping in mind that people are individuals, and we cannot assume things about people solely based on their generational range as well.
Security Management. What strategies have you seen succeed in attracting and retaining multigenerational talent?
Angela Osborne. Often in the security field, recruitment takes place based on people’s professional networks, as our work focuses on trust and integrity. The challenge with this is that we are limiting ourselves to our own pool of contacts. We will tend to attract people like ourselves with similar backgrounds and life experiences. Here are three best strategies that I have seen:
Security Management. How can a security leader successfully manage someone transitioning into or beginning their career in security?
Angela Osborne. First and foremost, it is important to be clear about expectations. People transitioning into this field need to know what is expected of them, and I try to put these expectations in very clear terms for people.
The next step that goes hand-in-hand with clear expectations is to communicate continually, and don’t assume people will interpret your tasks and direction in the way that you would. We have to maintain open lines of communication, so if people have questions, we can address them early on in the process. The communication should take the form of phone calls or virtual meetings, email, and messaging to cover the bases.
As an example, when I first joined TAQA in the UAE, I reported to a manager based in The Netherlands. Our communication was all virtual for my first summer. This person was very engaged in ISO terminology and put everything in terms of ISO. He asked me to submit a deliverable plan. I submitted a list of goals in the SMART format in order to meet this requirement. We had a very circular conversation after this list, and I realized that we were not speaking the same language. He was looking for me to put my content in MS Project and to use ISO terminology. Once we clarified the terminology, we were able to work together in a more productive manner.
We also have to recognize that among generations we are likely to see things differently based on our life experiences. We should be able to express ourselves but to be mindful that not everyone will agree with us and some topics are not appropriate or productive for the workplace. I encourage teams to avoid discussing politics, religion, and controversial topics in the workplace. We should focus on our entity and department values and use these to guide our interactions. Our societies have a number of exceedingly divisive issues, but our teams must be able to function effectively without alienating people. This is why training and awareness on diversity and inclusion is needed.
We also cannot make assumptions that people joining an entity for the first time or joining a security department for the first time have the same understanding of ethical responsibilities—for instance reporting improprieties. We must stress the importance of acting in ethical manners and reporting concerns, and this should be communicated not just to full-time employees but also contractors and part-time employees. Security departments depend on their reputations, and the team members must hold each other to a higher standard to maintain stakeholder trust.
Aaditya “AD” Devarakonda is the CEO of airspace security company, Dedrone. Visit Dedrone on LinkedIn, Twitter, Facebook and Instagram. Contact [email protected] for more information on how to get started with your complete airspace security program.
Even with shutdowns related to COVID-19, we are still seeing news reports of drones coming to airports, stadiums, and other critical infrastructure. How has airspace security changed in the wake of COVID-19?
COVID shutdowns accelerated use-cases for drones, and with more drones in the skies, come more exposed vulnerabilities. The airspace security market, two years ago, was in its infancy. Today, Dedrone customers are all around the world and reporting back through their datasets that they are seeing nearly over 100% increase in unauthorized drone activity at the start of the COVID-19 shutdowns beginning in March. This might be as simple as, this past summer, drone pilots were sitting at home, bored, and wanted to take drones out to capture footage of the world as we sheltered in place. Drones have always been able to go where you cannot go by yourself. This was the truth before COVID, and it is accentuated even more now.
For example, we are seeing news alerts of drones coming to stadiums to observe MLB games, and more alarmingly, drones continue to fly near disaster sites, such as wildfire or hurricane response zones. Even if it seems like there is no harm done, these drone flights may be violating federal airspace regulations, copyright and IP laws, and also common sense. Airspace security technology is designed to detect, classify, localize the drone, and help security teams stay ahead of any threats to their operations and airspace.
What’s changed in the past year, around what drones are doing in the security space?
Drones are becoming more readily available on the commercial market and more attractive to buy. They are less expensive, able to fly longer, and with greater payloads. Additionally, the drone market is shifting and while DJI remains the market leader, both US sourced and other global brands are coming in to disrupt the market. In the next few years, drone detection technology will have to adapt to this change in the drone landscape and capture the true nature of all drone activity, regardless of the make or model. More organizations are looking to bring drones on as a part of their security team – to help with surveillance, site inspection, or inventory. Still, security teams must also be aware of how to differentiate the drones that are a part of their program, ensure compliance with local, state, or federal laws, and then expose an unauthorized or hostile drone in their area. With the growth of the drone market and the increased savviness of drone pilots, security teams need to be able to detect multiple different drone brands and not just from GPS signals; they must be open to a multi-layered security solution to ensure security.
Counter-drone technology is a broad term covering many solutions – how can we narrow down what an organization needs to implement to protect people and assets from drones?
In order to address airspace risk, organizations first need to shift their mindset from focusing purely on the counter-drone technology, to what they truly need to achieve complete airspace security. Foundational drone detection systems will help security teams understand what drones are in their airspace, and from there, they will know what they need to protect their organization against. The biggest challenge for security providers when it comes to airspace security is understanding their threat level. Companies first need to build a full airspace security strategy, and that begins with quantifying their airspace activity – when, how often, and what drones are entering your airspace. From there, security providers will then want to ask more questions, such as observing the actual drone, and seeing what it is doing and where it is flying.
Can counter-drone technology impact a broader intelligence or security program?
Security providers are operationalizing airspace security into existing infrastructure. Airspace security technology provides the tools needed for situational awareness during a drone incident, and the intelligence to help security teams decide how to integrate airspace security protocols into existing SOPs. Security teams can respond appropriately to the drone threat. This could include changes in shift rotations, shipping and receiving hours, or making sure critical meetings, research and development, and VIP guests have an additional cover or obstructed views. Without a lower airspace risk assessment and the associated intelligence, security leaders will not be able to model their organization’s risk accurately, and therefore, prevent incursions and losses.
Laws and regulations around counter-drone technology are starting to take shape – what should GSX+ attendees look for in the coming months from regulators?
There are laws and regulations being developed across the United States that promote the safe integration of drones into the national airspace. Dedrone helps regulators understand the data behind drone activity – how many flights are not registered, unwanted, or otherwise a threat. The FAA is doing a tremendous job with creating drone registration programs and building awareness of safe flights in this nascent market. Dedrone’s drone detection technology is designed for use in accordance with U.S. federal law. Today, many federal departments and agencies have taken tremendous effort to address how drones are an immediate help, as well as an immediate threat to safety.
The biggest issue we should track on for this year and early 2021 is how the FAA manages the logistics and general lower airspace traffic. The FAA will be responsible for creating and managing a comprehensive unmanned traffic management framework, which will be the backbone of monitoring lower airspace activity. With drone detection systems, organizations like the FAA can quantify drone traffic, whether or not it is authorized or non-compliant, and ensure compliance with FAA drone registration programs, such as Remote ID.
What key use cases and industry verticals are you seeing leading in the adoption of counter-drone technology?
For GSX+ dealers and integrators who want to get involved with counter-drone technology – how can they educate themselves about the latest in counter-drone technology, so they can offer airspace security services? They are already in the right place – GSX+ has created great opportunities for everyone to review the latest in counter-drone technology and assess for themselves. Check out some of the drone-related sessions taking place at GSX+ this 21-25 September.
The critical part is for integrators to understand what works and what doesn’t work. Can a technology provider make a promise they stand behind? Is the technology provider cognizant of the broader landscape of drones, have an understanding of how the drone market is evolving, and how their technology is advancing to address current and future threats? We always advise anyone looking at counter-drone technology to consider the problem of airspace security and look a few years forward to see if it will still work in a few years. The cost of switching may be more in the future.
World-class networking events have long been a hallmark of Global Security Exchange (GSX). With daily happy hours and receptions, this year’s new GSX+ virtual experience looks to bring the same energetic entertaining opportunities to catch up with friends and colleagues in the virtual space.
Join us at 3:30 pm ET every day from Monday through Thursday for a different exciting event:
End the week in style as we celebrate security’s best at the ASIS Awards of Excellence and Outstanding Security Performance Awards (OSPAs) Celebration at 12:25 pm ET. Explore a virtual gallery space where you can learn more about this year’s award recipients and even congratulate them directly in individual Zoom rooms.
All week long, the ASIS Break Room will provide fun games and diverting activities. Take advantage of:
With networking and meeting scheduling capabilities directly within the platform, GSX+ offers countless opportunities to forge new connections and build existing relationships at the industry’s premier security event—reimagined for the online experience.
Register today to advance your career from the comfort of your home or workplace at GSX+.
By Scott Briscoe
We’ll call him the prescient Mr. Gundry. In an article for Security Management’s Security Technology supplement entitled Building the Control Room of Tomorrow, Dan Gundry wrote: “Enterprise organizations relay on their SOC [Security Operations Center] for business operations. In times of an emergency, and as risks become more severe, a complete situational picture is necessary.”
Gundry is director of national control room sales at Vistacom, and he will be speaking on a panel at GSX+ on Monday, 21 September on The GSOC of the Future: What’s Next?
If ever there was a time of heightened emergency and severe risk for global organizations, 2020 defines it, giving organizations with high-functioning global security operations centers, or GSOCs, a chance to shine. Asurion, a leading provider of insurance, warranty, and support services for electronics, has offices on five continents. The company was featured in a write-up in the Nashville Business Journal early on in the pandemic. Very early on, as in 6 March. In the article, Kevin Wilson, senior director of global security for Asurion, is quoted: “Our differentiator is we have these security operation centers on both sides of the world that covers this on a 24-hour basis that gives us a level of awareness some might not have. Adhering to guidelines so that you don’t underreact or overreact has been key.” As was the information backbone that was able to be mined because the company had established SOCs and used them in their risk mitigation strategies.
Wilson is one of the panelists in the GSX+ discussion, along with Rob Hile, general manager at GC&E Systems in Florida, and Ryan Schonfeld, founder and CEO of RAS Watch.
For even more on operations center and the pandemic, and because you can never add too many letters to existing acronyms, be sure check out this article on Microsoft’s VGSOC (the “V” is for virtual), now COVID-19 tested and approved.
By Scott Briscoe
There’s only so much time security managers can devote to planning for the future as they ensure the present risk, safety, and security needs are being addressed. That time likely dwindled significantly as the COVID-19 pandemic unfolded.
Despite the near-term need to deal with organizational changes brought on by the pandemic, there remains a need for security managers to consider how their organizational environment is changing, and how that will affect risk management and security. Security Management recently caught up with David Feeney, CPP, CISSP, PMP, to discuss emerging trends affecting the security sector.
Feeney is a Deloitte risk and financial advisory manager in cyber and strategic risk. Feeney serves on the ASIS Standards & Guidelines Commission and has previously chaired the ASIS Physical Security Community and the ASIS ESRM Guideline Committee. He will also be leading a The New NIST Privacy Framework session at GSX+ on Thursday, 24 September. A recap of our trends conversation is below.
Security professionals should ask themselves which type of security professional they want to be:
The sooner security professionals learn about emerging trends, the further along that spectrum they can operate and the more value they can bring to their stakeholders.
One emerging trend is the next generation of automation, which includes robotic process automation, artificial intelligence, and machine learning. It is important for security professionals to understand these concepts and how they differ because each provides significant security value if used properly.
All three of these tools provide value by allowing security professionals to spend more time on cognitive work of strategic value to the organization. The further along the RPA-to-ML spectrum an organization goes, the more tasks it can automate, and the more human talent is made available for other work.
Another emerging trend that security professionals should understand—yes, even physical security folks—is data privacy and protection. There are many aspects to this, but one that has dominated headlines is protection of personally identifiable information (PII). The rapid increase in number and severity of private and public sector data breaches has given rise to a rapid increase in data privacy laws from various global regions, countries, and states. The European Union’s General Data Protection Regulation (GDPR) and the U.S. California Consumer Privacy Act (CCPA) may be among the most well-known, but other laws and regulations are affecting how organizations host consumer and other data. As new ones hit the books, the complexity of reconciling sometimes conflicting guidance only increases.
To try and offset that complexity, the U.S. National Institute of Standards and Technology (NIST) has released its Privacy Framework this year. The framework helps an organization document its current privacy risk posture and identify a path to its desired future state through a gap analysis and roadmap creation. It doesn’t directly provide an understanding of privacy laws, but it does map out what a comprehensive data privacy and protection should include.
Finally, facial recognition software has recently been put under the microscope due to concerns with privacy. While we may sometimes think that security and privacy are always complementary, they can be at odds with each other. Balancing these will become a narrower path as time goes on and privacy incidents continue to increase.
One other trend that is continuing to emerge is security convergence. Specifically, two specific changes are gaining popularity:
By Steven Reinharz and Mark Folmer, CPP
Innovation should be viewed as the application of better solutions that meet new requirements, unarticulated needs, or existing market needs.
Put simply, innovators win. Innovators provide superior solutions at greater value than their competitors, and they manage an organization’s risk better. On both the security officer side and the integration side of the security service industry, there are many pain points, everything from pricing and compliance stress to staff engagement headaches and low perceived added value. To innovators, pain points are opportunities.
The best way to innovate in the sector is by asking 3 questions as you consider the assets that are being protected.
Try something new. You may be able to provide superior value to your organisation. Automation will put your security team on the map, optimize your resource deployment and do so efficiently.
Steven Reinharz is the founder and CEO of Robotic Assistance Devices, and Mark Folmer, CPP, is vice president, security and industry. Folmer will be leading a GSX+ session on Tuesday, 22 September on How Top Technologies that Enabled Digital Transformation Affect Security.
Don’t you love it when a plan comes together?
When facing myriad evolving risks, security managers are forced to make tough choices on the fly. However, by having a strategic or master plan in place ahead of a crisis, professionals can manage risk and reduce the potentially overwhelming effects of incident response while improving buy-in and support.
In this short interview, Bernard Scaglione, founder and principal at The Secure Hospital, shared some of the key points of strategic security management planning with Security Management.
Want to learn more about this topic? Check out Scaglione’s GSX+ session, Strategic Planning: Managing the Chaos, Not Reacting to It, available on-demand 21–25 September at GSX+.
Bernard Scaglione: A strategic plan helps security management define direction and focus organizational resources. Strategic planning is the process of documenting and establishing the direction of the organization by assessing its current state comparing it to the future state. It provides strategic direction and goals so that the security department can function with more efficiency and effectiveness. It allows for C-suite buy-in so that the security department can continue to grow and develop.
Many people think that creating a strategic plan is an easy process, taking very little time or effort to create. In reality, the opposite is true. Creating a strategic plan takes dedicated resources and personnel to complete. It is a team approach, requiring the input of administration and key stakeholders. The good news is: it will pay off in dividends once implemented.
Many also feel that once the plan is complete, the work is done. The plan then ends up on a shelf—only referenced when purchasing equipment or requesting more staff. In reality, the plan is an active and changing document that needs to be reviewed annually or when a significant event occurs within the organization.
Developing a strategic plan is data-centric, requiring the gathering and analysis of large amounts of data to help in the proper development of strategic goals. This part of the strategic plan process is not always completed because of its complexity. It is important as part of the creative process to gather at least one full year of data and analyze it to determine trends and patterns. Done correctly, a minimum of two years of data should be gathered so that the developed patterns or trends are statistically significant and point the security department in the right direction.
Strategic planning helps to identify all potential threats and risks within the organization and provides a path to minimize those risks. It also allows the security department to change or shift gears when an adverse event occurs. Enabling the security department to quickly and efficiently adjust to changes within the organization. The plan lays out an operational structure designed to minimize threats and provides a plan to respond to those risks.
Strategic plans are not commonly used in the security field but are a useful tool in providing direction and growth. ASIS members should strongly consider viewing this session to learn more about strategic planning to see if it is something that would assist them in creating a more effective security operation.