ASIS International

Managing Cybersecurity Risks: Tarah Wheeler at GSX 2019

Tarah Wheeler

Reports of cybersecurity leaks – and major scandals – have dominated headlines for years. Cybersecurity attacks are doubling every year. Phishing scams are at an all-time high. These days, it isn’t only an IT manager that is answering for security breaches, it is also CEOs and business owners.

Join us for the GSX General Session on Thursday, 12 September, from 8:30 – 10:30 am, as Tarah Wheeler shares her insights on how the evolving cyber threat is impacting organizations across the globe.

An enterprise security industry veteran, strategist, international conflict scientist, and cybersecurity expert, Wheeler will present Protecting Assets in the Age of Cybersecurity Leaks and Scandals: How to Plan When Risk is a Moving Target. This fascinating session will engage attendees with questions such as: Do you have a comprehensive plan in place to protect your most important assets? If something goes wrong, how will you react, put out fires, and recover lost trust? Have you considered the consequences of information falling into the wrong hands in 10, 20, 30, or 40 years?

Throughout her career, Wheeler has held leading roles with some of the world’s top red teams and data privacy teams. An Offensive Security researcher, she is currently the Cybersecurity Policy Fellow at New America, driving a new international cybersecurity project. She is an inaugural contributing cybersecurity expert for the Washington Post and a foreign policy contributor on cyber warfare. Wheeler is also author of the best-selling book Women in Tech: Take Your Career to The Next Level with Practical Advice and Inspiring Stories, dedicated to teaching women how to succeed in tech careers.

Don’t miss this highly anticipated talk at GSX 2019, where Wheeler will bring depth, warmth, and humor to an otherwise complex subject. From cryptocurrency to how the Internet of Things might provide a gateway to hackers, and from absorbing how a robust cybersecurity plan operates to covering security at live events, Wheeler will provide a razor-sharp breakdown of what you need to know – and do – to protect yourself, your partners, and your clients.

Wheeler will be introduced by Brigadier General Stefanie Horvath, current leader of enterprise service delivery for the state of Minnesota. After her presentation, General Horvath and Wheeler will lead a lively Q&A session drawn from their very different vantage points related to cybersecurity.

Zen and the Art of Motorcycle Security Connections

Douglas Florence, CPP

Douglas Florence, CPP, has made countless industry contacts over his 36 years as a member of ASIS International, but some of the most lasting—and unlikely—networking experiences have taken place at ASIS’s annual security event, Global Security Exchange (GSX).

Florence says while the education events at the annual event are unparalleled, the connections he makes during GSX can be just as impactful—and those great connections are made not only in education sessions and networking events, but on the trade show floor as well.

Florence reflects fondly on the many ASIS events over the years, but one that sticks out the most took place during last year’s GSX in Las Vegas. The U.S.
Department of Commerce (DoC) had reached out to ASIS about creating vertical-specific connections—in this case, with the gaming and hospitality market, due to the event’s prime location, Florence notes. At the last minute, the department announced that a contingent of about 50 security leaders from Brazil was to attend GSX as a part of the program, and Florence was involved in showing the delegates what Las Vegas had to offer.

“We were able to facilitate a tour for a group of security leaders and DoC representatives from Brazil, and we took them to The Flamingo Hotel and Casino where they could see the unique surveillance operations,” Florence says.

But when it came to the highly-anticipated preconference motorcycle ride hosted by the ASIS Las Vegas chapter, the visitors from Brazil were unable to attend. So, the week after GSX, Florence took about a dozen delegates out for a motorcycle trip along the same route.

“It was great, and a valuable networking opportunity because we got to spend some quality time with this group of international security executives,” Florence recalls. “We still talked about security, but we were in an environment doing something that we enjoy. Riding motorcycles with this group out of Brazil, seeing the joy that riding through the deserts of southern Nevada brought to them, and then learning a little more about Brazil and some of the issues they were facing as security executives—it was unforgettable.”

How Exchanges Can Pivot Your Strategies

Jonathon Harris, CPP, PSP

When Jonathon Harris, CPP, PSP, now a senior security consultant at Guidepost Solutions, arrived in Dallas in the fall of 2017 to attend what is now the newly rebranded GSX, he was eager to see what the event had to offer. Harris has been a member of ASIS since 2009 and attended his first seminar the previous year in Orlando. Little did he know, though, that his approach to risk management—and entire career trajectory—would drastically change within a matter of days.

Harris and his former colleague attended a multi-hour business continuity tabletop exercise on enterprise security risk management (ESRM), a security management philosophy that had recently become an organizational priority for ASIS. Harris says he was vaguely familiar with the concept of ESRM, but the presenters at GSX kicked off the session with a detailed explanation of the approach and laid the foundation for the rest of the exercise.

“My colleague and I were in the midst of kicking off a refresh within our global security organization of our business continuity and emergency response planning,” Harris explains. “We were redoing procedures and taking a new approach, so it was timely to attend this session.”

The exercise involved breaking into small groups and conducting a tabletop exercise on a security incident, including roleplaying in different security and nonsecurity positions to better understand the importance of proactively interacting with stakeholders throughout the organization, Harris notes.

The most powerful part of the session took place when each of the dozen small groups debriefed on how they approached the same scenario, he says.

“Everyone got all this feedback, and hearing how people would approach it or what they would have done differently to prepare for this incident—that synthesizing of 40 security professionals in a single room at a single time talking about this one scenario and approach, it all really started to click,” Harris says.

The impact of the session continued to grow during dinner that evening, when Harris and his colleague rehashed the lessons of the day and started discussing how they could implement an ESRM approach in their own organization.

“That’s the journey we went through in those 12 hours—going through the exercise, hearing this information, distilling it down, and learning how to translate our objectives into business language, which then generated the spark for how we decided to pivot our approach to security to adding value to the organization,” Harris says.

By the end of dinner that night, Harris and his colleague called their organization’s senior analyst, who was about to deploy the business continuity and emergency response plan they had built before attending GSX, and told him to put it on hold.

“We apologized profusely for all the work he’d done, because we were going to scrap it and start over, kind of,” Harris laughs. “A lot of the stuff we had previously come up with would be reused, but we reframed and rebranded it to involve other stakeholders within the organization.”

The ESRM session made a lasting impact on Harris and his organization, but GSX still had more to offer. Harris also participated in a CPP preparation course that he says was the catalyst for his success in earning the certification. And later that week in Dallas, he attended a customer appreciation event and met the president of a security organization he admired—which led to him being hired by the organization months later. Even more recently, connections Harris made at GSX with fellow members of the ASIS Young Professionals council brought him to his current organization.

“My career trajectory and journey have been highly solidified and developed through not just ASIS as an entity, but through GSX,” Harris says. “It’s hard to quantify the amount of value I’ve received out of the three I’ve attended, and it’s well worth the ticket price for what you can get out of a single event. It’s impacted my career, professional capability, and me personally, so I’m greatly appreciative for what I’ve received.”

Making Smart Investments in Careers and Technology

Shayne Bates, CPP

Today, Shayne Bates, CPP is a seasoned security consultant, involved ASIS International volunteer leader, and perpetual traveler throughout the United States, but 25 years ago he was just beginning to find success in the information security field in New Zealand. He joined ASIS in the mid 1990s and was involved with the ASIS New Zealand chapter.

During the chapter study sessions for his certification preparation, Bates began to understand the role information security played in the larger security industry.

As Bates learned more about the broader security industry and his role in it, he realized it was time to invest in himself and his goal of becoming a career security practitioner. Despite the substantial commitment involved in attending ASIS’s flagship event—which included leaving his growing business for two weeks and flying across the globe to Orlando—Bates and a half dozen other New Zealanders took the leap, and he hasn’t looked back since.

Bates describes carefully planning his approach to the ASIS Seminar and Exhibits—now known as GSX—including attending as many educational sessions as possible. Between sessions, Bates would walk through the exhibit hall, learning about the latest security technology offerings.

“It’s hard work to try to get around there and see everything that’s relevant in three days—there’s so much value to be discovered just by walking up and down the aisles and collecting information and taking notes,” Bates explains. “I was able to see new product innovations and talk to product manufacturers firsthand. I’d make that contact, swap business cards, and have a more detailed conversation with them when I got back home to New Zealand.”

After attending that first event in Orlando, Bates understood the importance of investing in himself and his career and has attended every seminar and GSX event since.

Facial Recognition: Balancing Privacy and Security

A combination of Internet of Things (IoT) technology, holistic urban development models, and more widespread and reliable connectivity have evolved the concept of smart cities from a futuristic ideal to a series of real-life initiatives that have already been adopted by municipalities across the world. Smart cities, which rely on IoT sensors to collect and analyze data, provide a world of opportunity to create more intuitive, efficient, and sustainable solutions to urban living. Security plays a large role in smart cities, and the industry is approaching the initiative as a way to revolutionize what safety looks like in urban environments.

Donald Zoufal, CPP, founder and CEO of Crowz Nest Consulting and ASIS International Security Applied Sciences Council chair, says the city of Dubai was an early adopter of the smart city approach and has lead the way in integrating innovative security technology such as robotic police officers, roadway safety lighting, and advanced surveillance.

“Dubai is in the lead, internationally, of understanding the capabilities of technology for cities,” Zoufal says. “In the United States, Chicago has done some interesting things to utilize technology to make the city safer.”

He points to Chicago’s strategic decision support centers, where law enforcement and data analysts work side-by-side to reduce gun violence using technology such as a citywide network of cameras, acoustic sensoring to detect gunshots, and computer-aided officer dispatches to close the response time for violent crime.

“The city seems to be showing some significant benefits from the implementation of this approach—statically, where these support centers have been deployed, there’s been a drop in violent crime,” Zoufal notes. “Chicago is a concrete U.S.-based example of the kind of multisensory world that we find ourselves in, in terms of the technology available to provide security and other services.”

A key component of the initiative to build safer, more connected cities is the seamless integration of advanced technology and connectivity into citizens’ everyday lives. But one aspect of smart cities has recently come under closer public scrutiny: facial recognition technology. Biometric matching technology is not new to the security industry—it’s been used for years in access control and other identification applications—but Zoufal says what’s novel today is the ability to use facial recognition in real time to gather information and relate it to individuals.

“People are realizing the amount of data that is being collected about them because of IoT—all the sensors out there in environment,” Zoufal explains. “The concept behind smart cities is tapping into all that information and data so we can deliver services more effectively, look for problems, and assess environments more accurately. All those are great things, but they create this digital footprint, this data that can be related to individuals.”

There has already been pushback against facial recognition technology: the city of San Francisco recently banned all forms of government-operated facial recognition programs, and nearby cities are planning to follow suit. A bill has been introduced in California that would make it the first state to ban the use of facial recognition technology from being used in police body cameras. And the lack of the technology’s regulation has raised concerns both among privacy activists and legislators—a recent congressional hearing on the use of facial recognition software by law enforcement forged a rare alliance between Democrats and Republicans, who agreed that legislation may be necessary to rein in use of the technology.

Zoufal acknowledges that there are problematic ways in which facial recognition technology is being used but says it’s all about the context—biometrics are frequently used in more traditional security applications without encroaching on privacy, as is frequently seen in the exhibit hall at Global Security Exchange (GSX)—an annual event for security practitioners.

“There are some clear use cases where everyone can agree that facial recognition is extraordinarily useful technology,” Zoufal says. “You can use it as access control in a security context—rather than using fingerprints, we’re using a facial match to grant or deny access. I don’t think that’s particularly controversial for most people.”

Zoufal points out that airports are continuously developing biometric identification programs to expedite the passenger journey—a model that follows the smart city initiative principles of seamless integration and security.

“The vision for airports is that once you get a ticket for a flight, your face will become your token for travel,” Zoufal explains. “If I registered for the program, my face is matched to the picture in my passport, so the bag drop can recognize my face and give my bag to me, or I can go to the security checkpoint and be recognized without having to show my passport. And at the gate they’ll let me on the aircraft using facial recognition. Those systems are already being piloted in U.S. airports and powered by facial recognition.”

Privacy and transparency issues emerge, though, when facial recognition is used for general surveillance and identifying people of interest, Zoufal notes—and that’s an issue that goes beyond the use of the technology by law enforcement, as discussed during the congressional hearing and outlawed in San Francisco.

“The truth of the matter is, facial recognition is already being used extensively in the commercial sector—they use the technology to identify customers and their shopping habits, so they might send you an e-coupon for the products you’ve been seen buying in store,” Zoufal explains. “Some people will be creeped out when they get the coupons, and some will think it’s the greatest thing to get customized promotions.”

The same technology is being used by retailers to identify shoplifters, an application that might be of interest to security professionals but also raises civil rights concerns, Zoufal notes.

“That kind of real-time surveillance on individuals is difficult for some to accept, and I think there are some concerns that are more legitimate,” he says. “Operationally, if you’re going to utilize facial recognition technology in this way, you’re looking for bad people. But if you’re running tens of thousands of photographs through that system on daily basis, what’s the error rate in terms of identifying people? Even at an error rate of .5 percent, you’re still talking about a large number of false IDs. And do you have the ability to respond to all those alerts? That creates operational issues.”

Pairing such data with identities can also cross the boundary into personally identifiable information (PII), which creates its own security and privacy challenges.

“When the data is collected and connected to other PII, that data field becomes extremely concerning if it is involved in a breach or used inappropriately,” Zoufal notes. “At the end of the day a lot of this is about data and making sure you have good policies and procedures around governance for the use of that data collection, maintenance, and disposal.”

Zoufal plans to discuss the balance between technology and privacy at GSX this September during his session, Secure and Safe Cities: Emerging Technologies and the Law. These concepts are being exposed by smart cities in a new light but are ideas that security professionals should always take seriously, he notes.

“As we’re looking at these new and different technologies and collecting and analyzing this information, I think security professionals truly want to participate in the conversation—this information becomes extremely valuable, not just for commercial purposes but for security services as well,” Zoufal says. “The real issue is making sure that you’re attuned to the fact that we’re becoming a more data-driven world, and security has to become a more data-driven profession, but with the ability to access and use data comes the responsibility to make sure we’re doing it in an appropriate fashion.”

To hear Zoufal and other experts speak on these topics and to meet with reputable companies who supply facial recognition and surveillance technology, register for GSX at www.gsx.org.

We Hacked a Commercial Office Building. Here’s What We Learned.

Countless high-profile, high-stakes incidents over the past few years have made it clear: anyone can be hacked, and there is no limit to the scope or reach of cyberattacks. New reports seem to emerge every week of international retailers, government organizations, political groups, and even entire cities suffering a major data breach or aggressive ransomware attack, resulting in leaked data and costly response. It’s a security professional’s nightmare, and organizations large and small have been taking steps to lock down networks filled with sensitive personal or proprietary information that might tempt a cybercriminal.

But not all cyberattacks are equal, and if you look more closely at the headlines you might notice an entirely different threat: the digital disruption of physical systems. As more physical security systems, including access control, lighting, building operations, and other industrial control systems are linked to and controlled by Internet-connected networks, the more risk there is that these systems might be caught up in—or even targeted by—cyberattacks.

As someone who has worked in both physical security and cybersecurity, I have long been concerned about this gray area where, often, nobody owns the responsibility to protect it. Even in the early days of convergence, there was always the question of whether engineers, facilities managers, or the security department owned the physical spaces where networks exist, and that has evolved today into building control and automation, including elevators, sprinklers, chillers, and more.

All of these components connect to the same data network, but who is responsible for protecting industrial control systems, and what security gaps does that gray area create?

This is a question me and others in the security industry have been asking for more than a decade. And as more physical security components are getting caught up in digital breaches, concrete answers are more important than ever. After much research, I realized that others were talking about the susceptibility of integrated physical systems, but nobody was publicly discussing just how vulnerable these systems are.

So, about a year ago, a group of security professionals made up of physical security experts, building automation and controls security leads, and cybersecurity experts began strategizing a way to gather this information, and in March 2019 we carried out a cyberattack on a Class A commercial office tower. Through my organization CISO Insights, we funded a simulation of a full-on attack of physical and cyber systems against a commercial real estate organization’s 16-story commercial building. This type of attack presentation has rarely been seen before because of the implications—organizations are hesitant to open themselves up to exposing vulnerabilities and the corporate liability that comes with that knowledge.

But thanks to our strategic partnership with the organization and the building’s owners, we were able to provide an actionable assessment to the organization while documenting significant results about the state of today’s physical security systems and their ability to detect, respond to, and withstand attacks. The results of this testing shook the multibillion-dollar organization to its core and provoked a complete realignment of how they design and maintain their buildings. It also provided us with valuable data that we used to build a set of basic rules and principles for buying, installing, and configuring connected physical systems.

The types of systems attacked in the plan included access control, camera and alarm systems, building automation and control systems, and local IT infrastructure and wireless connections.

The attack plan used publicly accessible information to identify external attack options available from the Internet, as well as a physical site visit to confirm onsite technology in use. Much of what we will expose in the full report are the commonly available tools and methods that intruders use today, and just how easy they are to acquire.

When carried out, the planned attack quickly escalated, bringing a number of unintended systems into scope. This is the reality of the way today’s networks are built and buildings are connected: it’s all integrated. For years we have known it was cheaper and more efficient to integrate technology, but as today’s legacy building systems and company data networks are combined with Internet of Things connectivity, this approach gets much more interesting—and risky.

The full results of the attack and their implications will be shared in our session this September at Global Security Exchange (GSX) in Chicago. They will confirm some of your worst fears about real world security protections, identify common weaknesses in similar building control, building automation, IoT, and physical security systems.

Much of what we learned, though, are the same big-picture lessons applied throughout the security industry—do you know how secure your environment is? When you add a new piece of technology, have you assessed the risks and engaged security professionals before deploying it? How do you know it will stay secure, and who is responsible?

Access control, CCTV, alarms, and similar systems are all connected with different software programmed by different manufacturers. Very little of what we found suggested a holistic approach to understanding the problem. Often these components are maintained by third parties, integrators, or internal resources from IT, leaving common gaps that you should look for to protect these systems.

Besides the standard security issues like passwords taped to HVAC systems and power systems vulnerable to physical attacks, the building control systems use connect points that leave them vulnerable. Much of what we learned during the exercise revealed a new way in which building systems need to be managed and maintained to protect them for the next 20 years.

We found several physical vulnerabilities, but it was the cyber vulnerabilities—and the converged threats that live between the physical and cyber worlds—that were not properly mitigated, which proved to be very valuable in discovering where the building was easiest to attack.

At one point or another, all of these systems operate on the company network, and the details of how IT manages the data network makes a difference in how secure the systems are. At GSX, we will discuss the fundamental mistakes made when connecting data networks to building systems and physical security applications. Further, we will discuss common techniques for protecting physical buildings against these types of attacks.

—————————————————————————————-
Dave Tyson is CEO at CISO Insights and a former ASIS International president and board member. His presentation at GSX, Cyber Attack on a Commercial Building, will discuss the full findings of the building cyberattack exercise conducted earlier this year. To hear Tyson and other experts speak on these topics and to meet with reputable companies who supply security technology, register for GSX at www.gsx.org.

Q&A: How Companies Are Using Drones for Security

We sat down with Jason Cansler, owner of UASidekick, LLC, which provides software for UAV pilots to maintain compliance with FAA requirements, to discuss the challenges and opportunities security organizations face when using drone technology.

Q: The use of drones and other unmanned systems in the security industry has been a hot topic over the past few years. How are drones affecting an organization’s approach to security?

A: There’s so much drones can do to augment security. They are being used to look at perimeters and conduct constant surveillance over large areas. Drones can also be sent out as a response mechanism before personnel can respond and conduct an initial site assessment, so people know what they’re getting into before they get there. It’ll take a little bit for people to get used to what they can do with drones, and when regulations loosen up, it will open up a whole other world in the security industry.

Drones are getting smaller, and their battery and fuel sources are getting more efficient. You’re finding more drones with better camera systems and a smaller footprint. The key aspects that make people buy certain drones are flight time and payload capacity, but the best drone you have is the one you have with you.

Organizations also need to consider how to protect their assets from drones. This is another aspect to security that’s taking longer for people to understand the impact. And, policies need to be made so employees know what to do when they see a drone. Do they notify someone? Is there a ground sweep? Do they see if anything was dropped from the drone? Do you check rooftops for listening devices? Every company should have a drone policy, just like any other health or safety policy, whether you’re a school that would need to protect children, or a company with assets on their property, and especially jails and prison systems. Whether or not an organization has a drone program, they need drone policies.

Q: There are a lot of people in the security industry who are curious about the possibilities drones can provide as a physical security tool. Are you seeing an increase in the use of drones for security purposes?

A: Recently, there are more options that can support and provide drones as a security function. Companies need turnkey devices—they don’t want to go through the process of learning this on their own. If you can have a consultant or integrator that already has this experience under their belt, you’ll start seeing this implemented more, especially once integrators understand the systems and what it takes to actually incorporate them.

But overall, the growth is still slow—the industry is trying to determine where the technology is going and what they can do with it. There’s not a lot of litigation that supports how drones are used, even in law enforcement circles, which often looks at case law to know how it might be used for or against you in a case. And the lack of legal permission to fly drones beyond line of sight is causing some disruption for companies that want to patrol a thousand acres—they would have to someone in view of that drone at all times, which defeats the purpose.

Q: When do you think we will see more clarity on how drones can be used in security or law enforcement capacities? Is that the biggest barrier to the adoption of this technology?

A: We thought this year we’d be able to operate drones beyond the line of sight and over people, but the law is still not there. Regulations are being held up by the lack of remote identification—the requirement for a drone to signal that its flight has been authorized. Right now, law enforcement can’t tell whether the drone operators are good or bad guys.

The whole key is to find bad actors, not keep track of good ones. In a perfect world, if you see a drone but don’t have any ID pings, you’d know that is a bad actor. It will be very important in the future to have remote ID capabilities for traffic management and security. They want that capability in place before they allow people to fly drones beyond visual line of sight.

Q: During this time of uncertainty surrounding regulations, how are organizations using drones? What challenges do they face?

A: There are some organizations who have taken up the mantle and are using drones because they’re more concerned about the safety of their product, property, or people, and will take whatever hand-slapping they get as long as they’re able to protect their assets. You’ll find that taking place more overseas in Mexico, Venezuela, and Africa—people are using it because they need it, they have assets they have to protect. Most of the time it’s in coordination with local governments, but here in United States, we’re kind of stuck until we get this approval through the FAA or Congress.

Some organizations are taking a more careful approach and won’t really use drones until they find out how other companies fare, but the question of enforcement is unknown. Some fines have been given, but they aren’t broadcast, which kind of defeats the purpose. The FAA licenses pilots to be able to fly, but they aren’t an enforcement agency. They can revoke licenses, but actual enforcement is left up to the Department of Justice or FBI. For them to go after drone pilots, there has to be some other precipitating issue, like they crashed and hit something or used them nefariously. We’ll start to see more and more of this—the FAA is providing resources to get local law enforcement to help.

Q: What can security professionals do to stay up-to-date on advances in drone technology, regulations, and use cases?

A: In our presentation, Drone Evolution: Security Tools or Security Threats?, that we’ll be leading while at Global Security Exchange (GSX) this September in Chicago, we will discuss information from regulatory requirements and case studies on how drones can interfere with security measures for a small or large company, or even a government agency. The three of us giving the presentation—myself, Nathan Ruff, and Mark Schreiber, offer a good combination of perspectives with my pilot’s point of view, Mark’s engineering background, and Nathan, who’s an expert in the unmanned systems industry. We participate in different rulemaking committees, NASA groups, and a safety team for FAA. Some of the information that comes through these channels we’re privy to, and we can and will talk about what we’ve learned.

—————————

To hear Cansler and other experts speak on these topics, see live drone demonstrations in the GSX D3 (Drones, Droids, and Defense) learning theater, and to meet with reputable companies who supply drone technology, register for GSX at www.gsx.org

Managing Today’s Multi-Gen Workforce

The makeup, attitude, and preconceived notions of today’s multi-generational workforces couldn’t be more different than previous generations, as there has been a significant shift in focus from career to lifestyle with recent generations. This is also most evident in how management communicates with workers, and workers communicate amongst themselves. All of which poses new challenges for managers across all industries.

With employees tending to stay in the workforce longer, and more new employees entering the workforce right out of college, the age range of today’s multi-generational workforce includes:

Traditionalist – born before 1943-45
Baby Boomers – born from 1943-1965
Gen X – born from 1965 -1978
Gen Y – born from 1978-1986
Millennials – born from 1986-1994
Gen Z – born from 1994-2000

One of the most distinguishable differentiators when comparing traditionalist to more recent generations is that the former seem to have more loyalty to their employers, with more recent generations focused more on their personal lifestyles and careers. As a result, today’s employees often require more incentive than just a fair paycheck. This is the root of a common disconnect between management and employees since many workers are satisfied with doing their job 9-5 and going home, which frustrates traditional management teams across the country.

So what can managers do to help keep multi-generational workforces happy and engaged?

Identify Goals
It’s important to clearly understand every employee’s goals, which will help better gauge their drive to complete assigned tasks and more. This will help both managers and employees set realistic performance expectations.

Determine the Best Forms of Communication
Each generation has its own preferred methods of communicating. Traditionalists prefer face to face or phone communications, baby boomers prefer email, and Gens X/Y/Z prefer immediate access via text or chat programs. Identifying your team’s collective communications preferences allows you to select the right combination of tools that work best for them.

Leverage Communications to Build Collaboration
Opening up the best channels of communication is the first step in building collaboration. And establishing collaboration is the first step in turning a workforce into a team. Encourage employees to identify new technologies and tools, design better processes, and implement new company standards. By getting them involved in developing processes, they will be more apt to abide by them, thereby increasing throughput and workflow productivity.

For a deeper dive into this topic, we invite you on Monday, 9 September to attend Managing Four Generations in the Workforce at GSX 2019 in Chicago. You can register here.

Speakers: Maria Dominguez and Brittany Galli

Announcing Keynote: General John F. Kelly

Gen. John F. Kelly

General John F. Kelly, U.S. Marine Corps (RET) to Speak on Geopolitics and Security

Join us at Global Security Exchange (GSX), 8-12 September 2019, and enjoy a truly engaging experience, that includes hearing unique and high-level insights from one of America’s most respected generals.

General Kelly’s keynote presentation will start Military and Law Enforcement Appreciation Day off at 8:30 am. GSX will honor all military, law enforcement, and first responders with a full complimentary day of education sessions and access to our exhibit hall—an interactive learning lab full of immersive experiences and cutting-edge technology.

Geopolitics and Security

In a world where dictators are falling and rising, governments posture for a greater impact on the global stage, and information is the critical currency, who will emerge and where will opportunities exist? The face of security changed forever on 11 September 2001, and General Kelly, a 4-Star General, U.S. Secretary of Homeland Security, and White House Chief of Staff, has continued to protect the United States both abroad and at home. His unique ability to provide first-hand insight into the evolving geopolitical landscape around the world is valuable when contextualizing the United States’ security priorities from a historical, current, and future prospective. Gen. Kelly will share his insights on the trends, risks, and potential rewards amid the ‘hot spots’ around the globe, and the role the U.S. plays (and should play), in our nation and world’s security.

Secretary Kelly enlisted in the Marine Corps in 1970 and went on to serve in a number of command, staff, and school assignments. During his command of SOUTHCOM, he worked closely with professionals in U.S. law enforcement, particularly the FBI and DEA, and the Department of Homeland Security, dealing with the flow of drugs, people, and other threats against the U.S. homeland. He went on to become the Secretary of Homeland Security before serving his country again as White House Chief of Staff until January 2019.

Don’t forget—free admission for military and law enforcement professionals!

Military and Law Enforcement Appreciation Day honors the individuals who make our communities and world a safer place. As a thank you for your service, all law enforcement, military, and first responders get FREE one-day admission to GSX on Wednesday, 11 September.

We are excited to welcome you to Chicago!

Hello, everyone!

I am very pleased to announce that registration is open for GSX 2019. On behalf of the Chicago Chapter of ASIS International, we look forward to welcoming you to the industry’s flagship event, Global Security Exchange (GSX).

GSX continues to elevate the attendee experience with thought-provoking educational programs and valuable networking opportunities with like-minded industry professionals. In addition, there is an interactive trade show floor that allows you to explore both current and future security landscapes, exchange key ideas and best practices, expand global connections, and have the opportunity to see new innovations firsthand.

I invite all GSX attendees to take advantage of our wonderful city while you are here for GSX 2019. If you have any questions about getting around Chicago, or just need a tip for planning a business dinner, please don’t hesitate to post any questions or comments in the GSX Community.

I look forward to seeing you in September! REGISTER TODAY

Regards,

Grant Miller, MCJ, LEED Green Associate
Chairman – ASIS Chicago Chapter 003
[email protected]
asischicago.net

Welcome to Global Security Exchange

The time has finally come. Global Security Exchange (GSX) is just one day away, and in the first year of its rebrand following a 63-year history as the ASIS International Annual Seminar and Exhibits, this powerful, action-packed conference is set to deliver the solutions, networking, and world-class experience you have come to expect from the industry’s flagship event – multiplied.

More than just a new name, GSX reflects ASIS International’s commitment to unite the full spectrum of security – cyber and operational professionals from all verticals across the private and public sectors, allied organizations and partners, and the industry’s top service and solutions providers – for the most comprehensive security event in the world.

When you look around, you’ll notice that GSX is not your typical security conference. We left no stone unturned when it came to providing maximum value for your education dollars. From field expert keynotes and modernized education sessions to exceptional networking opportunities and a reimagined showroom floor, we set out to deliver unparalleled opportunities to build relationships, gain valuable insights, and expand your global peer network like never before. And we didn’t stop there…

For those who plan to be in attendance, we encourage you to embrace the professional growth that this week affords. While you’re there be sure to check out the X Stage to get a glimpse of the innovations and ideas that are poised to shape the future of the industry and stop by the Career HQ for a free career coaching session and professional headshot. Witness the intersection of security and technology at the new X-Learning Stages and immerse yourself in the GSX D3 Xperience: Drones, Droids, Defense. And of course, take time to reconnect with friends and forge new relationships at one of the many networking events planned throughout the week.

Even if you couldn’t make it to the conference this year, you can still be a part of the action. Follow the event from home on Facebook and Twitter and participate in the 2018 GSX Community forum. Sign up for Global Access LIVE! to watch the livestream of our industry-leading education sessions, or check out ASIS TV to watch broadcasts that offer expanded access to security best practices, engage new audiences, and ensure professionals like you are able to stay ahead of the security curve.

As the global voice of the security profession, ASIS is committed to helping advance security best practices. Convening the industry at GSX is an important part of that effort. However, this commitment extends well beyond this one week. Remember, we are here to support professionals like you year-round and we’re laser focused on reinvesting all of our efforts back into the education we deliver, the standards we develop, and the communities we serve. With that, we hope you enjoy all the surprises in store for you at GSX 2018.

Creating a Proactive Medical Risk Management Plan for Meetings and Events

By Jonathan Spero, M.D., CEO InHouse Physicians

With corporations placing an increased importance on duty of care, it is a priority for security professionals to have a solid medical risk management plan for meetings before an incident occurs. There is nothing associated with more liability at an event than a medical emergency improperly managed.

Identify all health risks that could be associated with your program.
Include the routine medical emergencies such as a cardiac event or a slip and fall, but also think about the risks specific to your event and location. There will be additional risks for altitude sickness, water sport activities for example. Internationally, there could be infectious disease risks, and potential food and water contamination issues.

Find out what the emergency medical system response time is to your meeting venue.
Average EMS response time is 10-14 minutes and in emergency situations every minute counts. Note the phone extension for hotel security. In the event of an emergency, 911 should be activated by the hotel security team. Ask the director of security at your venue for information on closest (and best) hospitals and urgent care facilities. It’s also a good idea, especially for large venues, to ask what entrance EMS responders should to use to get to your meeting space. Are there two personnel certified in CPR/First Aid that are available 24 hours a day to respond to any medical emergency? Is there an automated external defibrillator, or AED, on the property?

Consider onsite medical support.
Having a physician onsite for your program makes sense in certain circumstances such as large program, offsite board of directors meeting, or an international incentive trip where the standard of care and/or emergency response times may not be acceptable

Join me at Global Security Exchange for session #6209, Medical Risk Management for Meetings and Events on at 2:15 pm on Wednesday, September 26, for additional details on medically risk-proofing meetings. Attendees will receive a checklist of action items on how you can prepare for any type of business gathering.