In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Shift Happens: Cyber-Physical Security Convergence as The New Paradigm,” presented by Jamshed Patel, VP of Product Engineering at Alert Enterprise. Read on for what he had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in your topic? 

A: I became interested in the topic of cyber-physical security convergence due to the growing interconnectedness of digital and physical systems. As technology advances, the boundaries between cyber and physical security are increasingly blurred. The rise of smart cities, IoT devices, and industrial control systems exposed the vulnerabilities that exist at this intersection. Observing the impact of cyber-attacks on physical infrastructure and vice versa made me realize the critical need for a holistic approach to security. 

Q: Tell us about your presentation and why security professionals should have this topic on their radar. 

A: My presentation delves into the evolving landscape of cyber-physical security, highlighting how the integration of digital and physical security measures is becoming essential. I will discuss real-world examples of cyber-physical threats, such as attacks on critical infrastructure, and the potential consequences of failing to secure these systems. Security professionals should prioritize this topic because: 

• Increasing Complexity and Interdependence: As systems become more interconnected, the potential for cascading failures across sectors increases. 

• Broader Attack Surface: The convergence of cyber and physical realms expands the attack surface, making it more challenging to defend against sophisticated threats. 

• Regulatory Compliance: Emerging regulations are beginning to address the need for integrated security measures, requiring organizations to adopt comprehensive security strategies. 

Q: What advice would you give security professionals interested in this topic?

A:

• Continuous Education: Stay updated with the latest trends and technologies in both cyber and physical security domains. Attend workshops, webinars, and conferences. 

• Holistic Approach: Develop a security strategy that considers both cyber and physical aspects. Understand how vulnerabilities in one domain can affect the other. 

• Collaboration and Communication: Foster collaboration between IT and physical security teams. Ensure there is clear communication and shared objectives. 

• Risk Assessment and Management: Conduct thorough risk assessments that include both cyber and physical threats. Implement robust risk management practices. 

• Invest in Technology: Leverage advanced technologies such as AI, machine learning, and IoT for enhanced threat detection and response. 

Q: How do you see this issue evolving in the next 2-5 years?

A: In the next 2-5 years, I foresee several key developments: 

• Increased Integration: There will be greater integration of cyber and physical security measures, driven by the need for comprehensive protection against evolving threats. 

• Regulatory Frameworks: Governments and regulatory bodies will introduce more stringent guidelines and standards for cyber-physical security, pushing organizations to adopt integrated security practices. 

• Advanced Threats: As attackers become more sophisticated, we will see more complex and targeted attacks that exploit the cyber-physical interface. 

• Technological Advancements: Continued advancements in AI, machine learning, and IoT will provide new tools for detecting and mitigating threats, making security systems more resilient. 

• Collaboration: There will be an increased emphasis on collaboration across industries, academia, and government to develop best practices and share threat intelligence. 

Q: Why do you attend GSX? 

A: I attend GSX for several reasons: 

• Networking: GSX provides a unique opportunity to connect with security professionals from around the world, fostering valuable relationships and collaborations. 

• Learning and Development: The conference offers a wealth of knowledge through its sessions, workshops, and keynote speeches, helping me stay updated with the latest trends and advancements in the security field. 

• Innovation and Technology: GSX showcases cutting-edge technologies and solutions that can enhance security practices. It’s an excellent platform to discover new tools and approaches. 

• Sharing Expertise: Presenting at GSX allows me to share my insights and experiences with a broad audience, contributing to the collective knowledge and advancement of the security community. 

• Professional Growth: Attending GSX supports my professional growth by exposing me to new ideas, challenges, and solutions, helping me become a more effective security professional. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Drones Pose Risks: An Analysis of a Million Drone Flights Over Infrastructure and Corporations,” presented by Dean Correia, Emeritus Faculty at Security Executive Council and Robert Tabbara, CEO at AirSight. Read on for what they had to say and don’t forget to register for GSX 2024!

Q: Tell us about your presentation and why security professionals should have this topic on their radar.

RT:

1. Increasing Drone Proliferation: Drones are becoming more accessible and widely used, not just for recreational purposes but also for industrial and commercial activities. This surge in drone usage increases the risk of unauthorized or malicious drone activities, making it essential for security professionals to be aware of the potential threats.
2. Potential Threats and Vulnerabilities: Drones can be used for espionage, smuggling, or even as weapons. Understanding these risks helps security professionals to better protect their organizations from such threats. Drone detection systems provide a critical layer of defense by identifying and tracking rogue drones before they can cause harm.
3. Protecting Sensitive Areas: Critical infrastructure, government facilities, and large events are particularly vulnerable to drone incursions. Implementing drone detection systems helps safeguard these high-value targets by providing real-time alerts and enabling quick responses to potential threats.
4. Regulatory Compliance: Many regions have specific regulations regarding drone operations, especially near sensitive locations. Security professionals need to ensure that their organizations comply with these laws, and drone detection systems can help monitor and enforce compliance.
5. Technological Advancements: Drone detection technology is rapidly evolving, with new systems offering enhanced capabilities such as longer detection ranges, improved accuracy, and integration with other security systems. Staying updated on these advancements enables security teams to deploy the most effective solutions.
6. Case Studies and Best Practices: The presentation will include examples of successful drone detection implementations, highlighting how organizations have effectively used these systems to prevent incidents. These real-world insights provide practical guidance on how to integrate drone detection into existing security protocols.

Q: How do you see this issue evolving in the next 2-5 years?

DC: We continue to see increased adoption of drones by our clients for true 3-dimensional persistent situational risk understanding. Bad actors are using drones more prevalently for nefarious purposes. Therefore, a drone detection solution like AirSight will most likely be top of mind for future technology roadmaps in order provide this persistent 3-dimensional situational risk assessment and understanding.

Q: Why do you attend GSX?

RT: GSX is is where the entire global security industry unites. Access insights, community and critical security solutions. I attend for the education, exposure to Innovation and networking with peers.

DC: For the networking and exposure to new technology.

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Demystifying Biometrics: The Safe or Unsafe Use of Biometrics,” presented by Doug OGorden, Director of Digital Media & Events at AID2entry & BIPAbuzz – Get To The Point Media. Read on for what he had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in your topic? 

A: When COVID-19 shut down our world, it exposed just how unprepared we were for dealing with the digital transformation of our day-to-day lives…  and created an opportunity for cyber-criminals, particularly from Russia and China, to defraud over $400 billion in Paycheck Protection Program (PPP) funds. The inability to confirm identities remotely made online crime exceptionally easy to commit and even easier to get away with. In response, in 2021, investors poured $3 billion into Identity Verification (IDV) companies to develop ways to better identify, authenticate, and authorize individuals behind online transactions. 

While working in the digital identity market during this gold rush, I began to wonder how the physical access and security industry was addressing the identification, authentication and authorization of individuals accessing desktops and doorways in the real world.  Even today the physical security industry still struggles to ensure with 100% certainty that the person logging into a corporate network or entering a facility is indeed who they claim to be… I call it the “holy grail” or “missing link” that the PACS industry still can only dream about.  

I believe my purpose is to educate the security industry on the safe and ethical use of “using YOU” as the personal credential for both physical and digital access, enabling a truly mobile, touchless, and frictionless experience at work and play. 

Q: Tell us about your presentation and why security professionals should have this topic on their radar. 

A: Biometrics are not new, but the ways we access and store them digitally are only just beginning to be understood and implemented. My presentation will demystify biometrics and explain how using unique personal identity markers can actually enhance our privacy. I will discuss the current barriers to adoption and implementation, and why it is crucial for security professionals to stay informed about technology & privacy advancements. 

Q: What advice would you give security professionals interested in this topic? 

A: The most important thing is to establish a privacy, trust, and consent policy with every employee before implementing a biometric solution. Educate yourself thoroughly or consult an expert. Ensure compliance with state laws, such as Illinois’ Biometric Information Privacy Act (BIPA), which is considered the gold standard for biometric-related lawsuits. Understand that biometrics are not a one-size-fits-all solution for every industry. Keep an open mind during discussions and explore the current methods available for securing and storing reusable, decentralized, self-sovereign identities. Remember, what worked in 2008 might not be suitable for 2024. 

Q: How do you see this issue evolving in the next 2-5 years? 

A: We are transitioning from a “Flintstones to Jetsons” world, and biometrics will only continue to grow in popularity. The younger generation, accustomed to accessing everything with their fingers or faces, will drive this change, questioning why previous generations were so hesitant. By May 7, 2025, the REAL ID deadline, we will begin to see new methods of using our identities at work and in our personal lives. 

Q: Why do you attend GSX?

1. Networking
2. Learning
3. Business opportunities
4. To reconnect with friends and colleagues in the industry

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “The Future of AI and Robotics in the Security Services Industry,” presented by Steve Reinharz, Founder and CEO at Robotic Assistance Devices, and Troy McCanna, Chief Security Officer at Robotic Assistance Devices. Read on for what they had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in your topic?  

SR: From the moment I received my first Commodore Vic20 I fell in love with a future vision of intelligent automation and the possibilities it provides. Extremely exciting to be at this point in history and now driving autonomous intelligent solutions. 

Q: Tell us about your presentation and why security professionals should have this topic on their radar.  

TM: Security pros need to keep Autonomous Intelligent Response (AIR) on their radar because it’s not just the future of security—it’s already making a big impact. If you’re a security director who’s stuck in old ways, you risk falling behind. When your leadership realizes there’s been a big shift in the industry and you haven’t acted, you’re going to face some tough questions. Sticking to outdated and costly security methods just isn’t going to cut it anymore. I firmly believe that understanding, embracing, and implementing autonomous, intelligent security solutions is crucial to staying relevant in the rapidly evolving field of security. 

Q: What advice would you give security professionals interested in this topic?  

SR: Dig in now!!! This is moving quick and new solutions will be popping up everywhere – don’t be left behind! 

Q: How do you see this issue evolving in the next 2-5 years?  

TM: After three years of working with security professionals across various industries, I’ve noticed a rapid increase in the adoption of Autonomous Intelligent security solutions for mainstream needs. As it’s becoming harder to find qualified personnel for security roles, technology is stepping in to fill the gap with more cost-effective and reliable tools that protect property, safeguard people, and enhance overall safety and security for both staff and guests. Over the next 2-5 years, I expect most security roles to be performed by AI driven technology tools, like RAD, keeping people as a premium. 

Q: Why do you attend GSX?  

SR: Attending GSX for me is worthwhile because it’s my mission to continuously improve our industry for the benefit of the end user base. Having the time to meet progressive industry professionals and share how new technology can benefit them and their stakeholders is personally and professionally fulfilling. 

TM: I attend GSX to immerse myself in an environment where forward-thinking ideas are embraced by both professionals and visionaries. I seek out conversations with those who want to be part of shaping the future, rather than just reacting to it. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Creating Safer Schools – Proven Mitigation Strategies for Active Violence Events,” presented by Brink Fidler, President at Defend Systems. Read on for what he had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in your topic?  

A: I started my company with a focus on Active Violence Mitigation Training after my children’s school requested a training in the wake of the attack at Sandy Hook Elementary School. As a prior law enforcement officer, I had exposure to various trainings where I was able to learn the elements of meaningful, lasting trainings. In my opinion, the programs that were available at the time in the Active Violence world had too many holes or too many unanswered questions, so I decided to develop a curriculum of my own.  

Q: Tell us about your presentation and why security professionals should have this topic on their radar.

A: Our training is designed for everyday people to leave feeling empowered and capable of taking immediate action in active violence situations. While it has parts that are tailored to the specific organizations that we are training, it is also applicable to everyday life events like going to the grocery store, church, the movies, concerts, or other events. It’s a holistic way to train your organizations personnel on a topic that is in the forefront of everyone’s mind. 

Q: What advice would you give security professionals interested in this topic?

A: It is essential for everyday people to be trained on what to do in active violence situations because they are the ones who need to know how to survive them. Responding security professionals, whether private or government agencies, are equipped to neutralize threats, but it takes time to respond properly. The fact is, these events unfold so rapidly that the biggest area for mitigation is giving individuals the knowledge and tools to keep themselves alive and help others around them. 

Q: How do you see this issue evolving in the next 2-5 years?

A: Unfortunately, this issue is likely never going to go away. If statistics continue to evolve in the same pattern that they have historically, then this problem will only be getting worse. While attempted attacks may continue to increase annually, our hope is that more and more people will feel empowered to know how to respond through proper and effective training. 

Q: Why do you attend GSX?

A: We attend GSX for a couple of reasons. One is to expose our company to like-minded individuals and potential clients. The other is to build professional relationships with security professionals to stay relevant in products that we are suggesting to clients and stay ahead of the game on new technologies that are designed to keep people and properties safe. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Frontline Workers in Crisis: Leveraging Integrated Security Systems to Address Today’s Greatest Workplace Safety Threats,” presented by Brandon Davito, Senior Vice President of Product and Operations at Verkada. Read on for what he had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in frontline worker safety? 

A: Since the very beginning, Verkada’s mission has been to protect people and property. And as we have grown and scaled our business – today, there are more than 1 million Verkada devices online protecting 24,000 organizations across 85 countries – I’ve learned about the challenges that keep our customers up at night.  

Amid an uptick in violence against workers in customer-facing roles last year, we conducted research to better understand the frontline worker experience. Among the most concerning findings: more than half of retail workers regularly worry about erratic or aggressive behavior and theft from customers. Similarly, more than half of healthcare workers in frontline roles regularly fear being assaulted at work.  

The enormity of this issue can’t be understated. The retail industry is the largest private sector employer in the United States, accounting for fifty-two million workers. That’s one in four Americans in the workplace. 

Retail has long been a starting point for many careers. With better tools and training, we can make a real difference in protecting the safety of retail workers today – and importantly, their careers over the long term. 

Q: Tell us about your presentation at GSX and why security professionals should have frontline worker safety on their radar. 

A: At GSX, I’ll be sharing the newest findings from our research on frontline worker safety in healthcare and retail. We’ll also have time to discuss what this means for leaders entrusted with keeping their workforces safe – everything from the technology that can support teams to thinking through retention, compliance, and training.  

Q: What advice would you give security professionals interested in frontline worker safety? 

A: My advice for security professionals entrusted with protecting frontline workers is to never underestimate the power of communication. From my conversations with customers and partners, I’ve learned that the more that the security tools, systems, and processes are communicated and shared with frontline staff, the safer they feel. Consider hosting regular training sessions, adding signage in breakrooms, clearly labeling tools or otherwise making them visible, and asking for regular feedback about what is or isn’t working.  

Q: How do you see workplace safety evolving in the next 2-5 years? 

A: I’m optimistic that between improvements in technology to both deter and respond to events that more and more workers will begin to feel safe on the job again. Even in just the past year, I’ve seen how many more customers have shifted from primarily using security systems as reactive tools for investigations to proactive tools that can identify and mitigate risks before an incident occurs—for example, being able to automatically detect abnormal or unsafe traffic patterns in stores and send an alert. I have no doubt that AI will also dramatically improve the proactive technologies and solutions that retailers leverage to protect their frontline workers.  

Q: Why do you attend GSX? 

A: Spending time with customers is invaluable. At GSX, I’m able to spend quality time with customers learning about new pain points or issues that are emerging, which helps me and my team to build products and solutions that better address and anticipate their needs.  

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “How Schools and Universities Can Digitally Map Their Campus Security Technology for Better Safety,” presented by Keon Blackwell, Security Systems Coordinator at Atlanta Public Schools, Maureen Carlson, Co-Founder and Vice President at System Surveyor, and Patrick Bucci, Security System Specialist at University of Wisconsin. Read on for what Maureen and Patrick had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in your topic?

MC: We have seen a great deal of K-12 and university security teams use our software to ramp up their capabilities and provide better school and campus safety. Though these campus security teams are responsible for implementing physical security technology effectively, they often don’t have a sizable staff or budget. One thing that campus leaders tell us alleviates these challenges is the ability to share visual plans with non-technical stakeholders and communicate using a centralized, digital platform, in order to make the most informed decisions. In many ways, simplifying the system design and device management processes allows them to reallocate the rest of their time proactively safeguarding students, staff and faculty.

On top of all this, as a parent of both high school and college-age students, this is an especially important topic to me. When we can get campus safety and security leaders sharing best practices, the sum is greater than the parts.

Q: Tell us about your presentation and why security professionals should have this topic on their radar.

PB: I’m excited to be part of this presentation as a real-life practitioner and security specialist at the University of Wisconsin and am happy to share what I’ve learned and the benefits of digitally mapping our campus. We hope it will be an interactive discussion with others who manage complex campus environments. Here is a case study for some background prior to this event.

Q: What advice would you give security professionals interested in this topic?

MC: My advice would be to collaborate and share resources with other professionals in your field and to strive continuously to learn ways to collaborate to solve problems. Every day, it seems, new and advanced technologies enter the market, making it all the more important to constantly educate yourself and communicate with campus stakeholders to determine which technology platforms are relevant and which are not.

When it comes to implementing those technologies, don’t forget to get your system integrator and vendors involved for problem solving and view plans and system designs together. Technology certainly can’t fix everything; but when implemented thoughtfully and with a solid understanding of the objectives of everyone involved, it can contribute to systems that are not only reactive but also proactive. With this in mind, I encourage you to bring questions and constructive thoughts to share during our panel discussion.

Q: Why do you attend GSX?

MC: This is an important event for the people who adopt, recommend and implement technology to come together and learn from each other on how to optimize the use and deliver on the promise of this technology for safety and security. This is my 6th time attending GSX, and it always encompasses people with a spirit to improve and collaborate.

PB: This will be my first time attending GSX. I am excited for the opportunity to share my experiences and to learn from others. We are always looking ahead to new technologies and solutions to keep our campus safe, and GSX is a great opportunity to collaborate with other professionals.

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Preparing for Your Worst Day: Cyber Incident Response Planning and Simulation,” presented by F. Paul Greene, Partner and Chair of Privacy and Data Security Practice Group at Harter Secrest & Emery LLP. Read on for what he had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in your topic?  

A: As a data security incident breach coach, I see firsthand the difficulty organizations have responding to an incident, if they haven’t developed and drilled a good, working incident response plan. I also think that security is a team sport, and all of us need to work together to stay a step ahead of the bad guys. As a result, my contribution to the team is to evangelize on the value of incident response planning and tabletop drills in the hope that we will all improve our security posture and be more prepared for the next attack.  

Q: Tell us about your presentation and why security professionals should have this topic on their radar.  

A: Two rules apply in relation to incident response preparation: first, if it isn’t in writing, it doesn’t exist, and second, if you don’t drill it, you won’t be able to do it. My presentation addresses efficient strategies for developing an incident response plan that works for your organization, rather than, for example, using a form found on some other organization’s website. (You may be surprised how many times I see organizations use “borrowed” forms that have nothing to do with the industry they are in or the data they process.) The presentation also examines how best to plan and execute a security incident tabletop exercise, which can and should be fun in the first instance. Tabletop testing is more about team building than technical security issues, and it lets you build upon the interpersonal strengths your team members already have. And lastly, we’ll simulate a few incident scenarios, to see how participants would respond. Participants should leave with a better understanding of incident response planning and tabletop testing, and a desire to run or participate in a tabletop exercise at their organizations soon. 

Q: What advice would you give security professionals interested in this topic?  

A: Don’t let anyone tell you that you don’t have a role in incident response planning. If you are in the information security department, then you are clearly a voice that should be heard in the planning process. If you are involved with physical security, you are one of the important domains most frequently forgotten, when it comes to security incident response planning and drills. We all have an important role to play in relation to incident response, and running a tabletop exercise is one of the best ways to define those roles. 

Q: How do you see this issue evolving in the next 2-5 years?  

A: A few years back, few organizations were engaging in mature incident response planning and running drills. Now, incident response planning and drills are becoming more frequent, but more can be done. It is my hope that incident response planning and tabletop exercises become much more commonplace in the next few years, and that this helps reduce the risk profile of more and more organizations. 

Q: Why do you attend GSX? 

A: This will be my fourth time attending and speaking at GSX. I find the interplay of physical and cyber security fascinating, and the discussions in my sessions, and at the conference, to be of great value to my practice and clients! 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Utilizing the New ASIS/ANSI Cannabis Security Standard to Build a Security Program Beyond Simply Compliance,” presented by Tim Sutton, CPP, PSP, PCI, senior consultant at Guidepost Solutions, LLC. Read on for what he had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in your topic?  

A: I became interested in my topic after working with clients producing content with respect to Security Management, Security Operations and Security Technology Plans for use in applications for licensure.  This work revealed the regulations and their requirements for security not only focus on security technology and do not seem to be based upon tried-and-true security standards, guidelines or even best practices that are in use by most every industry today.  Many of the regulations’ requirements are based upon outdated and misunderstood security practices and technologies and simply do not provide a sound security program for the protection of all assets through Enterprise Security Risk Management (ESRM). I not only have worked with organizations in the cannabis industry, but I have also worked within the cannabis industry as security director for two multi-state operators (MSOs) with locations across the US and have seen first-hand how the majority tend to create their security programs based solely upon regulatory compliance. This new Cannabis Security Standard not only offers the what is needed to effectively and efficiently secure different types of cannabis operations, it offers the why and how behind the principles and practices in its included 30-page annex. 

Q: Tell us about your presentation and why security professionals should have this topic on their radar.  

A: Any security professional practicing within a cannabis organization or supplying services to a cannabis organization should have this topic on their radar as a go-to reference for setting up a strong ERSM-based security program.  The technical committee members for this standard’s development includes security leadership from multiple cannabis organizations; several security service and product providers to the industry; as well as the Compliance, Enforcement and Training Officer within the Illinois Department of Agriculture under the Division of Cannabis Regulation.  This standard is the only approved ANSI standard addressing security as a whole as opposed to security systems only such as video or alarms. 

Q: What advice would you give security professionals interested in this topic? 

A: My advice would be to read the standard and encourage its adoption by not only regulators but cannabis organizations alike.  No matter where the security professional fits within the cannabis industry, there is something in this standard that applies and can be used to validate or strengthen your practices.  

Q: How do you see this issue evolving in the next 2-5 years?  

A: In the next 2-5 years I see regulating bodies and cannabis organizations adopting the standard in its entirety or several of its provisions.  I also see regulations changing with the legal status of cannabis.  Most notably, the US is poised to reschedule cannabis to a schedule III substance. The pressure to de-schedule cannabis entirely and treat it like alcohol will continue and may eventually come to fruition.  This would mean the regulations for security, as inept and random as they are today, will no longer be around for cannabis organizations to meet for compliance and this standard will be the most informative and encompassing guide for them to follow. 

Q: Why do you attend GSX?  

A: I attend GSX for many reasons. In no particular order GSX provides me the ability to network face-to-face with not only other security practitioners but security providers and even end users. GSX also provides an excellent line-up of educational programming useful for all levels of experience from security experts from across the globe. The exhibit hall at GSX provides the opportunity to discover and learn more about so many different aspects of the security world it can be overwhelming at times.  The exhibit hall also is a great opportunity to show solutions to end users with a hands-on aspect that you just don’t get to experience on virtual product demonstrations. Presenting at GSX and staffing Community and Board booths in the ASIS HUB give me the opportunity to give back to ASIS and help spread the many benefits of ASIS International membership that has provided me with more than I deserve over my nearly 20 years of membership.

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “The AI Advantage: Harnessing AI for Security Risk Management,” presented by Andrew Sheves, founder of DCDR Risk. Read on for what he had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in your topic?  

A: I’ve always been interested in how technology can improve our work as security risk managers. When I started in the commercial sector almost twenty years ago, I started building risk assessment templates in Excel and plan frameworks in PowerPoint and Word, with the intent of removing as much of the repetitive ‘busy work’ from the user as possible and cutting down on errors.  

I moved on to experimenting with simple applications and saw how these could make an enormous difference to our work, but the introduction of widely available services like ChatGPT 3 really opened my eyes to what might be possible. 

Incorporating these tools into the DCDR workflows has accelerated things far more than I could have imagined. I expected a 3-5x improvement, but I now have processes that would take 2-3 days manually, completed in less than 10 minutes with very little difference in quality. 

So I’m more excited than ever about the benefits we as an industry can realize from these new technologies. They have such a substantial force multiplier/accessibility benefit: it’s like having several additional team members or an extra decade or two of experience. I’m keen to see as many people as possible have access to best-in-class risk, security, and crisis tools. I think these technologies are genuine game changers. 

Q: Tell us about your presentation and why security professionals should have this topic on their radar.  

A: AI is the next significant technology shift following web, mobile, and cloud, so there’s no escaping it. Whether you have to use the tools, are part of the buying decision, or adapt to your organization’s adoption of AI, you need to understand enough about the topic to engage effectively. Even if the ultimate decision is not to use these tools, it must still be a thoughtful informed decision. 

Even though I don’t cover this in detail, AI can significantly expand the opportunities for malicious actors and criminals to cause harm, loss, or damage, particularly with respect to the speed and scale of possible attacks. If we’re lucky, we’re on par with our adversaries but are often one step behind, so it’s imperative that we understand how they might be adapting their activities. 

But overall, this is the next major technical advancement we have to adapt to. Some of the challenges will be similar to previous technical revolutions, but with the added challenge of how quickly the field is moving. As the saying goes, ‘the best time to start planning was yesterday; the second best is today’. 

Q: What advice would you give security professionals interested in this topic?  

A: First, don’t be intimidated by the technical nature of the subject. A basic understanding of general technology and basic functionality is more than enough to allow you to participate in an informed manner. I don’t come from a deep technical background, so if I can master this, anyone can. 

Second, accept that you’ll always be a little behind on developments because things are changing so fast. There’s a lot of commentary out there, but I recommend following Professor Ethan Mollick on X / LinekdIn and listening to Nathan Whittemore’s daily AI update (YouTube: @TheAIBreakdown). They are both great at summarizing things, and they keep you up to date on big developments. Ethan Mollicks’ book ‘CoIntelligence’ is also a great read. If you want to get into the weeds, I can’t recommend ‘How AI Works From Sorcery to Science’ by Ronald T. Kneusel highly enough. 

Third, experiment and learn to love the command line. The chat interfaces are amazing, but the real ‘blow your mind’ results come from working with the models directly. That can be as simple as beefing up your prompts to get very specific behavior or writing a few simple scripts that use the API to tie a model into a platform you’re already comfortable with (integrating into Google Suite is very simple). You’ll not only improve your work, but you’ll develop a deeper understanding of the pros and cons of these models. 

Finally, remember that you’re in charge and we must have humans in the loop. You have control, whether it’s what you ask the model to do, how you design it, the data you use, or checking the output before you release it. Just as you would guide, train, and oversee a junior associate, you must put guardrails in place for these models and monitor their behavior. AI is a tool — a very powerful one — but it’s still a tool, and one that it is up to us to use responsibly. 

Q: How do you see this issue evolving in the next 2-5 years?  

A: If I’m honest, the velocity of this technology makes me wary of trying to predict just 2-5 months out…  

However, in general terms, I expect the following. 

• AI will be a wholly integrated part of our lives, just as mobile phones are today (with a similar mix of good and bad effects). 

• Most companies that haven’t embraced AI by 2026 will be struggling by 2029 (if they are still around). 

• We will have had one very significant incident in which AI was a core component, either as an enabler or where one failed. 

• The number of positive developments due to AI will significantly outpace the negative ones. 

• We won’t have one all-powerful AGI (artificial general intelligence), but we will have several domain-specific AGIs that outperform most experts in that field. Human experts will defer to these narrow AGIs more often than not. 

• AI will allow us to solve many of our most challenging problems, but we will still need humans with the will to implement these solutions. 

• We’ll regularly interact with AI in a way we can’t quite comprehend yet, such as a neural link or always-on AI companion. 

Q: Why do you attend GSX?  

A: GSX is the only place to get a real sense of where the industry is heading and hear from the leading practitioners and thought leaders on the most important topics in our industry. Despite the advances we’ve made in remote work and virtual meetings, connecting in person, hearing the hallway chatter, and seeing which talks and demonstrations are drawing the crowds is essential if you really want to get a good sense of what’s going on. I haven’t been able to attend in person for a few years while I’ve been abroad, so I’m really looking forward to getting back to GSX this Fall. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Shaping Security Preparedness: Key Takeaways for Security Professionals from the Ongoing Conflict in Ukraine,” presented by Viktor Panchak, Security Director and Partner at International SOS, Mykola Mikheiev, CPP, PSP, PCI, Security Operation Center Officer at European Union Advisory Mission, John Rendeiro, Vice President of Global Security and Intelligence at International SOS, and Tom Callahan, Senior Security Advisor at CRDF Global. Read on for what they had to say and don’t forget to register for GSX 2024!

Q: How did you become interested in your topic?  

VP: I am Ukrainian, and as millions of my fellow countrymen the first thing I heard at 4:30 AM on 02/24/2022 was a massive rocket attack with bomb blasts in Kyiv outskirts. The Russia/Ukraine war is undoubtedly the most serious geopolitical crisis in Eastern Europe since the end of the Cold War. It is an existential threat for Ukraine, but its impacts go well beyond the immediate devastation that it’s causing, particularly with regard to the security landscape.  

As security professionals, we must be forward-looking and share lessons learned with our colleagues globally. That was the key indicator that I started thinking about pulling together this topic. With subject matter expertise “from the ground”, our education session at GSX will explore the key takeaways from the war that security professionals should consider while shaping their security operations procedures. The aim is to identify the main drivers that impact business and explore the most efficient instruments and methods for mitigating risks while getting prepared for the worst. 

Q: Tell us about your presentation and why security professionals should have this topic on their radar.  

MM: The current conflict in Ukraine is the most significant war on the European continent since WWII. Moreover, there is clearly a conflict of values between the smaller young democratic state that admires Western values and the authoritarian regime, excessing Cold War proxy power coercion. 

Many Western companies have been working in Ukraine before. Yet during the two and half years of the conflict, Western companies in Ukraine learned a lot about the new relay of how to maintain the business, how to apply the duty of care about their ex-pats and local personnel, how to be resilient, and how to plan the business continuity. If your company operates globally or you are in the Asian markets, you can learn much from Ukraine’s resilience because China is watching the Russian steps and could soon mimic it in Taiwan or the South China Sea. As the saying goes, failure to prepare is equal to preparing to fail. By attending this session, security professionals can take away the suggestions from the firsthand professionals involved in business resilience planning affected by the Ukraine conflict and adapt them to their prospective businesses. 

Q: What advice would you give security professionals interested in this topic? 

JR: First of all, I’d advise reading up on an overview of Ukrainian history, inevitably concentrating on Ukraine’s historic relations with Russia. After examining the more or less ancient history, including the establishment of the Kiev Rus and subsequent events, I’d concentrate on twentieth and twenty-first century developments, including the Bolshevik revolution and its aftermath, World War Two, the post-war trajectory of the Soviet Union and its collapse. Then a detailed study of the past twenty years and Russian incursions into Georgia, Crimea and Ukraine would be in order. It’s simply impossible to even begin to understand what’s going on now in Ukraine and Russia without this historical foundation. In addition, exploring the particular security challenges facing those doing business or just traveling in Ukraine and Russia would be a requirement for a security professional interested in that region. Finally, I’d advise participating in webinars and other events dealing with Ukraine, for a current view of events. 

Q: How do you see this issue evolving in the next 2-5 years?  

TC: From a narrow perspective, companies and organizations in the region are considering more seriously what they would do if faced with a similar situation. A Russian invasion of Ukraine was considered unthinkable by many, even up to the point where tanks were massed along the border. The unthinkable became real, and other countries – Poland, the Baltics, Moldova – are reassessing the scope of their preparations. The key is how resilient do you need to be to achieve the purposes of your company or organization, including your sense of responsibility for employees, and what tools, equipment, procedures, and assets do you need to enhance that resilience. Companies and organizations in Ukraine that got back on track quickly after the full-scale invasion had built in layers of resilience. They adjusted to personnel relocating and working remotely, ensured that their critical data was held in the cloud and not solely in local servers, compensated employees with flexible, emergency grants or loans, and used simple channels to keep track of where people were and what they were facing – Telegram, WhatsApp, Signal as well as Facebook and regular email. Some organizations like ours had a designated location in a city outside the country (or far to the west) that became a rallying point, way station, or permanent relocation. We also had local experts on call for extraction assistance if needed. 

From a broader perspective, the effects are enormous. An entire generation of Ukrainians will grow up with this event a defining in their lives. Fathers and brothers entering the service, mothers and children relocating to other parts of the country or outside the country, school districts chosen based on how good a bomb shelter they have. Ukraine will be even more Europe-oriented, more multilingual, and more mobile in a post conflict, reconstruction era. For decades to come, people running for office in Ukraine will need to answer the question about what they did during the war.  

Q: Why do you attend GSX?  

VP: Global Security Exchange is the world’s most comprehensive event for security professionals globally. Attending GSX ensures you never fall behind, stay informed, connected, and prepared for what’s next in the world of professional security. My Top-5 reasons to attend GSX: 

1. Keep up to speed in expanding your professional knowledge.
2. Experience dynamic learning opportunities via substantial education sessions. 
3. Upgrade your professional network through interacting with your peers.  
4. Learn about innovative security technology products and solutions.  
5. Celebrate our profession and achievements and have some well-deserved fun.