By Ron Martin, CPP

It is important to note that security is a business function, not a subset or spin-off of the criminal justice system. Therefore, security management is a distinct field of academic study, separate and apart from criminal justice. Entrants to the industry seek internships, cooperative or work study programs, and entry level positions with employers.

The industry needs a more diverse community of entry level analysts and technicians. This session will provide a summary of security career opportunities along with the supporting career competencies. The essence of this session is the career competency model developed from the United States Department of Labor Model. Many entrants are not aware of the industry’s career opportunities. Nor do they know the competencies required.

In the security industry, as well as in all industries, there are three distinct actors in the career development process-the employer, institutions, and the individual. The employer’s role is to provide employment opportunities and establish competencies for their employees. The second actor is “the institution”. An obvious example is the school system, but industry associations play an important role as well. They can provide a baseline competency for the industry they serve. Finally, there is the individual. He/she must obtain the requisite knowledge, skills, and abilities to apply and compete for many career opportunities the industry will offer.

This session will cover the “What and the How” of security management. The “what” are career opportunities. The “how” are the core career competencies an individual will need to satisfy the employer’s workforce requirements.

Join me on September 26^th for Session #6122, Security Careers: The What and the How.

By Brent Barker

Criminals are early adopters of new technology. They use it to create new crimes and improve old crimes. Law enforcement and the laws are always playing catch-up. This is especially true for cryptocurrencies.

In 2017 the value of cryptocurrencies exploded. At its high, they had a total value of $823 billion USD. The rising value attracted investors and criminals. Bitcoin was the first cryptocurrency but now there are over 1,600. Most are legitimate, but some are scams. One cryptocurrency was even called ponzicoin.

The single largest theft of cryptocurrencies took place in January 2018. Hackers stole $530 million from the cryptocurrency exchange Coincheck. Several people who became rich from cryptocurrencies have been kidnapped and forced to hand over the private key that accesses their cryptocurrencies. Once someone has your private key and steals your cryptocurrency, it is gone. There is no way to get it back.

Countries are using cryptocurrencies. Venezuela introduced the petro earlier this year to avoid U.S. sanctions. And North Korea is suspected of secretly mining cryptocurrencies to earn hard cash.

Companies are using cryptocurrencies as a new way to raise investment money. Most are legitimate, but one study found that over 18% of them were suspicious and likely involved fraud.

But there is good news. Cryptocurrency transactions are not as anonymous as previously believed. They can be tracked, and owners identified. Law enforcement is learning how to “follow the virtual money.”

Today, the attention is on the cryptocurrencies, but many see the greatest potential from blockchains, the software that powers cryptocurrencies. Many believe blockchains could change the world as much as the internet. In the future, every business will use blockchains in some manner including the security industry.
Join me on September 24^th at GSX 2018 as I explore the criminal use of cryptocurrencies, law enforcement investigations and examine the enormous potential of blockchains to fight crime in the future. Join me for Session #4309, Bitcoins, Blockchains and Crime.

By Tim Sutton, CPP

In more states than not and in an increasing number of countries around the world, medical cannabis security has become a unique new challenge. In the U.S., twenty-nine states and the District of Columbia have enacted laws legalizing medical cannabis. Cultivation, processing, and dispensing organizations present both shared and unique risks and each state has its own set of rules, regulations, and governing bodies. Join us as we move through all phases of medical cannabis security, beginning with the permit application and continuing through to patient sales. Explore how to demonstrate compliance with varying rules and regulations while providing a safe and secure environment for employees and patients. Study factors in operating multiple sites in multiple states across multiple levels.

At GSX, we’ll explore the complexity of securing the medical cannabis industry and the many challenges faced by Security. The permit application process and security plan are unique to each state’s rules and regulations. Explore how to meet some of the more difficult requirements for compliance and learn about some examples of noncompliance. Learn also about the commonalities and differences across different locations.

We will discuss case studies from several states. There is no cookie-cutter template that will ensure success. The security plan is weighted as 25-30% of the total scoring of permit applications and is much more than cameras, locks, and security personnel. Discover how to integrate ASIS ANSI Security Standards throughout the process as we discuss the core elements of a security plan in the medical cannabis industry used today in operations across multiple states.

Join me on Tuesday 25 September for Securing the Medical Cannabis Industry from Seed to Sale.

Tim Sutton has nearly 30 years experience in loss prevention, safety, and security with more than 20 of those years in management. He has worked in both operations and administrative capacities for some of the largest and most prestigious regional and international companies. His experience in retail, manufacturing, chemical, public and government housing, schools, and hospitals and their specific safety and security needs has helped build his unique perspective and skill set. As Director of Security for GHG Management, Tim is responsible for any and all security concerns including the designing of electronic security systems and all physical security programs within the company’s 12 Medical Cannabis Dispensaries, and Medical Cannabis Cultivation and Processing Centers in IL, MD, and PA.

By Hector Sanchez, MBA; CPP

Here we are just over 151 days into 2018 and we already have “473” injured and ”202” killed in active shooter incidents with over 7 months remaining in 2018. There are many reasons why such horrible incidents take place, but the impact is deeply felt throughout our society and the effects are long-lasting. The Department of Homeland Security had developed and tirelessly communicated their “run, hide, fight” approach, via any and all means available; yet victims outnumber the calendar days this year 2:1 with over half the year remaining. There isn’t a solution to this epidemic that continues to metastasize within our society with no end in sight; so, what is there to do?

Here are the 5, 4, 3, 2, 1 considerations to take:

Five (5) actions to take
1. Develop an action plan considering the worst and work backwards
2. Involve all individuals from your organization
3. Engage vendors, contractors, and customers alike
4. Get Law Enforcement and First Responders to play a part
5. Continuously perform Operational Security Assessments

Four (4) areas that must be clearly explained in your Policies & Procedures
1. Incident Management Plan
2. Visitor Management Program
3. Strong CPTED Operational Philosophy
4. Workplace Violence & Active Shooter Insurance

Three (3) Principles to live, operate, and exist by (ASIS)
1. Policies, Procedures, & Protocols (3Ps)
2. Technology, Tools, & Techniques (3Ts)
3. Internal, External, or Hybrid Security HR

Two (2) Operational security incident outcomes of an organization
1. It will survive after the incident because of the readiness level it operated under, or
2. It will perish because it operated under false pretences that “it will never happen to us”

One (1) real fact…
1. It’s not if it happens but when it happens that organizations should operate under

Take action using the previous points or reach out to someone that can help your organization!
Join us on September 26 in Las Vegas, NV at the Global Security Exchange (GSX) from 11:00-12:15 for a live presentation on such an important, valuable, and relevant topic that’s impacting everyone today. I look forward to meeting everyone there!

To be presented by: Lynn de Vries, CPP, PCI & Erik de Vries, CPP

Managing a crisis is always a challenge. But managing a crisis about something that is completely out of your comfort zone can be even more challenging. This is more and more the case as non-technical security professionals have to grapple with how to manage increasingly prevalent cyber extortion crises, including ransomware.

Whether or not they are part of the organization’s crisis team, the (non-cyber) security professional is often the first point of contact when a crisis hits. The most important thing to understand is that, no matter the cause, in most cases, crisis management is about communication and protecting the organization’s reputation. A cyber extortion crisis is no exception. Even though you may not be a cyber professional, knowing which steps to take can help you manage any crisis, even cyber.

Preparedness is always the best response. But where to start?

Using the business impact analysis as the first step in a comprehensive risk management approach is the best starting point from our point of view. The next steps are selecting and training the crisis team(s) and developing a well thought through crisis plan.

One cannot prepare for all kinds of crises. Adopting the all hazards approach and preparing checklists for the most likely scenarios will help crisis teams to be prepared, even though we all know that a crisis never develops as expected.

Apart from the experience of participating in a short but intensive cyber extortion crisis desktop exercise during our training session, attendees will be offered a step-by-step approach to develop or re-define their crisis plans.

Join us at GSX on Wednesday the 26^th of September for our session: Managing Cyber Extortion Crises.

What makes the dark web?

By Cynthia Hetherington, The Hetherington Group

The Dark Web, or darknet, is classified as a small portion of the World Wide Web that has been intentionally hidden and is inaccessible through standard web browsers. There is no “darknet Google.” Darknet sites are often put up and taken down within a matter of minutes specifically to maintain anonymity. The entire drive behind the dark web is anonymity—and privacy.

The most famous content that resides on the Dark Web is found in The Onion Router (Tor) network, accessed with a special web browser, called the Tor browser (www.torproject.org). This is the portion of the Internet most widely known for illicit activities because of the anonymity that the Tor network gives.

The backbone of the WWW works because there are online directories, known as domain nameserver (DNS), handing off your search requests to the real location of the site. It’s often easy to remember a domain name—especially if it’s a catchy name. But it’s the Internet Protocol (IP) address—the number—associated with the URL name that is the true language the Internet understands. For example, you type in hetheringtongroup.com and hit Enter. Up pops the website for the Hetherington Group. But what’s truly happening is this: the browser sends your hetheringtongroup.com address to a DNS and is handed back the actual IP address, which is 209.177.145.48, and at the same time takes you to the Hetherington Group website. To better understand, try typing in 209.177.145.48 and hit Enter. You will be taken to the Hetherington Group website. But hetheringtongroup.com is a heck of a lot easier to remember than 209.177.145.48, eh?

On the darknet, however, there are no DNS servers. You must know where you want to go and what you are looking for; you must have those specific coordinates beforehand to locate what you want on the darknet. Otherwise you will not find it. More importantly, it can’t be indexed or mapped, which is what makes it anonymous.

With caution, a good way to start eyeballing the dark web is to try a few websites that try to create a searchable platform. Some of those beginner websites are:

• The Hidden Wiki (torhiddenwiki.com): It’s like Wikipedia for dark web content, or Yahoo’s subject directory.
• Onion Link (onion.link): Uses Google’s API on the links and content they have located. A search on, say, puppies in surface web Google would give very different results than the same search would give on Onion Link.

These accessible sites and others that lead to your assets and brands, are the type of practical dark net matter we will be sharing September 25 at GSX 2018! Join me for Session #5105, The Dark Web: Protecting Brand, Reputation, and Assets.