RiskXtraSeptember2018

More documents

Recommendations

Info

x RISKXtra ‘What makes the modern security professional?’ As Tony O’Brien observes, the right combination of a security mindset, hard and soft skills, technical ability, selfawareness and adaptability is almost impossible to define. Today, and increasingly so, it’s all about an individual who’s every bit as comfortable in the cyber world as they are in the physical space and who readily understands the connectivity (and indeed, the interdependency) of both realms Creating The Security Professional of The Future As converged security services develop at a rapid pace, finding people with this diverse skill set is proving to be somewhat challenging for many reasons. There’s a requirement, then, to talk about building these professionals from the ground up and assess what we can do now to prevent the rest of the industry from becoming the next dinosaurs. When I think of the pace at which the world is evolving and developing, it both amazes and worries me. If we consider that, just ten years ago, many of the platforms we now use on a daily basis didn’t even exist, and that in five years’ time they’ll likely be obsolete, this illustrates precisely how quickly the world – not to mention ourselves as its inhabitants – can evolve. It also illustrates how those who are not willing to adapt and develop can be left behind in the wake of evolution. The security industry isn’t immune to this risk, and particularly so in the area of cyber security. I would estimate (both anecdotally and from the new entrants I see coming through the doors) that 90% of the physical security industry is well below a basic level of understanding in areas of cyber security, cyber crime and information security. To change this situation could take a generation. However, given the pace at which these areas are evolving, our current security population could be seen as obsolete long before that time. As someone who teaches in this industry both at entry level and higher up, I will be the first to admit that the current training system will not be fit for purpose in even two-to-three years. It’s barely plugging the gap now. We have large skills gaps in the cyber security area and a large pool of under-trained physical security operatives. This system, I believe, is the very root of the problem. Typically, we still treat the two areas as completely separate roles when they’re not. Of course, at higher levels the technical skills involved will differ, but as converged services become a reality, every single security operative needs to be at least familiar with both information and cyber security basics. The problem I see daily is that professionals operating in the physical security industry still perceive that cyber security isn’t their job. There’s a real fear of the subject. It’s the fear of the unknown and the fear of new challenges that terrifies the physical security industry and those resident within. What we’re left with is a group of security specialists who know a lot about crime prevention and the essence of what a crime looks like in their field. We also have a cyber security industry predominantly made up of IT specialists who know lots about the cyber world, but not a great deal when it comes to how criminals think and act, or indeed about the knock-on physical consequences of cyber security. Why can’t we determine to build security operatives with a skill set in both? This issue then escalates at the security management level, where we have people promoted from within the physical security ranks or recruited from policing and military backgrounds. They possess high levels of physical security knowledge, but no idea about cyber or information crime. Upskilling these individuals (of which I count myself as being one) is both challenging and time-consuming. Ultimately, the pace of skills development is always going to struggle to keep up with the pace of change. Pathways for transition Currently, there are very few pathways whereby physical security professionals can transition to cyber security and even fewer pathways in the opposite direction. There are some, but they 52
The Security Institute’s View often require many years of study and at an advanced level. My own opinion here is that we don’t need to develop many more pathways between the two areas. Instead, we need to begin treating the two areas as a single field, and building entry level training programmes for the future security specialist which afford a solid grounding in both areas. At the top level, we will always have specialists like there are in every professional field, but this is where the specialisation should start. Once all security professionals have a solid competency level across security fields, then we can branch off into specific fields where the individual’s passions or career opportunities lie. This is the way in which every other professional field works. Consider medicine, teaching or the sciences as the perfect examples. Every professional here receives a basic grounding in the fundamentals and then chooses their specialist area at a higher level. If we want to be seen as a profession and not just a job, then this is where we need to be aiming. We simply cannot continue to ‘silo’ our efforts or both sectors will inevitably suffer over time. Building from the ground up My suggestion is that we begin to develop an international occupational standard for the future security operative. You will note that I said international standard as part of the International Labour Organisation’s International Standard Classification of Occupations (ISCO) which informs many countries’ national occupational standards. This would be a move beyond the typical focus in most countries on developing national occupational standards for security operatives. We now live in a global world, both in terms of cyber and physical security. Our future training needs to reflect this reality and equip security professionals to work in a global landscape. Security in the future will have fewer physical and national boundaries and we must equip ourselves now for this eventuality. This will take time to develop and, in the meantime, we can begin to take steps with programmes that we already have in place to make them better suited. Until we can converge cyber, information and physical programmes, we can begin to insert modules into the current programmes so as to begin to give each area basic knowledge of the other. This works both ways. Just as our current physical security training programmes have limited or no content on cyber security, the same applies in the cyber security sphere. I don’t see too many cyber security programmes out there at any level which cover areas such as criminal mindset, securing physical assets or even police statement writing. Beginning to introduce these subjects into each area can really help in setting the groundwork for the future development of converged security programmes. While we can begin to introduce these subjects to the industry at entry level, I certainly believe that we should be looking to develop robust, converged security programmes at certificate, diploma and degree levels before the specialisation begins at Master’s level and beyond. Appreciating the cyber risk It’s difficult for an individual who has worked in physical security for many years to appreciate the cyber risk and to comprehend the skills required to be proficient. Now that cyber incidents have started to manifest themselves in real physical injuries and deaths, perhaps the risks involved will become more apparent. There’s huge scope here for both sides to work together to everybody’s benefit. There is currently a large skills gap in the cyber security area. There’s also a pool of talent resident at mid-level in the physical security arena who would love to help out, but simply don’t have the tools to do so. While it may take some time to help them develop those tools, spending that time would certainly be proven to be a worthwhile endeavour. Planning for the future That only provides a temporary respite, however. The cyber security arena will continue to grow, as will all other areas of the industry. I sincerely hope that we’re not sitting here in a number of years’ time having the same conversation. In order to avoid that scenario, we have to begin planning, developing and implementing training programmes for future security operatives which reflect not just today’s risks, but also the foreseeable risks of five and even ten years’ time down the line. The development of this generation of security professionals has the potential to be the vanguard for the future of the industry, but only on the proviso that we determine to act now. If we wait, it could be too late even for the next generation. The Security Institute’s View is compiled and edited by Dr Alison Wakefield FSyI (Chairman of The Security Institute) and Brian Sims BA (Hons) Hon FSyI (Editor of Risk Xtra) Editors’ Note: Any security practitioner can commence their cyber security education online (and at no cost) via the FutureLearn ‘Introduction to Cyber Security’ course. There’s also the option to pay £62 for a certificate of achievement. The course development was supported by the UK Government’s National Cyber Security Programme. It provides GCHQ ‘Certified Training’ and is also IISP accredited Tony O’Brien: Managing Director of Security Operative Training Services “We now live in a global world, both in terms of cyber and physical security. Our future training needs to reflect this reality and equip professionals to work in a global landscape” 53 www.riskxtra.com>
Page 1 and 2: x www.riskxtra.com RISKXtra Securit
Page 3 and 4: x RISKXtra September 2018 Contents
Page 5 and 6: x RISKXtra Editorial Good for Busin
Page 7 and 8: News Update City of London Police a
Page 9 and 10: News Analysis: Apprenticeships in t
Page 11 and 12: x RISKXtra News Special: Global MSC
Page 13 and 14: Opinion: The Modernisation of CCTV
Page 15 and 16: Opinion: Mind Your Own Business to
Page 17 and 18: x RISKXtra BSIA Briefing Many reade
Page 19 and 20: x RISKXtra Advertisement Feature Mi
Page 21 and 22: Data Protection Considerations for
Page 23 and 24: x RISKXtra Building Management: Acc
Page 26 and 27: x RISKXtra Advertisement Feature: H
Page 28 and 29: 2018 OLYMPIA LONDON, 28 - 29 NOVEMB
Page 30 and 31: FIRE SAFETY What you need to know a
Page 32 and 33: FIRE SAFETY “All pre-learning mat
Page 34 and 35: FIRE SAFETY Hochiki launches FIREsc
Page 36: FIRE SAFETY Pulse Alert VADs lower
Page 39 and 40: FIRE SAFETY Kentec introduces four-
Page 41 and 42: FIRE SAFETY Ensuring Fire System Ef
Page 43 and 44: x RISKXtra Emergencies and Life Saf
Page 45 and 46: We go to greater lengths. Axis Secu
Page 48 and 49: x RISKXtra The Race to the Bottom i
Page 50 and 51: x RISKXtra Meet The Security Compan
Page 54 and 55: x RISKXtra Selling Security Without
Page 56 and 57: x RISKXtra Despite the ongoing best
Page 58 and 59: x RISKXtra Selecting Workforce Mana
Page 60 and 61: x RISKXtra CTI: Keeping UK Citizens
Page 62 and 63: x RISKXtra Routes to Learning: Staf
Page 64 and 65: x RISKXtra Risk in Action Dahua’s
Page 66 and 67: BENCHMARK Smart Solutions BENCHMARK
Page 68 and 69: x RISKXtra Appointments Martin Harv
Page 70 and 71: ACCESS CONTROL CCTV CCTV INTEGRATED
Page 72 and 73: GATE AUTOMATION & ACCESSORIES WHOLE
Page 74 and 75: INTRUSION DETECTION AND PERIMETER P
Page 76: NOTHING MISSED Independent left and

RiskXtraSeptember2018

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?