RiskXtraSeptember2018
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
x<br />
RISKXtra<br />
‘What makes the<br />
modern security<br />
professional?’ As Tony<br />
O’Brien observes, the<br />
right combination of a<br />
security mindset, hard<br />
and soft skills,<br />
technical ability, selfawareness<br />
and<br />
adaptability is almost<br />
impossible to define.<br />
Today, and<br />
increasingly so, it’s all<br />
about an individual<br />
who’s every bit as<br />
comfortable in the<br />
cyber world as they<br />
are in the physical<br />
space and who readily<br />
understands the<br />
connectivity (and<br />
indeed, the<br />
interdependency) of<br />
both realms<br />
Creating The Security<br />
Professional of The Future<br />
As converged security services develop at a<br />
rapid pace, finding people with this<br />
diverse skill set is proving to be somewhat<br />
challenging for many reasons. There’s a<br />
requirement, then, to talk about building these<br />
professionals from the ground up and assess<br />
what we can do now to prevent the rest of the<br />
industry from becoming the next dinosaurs.<br />
When I think of the pace at which the world is<br />
evolving and developing, it both amazes and<br />
worries me. If we consider that, just ten years<br />
ago, many of the platforms we now use on a<br />
daily basis didn’t even exist, and that in five<br />
years’ time they’ll likely be obsolete, this<br />
illustrates precisely how quickly the world – not<br />
to mention ourselves as its inhabitants – can<br />
evolve. It also illustrates how those who are not<br />
willing to adapt and develop can be left behind<br />
in the wake of evolution.<br />
The security industry isn’t immune to this<br />
risk, and particularly so in the area of cyber<br />
security. I would estimate (both anecdotally<br />
and from the new entrants I see coming<br />
through the doors) that 90% of the physical<br />
security industry is well below a basic level of<br />
understanding in areas of cyber security, cyber<br />
crime and information security. To change this<br />
situation could take a generation. However,<br />
given the pace at which these areas are<br />
evolving, our current security population could<br />
be seen as obsolete long before that time.<br />
As someone who teaches in this industry<br />
both at entry level and higher up, I will be the<br />
first to admit that the current training system<br />
will not be fit for purpose in even two-to-three<br />
years. It’s barely plugging the gap now. We<br />
have large skills gaps in the cyber security area<br />
and a large pool of under-trained physical<br />
security operatives. This system, I believe, is<br />
the very root of the problem.<br />
Typically, we still treat the two areas as<br />
completely separate roles when they’re not. Of<br />
course, at higher levels the technical skills<br />
involved will differ, but as converged services<br />
become a reality, every single security operative<br />
needs to be at least familiar with both<br />
information and cyber security basics.<br />
The problem I see daily is that professionals<br />
operating in the physical security industry still<br />
perceive that cyber security isn’t their job.<br />
There’s a real fear of the subject. It’s the fear of<br />
the unknown and the fear of new challenges<br />
that terrifies the physical security industry and<br />
those resident within. What we’re left with is a<br />
group of security specialists who know a lot<br />
about crime prevention and the essence of<br />
what a crime looks like in their field.<br />
We also have a cyber security industry<br />
predominantly made up of IT specialists who<br />
know lots about the cyber world, but not a<br />
great deal when it comes to how criminals think<br />
and act, or indeed about the knock-on physical<br />
consequences of cyber security.<br />
Why can’t we determine to build security<br />
operatives with a skill set in both?<br />
This issue then escalates at the security<br />
management level, where we have people<br />
promoted from within the physical security<br />
ranks or recruited from policing and military<br />
backgrounds. They possess high levels of<br />
physical security knowledge, but no idea about<br />
cyber or information crime. Upskilling these<br />
individuals (of which I count myself as being<br />
one) is both challenging and time-consuming.<br />
Ultimately, the pace of skills development is<br />
always going to struggle to keep up with the<br />
pace of change.<br />
Pathways for transition<br />
Currently, there are very few pathways whereby<br />
physical security professionals can transition to<br />
cyber security and even fewer pathways in the<br />
opposite direction. There are some, but they<br />
52<br />