Strategic vs. Opportunistic

So apparently the trick is to lead with a shocking headline … OK here goes. What if I said that the routine patrols you send your security officer out on may be one of your biggest corporate security risks? BS you reply … because you hire a contract security company the risk is transferred to them. This is true … sort of. It doesn’t take long on Google to find instances where security officers are hurt or killed suddenly on the job. A few more clicks and you will see that the name on all the newspaper and TV stories is not the Guard Company but rather the company where the security officer was serving. The Brand of that company takes a big hit.

So moving to reality. The last thing anyone wants is for anyone to be hurt on the job. It is my submission that one of the most dangerous things that can happen is when a security officer and a criminal come face to face … and both are surprised. The fact is neither will know exactly what is going to happen next. Your security officer has some tactical advantages. They know the terrain, they are sober and they have back-up ….. they DO have backup don’t they? Statistically they do not have quick back-up so with luck they didn’t get too close too quick.

The point is that the above security officer is working entirely in an opportunistic manner. If they happen to see something … they do something. Great security officers get great at knowing when and where to be to be most effective however that comes with time on the site which takes time and likely some bumps along the way.

So my challenge is this. With every security camera company under the sun claiming they have great analytics (with a few of them actually having OK analytics), why are these camera views not leveraged in real time to a security officer who is in the immediate vicinity? With expensive access control systems able to detect all sorts of anomalies, why are most access control event logs just logged onto a server in a room and never seen by human eyes?

The typical answer is that a security officer that is visible is more effective and there is definitely value to this statement. Clients want the security officers on their feet in plain view as opposed to asleep behind a bed of computer monitors.

Another typical answer is there are no cameras or access control points. Also true however that is a problem solved with funding, and given the promised (by me) increase in security efficiency it will be easy to show a business case for an investment.

Lets measure a security officer’s performance, not based on how many steps and clicks are put in on a shift but rather how many security anomalies were attended to and what were the outcomes. In addition, how many security anomalies were not attended to with an explanation for why there was no attendance. This information is readily available and automatically tracked. Even I would have a hard time having a nap if there were several blinking red lights and beeps awaiting my acknowledgement knowing that I will be questioned in the morning why these alerts were not attended to. Fact is, the only good answer is that I was fully occupied on other incidents and this why we need more staff at this site.

And for those who have staff watching a big bank of cameras and dispatching guards, are you not guilty of just doing opportunistic monitoring instead of strategic monitoring? Please don’t get me going on the value of “motion detection” that has sucked for the last 30 years.

Lets let technology do what it does best by raising security anomalies and lets let security officers do what they do best and provide a quick strategic response.

This is a call to examine every part of your contracted (or in house) security team’s mandate and seek out opportunistic tasks that should be strategic. There will be well defined opportunities that will provide real time intelligence to your staff on duty as well as long term analytics to measure total team performance. Respectfully I don’t see this approach coming from current guard companies…. yet. Necessity is the mother of invention. It is on the businesses who are hiring these companies to require a change.

On a lighter note, I am making it in just under the wire for a self imposed one post per year !! I am so lucky to have maintained great clients and industry friends in 2022. Here is to a safer and more secure 2023 ๐Ÿ™‚

Thanks for reading


Still Standing !!

So when I go to a website, one of the first things I check for is when was the last time this site was updated. Stale sites mean that maybe the business has gone under or at minimum is not staying relevant. So imagine my horror when I noticed that my last blog post was over a year ago!

We are happy and blessed to say that the reason for the slip was due to an abundance of work with some great clients over the past year ๐Ÿ™‚

The lock down has been hell for many and as much as would like to say that the fact we are still standing is due to pure business acumen, the truth is it is almost completely attributed to luck. Many of my brothers and sisters have had to adapt … drastically.

I am spending some time evaluating video and access control systems that clients have in place and it seems that they are only being used to a fraction of their capacity. Folks are dropping big coin on cameras capable of AI, analytics, License Plate Reading ….. and still using the camera the way it was 20 years ago which is wait until something bad happens and then review the footage to see if there is evidence.

I am spending a bit of time with clients who have guard contracts. My observation is that it they are clocking steps from checkpoint to checkpoint the way they were doing 20 years ago.

Almost every camera has some sort of line cross detection. Lets get those set up with proper schedules and build in redundancies to minimize false alerts. Then lets take the real alerts and pass them to our central station monitoring the alarm system and actually get a response going before the crime.

Lets get those guards to do more than walk from place to place (which is still VERY effective but can be better). The guard of the future will be able to operate local visual surveillance systems, arm and disarm partitions during patrols, operate a drone, produce and understand intelligence reports relevant to their site. This will result in less guards being deployed however the guards that are deployed will have skills that warrant a premium salary.

The point being that perhaps the single most effective advancement that most clients can achieve is to utilize their existing technology more effectively!

GSX 2019

So we attended the GSX show this year in Chicago to discover what is new (no to much), what is cool (Chicago is very cool) and catch up with colleagues scattered all over the world.

In the topic of what is new, for sure the industry is understanding the the mobile phone is the credential of the future. There are a few different models for implementing the mobile credential from annual subscription to one time fees. Lots of Bluetooth … some NFC . STiD, a company from France, had some cool innovation.

There seemed to be less overall hype about analytics this year and a bit more realism … likely due to folks like me who bought into the hype hook line and sinker in the past and were very let down. I would still love to see Boolean “and” to the rules engine in order to reduce false alarms.

The floor seemed a bit quieter this year … maybe just a perception. Some amazing networking done and some amazing music heard in the bars!

Individualized Information or Textbook ?

In my previous career, I used to joke that a Consultant is a person who writes great big reports that nobody reads. Now that I am a consultant …. its not so funny! The question is, however, is if it is true?

More is usually better. An extra ice cream scoop or a third encore from an awesome band is readily enjoyed. But what about a consultant’s report. Does an executive want to have to read and digest 100 pages of material in order to take action on my recommendations? I am guessing NOT. And if they do read all 100 pages of material is it because they are is passionate about the material or is it because they are not blindly ready to go ahead with the recommendations. In most cases it is the latter.

So building that perfect report is a science of giving recommendations that are uniquely suited to the problem at hand in the most concise manner possible. There has to be enough content to support the recommendations and there has to be enough content to satisfy the client that I know what I am talking about; meaning the recommendations are based on solid principles and analysis.

The test for the report is asking myself after every paragraph, why my client should be reading this. If it is so they gain knowledge to understand the recommendations then it stays. If it is just to make them a bit smarter about security in general, or for me to feel better about how much I charged them, it will probably go deep into an appendix somewhere.


Challenge to Health Care Security Providers

start rant …

Apologies in advance for the verbose !! Apologies also for a bit of SCREAMING. “This one is serious”, says the guy who’s loved one has spent 3 decades in health care facilities.

Just back from the GSX show which was amazing by the way. There were an abundance of health care security providers with some significant improvements to existing technologies (battery life, size, integration). All good. My perception, however, is that what is drastically under-represented in healthcare security are solutions to keep health care providers safe in the critical first few seconds of an incident. The conversations at GSX go like this. “Well in the event of an incident, the person activates this super cool device and security is alerted and promptly responds.”

So …. note to architects, electrical engineers, fellow consultants, health care authorities ….. In the vast majority of health care facilities in Canada …. THERE ARE NO SECURITY PERSONNEL! NONE! Health care providers have themselves for the first 5 seconds, each other for the next 5 minutes and only then the police. Even where there is security (large hospitals), they are extremely over-tasked and expecting a response in less than 1 minute is unreasonable.

The FACT is this: The only objective for a health care provider in the first 5 seconds of a security incident is to survive that first 5 seconds. No panic buttons, blue tooth RTLS, video analytics, nurse call …. none of it will do anything in what I submit is the most critical part of a security incident.

Following the first 5 seconds, the ONLY objective of a health care provider will be to survive and make it to 15 seconds without serious injury. Anyone having spent 15 seconds in a critical incident will agree that 15 seconds seems like a long long time. The only objective in the 5 to 15 second interval is to be able to survive for a minute. Some thought may go out to fellow worker and patient safety however for their safety, they need to be 100 percent focused on the threat.

I submit that it is only after this period that the fruit of all the advances in Healthcare Security I saw at GSX will begin to help … and to be fair, they will help greatly if implemented with sufficient staff and resources (subject of a later rant).

So as always it is easy to “raise issues” and I don’t believe in complaining unless there are solutions.

I am going to put that first 5 seconds of survival largely on the backs of the hospital designers (and us security consultants who work with them). Having a hospital room where a health care professional can work effectively while be in a tactically advantageous position is the single best step in allowing an effective escape. A lower bed is harder for a violent person to get out of than a higher bed. Having a site-line to the patient while viewing instruments or providing service is crucial. DON’T PUT THE PATIENT BETWEEN THE SERVICE PROVIDER AND THE DOOR … EVER.

The next time period is also going onto the backs of designers and security consultants. After the first 5 seconds, it is reasonable that fellow workers may be available to assist. THEY ARE NOT TRAINED TO PHYSICALLY HANDLE A VIOLENT PATIENT. What needs to happen is an effective “shelter in place” option.

A typical 1200 page request for tender document for a large healthcare facility “may” have less than 2 paragraphs that address this and I would submit that that is poor. There are dozens of pages describing the electronic systems that are required. Everything is neatly partitioned into a “Division”. The fact is that teams making submissions for health care facilities do not have a realistic understanding of what happens to those camera feeds, access control logs, alarm signals. Security is poorly represented in the existing divisions.

To let the architects and engineers off the hook a bit, their job is to win the project, build the project and then go onto the next project. Health authorities and the teams that prepare statements of requirements need to spend more time (read cost) on this aspect.ย  And to let the health authorities off the hook a bit, they are under crushing financial constraint.

It is my submission however that money spent on a CPTED front end (with the caveat of proper training) will pay dividends over the life of a facility.

… end rant.


Peacocks or Turtles

So I submit that pretty much everyone on the web is either trying get as much exposure as possible …. or as little exposure as possible.

I spent the bulk of my career in the quieter side of police work where if I never had a twitter follow or facebook friend I was happy. Sadly I am old enough to have lived in the age where an unlisted phone number would make me virtually undetectable. I was a turtle … head down and undetected.

So entering private industry, I soon became a Peacock. Peacocks areย  wanting to look bigger than they are. I find myself in this camp often when describing my company as “we do this and we do that”. Truth is there is very little “we” and a lot of “me”.

Feeling guilty, I started to look around at my peers …. turns out we are mostly all Peacocks!ย  I am not convinced this is great for anyone. Potential customers are wise to do a bit of digging … is that downtown address a postal box. Are those dudes on the “team” page still around ? And the Peacocks should be careful in taking on more than they can chew. There is no value for anyone in taking on a job that cannot be completed in the required deadline and budget.

So you will see a lot of “we” on my site (our site haha). Frankly I think it sounds nicer than “me” so I will leave it as such. Truth is these days it is a lot easier to be a peacock than a turtle ๐Ÿ˜‰


Understand the problem

Apparently Einstein has been attributed with a saying that goes something like “If you have 100 days to solve a problem …. spend the first 99 understanding the problem.”

While I might not agree on the 99 to 1 ration ratio, I certainly agree that too often not enough time is spent on understanding what the problem is.

Quick Case in Point. Potential Client tells me he needs a video security system. Yikes its a big parking lot …. tell me more?

Well one of my guys came out after work and his window was smashed.

That sucks … has this ever happened before?

Once about 7 years ago.

So we can spend 50K on a video system that would let you have a movie of the next incident … or you could buy your guy a windshield for $500.

So clearly the problem is not the cost of the window. It is way cheaper to replace the window than install a new video system. The problem is the safety and vulnerability faced by his staff.

Thing is, how much safer do his staff feel with video surveillance … 50K safer???ย  That’s not for the consultant to answer … the building owner can now make an informed decision.

On this occasion, they re-worked a safe walk policy and spent some of the savings on a BBQ.ย  Poor me … lost a potential consulting gig but maintained a great future client … and I enjoyed a free hot dog !!

Hello world!

So here we are …. not afraid to challenge the status quo. There will be ideas about security … that’s what mostly pays our bills and we love it. But innovations in other industries are super interesting and will have applications both for security and beyond.