This article originally appeared as the cover story in the March 2024 issue of Security Business magazine. Don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter if you share it.
Pandemic. Supply chain meltdown. Recession. Rising interest rates. Just when integrator executives solve a business challenge, it seems like another one pops up. Others seem unsolvable.
While every integration company has its own challenges based on size, type of client served, and location, many share common issues – perhaps leading to a few sleepless nights.
Security Business turned to its three-member expert integrator panel – Shaun Castillo, President of Preferred Technologies, Christine Lanning, President of Integrated Security Technologies, and John Nemerofsky, COO of SAGE Integration – to get the pulse on the top challenges facing their businesses today.
Recruiting, Hiring & Training
Any integration firm is only as good as the employees who perform the work – including sales staff, technicians, and back-office personnel. But it is no secret that filling those roles has been an ongoing challenge for security integration companies for many years.
In the Security Business annual State of the Industry report, every year, without fail, “hiring and recruiting top talent” is cited as the top business concern of security integrators. Many an executive has lied awake in bed recently wondering how they can possibly tackle pandemic-fueled project backlogs just with the technicians they have on staff.
Castillo says Preferred Technologies currently has more work than capacity to deliver. “Customer demand has increased, and the supply of quality security integrators has decreased,” he explains. “We feel customer pressure on us to grow our staff quickly.”
Nemerofsky’s concern is compounded by the fact that most SAGE technicians are embedded at specific clients’ locations, making them unavailable for other projects. Because of the need for these embedded employees, Nemerofsky is always looking for new hires for additional projects or service agreements.
“Finding the right people when we need them is a big challenge,” Nemerofsky says. “We have an internal recruiter who constantly reviews resumes and an external recruiter we check with on a weekly call.”
Nemerofsky says he works closely with the Foundation for Advancing Security Talent (FAST), a 501(c)(3) organization created by the Electronic Security Association (ESA) and the Security Industry Association (SIA) that promotes security careers to high school students. Currently in about 900 schools, the FAST program looks to graduate students who already meet one or more certification standards for leading industry system manufacturers.
Lanning says IST casts a wide net when hiring new employees, and she estimates that about 80% of her employees come from outside the security industry.
“When hiring, I’m not necessarily looking for someone who knows security – I want people who share our core values,” Lanning explains. “Those soft skills translate no matter where you’ve been or where you go. Account managers need to have integrity. Technicians need to be good problem solvers. Of course, the downside to hiring outside of the industry is that it takes us longer to train employees. We spend three times the industry average on training.”
Indeed, training is one area slowing the process of hiring new technicians. Castillo says Preferred Technologies’ 2024 budget includes a significant increase in training resources – even though it will impact the company’s gross margin.
“We have a financial plan to develop a technically proficient team and well-trained leaders, and we see it as an investment in our future,” Castillo explains, adding that the company is expanding from two human resource employees to six HR professionals. “This should increase our recruiting capacity and help us double down on development training.”
Another aspect of recruiting is making the security industry more attractive to new job entrants. For Nemerofsky and others, that means changing the moniker of our industry. “When you mention ‘electronic security’ during a job interview, a candidate might think they’ll be working at an alarm company,” Nemerofsky says, adding that he and others are starting a movement to, in effect, rename the industry from electronic security to security technology.
He says the idea is to build excitement as the industry moves towards installing “smart systems” that utilize AI technologies and event triggers to maximize resources and mitigate human error. “Security technology better reflects the diverse, high-end industry we’ve become,” Nemerofsky says.
New Technologies
How many integration executives have tossed and turned wondering if they could come up with a viable solution to a customer’s one-of-a-kind security conundrum?
Staying current on rapidly evolving industry solutions is time-consuming but paramount to the success of an integration firm and the security projects it performs. For our integrator panel, the key to success in this area is partnership – whether with peers, manufacturers, distributors, or consultants.
“The manufacturers we deal with have gotten good at listening to their integration partners and our customers and are developing products that serve our needs very well,” Castillo says. “It is important to have close partnerships with manufacturers – they are bringing things to our attention and vice versa. There's a lot of power in a unified front between integrators and manufacturers, as it creates a collaborative effort to make sound investments in security technologies.”
Nemerofsky says SAGE reviews six new technologies a month – 72 in total last year. “Clients are looking for new solutions that make the employee experience better and safer and reduce the chances of human error.”
It is a different story for Lanning, who says most of IST’s clients are the Department of Defense and other government agencies – many of which are slow to embrace cutting-edge technology shifts, such as cloud services.
“I appreciate that the DoD takes its time to ensure all deployed systems are structurally solid and have good cybersecurity practices wrapped around them,” Lanning says. They can’t quickly deploy new technologies simply because they are cool or interesting.”
Lanning explains that integrators need an Authority To Operate (ATO) certificate to deploy new software-based products at a DoD facility. While the ATO process could take up to 18 months to complete, most major manufacturers are already ATO-certified and stay on top of cybersecurity with new software updates – a great help as an integrator.
Keeping up with technology will also enable integrators to avoid some of the pitfalls associated with early adoption. Artificial Intelligence is one such trending area, “but if you move too quickly and don’t consider all the risks, you can end up selling a solution that doesn’t work,” Lanning warns; in fact, some of IST’s non-government clients have demanded to be at the forefront of new technologies only to find they didn’t work as hoped or cost more than anticipated.
Again, in this case, a solid partnership with manufacturers and software providers is vital. “It's frustrating as a systems integrator to go out in the field and install something that has a bug or some kind of cybersecurity risk attached to it,” Lanning says, adding she doesn’t mind if some solutions are slower to reach the market because manufacturers are moving slowly to ensure product stability.
But not everything is rosy when it comes to manufacturer partners. “Some new technology providers bypass the integrator and go directly to the end-user. It doesn’t look good when your client talks about a new solution that you’ve never heard of,” Nemerofsky says.
Nemerofsky also warns of technology partners adding potentially damaging language to integrator agreements. “We had one manufacturer give us an agreement requiring us to use their products for five years exclusively,” he explains. “Be careful who you select as a technology partner. Take time and do your due diligence on the company, the technology and the agreement. You could be in trouble if you click through a DocuSign agreement without reading it.”
Balancing Sales and Operations
Hand-in-hand with recruiting, hiring, and training is directing sales efforts to accommodate the state of an integrator’s operational team. Sales are great, but too many sales can have a detrimental impact on the quality of service. Castillo calls it a constant balancing act.
“We believe our reputation of craftsmanship and service is why we are growing, but we must carefully steward our operational capacity,” Castillo explains. “In the last year or so, we have developed the courage to say ‘no ‘ and be honest with potential clients, telling them we can't serve them with the level of service that our customers deserve.”
Saying no may require an integrator to sacrifice revenue and limit growth rates; however, on the bright side, that will enable the company to clear some backlog while lowering the pressure on operations. “If we are completely booked for the next three months, we might guide our sales team more towards new construction that won't start for 12 to 18 months,” Castillo says. “By developing joint sales and operations business forecasts, we can make proactive decisions instead of reactive ones.”
Lanning says IST does routine forecasting and encourages regular meetings between the sales and technical side. And if possible, she recommends integrators diversify their customer base. “If you put all your eggs into the commercial basket, you might have trouble,” she says. “During the 2008 recession, we survived on our government contracts. Similarly, during COVID, the commercial world went into hiding, but the military had money already budgeted and continued to spend.”
Nemerofsky recalls a lucrative worldwide deployment opportunity involving a precious metals company that wanted SAGE to start work immediately. Unfortunately, that just wasn’t possible.
“Some clients believe an integrator has 15 people sitting on the bench, ready to start tomorrow,” Nemerofsky says. “Nobody in this industry pays employees to wait for possible work. Additionally, there is a need to order equipment, stage and fabricate the software and hardware before deployment.”
Nemerofsky says SAGE routinely looks at sales forecasts to project future labor needs. He estimates it typically takes six to eight weeks to ready a team after receiving a purchase order. “Anybody starting a major project the next day is taking a big risk and increasing the likelihood that the project will go sideways.”
After years in the industry, Castillo says prioritization is key. “I’ve found the world doesn’t end and our business doesn’t self-destruct if we don’t check everything off our to-do list today,” he says. “Prioritize efforts, plan to accomplish the most essential things, do as much as you can as well as you can, and give yourself grace when you don’t get to everything.”
Changing Customer Demands
Lanning says a potential client recently asked for a quality assurance plan – the first time in her 25 years at IST. “It is common for a security integrator to be asked for a safety plan, but not a quality assurance plan.”
Unsure what should be part of such a document, she contacted her peer exchange group, which includes 10 security integrators. They, too, had been asked and couldn’t provide an example; so after extensive research and work with a consultant, Lanning and her team created a 10-page document outlining how IST ensures quality control. “Now we’re ready for the next time someone asks,” she says.
Castillo says cybersecurity standards continue to play a more prominent role for any security integrator. “We steward our clients’ vital information – design drawings, device matrixes, and, in some cases, administrative-level credentials to access their security and IT assets. Even if it costs more time and money, we owe it to our clients to protect their information well.”
He says integrators, until recently, didn’t include cybersecurity services in their contracts or account for related activities in their project costing; however, including these services in contracts is important, even if it means raising prices.
Supply Chain & Product Shortages
Many integrators reported in the Security Business State of the Industry survey that supply chain issues and product shortages have improved; however, many integrators still lie awake wondering when that vital part will arrive for a multi-million-dollar project.
Castillo says clients are becoming more attuned to supply chain risks. They now want project schedules that include lead times and contingencies if deadlines aren’t met. “Supply chain risk management is a consideration in our projects.”
Nemerofsky tells of an order for outdoor gunshot detection systems: One year since the initial order, he learned the manufacturer would be shutting down during the final weeks of 2023. Nemerofsky asked that the components be shipped to SAGE for finishing in its fabrication shop, but the request was denied due to government regulations. Nemerofsky offered to pay the manufacturer’s crew time-and-a-half and later double time to get the work done before the year ended. Both offers were declined.
“Finally, we received half the shipment in January and the other half in February – a 14-month delay in receiving some of the equipment,” he says. “In such cases, you try to work with your client to find alternatives that meet the required specifications. Then, if the client wants to wait it out, you do your best to work through the delays.”
Preserving Company Culture
Defining a company culture that permeates virtually every part of the business is no easy task, especially when every staff member must understand and live that culture when dealing with clients and each other.
IST labels its core values as APAIC – an acronym for accountability, passion, curiosity, adaptability, integrity, and collaboration. “We hire, fire, and reward based on these values,” Lanning says, explaining that reviews rate the employee as plus, plus-minus, or minus on each core value. “If we have an employee with a minus in our values, we have a conversation to get them to improve, or transition out of the company,” she says.
Castillo says one of his most important jobs is promoting his company's culture throughout the organization. “You don't have to have the best players in the world at every position – you win with superior teamwork,” he says. “We work hard on our culture and encourage making sacrifices so that we're fighting for each other.”
That culture extends to potential new clients, who are put through a “disqualification process,” looking to ensure the two companies are a good fit. “We do everything we can to disqualify a client,” Castillo says. “If they make it through that process, we probably need to do business with them.”
(Editor’s note: Read more from the integrator panel on defining the ideal customer in our September 2023 cover story: www.securityinfowatch.com/53069698).
Nemerofsky says the heart of SAGE’s culture is caring for employees who care for the clients. The SAGE mission and goals are also communicated to existing and prospective clients.
Adds Lanning: “Building and maintaining a corporate culture statement is a lot of work, but there’s a big reward when everyone moves in the same direction. You don’t want people rowing the opposite way and holding your company back from being the best it can be.”
Paul Rothman is Editor-in-Chief of Security Business magazine. Email him your comments and questions at [email protected]. Access the current issue, full archives, and apply for a free subscription at www.securitybusinessmag.com. Industry veteran and PR maven Jon Daum contributed to the writing of this article.