Last month, ASIS International announced that it would be changing the name of its flagship annual security conference from the ASIS Annual Seminar and Exhibits to the Global Security Exchange (GSX). The name change is intended to reflect the ongoing shift that is occurring both inside the organization and the industry as a whole, which has gone from being the sole domain of those who manage physical security programs and internal investigation teams to comprising IT specialists and others from a wide range of security and safety disciplines.
This shift has subsequently forced ASIS and other industry associations to re-examine the value they deliver to their members and broaden their scope beyond the traditional purview of physical security. The roles of chief security officers (CSOs) and chief information security officers (CISOs) have become increasingly blurry in recent years as professionals in each of these roles have begun to take on the responsibilities of the other – CSOs being leaned on more heavily by corporate boards for guidance in the cyber realm while CISOs have been charged with deploying IP-based physical security systems.
The person tapped with helping ASIS adapt and thrive during this industry sea change is Peter J. O’Neil, who joined the organization just a little over two years ago as its new CEO. Although O’Neil doesn’t have a background in security, he has an extensive history in helping to guide associations in a variety of industries, including education, certification, publishing, and marketing. Prior to joining ASIS, O’Neil spent eight years as the CEO of the American Industrial Hygiene Association. His career also includes stints at the National Association of Chain Drug Stores, the Produce Marketing Association and the National Association of Home Builders.
We recently caught up with O’Neil to discuss what he sees as the biggest challenges facing security practitioners moving forward, what ASIS is doing to keep its members up to date on the latest industry best practices and how the society must continue to evolve with the times.
Q: What do you feel are some of the biggest challenges facing security practitioners currently from a physical security perspective and what is ASIS doing to help address them?
O’Neil: The challenges have never been greater or more complex. The tactics of terrorists and cybercriminals continue to evolve while specific threats continue to arise in various industry sectors such as healthcare, educational institutions, and even houses of worship. But I think the most challenging physical security risks are protecting open environments. In addition to the educational materials—magazine articles, webinars, white papers, and live events—offered by ASIS, the organization’s chapters and councils provide security practitioners with the opportunity to learn from their peers. For example, our Cultural Properties Council has provided a wealth of information including white papers, webinars, and suggested best practices for Houses of Worship across the globe to prepare and respond to security threats. Information sharing is critical, and so we partner with organizations like InfraGard, OSAC, CANASA, and ISSA to share insights and best practices, as well as to broaden our reach in communities across the globe.
Q: In the last two years the U.S. has experienced the two deadliest mass shootings (Orlando and Las Vegas) in its history. What more can the security community do to try and mitigate the risk of these mass killings and what is ASIS doing to provide education and resources to both security practitioners and public safety officials in this area?
O’Neil: Protecting soft targets—such as public events, spaces, and gatherings—is perhaps today’s biggest challenge for security practitioners. As the method of attack shifts, from gun violence to knife assaults to vehicle attacks and back again, security experts continue to focus on perimeter security while being mindful of situational awareness from all vantage points. That means we need to teach our people to identify what seems out of place, how to avoid getting caught up in a crowd, and how to situate themselves near quick exit points. ASIS provides educational materials on these topics and many others through industry publications, as well as podcasts, webinars, and classroom programs. At our annual seminar, in addition to the active shooter/assailant training programs we offer conference attendees, we hold Security Cares, a free security education program for local schools, small businesses, houses of worship, community organizations, health clinics, and other institutions without big security budgets. In 2017, this program focused on active shooter preparedness and response strategies.
We also recognize that workplace violence is one of the most significant security and personnel safety challenges facing organizations today. ASIS is also taking a leading role in developing an industry standard to address security design considerations, security protocols and response strategies, as well as the procedures for detecting, assessing, managing, and neutralizing active shooters/active assailants. While our original workplace violence standard focused on prevention and intervention, the new standard addresses onsite response specific to an active assailant or shooter event.
Q: How has the increased emphasis on cybersecurity among organizations in both the public and private sectors changed the role of traditional CSOs?
O’Neil: The new, expanded role for CSOs is that of risk managers for the gamut of security-related risks throughout the enterprise. In this context, cybercrime represents another threat that CSOs must mitigate as part of an organization’s total risk profile. It doesn’t change the fundamentals of what CSOs do, but it does complicate the threat landscape. For example, CSOs need to be concerned with the new European General Data Privacy Regulation, which will affect how organizations collect, share, and use personal data.
Along with that, how has the growing focus on cybersecurity (and perhaps less on physical security) changed the mission/focus of the ASIS organization?
ASIS’s mission remains the same—to advance security worldwide—but we are taking a much more holistic view of “security.” As you suggest, ASIS has often been an association for physical security professionals. But we think the day is coming when there won’t be “physical security” or “cybersecurity,” just “security.” We need to prepare our members for that day, and we have many initiatives to help us do so.
First, we have been co-locating our annual seminar and exhibits with InfraGard and most recently ISSA, so we can augment the breadth and depth of our cybersecurity offerings. Moreover, we are organically building greater expertise in cybersecurity through councils dedicated to certain aspects of that field. And, perhaps most important, our board has identified Enterprise Security Risk Management (ESRM) as a priority initiative for the society. ESRM is a holistic method of looking at all of an enterprise’s security-related risks and working with business or process owners on risk mitigation, transfer, or acceptance methods. Cyber and information threats make up a significant part of these security-related risks. ESRM principles are being baked into ASIS’s education, publications, standards and guidelines, and elsewhere, and we are creating a maturity model for companies to assess how far they’ve come in creating an effective framework for addressing enterprise risks.
In short, as cyber issues get more and more attention from corporate boards, they are getting more attention from ASIS, too. We see cyber risks as some of the most significant that organizations will face going forward.
Q: We heard a lot at ASIS 2017 about how the evolution of technology is not only going to change the security industry moving forward but society in general. How are some of these technological changes, such as the rise of IoT sensors and artificial intelligence, changing how security professionals approach their jobs today and what kind of impact do you believe these and other trends will have on the industry in the future?
O’Neil: While it’s always difficult to predict the next industry disruptor, artificial intelligence seems poised to change the field in fundamental ways. From security robots on patrol to driverless cars, this advanced technology could alter how clients and the public interact with security. However, only time will tell. One issue is whether the innovation lives up to its promise when released on a wide scale. Another great unknown is the human element—will people feel comfortable with AI or will they prefer to relate to other humans.
What’s exciting is how we can use these technologies in the service of security. We are just entering an age of immersive learning, which will revolutionize how students take in information. We will be partnering with organizations to take advantage of this new mode of learning. Imagine being able to conduct a bomb sweep or engage an active shooter in a virtual replica of your offices. In addition, throughout 2018 we will hold a series of webinars on these future-focused threats and the impact they will have on the security profession and at the Global Security Exchange (GSX), we will continue to hold conversations and present programming that addresses both current and emerging risks.
Q: What are ASIS’ plans/strategies to attract more involvement from the security integrator community – first in the organization itself; and second as exhibitors/attendees at the conference/expo?
O’Neil: ASIS is considering multiple avenues to engage the security integrator community. One obvious place where we can involve integrators to a greater extent is at GSX. We have begun to develop tailored education for vendors, and we are looking to expand that. And it’s not just traditional classroom programming, but also demonstrations and labs on the exhibit hall floor. We are working with the Security Industry Association on a career pathing initiative, in which our associations work together to offer education, certifications, programs, and other opportunities to young careerists, including those who want a career as an integrator. That’s part of our overall career pathing initiative in which we will be developing routes to careers in areas ranging from loss prevention and investigations to intelligence and supply chain security.
Additionally, integrators constitute a key element of our diverse membership, and they can reap the benefits of membership by getting involved at the chapter level. They can develop relationships, learn best practices, discover resources, and otherwise knit themselves into their local community of security experts. By getting involved in local leadership, integrators and other professionals build relationships that will support them throughout their careers.
Q: What is ASIS doing to attract students and younger professionals into taking jobs in the security industry, and are those efforts focused solely on the end-user companies, or is ASIS working to place integrators/installers as well?
O’Neil: For the security profession to attract the most talented professionals, we must get the attention of students before they have settled into career choices. Although more and more security professionals are coming to the industry straight from colleges and universities, security—especially traditional security—is still a second career for many. To be sure, the second careerists from the military and law enforcement are highly talented and contribute greatly to the profession, but security should and can be a first-career choice.
One of our first steps was simple: effective 2018, student dues have been reduced from $60 to $20. That may not be a big difference to professionals, but it is significant to full-time students.
Second, we are developing the career pathing initiative that I mentioned previously. That would include specific paths for would-be integrators and installers.
Third, I think that young professionals might be discouraged by the experience requirements to take the CPP exam (9 years of experience, or 7 years with a college degree). We have seen that barrier discourage people from continuing in the security field. With that in mind, we are looking into the possibility of developing a certification for early careerists. Certification would confer a certain amount of achievement and competence and could serve as a steppingstone to the CPP or other designations. Experience requirements would be considerably shorter.
Finally, other efforts are underway to place students in security jobs. We hold a successful career center at our annual seminar, in which we review resumes, offer interviewing tips, and otherwise assist job seekers. Some organizations recruit at seminar, which down the road could result in a career fair of sorts. And we offer various mentoring opportunities, in which young professionals get paired with more seasoned mentors, who often serve as a source of career advice or even specific jobs.