Human trafficking, securing IoT edge devices, and leading from anywhere
Leaders in the physical and cyber security world huddled up this week at LinkedIn’s headquarters in Sunnyvale, Calif., to discuss some of the biggest challenges facing their industries.
This included preventing workplace violence, protecting the IoT infrastructure of major cities, and developing leadership and communication skills to evolve security teams to a “value add” at corporations rather than accepting the title of “cost center.”
One of the most compelling discussions at Global Security Operations 2025 centered on the security industry’s potential role in using emerging technology to fighting human trafficking, the clandestine nature of which is proving tough to for law enforcement and the legal system to properly identify and prosecute.
Here are some of the highlights from GSO 2025, hosted at LinkedIn’s headquarters in Sunnyvale, Calif.
Leading from Anywhere
A popular theme at GSO were lessons shared from the book “360 Degree Leader” which emphasizes the ability of people to lead from anywhere in the organization when the right mindset is adopted.
Derrick Wright, Senior Director of Diversity, Equity and Inclusion at Hikman Pharmaceuticals USA, explained how he accomplished this while at his former position as senior director of environmental health and safety. He worked to evolve his department past the “guards, guns, gates and locks” mentality to one that finds innovative ways to solve problems.
“If we are to protect assets and add value to the business, we should know something about the business,” said Wright, who recently began his 30th year working for the company.
Wright went to meetings to learn how business was being done – quickly becoming known as “the guy who popped into meetings – and brought the insights back to his team. He said top management began coming to Wright and his department for answers about operational issues because they understood how things work.
Wright said the key to improving the standing and effectiveness of the security team involved:
* Developing good relationships across the business and asking colleagues “How are you?” on occasion, as “people are going through a lot” but it might not be apparent.
* Respect your leaders’ time. Come prepared with the information executives need to make proper decisions.
* Timing is important. Presenting a “good idea” at the wrong time can make it look like a bad idea, Wright says.
* Completing your fellow person is more important than completing yourself, he notes. Seek to be a friend, not find a friend. “When you have your teams and leaders caring for one another, they’re energetic and in their strength zone, it reduces risk,” Wright said.
Longtime security consultant and GSO 2025 founder and organizer Ray Bernard said leading and managing are both important skills to be effective as a team leader in security. “We all play a role in making sure that the right things are being done, and that things are getting done correctly.”
Security Industry Could
Fight Human Trafficking
With a bevy of technological tools available, the security industry has the opportunity to “get in on the ground floor” and provide solutions that could fight the scourge of human trafficking occurring globally, says Kimberly Mehlman-Orozco.
The human trafficking expert witness at Break the Chain told executives in attendance at GSO 2025 that law enforcement and investigators often lack the proper information to conduct investigations because the methods used to identify trafficking may not be evidence-based.
The crimes are very clandestine and often happen through deception or coercion to get victims to let their guard down. There are challenges in accurately identifying an encountered trafficking case without violating someone’s civil rights, Mehlman-Orozco explains.
She cited a recent example of a major airline being sued because a mother and her child were pulled off a flight because they were a mixed-race family.
Additionally, many indicators of potential human trafficking victims or incidents provided to law enforcement or the public – while well-intentioned -- are not accurate, Mehlman-Orozco says. Some tiplines go to services that are completely full or no longer in existence, making them little better than calling 911.
Mehlman-Orozco says artificial intelligence, machine learning and physical security technology could be utilized to produce more evidence-based data that can raise awareness of “sentinel events” that signal a need for immediate investigation and response of human trafficking.
Potentially, facial recognition software could be used to find anomalies in virtual spaces, which are harder to police. Other technologies could be used to more accurately identify behaviors associated with trafficking.
“You all know your technology platforms, your employees, and you can create root-cause analysis of situations to see what will work,” Mehlman-Orozco told attendees. “The best thing is to invest in resources and time in identifying what would work in your industry and collaborate with each other within the industry. This is not a space where you should compete against each other.”
Securing Edge Tech
on a Massive Scale
New York City has one of the world’s largest deployment footprints of connected devices. So when Maria Sumnicht was hired as the Urban Technology Architect at New York City Cyber Command, the former NASA software engineer faced an uphill climb.
Sumnicht was the cybersecurity leader for the Internet of Things (IoT) and critical infrastructure (ICS) for the city’s fresh/reclaimed water and automation control systems. When she came aboard, NYC agencies were deploying massive quantities of unvetted IoT endpoint technology and connecting them to NYC networks, increasing the threat landscape. The city wanted to proactively secure and protect endpoint technology prior to deployment on NYC’s networks.
She led a technical team that operated cross-functional across the city by fostering trusted relationships with city agencies, city officials, procurement, technology and legal partners. All IoT technology being procured or renewed by NYC was assessed through her organization prior to deployment.
Maria’s responsibility included the building and management of the state-of-the-art NYC Cyber Resiliency Laboratory, which provides the city with ‘in-house’ penetration testing and Red Team capabilities that proactively discovers vulnerabilities in IoT and ICS systems prior to their deployment across the City of New York.
She led a team of subject matter experts and authored New York City’s Cyber Security IoT Policies and Standards as well as the City’s Cybersecurity ICS Policy and Standards. She led a team that performed various levels of security testing on several critical infrastructure systems in NYC and worked with the City Agency to remediate identified vulnerabilities. She collaborated with the Mayor’s Office Chief Technology team to strategize and publish the City of New York’s Municipal IoT Strategy.
One big challenge she faced was headcount. Sumnicht had to build a team with NYC municipal salaries and a budget of $150,000, which wasn’t near enough. She worked with a grant writer and soon received a $3 million award from the National Urban Area Security Initiative that would boost resources.
She said NYC government had “many kingdoms within an empire” which did not report to her directly and had their own procurement policies and varying legal agreements for purchasing technologies. Many of the agencies felt her program was a roadblock to their rapid deployment of technology.
“I wanted to build a program that when I stepped away could keep going,” Sumnicht told attendees. “I had to engage with the New York City legal department, then needed policies on IoT industrial control systems and standards. I needed then to engage procurement process in New York City, then capture everything we were doing so we’d have metrics to measure success.”
Sumnicht said 159 IoT “zero-day” vulnerabilities were found and remediated between 2019 and 2022, including 54 that were in the “critical/high” category.
The project proactively secured a long list of IoT deployments, including more than 50,000 routers/models for remote voting; 10,000 prison ankle monitors; over 20,000 router/modems for Fire Department of New York vehicles and station houses; over 65,000 each of Motorola NextGen Apex radios and body-worn cameras; 30,000-plus school bus and student GPS transponders/locators and tracking; and 20,500 switches, routers, modems and Wi-Fi infrastructure for sanitation and snow-removal vehicles.
One of the biggest wins, Sumnicht recalls, were that agencies began to include Cyber Command in the RFP/RFI process, and many agencies began coming to Cyber Command as subject-matter experts as they searched for technological solutions that might have already been tested.
John Dobberstein is managing editor of SecurityInfoWatch.com and oversees all content creation for the website. Dobberstein continues a 34-year decorated journalism career that has included stops at a variety of newspapers and B2B magazines.