Security design consultants head to Nashville for CONSULT 2018
It’s been almost a decade since Ray Coulombe found his calling in the security industry. After retiring from Cisco, which had acquired his SyPixx Networks in 2006, Coulombe became a consultant; the natural progression for technology entrepreneurs on the prowl for their next challenge.
He had this crazy idea that security consultants skilled in the design and specification of physical security systems should be easier to find for those vendors, end users and systems integrators looking to plan or implement a security project or those simply looking to share information. So, in 2010 Coulombe launched his SecuritySpecifiers.com web portal with grand intentions and plenty of trepidation. Just because he thought there was a void for such an environment, would the security professionals he was hoping to connect agree? Eighteen years later, the answer has been a resounding yes. SecuritySpecifiers.com is now the resource leader for matching security consultants, A&Es and project design specialists with industry’s business side. His portal boasts more than 1,500 consultants, 700 companies in more in close to 1,200 locations.
The next logical step for Coulombe and his wealth of security information online assets was to create a live and in-person event. Last year that happened as he and his limited but dedicated staff rolled out CONSULT 2017 in San Antonio. This technical security symposium, exclusively for the security industry’s leading design consultants, was a rousing success. The event also unveiled a fitting tribute to one of the most respected and beloved security consultants in the field, as the Elliot A. Boxerbaum Memorial Security Design Project of the Year Award was bestowed upon the Sedgwick County Adult Detention Facility – which, at 468,000 square feet and 1,200 beds, is the largest correctional facility in the state of Kansas.
This year’s CONSULT 2018 will take place Nov. 3-6 in Nashville at the Renaissance Nashville Hotel. The Boxerbaum Awards luncheon will be held on Monday afternoon, Nov. 5. For more information go to the website at http://www.attendconsult.com/home/Details.
I was fortunate enough to grab Ray for a brief respite as he prepares for CONSULT 2019 and chatted with him about the event and the award.
Lasky: What was the driving force behind creating CONSULT and the void you think it fills in the security industry?
Ray Coulombe: The initial motivation for this event was to provide a means for several of my manufacturer sponsors to time-share and cost-share a first-class event that would attract many more consultants than what they could reasonably do on their own. Several manufacturers in our industry conduct heavily funded events that can pull 50-plus consultants. Consultants come because of (1) interest in the manufacturer; (2) attractive venue; (3) learning opportunities; and (4) professional networking.
For a manufacturer that has the budget and the market clout, this has been very effective, despite the occasional criticism they might be subjected to by some in the industry. However, a limited number of manufacturers have the capacity to pull off such an event. Also, consultants are limited in the time they can devote to such events because of the (non-billable) time spent away from home and office. So, the thinking was to create an event that would be the equal or better of a dedicated manufacturer with regards to venue, social, and networking opportunities, provide non-captive content that would truly contribute to a consultant’s professional development, and to allow consultants to interact with a significant number of the” right” people from many manufacturers.
The void it fills is the historical lack of opportunities for technical security consultants, those who design and specify physical and electronic security, to have a serious dialog around common critical issues. CONSULT 2018 sessions address such topics as the gap between security design intent and effective use by the end user, cyber liabilities, and integrators (friends or foes). Also, new technologies and standards are presented, such as Passive Optical Networks and Open Supervised Device Protocol (OSDP). People leave this event more enlightened, better networked, and, in general, feeling like they have experienced something of real value.
Lasky: How has the world that today’s design consultants work changed over the last 10 to 15 years as technology has advanced, compliance issues have increased, and risks and threats have evolved?
Coulombe: You’ve answered your own question here, Steve, as the factors you mention have significantly changed the consultants’ world. The sum effect of these is that there are significantly more elements to consider in a client engagement. Several significant pieces of this are a more holistic view of “risk”; awareness and integration with adjacent pieces of the client’s situation, e.g., building management, human resources, real estate, travel, etc.; situational awareness; IT interaction; and explaining the value of the security function in financial terms.
Lasky: How does the traditional product-centric approach to specifying technology solutions act to the detriment of a sophisticated project build and impact the relationship between design consultants and their end-user clients? What does this event do to help move the discussion past this issue?
Coulombe: To the extent that the traditional approach might still be used, it limits the options for providing an optimized solution. If one is tied to Vendor A, for whatever reason, then you will only go as far as Vendor A’s products may carry you. Most consultants these days, I think, are not so limited, caring more about the effective integration of the pieces of the solution they think fits the need. The CONSULT symposium allows a dialog between consultants and the manufacturers about their product and technology roadmaps, hopefully providing meaningful input into product plans. It also provides insight into new solutions, approaches, and best practices through information sharing.
Lasky: As advanced security technology systems (both access control and video) evolve to become almost exclusively IP network-centric, what new threats and challenges are being presented to design consultants as it relates to creating a cyber-secure project? And are you seeing a more sophisticated end user as these projects are planned and implemented regarding cybersecurity policy deployment?
Coulombe: I’ll answer Part B first. In my opinion, sophisticated users are those who involve IT in the security discussion, hopefully, bring strong cyber awareness and cyber-centric policies into the mix. Consultants need to be aware of having that IT conversation early on regarding the use of the network and information security. Where that isn’t happening, and network-based security is implemented in an information void, potential disaster looms.
Where the user does not have the requisite resources and looks to the security consultant and the integrator for cyber advice, potential liability awaits. Cyber professionals should be part of the team, tasks should be properly scoped, and clients made aware of what they are or are not getting in the project.
Lasky: If you had to share 5 top best practices a successful design consultant must employ to sustain and grow their firm, what would they be and why?
Coulombe: My personal top 5 would be:
- Make ongoing technical education in networking and information security part of the career path requirement for all consultants. Dialog with end-user clients, integrators and manufacturers will be much enhanced if the consultant has the requisite technical background.
- Think in business terms. What’s the ROI of the security project and what are all the factors that do or can contribute to enhancing a security project ROI? Learn how to help the security manager, faculty manager, or other client contacts make the business case for the project as originally presented or in a modified form that can be financially justified.
- Enhanced communication skills to include oral, written, presentation and outbound marketing. Perhaps this should be in two practices listed separately. The first set – oral, written, presentation – enhance the quality of the initial engagement and ongoing management of the project. I mention outbound marketing because the consultant population, in general, does a terrible job of getting the word out on their capabilities and successes. Word of mouth only carries you so far when you’re trying to grow a business.
- Recruiting, training, and retaining talent. There is no career path that exists that leads one into security consulting. In a way, this is symptomatic of our industry. Most people fall into consulting rather than aspiring to it, despite the challenge, importance, and diversity of the work. Internships are one potential approach. The right kind of talent will respond positively to the technical challenges, educational opportunities, and value of their work to society.
- Network and be open to new ideas and approaches. The CONSULT symposium, manufacturer events, ISC shows, ASIS chapter meetings, and IAPSC involvement offer many opportunities to do this.
Lasky: Where do you think the complexity of technology is headed and how will it impact the security industry and the role of the design consultant?
Coulombe: Thanks for the softball question. It’s headed where it’s always headed – up. Challenges will become greater, both in terms of what to know and the threats being faced. The design consultant will be constantly stretched to stay on top of it all. Some of these areas are:
- Cyber threats
- Use of artificial intelligence
- Drones
- Big data
- Credentials and effective authentication
- Mobile devices
- Cloud services
- Availability of services in light of man-made and natural threats
Lasky: One of the major spotlights of CONSULT 2018 is recognizing the best design/build project of the year. Without giving us the winning project, please discuss the origin of the Elliot A. Boxerbaum Memorial award and what ideals both the project and the man it is named for representing the profession.
Coulombe: It seems our industry has awards for almost everything, but notably missing was an award for Security Design. We thought it appropriate to create such an award and to make its presentation a highlight of the CONSULT symposium. But every good award deserves a name and it didn’t take us very long to decide on Elliot Boxerbaum, an original member of the SecuritySpecifiers Advisory Board and a great friend. Elliot had decades of experience in the security industry, starting as a campus policeman at Ohio State University, continuing to become the security director for a major hospital, and, finally starting his own firm, Security Risk Management (SRMC). SRMC became one of the premier security consultant companies in the U.S., a legacy that lives on today. Sadly, Elliot passed away in June 2014, succumbing to ALS. I can think of no better tribute to him than having an award for excellence in security design to be presented in his name annually at CONSULT by his surviving wife, Debbie.