I had a great opportunity recently to speak with two highly experienced security consultants to get their thoughts on a range of topics relating to key components of successful security programs. Our dialogue covered much more than I anticipated, so we broke our full conversation into two segments. The first part focuses on security metrics, policies & procedures, and continual learning, while the second part focuses on leadership, aligning security with data driven organizations, and tips for getting the most out of conferences (and trade shows). Below is part one, we hope you enjoy!
PS: For those of you that answered our survey leading up to this dialogue, BIG “thank you” to you! We appreciate your feedback and support.
Primary Topics Discussed
How can we use metrics to improve our security programs and support positive relationships with C-Suite executives?
What challenges are often encountered when creating policies & procedures?
How can security managers assess their written documentation?
What tips do you have for maintaining relevant knowledge among your teams and personally?
Sean is an asset protection and resiliency leader with over 20 years’ experience working as a security consultant, supporting domestic and international organizations. He’s led the creation of security management programs in healthcare and government sectors. Notable security projects he has led include those at Stanford University and Medical Center, Qatar Petroleum District, additionally he is the Chair of the Council of Tall Buildings and Urban Habitants and it’s forthcoming security guidance for Fall Towers. Currently he works for AEI (Affiliated Engineers, Inc.) where he supports the organization as a Security Market Group Leader.
Associated Links: Affiliated Engineers, Inc. - https://aeieng.com/
Ilya has almost two decades of direct in-house and consulting experience in risk management, including investigations and protection of assets. Ilya has delivered meaningful results in protection of people, reputation, information, and environments for multiple organizations in the public and private sector as well as for high net-worth individuals. Ilya’s previous roles include Security Specialist with Prudential Financial (USA), and Associate Managing Director for Kroll (Hong Kong). Currently, he works on a range of projects to include Sphere State, his medium for mentoring aspiring security professionals and he is a Senior Advisor with Current Consulting based in Hong Kong.
Associated Links: Sphere State - https://sites.google.com/view/spherestate ; Current Consulting - http://current-consulting.hk/
Show Notes & Resources
Using visuals and graphics to communicate to executives rather than long-winded conversations
Having an elevator pitch ready (to sell your security program) prior to interacting with executives; Plus, knowing what matters most to them
Must alight successes with loss aversion (those ways in which you enable the organization to see the benefits of the security program and the connection with cost savings / loss aversion)
Policy VS Procedure (key differences)
Many organizations (incorrectly) substitute “institutional knowledge” in place of policies & procedures
The end user executing the work must be considered when creating documentation; do they know how to respond in a given event?
We must all be continually learning so that we can bring the greatest value to our clients; one such way to do this is to maintain your own searchable knowledge base whether in files on your computer or with tools such as OneNote, Evernote, etc.
If you research a topic in depth and do not create an article or presentation, you are doing a disservice to yourself and your colleagues because you are not digesting the information and your peers lose out on your insights
“Practicality” - know what vulnerabilities are real (VS which ones are “sexy” and less practical/probable)
Knowledge Base (Sample of Recommended Readings)
DHS / InfraGard
*Related trade magazines
*Fusion Center Communication
How to Follow & Connect with Sean & Ilya
About the EP Nexus Blog
The EP Nexus executive protection blog, is a comprehensive resource for security professionals involved in executive protection, protective intelligence, threat assessment, and related fields.
Launched in March of 2016 as a resource for executive protection professionals, command center gurus, and close protection know-it-alls, EP Nexus is quickly becoming a resource for those seeking to quench their thirst for executive protection reading.
The most popular section of the blog is Executive Protection Hacks. EP Hacks is a series in which we address complex topics (one topic per issue) in a convenient collection of tools & writings. I am actively collaborating with industry leaders to produce future issues. If you're interested in taking an active approach in moving your industry into the future, contact me below.
Outside of EP Hacks, I explore the following topics in writings, tutorials, and webinars: online tools for executive protection professionals, open source intelligence investigations (OSINT), threat assessment, protective intelligence, travel security, and more.
Sign up for the newsletter to receive premium content and monthly updates.