Another Case of Under-equipped Officers?

I'll never forget a conversation I had with a German Soldier during a joint operation one day. We were talking about career options after the military, and he talked very positively about being a security officer when his enlistment was up. 

I was a little baffled by his aspirations, but that was before I learned the differences between security officers in Europe and America. 

We all know that Europe has a substantial head start when it comes to dealing with terrorism and how corporate security can fill a lot of gaps when it comes to protecting people and assets. 

But I think we are still lagging behind far too much in how we deploy security officers, support them and still expect the world from them. 

Yesterday's attack on the Holocaust Memorial Museum should be an eye opener to anyone in charge of security officer operations. Especially in locations that can serve as likely targets for religious, political or ideological reasons. 

Few people know the exact details surrounding this event yet, but from most accounts it looks like a good case of security officers doing a great job. The fact that a man walked into the building shooting from the start, and everything was over in about two minutes with no civilian deaths is impressive. 

The fact that one of the officers died in the process is tragic, but what's even more tragic to me is the fact that it doesn't look like the officers were issued vests. 

The Huffington Post is reporting that they were not - and that the government could start providing them. To me, it's absolutely automatic for any officer carrying a gun, or screening people for weapons should have a protective vest. Unfortunately, that's the kind of thing that's too often susceptible to value engineering when the client and provider go over the nuts and bolts of the contract.  

No one likes spending money these days, but it's ridiculous to place the safety of your assets, in the hands of your officers when you pay them bottom dollar and give them the bare minimum for support. 

A Fresh Look at Continuity Planning

There is no question that organizations should dust off their business continuity plans every few years to make sure things are covered properly. Typically this consists of a little reading, a couple meetings and a lot of pencil whipping. 

This swine flu thing may or may not turn into a big deal, but either way - it's a good chance to look a little deeper at contingency plans. Not only because the real-world threat sharpens people's focus, but also because this is nothing like a natural disaster, terrorist attack or many of the other scenarios commonly used to prepare. 

Over the last few days I've had to look at the protection of clinical assets in a whole new way. If you take this thing to the worst case scenario, there can be a unprecedented strain on clinical sites. Here's a few quotes from the 1918 Pandemic website : 

"Confronted with a shortage of hospital beds, many local officials ordered that community centers and local schools be transformed into emergency hospitals. In some areas, the lack of doctors meant that nursing and medical students were drafted to staff these makeshift hospitals."

"As the disease spread, schools and businesses emptied. Telegraph and telephone services collapsed as operators took to their beds. Garbage went uncollected as garbage men reported sick. The mail piled up as postal carriers failed to come to work.

State and local departments of health also suffered from high absentee rates. No one was left to record the pandemic’s spread and the Public Health Service’s requests for information went unanswered.

As the bodies accumulated, funeral parlors ran out of caskets and bodies went uncollected in morgues."

Granted, our infrastructure can't be compared to the nation's infrastructure in 1918, but my point is - even though we may be much more prepared to handle this kind of thing now, there's got to be new and unforeseen factors we've never had to think about. 

Our reaction to the 1976 threat was overkill by most accounts, I'm hoping we can find the happy medium if this thing blows up. 

I urge you to take yourself outside the box usually ruled by disaster based contingency planning. Some of the angles I'm trying to look deeply at are: 

• Protecting urgent care / general practice clinics from and overflow of patients desperately seeking treatment
• Protecting emergency rooms from the same
• Protecting medical supplies and the logistical supply chain
• Protecting pharmaceutical supplies and that logistical supply chain
• Setting up field treatment sites and protecting them

 

 

PSAP Modernization & Integrator Tips

PSAP Modernization and Integrator Tips

Has it been a month? Wow - even though I'm working up three or four posts I just realized there have not been any new updates. Sorry about that - I blame the economy.

One topic I'm trying to finish up on is how I recommend PSAPs (Primary Safety Answering Points) should get set up to monitor text messages, email and even provide bidirectional communication through Twitter and/or Facebook. If you have any experience or feedback for that topic - let me know .

On another note, this month's issue of Security Magazine features a cover story on Integrator Relationships where I was a contributor. Most of my input (and some of the story content it seems) came from the June 24th 08 post on Vendor / Integrator Selection Tips.

It's a topic that's very near and dear to my heart because of the time I've spent as an integrator and end user.

Why am I saying this other than shameless self-promotion?

Because in this day-and-age every expense is being looked at closely. And when you've got to sent out an RFP (Request for Price) on a project, you may be in for a shock when the client is a lot less receptive to paying more for a better integrator.

Just in the last few months I've seen major security vendors low-ball bids just to get the work, knowing full well there's no way they can make a profit. That kind of game is usually easy to explain, and dismiss. But when CFOs are tightening the screws and every expense is scrutinized, this can be a real problem.

Social Networking (and Media) for Security Professionals - Part Seven - Tie it all Together

Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand.

Putt's Law

All this social networking is impressive..... There is uncanny ability to communicate in ways unheard of before, but what does that mean to your everyday life?

I think a core principle to remember is that everyone has different reasons and objectives for social networking in their life. There is no "best way" to do any of this, the trick is finding your stride and keeping on top of your priorities. That being said, it' helps to have some guidance. Below I've outlined my basic social networking / media use -- it works for me and maybe you'll get some value from it.

1. Decide your personal / professional balance.
I'll always say there is a great value to merging parts of your personal and professional life. But everyone knows there needs to be a separation point. It's important to decide what social networking mediums you'll use for each early on. Since the privacy settings on most social networking services are controllable, it's easy to filter out your private information.
I know a lot of people who use Facebook for personal use only. If that's your decision, you can either refuse all non-personal friend requests (not as offensive as it sounds, trust me) or set your account up so that all your status updates, activity, pictures, links, etc. can only be viewed by a specific group of people.
LinkedIn is purely professional, so that's a no-brainer. Twitter can be either, or both.
Here's my breakdown:

Twitter - I'm about 65% professional and 35% personal now
Facebook - around 20% professional and 80% personal
Myspace - never use, there are links to my Facebook and LinkedIn profiles the Myspace page
LinkedIn - 100% professional

2. Define your goals.
My goal for using social networking in my professional life is to share my experience, gain insight, and build a robust network of peers, clients and resources.
I share my experience through this blog, gain insight through following smart people on Twitter and build my network with all three of my core services. True, I also use Twitter to share my experience and help other security professionals, and use other blogs to learn from smart people - it's all interchangeable. My point is - it's easy to be caught up wasting time on things that are valuable on the surface, but distract you from what you should be doing. Defining your goals helps you build your daily methods of use in a way that's beneficial.

If you are a manufacturer or vendor, you can use these tools to keep your clients up to date with news and info that's useful to them. You can scan Twitter to find anyone talking about your product, and communicate with them first hand. For instance, I made a comment about a popular feed reader on twitter and one of the engineers replied, helping me fix a problem -- how's that for customer service!
Communicating with end users and consultants helps get the word out about your product or service (just to SELL all the time - people will ignore you). Give them value, and interact with them in ways that are beneficial to both.

If you are a consultant or practitioner, you can share valuable information with others and exchange dialogue on current topics. Having first hand access to manufacturers and users is a huge benefit when feeling out opinion, asking about experiences and forming your own opinion. Using these tools to build your network will definitely help broaden your resources and understanding.

If you are an end user, you can get real-time, first hand information on products, services and industry news. You can have a direct line to industry shakers and movers, discuss the topics that are real in your world.

3. Define your daily methods.
My wife may disagree, but for most accounts I think I balance my on-demand life well. It's easy to get zoned in on the blackberry when there is nothing else going on so it's important to develop ways to process all this information without letting it overtake you.

Twitter - When I'm at work, I have TweetDeck running on my laptop (I run two systems/three screens). It's segmented with columns for security people, local people, replies and direct messages. When I'm on hold, taking a break between tasks, eating a snack, etc.. I scroll through the posts to see what's up. I have Twitterberry on my phone and tend to scroll through tweets when I'm sitting in waiting rooms, stuck in traffic, or have a short amount of time with nothing pressing to do. The only alerts that I have routed to my phone (via SMS) are direct messages and specific RSS feeds made from hash tags I'm following closely.
When I post security related information, I try to keep it to interesting articles or breaking news- the kind of thing I'd find interesting or valuable if someone else posted it.
I use Twitpic a lot to post pictures I snap from my camera-phone. Most of these are either of my son, or interesting / funny things I see everyday.

Facebook - have the Facebook app installed on my blackberry and scroll through friends status messages in the same way as scroll through Twitter messages.
Since I use status messages for both professional and personal reasons, I use the Selective Twitter Status app to post to both when I want - by including "#fb" on the tweet.
I post mostly personal pics when I do, the kind that friends and family are interested in but am often surprised when a professional contact strikes up a conversation after seeing new pics.
I see Facebook as the great bridge between personal and professional life and a unique way to help enhance all my relationships.

LinkedIn - I set up my LinkedIn account in a way that would help define my professional career to people looking for information about me. I did list past employment positions, but not specific duties. You'll see many people set up their profiles just like an online resume. There is nothing wrong with that, but I just choose to keep it at the basics. If someone wants to know more about what I did in a job 15 years ago they can just ask me.

Media - I didn't get a chance to talk about the "media" part in the last segments, but I'll throw it in here for good measure. I use Picasa to share photos with both personal and professional contacts (setting up albums for specific reasons/groups) and Flickr for personal use. I use the entire Google online suite of apps for online sharing, collaboration and storage but that can be a series in itself.

To help keep up with everything,I use a lot of RSS feeds . Just about every social networking or media service provides RSS feeds, customized the way you want them. FriendFeed is the perfect social media aggregator that helps you keep up with all your friends' activities. You don't have to keep up with everyone all the time, but it's helpful to have something like FriendFeed set up with your contacts so you can use it when you want.

I recently made a FriendFeed group called Physical Security Online.
Maybe it's just me, but I believe that social networking should be an open format. You'd think that the security industry learned it's lesson with proprietary systems, but I see more and more industry specific social networks pop up. Using open services like Twitter, Facebook and LinkedIn help tie sister industries together and foster advancement and value for everyone. That doesn't happen with proprietary networks - and they make people have yet another service to stay on top of. There is nothing these closed networks can do that can't be done with the open ones. You can even have password protected groups (LinkedIn / Facebook), rooms (FriendFeed) and maintain control of the information that's public.
To me, these closed networks are either safe wading pools for people to start out in, or captive audiences for someone to cash-in on having a market segment use one service.
The Physical Security Online FriendFeed room is an open network aggragator. I run members' Twitter feeds into the group feed so there is one central RSS feed you can subscribe to and get all the groups updates. Members can post links of interest directly to the feed as well as comment on items posted by others. As an added bonus, the room is a directory of industry people and their social media accounts! You can read more about it here , and visit the room here. To join, just get your FriendFeed profile set up and add your services, than join the group.

Social Networking (and Media) for Security Professionals - Part Six - Feeds

I probably should have talked about RSS Feeds before tossing the FriendFeed concept out there. Feeds themselves are everywhere, and have changed the way the web works. There's a chance you're already using them even if you don't realize it. Just about every customizable "home" or "start" page now gives you the ability to choose your content. That content is usually delivered to your page via RSS feeds.

RSS stands for Really Simple Syndication, and although it's simple overall - the possibilities are as complex as you want them to be. But basically, the RSS feed takes content from a static location (a website, blog, online photo or file storage, etc) and puts it in a form that can be subscribed to, and can be broadcast to all subscribers.

Before newspapers, you'd have to go to each source (author of each story) to get your information. Someone had the great idea to put all that information in one place, and deliver it to you every day. Can you imagine trying to keep up with situations or events by checking with every source, and then seeing a newspaper for the first time?

After that, it seems like a huge waste of time doing it the old way.

Just like now, going to websites is a huge waste of time.

So, from here you can take your feeds and have them routed to the interface of your choosing. (cut and paste the link URL) There are software feed readers, online feed readers, widgets and gadgets that can customize your content delivery in a way that works for you. I use multiple resources to get my RSS feeds that I keep up with because some of them are more important than others. Some of the content I monitor is important enough for me to be physically notified if there is something new or something that meets predetermined criteria. Other content that I care about is put in a place that i can easily go through, share with others and comment on.

Most web content is available in RSS form now. In fact, if you didn't already know about them you were probably wondering what that little orange square with the volume sign was supposed to mean. Just take a look at your favorite sites to find RSS links, not only the news sites and blogs but where ever you put your online pictures, files and just about everything else.

From a security prospective, I'd like to see access control, alarm monitoring and even video systems run RSS feeds along with their usual reporting output. That way, on the operational side you could easily take advantage of existing feed management services to get the information you need, where you need it and when. What would you rather do, install proprietary software on your Blackberry or use an existing feed reader service to handle your feeds? (don't worry - you can make RSS feeds secure with username/passwords)

FriendFeed is a service that takes all the RSS feeds published by your social networking and media sites, then aggregates them - publishing one combined feed. But that's not all, FriendFeed itself has become something of a social networking site because you can subscribe to other user's feeds through their interface. In fact, you can subscribe to a feed comprised of feeds, comprised of your friends' content. They even let you create "rooms" that can be shared with like-minded individuals. You can automatically publish feeds in that room if it fits the groups interests, or users can specifically add items the rest of the group would find interesting. That member list becomes a directory where you can find other members' other social networking account info.

That was the idea behind the Physical Security Online room in FriendFeed.

New Social Networking Directory for Security Professionals (FriendFeed)

FriendFeed - Physical Security Online room

After making it to the fourth part of the Social Networking for Security Professionals series , it was clear that we needed some kind of directory. There is a pretty robust group of physical security pros that are now using social networking services, and it would be great to have a one-stop location to find them on each service. 

I looked at Wikis, LinkedIn Groups, Facebook Groups and others, but I think in a lot of ways FriendFeed's Rooms feature was custom made for this kind of thing. 

FriendFeed is a social media aggregator. Once you set up your account, and plug in all the social media accounts you want to share, it creates a custom "feed" for you. (Note: FriendFeed can handle almost EVERY kind of social media or network. You can have your FriendFeed include all your accounts, or just the ones you feel comfortable sharing. For instance, I share my Blog, Twitter, LinkedIn and a few others but I do not list my online photos (flickr , picasa ). ) For all intents and purposes, when we say "feed" we are referring to a RSS feed (which we will go into detail about in the next post of the series). But for our purposes now we can say that a feed is the best way to take a list of items (blog posts, tweets, status updates, posted pictures, etc) and make them available for use through other sites, services or readers. For instance, I join a lot of social networking sites that I'm not active in, and have no intention of interacting with on a daily basis.  But since I can plug in the RSS feed for my blog, anyone checking out my profile at that networking site sees up to date information. I can just set it up and forget it. 

What makes FriendFeed unique is that it takes all the feeds from your networks and puts them in one place. You can "friend" people just like the other networking sites but with FriendFeed, you're not just subscribing to one of their networks - you've got them all in one place. On your home page view, all your friend's feed items are posted in chronological order. Now, since many of us use services that post to multiple networks there is a lot of repetitive posts but that's normal. There are other services out there that do this kind of thing, but FriendFeed has been sort of established as the standard and in the most interoperable of the bunch. 

And that's the key. Sure, we can make our own social networking sites 'till the cows come home but that would be one more network to keep up with instead of using existing networks and FriendFeed to tie it all together. 

Essentially, you could just subscribe to that feed (your home view feed) in Google Reader or another feed reader and keep up with everyone across all their networks instead of one at a time. And with this Physical Security Online Room feed - you can do the same thing. 

Friend Feed's Room feature is a way for like minded users to connect, share relevant information and network. We can have specific blogs or accounts post directly to that room list automatically or share specific things manually. 

Right now - it's set up with the RTP PhySec blog posts to automatically run on the home feed, and the Twitter account for RTP PhySec which I run amber alert and other crime alerts through. 

If you'd like your blog listed automatically, just let me know. You'll need to have a RSS feed for your blog - just get me that URL or point me to it and I'll add it. 

You can also put a bookmarklet on your toolbar (or a bookmark) easily share things to that room. 

When you're browsing online, and see something you'd like to share with the group you can hit that bookmark to pull up this interface: 

You can choose which room to post the item to, what to call it and post a comment as well. For icing on the cake you can select an image to go with the post. 

Once members of the room join up, we'll have the directory under the "members" tab. From there you can click on a member to go to their homepage (not filtered to that specific room) or their posts in the Physical Security Online room. Each members social networks are listed on their home page. 

Social Networking (and Media) for Security Professionals - Part Four - LinkedIn

As far as social networking sites go, I see LinkedIn as the professional hub of that universe. It may not end up being a part of your daily online life, but it should definitely serve as the constant foundation for anything business related you do online. 

Think of it this way, 

you may not be looking for a new job, or beating prospective clients' doors down, but in this day and age of due diligence you can bet you're being checked out. Especially in the security industry where it pays to make sure you know exactly who you are talking to in any professional exchange. 

Listing details about yourself and your professional history are definitely the sore spots most security professionals have in using something like LinkedIn. We've been living under the view that we should keep information like that close to the chest, and reveal it only when necessary. 

Yes, it's true, there is a certain vulnerability you expose by listing your professional history - but it's nothing you can't mitigate by carefully thinking through the extent of information you release and the context you put it in. 

Overall, this contributes to my view that social networking can make the workplace and professional relationships more honest and transparent. This is beneficial to the reputable, honest professionals and an obstacle to the rest. 

LinkedIn is set up like Facebook in a lot of ways - in fact - you can think of it as the Facebook of business. You enter information about yourself,  and get linked to others you know or associate with. You have a home view that lets you see what all your contacts are up to, and you can interact through "Q&A", status messages, groups and other tools. 

Getting started, you can post as much or as little information as you'd like to your profile. It's always a good idea (with any social networking site) to look around and get ideas from people you trust before you set up your profile completely (I probably should have mentioned that when I was talking about Facebook and Twitter). 

Basically, your profile should be a thumbnail of your professional life. Someone reading your profile should be able to know about your experience, education and professional career. Some people post full-on resumes as profiles, not that I recommend that but I do suggest a brief overview. 

LinkedIn gives you granular control of what you want listed on your profile, or how much information the general public can see on your "public profile".

Your "public profile" is what's visible to non-LinkedIn users or people outside your network. The way they figure out your network is anyone within 2 degrees of your contacts (a friend of a friend). To me, that's a good way to handle the basic privacy issues because it filters out people totally unrelated but still allows for some freedom in finding people you may not be directly associated with. 

Also like Facebook, LinkedIn uses groups to help people with similar interests and professional fields communicate and collaborate. For instance, I belong to the ASIS International Group which has over 2,319 members. Through that group, members can ask and answer questions, post news stories (or blog posts) and even post and find jobs. 

But unlike Facebook, LinkedIn gives you business related tools such as the ability to write a professional reference for someone or other members can write one for you. Some people use these like crazy and others rarely do - but the standard adage applies - you get what you receive (if you want recommendations, write them for other people). You can choose to display your references on your profile or not - even list the ones you write or not. 

I use LinkedIn as my standard professional networking platform, not with almost daily interactions like Twitter or even weekly like Facebook. Although I could update my LinkedIn status along with the other two - I choose not to. Not that I have any specific reason, but I just don't see LinkedIn in that light for my own personal interactions with the service. I do look people up in LinkedIn after I meet them in conferences or other professional functions and ask them to join my network. And when I run into a situation where it would be helpful to talk to people from a specific industry, field or company it helps to look through your LinkedIn contacts. 

There have been some valuable connections I've make through LinkedIn, but I'll be the first to admit I don't use all of it's tools. I think that it's the kind of thing that you should definitely join and set up for sustained use, then see where it takes you. One thing I recommend when you're setting your profile up is to use a picture. It used to be a little narcissistic to put a face shot on your resume, but that thinking is long gone. In fact, most serious job hunters have an online resume posted somewhere that's available to recruiters and LinkedIn works even better than that. 

Most social and networking sites give you a way to easily direct people to your page/profile/account on their service. I didn't list this under Facebook or Twitter even though you can (click them to go there) - but I do talk about it for LinkedIn because it's a great idea to put this "badge" on your blog or website. It gives professional contacts a way to find out more about you and connect with you in more ways than they may originally think. 

I've been looking into the best way for us all to share social network info with each other, and have the ability for everyone to update their own listings without resorting to a specific industry website. I checked out the groups in LinkedIn - but they don't have a very usable way for group members to add themselves to a list with categories for the different social networking accounts. Facebook has more enhanced group options but since some people would rather not use Facebook for professional networking that's out. This may end up being an open spreadsheet that I'd give members access to. If anyone has any ideas - let me know!

Here are some security professionals who use LinkedIn. There are many many more, but I only contacted specific people that I know use social networking. If you want to be added - let me know. Like I said above - soon I hope to have a more complete social networking matrix. 

Rhianna Daniels

Salvatore D'Agostino 

L. Samuel Pfeifle 

Steve Hunt

Steve Surfaro

Bret Rachlin 

Brian Dean 

Chelsie Woods 

Tom Buckley 

Shawn Flaugher (me)