| https://sm.asisonline.org/Pages/Mentor-and-Me.aspx | Mentor & Me | GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>As security practitioners, learning from our own mistakes can be costly. “We are all just one bad day away from termination,” is how a colleague once summarized our condition. The remark was an all-too-true reminder that security managers cannot make mistake after mistake and still hope to remain successful in the profession.</p><p>With that in mind, stepping up to lead a security operation can be a frightening experience, especially for a young professional making his or her debut as a leader. I certainly felt my share of anxiety when I assumed the role of contract security manager at a large community college in 2008.</p><p>At the time, the media seemed to feature a new story every week about a tragedy in a mall, workplace, school, or other public space where lives were lost or forever changed. Each time, I would follow the story and try to understand exactly what happened from a security point of view. Would my own program have fared any better—or would it have resulted in tragedy and my termination?</p><p>Fortunately for me, I was not alone. I had a mentor, who took the time to help me develop into a seasoned security professional. Through mentorship, a new security manager can experience professional situations and even make decisions that turn out to be wrong without suffering the consequences of on-the-job mistakes. Such an opportunity is invaluable, because having a safe space to fail is crucial for professional growth and skill development.</p><h4>Explore Compatibility</h4><p>Mentorship is a symbiotic partnership between an expert and a novice in which knowledge and trust are equally shared. But finding a good mentor can be tricky; it requires finding a veteran manager with both significant expertise and a passion for sharing it.</p><p>Professional security organizations, such as ASIS International, are a great place to turn when looking for mentors within the industry. In addition, a security manager’s employing organization may have a formal mentorship program. However, formal permission from anyone outside yourself and the expert you wish to learn from should never be necessary to begin a mentorship relationship.</p><p>In my case, the expert was George, the security director of the community college where I was working as a contract security manager. The college hired George about a month before I was hired; in fact, my start date was delayed a bit so he could settle in first, and have a chance to interview me.</p><p>Prior to George’s arrival, one of the college’s vice presidents was charged with overseeing the security program at the college. But a security assessment conducted by an outside contractor led the college to hire a new security director—George—to build up a standalone security department. I was brought in as a permanent contract security manager for the account. The security firm made me an informal offer shortly before George arrived; the offer was conditional on a successful interview with George, which would constitute final approval.</p><p>As it happened, George and I used our initial interview to have a far-ranging and comfortable conversation about everything from work ethic to security knowledge. This interview was important, because the success of a mentor and mentee relationship depends on the compatibility of both individuals.</p><p>In general, the potential mentor and mentee should always have the opportunity to meet and determine individually if they are going to be able to work together—a concept that formal mentorship programs need to consider before matching up participants. If not, the relationship may be doomed to fail before it gets off the ground.</p><h4>Do Your Research</h4><p>In deciding on the right mentor, the mentee may want to consider a number of variables, including the mentor’s level of expertise, his or her willingness to share his or her knowledge, and the general alignment of the interests of both parties. Some expertise, credentials, and accomplishments can be ascertained through online research; records of high-profile failures can sometimes be discovered, too.</p><p>In George’s case, his online profile showed that he was a successful university police lieutenant who transitioned into the security industry by first heading up a multicampus hospital system, before coming to the security directorship at the community college. He was also a longtime member of ASIS and a Certified Protection Professional© (CPP); all in all, a veteran security professional.</p><p>Of course, the process of assessing a mentor’s expertise does not have to end once the selection process is complete. A mentee can continually assess the mentor’s expertise by conducting his or her own analysis through independent research. This is a great tool to see if the actions of the mentor are consistent with national best practices.</p><p>In my case, as I became more involved with ASIS and my own professional development progressed, I could see why George made the decisions and took the actions that he did.</p><p>For example, I remember creating a revised incident report template for the security department, which included a glossary of incident types with definitions. The idea was to make it easier for security officers to choose an incident type for a report and create more unified reporting between campuses and individual officers.</p><p>I used FBI Unified Crime Reporting categories as a basis for the incident types. When George reviewed the incident types, he made a number of edits that combined categories or renamed them, and crimes like burglary, arson, and nonnegligent homicide were added to the list.</p><p>George had revamped the list of incident types to follow U.S. Clery Act categories, which made more sense given that our workplace was a higher education facility. (The Clery Act requires colleges and universities to report information about crime on and near their campuses.) I was familiar with Clery at that point, but it didn’t hit home for me until I started researching why we changed the names and found that Clery actually specified what incidents should be named.</p><p>This became a recurrent pattern: The more I learned, the deeper I could research; the deeper my research, the more my own findings validated George’s expertise. But the process of assessing expertise independently has another benefit—it can sometimes reveal that the knowledge gap between mentor and mentee is too large, and cannot be bridged.</p><p>For example, if a mentee is barely able to use email, he or she will need a mentor who uses email daily, not a software developer who wrote the code that makes email work. An overly large knowledge gap can lead to a breakdown in communication between the mentor and mentee, in which the mentee cannot fully grasp concepts that the mentor believes are common sense. It’s almost as if they are speaking different languages.</p><p>That is not true in every case, of course; some highly accomplished professionals are also gifted communicators and teachers who can bridge a wide skills gap. But sometimes the gap leads to so much frustration that both parties give up. In a worst-case scenario, this bad experience can preclude both parties from trying again with a more suitable partner in the future, thus missing out on the mutual benefits of mentoring.</p><p>If either party feels that the match is untenable, they should amicably end the partnership and try again with another person. The industry needs experts and novices to seek each other out and work together, so neither party should allow a relationship to deteriorate.</p><p>Independent research can be valuable in another way—as a great educational tool for mentors. They may use it to develop exercises that allow mentees to analyze situations on their own and select appropriate actions based on the conditions faced.</p><p>Exercises like these illustrate that mentorship is not just hand-holding; the mentees must be willing and able to act and think for themselves. Practicing these skills in an exercise setting is an excellent way to learn.</p><p>Finally, a mentor-mentee relationship may not work if both are considered competitors for the same job. The modern workplace can be territorial, and being mentored by someone who is concerned that you will ultimately take his or her job (rather than succeed him or her when he or she voluntarily moves on or retires) will be problematic. It is likely that concerns about employment will erode the trust of one or both parties, causing the relationship to fail.</p><p>Given this, many of the best mentors are those who are nearing the end of their professional career, are experts in the niche of the security industry that the mentee wants to excel in, and are eager to pass on their knowledge to promising young professionals.</p><h4>Move Forward</h4><p>Once you have identified a mentor, and you firmly believe that the mentor’s expertise is genuine and there is mutual trust and a desire to work together, you should commit to the partnership in full.</p><p>When George and I began working together, there was no real separation between our jobs and learning. We didn’t set aside one day a week for mentorship activities, with the other four taken up by operational assignments or disciplinary meetings. Instead, the opposite occurred: traditional work and mentorship blended together seamlessly. Every activity became a potential lesson, and every interaction a potential opportunity for the transfer of information.</p><p>George and I met about twice a week to discuss the general operations of the security guard force. In those meetings, I would often be assigned tasks—anything from drafting a policy on a particular topic to developing a plan for special event coverage. I would return to my office to work on the project, and then bring a working draft to our next meeting.</p><p>George would bring out the red pen and, quite unapologetically, bleed it all over my drafts. He would explain the errors made on the drafts and then send me back to correct and resubmit them.</p><p>Perhaps the most important gift I received from George was his patient, steady refusal to accept substandard or poorly researched work. I have since realized how tempting it can be when we get busy to simply fix documents and reports that are submitted with errors and send them on, just to keep them moving. But ultimately, that guarantees that you will continue to review submitted documents with mistakes. It takes patience, and a desire to instruct, to take the time to explain what is wrong with a document and hand it back to the mentee to fix it.</p><p>Mentorship doesn’t have to be one dimensional nor exclusive. From time to time, I would draw on the advice of others when the situation warranted. The owners of the security firm I worked for had extensive expertise in contract security, so they were the go-to source for me when I needed expertise specific to that subfield. There is no shortage of good mentors, so there is no reason to limit yourself to only one when seeking counsel.</p><h4>Transition</h4><p>As we continued working together, the complexity of the tasks that I was assigned naturally grew. The more I learned, the more I was able to do, and the more projects I was involved in.</p><p>George and I coauthored articles and developed training programs for campus security officers and for people transitioning to security from other industries. I learned that there is no better way to reinforce knowledge of a subject then to teach it. This is doubly true if your students are adults. Whenever you think you have become knowledgeable about a subject, try standing in front of a class of adult learners who think they are, too, and take on their questions.</p><p>This stage is a time of professional transition: the mentee is no longer a novice, but certainly not yet an expert. Moving away from the basics to more advanced concepts can be exciting and rewarding, and there can be a dangerous temptation for the mentee to believe that the mentorship is over. It certainly crossed my mind on occasion, especially during difficult, busy days at the office, when the last thing I wanted was for George to point out what I had just done wrong.</p><p>However, I realized that my mentorship was still too valuable to discontinue. It did need to change, however. When the mentorship reaches an advanced stage, an emphasis on strategic learning and career development should gradually replace basic job-specific knowledge.</p><p>Operational skills, such as making schedules, interviewing candidates, and developing policies and SOPs, have all been learned. Now, both mentor and mentee can focus on cultivating higher-level skills, such as knowing how to predict where and when a new policy may be needed, and analyzing current trends in crime prevention or campus safety.</p><p>Much like traditional leadership, a mentorship style can also be altered and adjusted over time, as the relationship deepens.</p><p>In the later stages of my mentorship, George pushed me outward to take advantage of more and more development opportunities, such as professional education, online U.S. Federal Emergency Management Agency classes, conferences with the state’s Department of Criminal Justice Services, and many other training classes and seminars, including the 2011 ASIS International Seminar and Exhibits in Orlando, Florida.</p><p>The ASIS seminar was an eye-opening experience that allowed a relatively new security manager like myself to explore the full depth of the profession. In one week, I discovered that as much as I thought I had learned in my three years working with George, I had barely scratched the surface.</p><p>Nonetheless, my first ASIS seminar served as the perfect catalyst for George to push me into pursuing my CPP designation, which I eventually obtained.</p><p>Two years after I earned my CPP, a colleague in ASIS forwarded me a note about a job opportunity as the security administrator for the city in which I lived. It was too good an opportunity to pass up, and, amazingly enough, the job post specifically sought a CPP with multisite security management experience.</p><p>I got the job, and became security administrator for the City of Newport News, Virginia. George transitioned to mentoring a physical security manager who was hired before I left.</p><h4>Mentee Becomes Mentor</h4><p>George and I still keep in touch, catching up for an occasional lunch to compare strategies on similar issues. As I moved into my new position, I found new mentors with extensive public sector expertise to help me navigate the landmines that exist in local government.</p><p>I have found that the pace of operations is even faster at this higher level, and there is less patience for sharing entry-level knowledge because expectations reflect the added responsibilities of the new job. However, the mentorship dynamic remains the same—I work for an individual with tremendous knowledge of municipal administration, and his counsel in that segment of my job is invaluable.</p><p>I have tried to share knowledge with the people around me in much the same way that George helped me, by patiently pushing the people around me to learn more about the industry and their functions within it. My approach, however, has been somewhat different from George’s. While George dedicated a significant length of time to mentoring one person, I have tried to influence everyone I come into contact with.</p><p>Looking back, there was no cue-the-swelling-music moment where I could say, “I was mentored to achieve exactly this.” Mentorship doesn’t work like that, in my experience. It is a gradual process that requires constant work and endless patience from both sides.</p><p>It is also a partnership that helps develop both individuals, and potentially instills in them a career-long appreciation for learning and teaching. This appreciation leads us to continue to move forward in our profession, seek out new mentors, and mentor those coming behind us, elevating the entire profession, one apprentice at a time. </p><p>--<br></p><p><em>William Cottringer, Ph.D., Certified Homeland Security (CHS) level III, is executive vice-president for employee relations for Puget Sound Security Patrol, Inc., in Bellevue, Washington, and adjunct professor OF criminal justice at Northwest University. </em></p> | | |
| https://sm.asisonline.org/Pages/Who’s-Who-in-Retail-Loss-Prevention.aspx | Who’s Who in Retail Loss Prevention | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <h4>Retail Loss Prevention Council, ASIS International</h4><p>One of 34 industry- or topic-specific councils of ASIS International. It develops and provides programming and resources for loss prevention practitioners, including session recordings, webinars, magazine articles, book excerpts, newsletters, reference guides, white papers, and case studies.</p><h4>Loss Prevention Foundation</h4><p>Its stated mission is to “advance the retail loss prevention and asset protection profession by providing relevant, convenient, and challenging educational resources.” It offers the LPQualified and LPCertified industry certifications, a career center, and a bimonthly magazine, among other benefits.</p><h4>Loss Prevention Research Council</h4><p>Affiliated with the University of Florida, its mission is to use an evidence-based approach to fighting retail crime. It tests loss prevention solutions in real world environments. Previously, LPRC operated at the store level, but its operations are now equally geared to corporate decision makers and corporate emergency operations centers. Shoplifting and employee theft are still high priorities, but the council now delves into fraud, supply chain protection, violent crime, point of sale crime, burglary, situational awareness, and other issues.</p><h4>National Retail Federation</h4><p>The world’s largest retail trade association, the NRF has a Loss Prevention Council and constituent committees that meet to discuss problems and share solutions. The NRF also hosts an annual loss prevention conference, advocates for the loss prevention industry, and provides news and resources.</p><h4>Loss Prevention Industry Professionals Association</h4><p>This organization holds an annual conference and vendor showcase, as well as offering networking and other benefits.</p><h4>Retail Industry Leaders Association</h4><p>Describing itself as the premiere advocate for America’s most sophisticated retailers, RILA offers education, networking, and a forum for problem solving. It contains a council and committees that focus on various asset protection issues, such as auditing and technological innovation.</p><h4>National Anti-Organized Retail Crime Association</h4><p>Established in 2012, this organization fights organized retail crime through education on such techniques as skimming, cargo theft, and return fraud.</p><h4>Mystery Shopping Providers Association</h4><p>Characterizing itself as “the largest professional trade association dedicated to improving service quality using anonymous resources,” the group has more than 450 member companies worldwide. Its membership includes marketing research, private investigation firms, and mystery shopping fieldwork services. </p> | | |
| https://sm.asisonline.org/Pages/Loss-Prevention-Lab.aspx | Loss Prevention Lab | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>Working at the Loss Prevention Research Council (LPRC)—an organization that tests loss-control solutions for suppliers and retailers—must be incredibly frustrating. The center, located on the campus of the University of Florida, houses a lab that mimics product displays found in typical retail environments. Over here is shelving filled with over-the-counter medications such as Prilosec and Imodium. Nearby sit 32-ounce containers of liquid Tide detergent. Also on the shelves are infant formula, razor blades, and dozens of other items that would be convenient to grab on the way home instead of stopping at the store. And the Red Bulls must tempt the late-night researchers.</p><p>These items are among those most frequently stolen by shoplifters—also known as boosters—and they certainly aren’t for the taking by LPRC staff looking to streamline their errands. More than 75 technologies protect the goods, which range from Florida Gators polo shirts to bottles of 1800 Tequila. Screamer sirens, spider wrap, evidence tape, smart pads, shopping-cart analytics, “weaponized music,” RFID tags, and smart floor mats are among the tools that LPRC is testing on behalf of retailers and manufacturers to minimize loss without diminishing sales.</p><p>So what’s the most exciting new technology? Read Hayes, LPRC’s director, fingers point-of-sale–activated (POSA) benefit denial. Benefit denial tools operate not by making shoplifting riskier or time consuming, but by depriving the offender of the use of the item. Ink tags, which ruin garments if they aren’t removed by a special tool, are a well-known example of the benefit denial approach.</p><p>The new generation of benefit denial technologies, Hayes says, protects electronics. Special code can be injected into smartphones, tablets, printer cartridges—anything that contains firmware—that would render the product useless without an activation code. LPRC engineers have yet to defeat the technology, which can also be programmed to allow a device to work at certain times so that shoppers can try out the product in store.</p><p>RCA is one of the first to install the technology, using it in its Voyager tablet. Hayes says that Walmart is on the third phase of testing theft and sales of this device. A one-store test fared well enough to expand to 20 stores. It is now being rolled out for further testing in Walmart stores nationwide, he says. He will be discussing findings shortly with big-box retailers.</p><p>Of course, a retailer suffers a loss just the same if an unusable item is stolen. So public awareness of the protection technology, such as through signage or staff explanations, is critical to this approach. Walmart has used yellow warning signs for the RCA tablet. And because the protected product is featured by the retailer, Hayes says this technology attracts brands whose products are not leaders in their fields, such as RCA’s tablet.</p><p>Hayes speculates that this type of technology could augur a paradigm change, such as occurred when the theft of gift cards dropped after shoplifters realized the cards had to be activated by a clerk. That works as long as a legitimate buyer doesn’t have a problem activating a product.</p><p>I am joining two members of the LPRC team, Hayes and research team leader Mike Giblin, to witness an ongoing loss prevention test at one of the stores affiliated with the LPRC, a Best Buy in Gainesville, Florida. LPRC and Best Buy were testing various devices to prevent theft of Apple Lightning power devices without discouraging legitimate purchasers. This would be phase one. Assuming useful results, phase two would expand specific measures to additional stores. For any tools that passed muster, a third phase would test how they perform in various environments, regions, store types, and so on.</p><p>LPRC’s extended laboratory is a group of more than 20 Gainesville-area stores from global chains—including Publix, Michael’s, CVS, AutoZone, and Macy’s—that serve as innovation zones. If one of these retailers wants to establish proof of concept or conduct a small-scale test, they are right in LPRC’s backyard.</p><p>Under scrutiny at Best Buy are devices that make it difficult to easily slide multiple power cords and other power-related products off peg hooks. Researchers are also testing a system where motion sensors near the products trigger cameras that feed to video monitors at each end of the aisle and show who is near the high-theft products. The idea is that, upon seeing him or herself on the monitor, the shoplifter would abandon the theft.</p><p>Part way through this multimonth testing period, LPRC interviewed shoplifters and legitimate shoppers alike. The results were surprising. While three-quarters of the shoplifters noticed at least some of the devices on the peg hooks, only 25 percent saw the video monitors, which were just a couple of body lengths away. Hayes and Giblin explain that offenders are so focused on their immediate vicinity that they are oblivious to activity just out of their range of operation.</p><p>So what did work? When asked which device would most deter them, thieves specified a device that required twisting a knob multiple times to release a product. Every twist caused a loud clicking sound.</p><p>While on site, we also want to determine where a booster might conceal goods. We make our way to a back corner of the store, where car stereos, speakers, and clearance items are on display. High shelves obstruct sight lines. The area is deserted, and it’s shabbier than the rest of the store, showing signs of neglect. The nearest staff member, easily visible in a bright blue shirt, is aisles away. No surveillance cameras are evident. An empty Coke can sits on a clearance shelf, bringing to mind the well-known “Broken Windows” theory, which posits that signs of neglect lead to increased crime.</p><p>These signs of abandonment—high shelves, obstructions, trash, less-popular items—“are unconsciously picked up by boosters,” says Giblin. Moving more attractive items to that section would increase foot traffic and discourage thieves looking to stash their items, but it might also contradict the conventional wisdom of placing the most attractive items front and center. So Hayes suggests to the retailer that it increase shopper traffic by better promoting the clearance items while installing public-view monitors, passive infrared-activated sound, and improved lighting options to signal to thieves that this area is no safe haven. </p> | | |
| https://sm.asisonline.org/Pages/Tech-and-the-Turnstile.aspx | Tech and the Turnstile | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>Located in New York City’s Financial District, 7 World Trade Center (7 WTC) was the first tower to be rebuilt after the September 11, 2001, terror attacks that destroyed the Twin Towers—part of the original World Trade Center complex. </p><p>The 52-story tower, which has 1.7 million square feet of office space, opened in May 2006. The building is owned and managed by Silverstein Properties, Inc., and is home to several high-profile tenants, including Moody’s and the New York Academy of Sciences. </p><p>Because the building is located on a symbolic site in New York City and is leased to capacity, security is a top priority for the building’s management.</p><p>“Life safety is by far the most important thing for this building, our tenants, our visitors, and our employees,” says Angelo Provvido, property manager at 7 WTC.</p><p>The tower has been using turnstiles for access to its north and south lobby entrances since it opened, but the previous solution was not ideal, Provvido explains. </p><p>“We had maintenance issues with them—they were constantly malfunctioning,” he says, adding that the turnstiles had a component that would sometimes strike people in their midsection or legs as they came in and out of the building. </p><p>Kratos, the security integrator for Tower 7, oversees maintenance of several features throughout the building, including security cameras and access control. Kratos helped 7 WTC evaluate several new turnstile options that would improve convenience for the tenants and facilitate the overall flow of traffic. </p><p>When the building came across Smarter Security’s Fastlane Optical turnstiles, management was impressed. “The slim design, the glass door features—those were all things that drew our eyes and our attention to the product,” Provvido notes. </p><p>After visiting other buildings where the turnstiles were installed, 7 WTC staff decided to integrate the solution into the building’s lobby. </p><p>Integrating the product took about a year, Provvido explains, from the time Tower 7 began evaluating options to having them custom manufactured and installed. The installation was completed in two phases: one for the north lobby entrance and one for the south lobby. </p><p>Tenant convenience was a priority for the building, so demolition of the old turnstiles began on a Friday night and was finished by Monday morning in both phases. The project was completed in April 2015.</p><p>There are eight turnstiles, two of which are handicap-accessible. To gain access, tenants present an access card above a scanner on the turnstiles, which are equipped with both proximity and bar code readers. The turnstiles have swinging glass barrier doors that open to allow the person through.</p><p>“Tenants like the new product; the old ones were more of a metal, bulkier turnstile,” Provvido says. </p><p>Another feature that improves traffic flow is pairing the employee’s profile with the floor number he or she works on. When a tenant presents his or her card to the turnstiles, an elevator from the elevator bank is automatically reserved to take that person to his or her designated floor. </p><p>“The turnstile actually tells you which number elevator in the bank will be coming down for you,” Provvido says. </p><p>When a tenant has a guest, an employee preregisters the visitor in the building’s visitor management system. Guests present their identification to the security desk, and an officer will print out a temporary badge that expires at the end of the day. The pass has a bar code that opens the turnstile, and security advises the guest what floor to go to. </p><p>When there are large events in the building with several visitors coming in at once, the turnstiles can be opened for a fixed period of time while security checks names against a list. </p><p>Kratos manages the turnstiles from the administrative side, so if there are technical issues Provvido calls the integrator to fix them. “Kratos is able to come in on short notice and make the repair and get the turnstile up and running,” Provvido explains. </p><p>Between the two installation phases, Silverstein Properties’ Chairman Larry Silverstein was able to directly compare and contrast the two turnstiles, the old and the new solutions, side by side. </p><p>“These Fastlane systems made a notable improvement in how we process the flow of our tenants and visitors,” he says. “You can feel the quality workmanship in both the aesthetics and operation.” </p><p>Silverstein Properties also owns and manages World Trade Center Building 3, which was completed in June 2016. That location, which will officially open in early 2018, has 2.5 million square feet of rentable space and will also feature the Fastlane turnstiles. </p><p>In addition to the turnstiles, which provide an effective deterrent against any would-be trespassers, 7 WTC has a fully staffed security desk during the building’s main hours. </p><p>With the old turnstiles, there was an incident where a young man jumped the turnstiles and tried to gain further access to the building. He was immediately apprehended by security, and eventually escorted away by Port Authority Police.</p><p>So far, 7 WTC hasn’t had any problems with the new turnstiles, and Provvido says the product improves business efficiency while improving security.</p><p>“You have to make sure the tenants get to their workplace in a timely manner. Everybody comes in the front doors in a rush and they are all in a race trying to get to their office space,” Provvido says. “The turnstiles secure the building, and prevent people who shouldn’t be coming in from getting through to the other side.”</p><p><em>For more information: Jeff Brown, jbrown@smartersecurity.com, www.smartersecurity.com, 512/328.7277 ext. 228</em></p> | | |
| https://sm.asisonline.org/Pages/Pay-Attention.aspx | Pay Attention! | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | How can human operators avoid becoming exhausted on the job, or stay alert while driving for long periods of time? How can security guards ensure that they don’t miss a critical alert during a long shift?<br><br><p>The Human Factors and Applied Cognition program at George Mason University in Fairfax, Virginia, is conducting vigilance fatigue testing with subjects to find out more about how and why mind power becomes depleted, and how to best replenish it. Subjects at the institution’s Arch Lab are given a variety of tasks to perform in a range of scenarios. </p><p>“We are constantly having people do many different tasks at the same time,” says Carryl Baldwin, director of the program. “In one of the scenarios, they are doing five different tasks at the same time, trying to alternate their attention back and forth between three different screens.” </p><p>Baldwin explains that vigilance fatigue occurs when our brains become overwhelmed by the task we are performing. “The leading theory of why you experience this vigilance decrement is because your cognitive resources become depleted,” she says. “And we asked, ‘If that’s the case, how do we restore those resources?’ So we started a series of experiments, many of which are ongoing, looking at what can we do to try to bring that person back up to speed, to try to alleviate that performance decrement.” </p><p>One hypothesis, Baldwin notes, is that letting one’s mind wander—which is also known as engaging the default mode network—helps restore blood flow to the part of the brain that engages in completing a task, the dorsal attentional network. “This theory is called the decoupling hypothesis, which is that we cycle back and forth between two major attention networks,” she says. “You have to cycle back and forth between those in order to sustain performance for any length of time.” </p><p>In a field such as security, Baldwin notes that the lack of incidents that occur during any one shift can lead to increased fatigue, just as with any task where there are little to no stimuli for the brain. “How do you stay motivated to watch screens if, shift after shift, nothing happens?” she says. “You’re likely to miss the signs, because it’s difficult to pay attention when you so rarely get signals.”</p><p>The researchers are working on replenishing subjects’ effectiveness at performing a task with a variety of techniques. “One of the things you can do in vigilance research is periodically insert false alarms...to revive the subjects,” Baldwin says. “Because if they’re waiting for a signal that doesn’t happen during a whole eight-hour shift, it’s really tough to stay engaged.” </p><p>Offering rewards can also help subjects stay on task. “We’re experimenting with giving people rewards once in a while…primarily to increase dopamine levels, which we think will, in turn, increase their ability to sustain attention on the task.” </p><p>Baldwin says simply being in a good mood also appears to promote the subjects’ effectiveness and alertness. “We’ve looked at playing music of a certain type, particularly positive-affect, slow music that’s popular and enjoyable—and people like it,” she says. “That tends to promote relaxing and having a positive attitude.” </p><h4>Cyber Fatigue</h4><p>Fatigue also affects those who make security-related decisions. Most computer users in the United States feel “overwhelmed,” “resigned,” and “hopeless” about the security and privacy of their online behavior, leading them to make poor cybersecurity decisions. That’s according to research by the National Institute of Standards and Technology (NIST) in an October 2016 study, Security Fatigue.</p><p>The authors of the report tell Security Management that they didn’t necessarily set out to draw conclusions about security fatigue in their research, but wanted to learn more about the typical computer user’s online security behavior. “We were really trying to understand people’s perceptions, beliefs, and behaviors with respect to cybersecurity,” says Mary Theofanos, computer scientist at the NIST Office of Data and Informatics. </p><p>Theofanos, along with coauthor Brian Stanton from the NIST Visualization and Usability Group, interviewed people ranging in age from 20 to 69 from rural, urban, and suburban areas of the United States. They asked questions such as: What do you do online? How often do you change your password? How do you feel about cybersecurity?</p><p>“As we started talking to them, there was just this overwhelming sense of resignation, loss of control, fatalism, and decision avoidance,” Theofanos says. “As we started really pursuing this, we realized these are the characteristics of security fatigue.” </p><p>The following were some of the signs of cybersecurity fatigue observed by the researchers: </p><p>• Avoiding unnecessary decisions</p><p>• Choosing the easiest available option</p><p>• Making decisions driven by immediate motivations</p><p>• Behaving impulsively</p><p>• Resignation and loss of control</p><p>Stanton, a psychologist, says that users are tired of constantly being asked to change their passwords, conduct system updates, and engage in other basic cybersecurity hygiene best practices. </p><p>“When you reach a certain threshold, you don’t have any more capacity to deal with things, and that’s what we were seeing in the security realm,” he explains. “People didn’t have the capacity to make any more decisions about security.” </p><p>Being overwhelmed leads users to make poorer decisions, such as not changing their passwords or updating their machines, or failing to safeguard personal information, opening them up to possible cyberattacks or data theft.</p><p>Positive reinforcement, one of the classic ways to fight vigilance fatigue, isn’t necessarily available in the cyber world. “It’s hard to get that reward in the cybersecurity space because there’s no direct cause-and-effect relationship,” Theofanos says. For example, if users change their passwords every 30 days, but they get hacked anyway, they will feel as if their security practices didn’t protect them and are, therefore, not worth doing. </p><p>“In cybersecurity you don’t get any feedback if you do it right,” Stanton adds.</p><p>Those interviewed also believed that hackers would never target their information in the first place, because they don’t believe they possess anything of value. They stated that someone else should protect their data, such as the bank issuing their credit cards or their employer. </p><p>To combat the issue of security fatigue, the research suggested companies take a few steps to ensure that users don’t feel overwhelmed: </p><p>• Limit the number of security decisions users need to make</p><p>• Make it simple for users to choose the right security action</p><p>• Design for consistent decision making whenever possible</p><p>Theofanos says that users are aware of the existing cyberthreats, and many mentioned high-profile hacks in the news. Still, she says that good cybersecurity has to become a habit, and awareness isn’t enough. “They can’t fall back on a set of habits, because they haven’t formed those habits. It’s the whole concept of practice, practice,” she says. “It’s a bigger step than just greater education and awareness.” </p> | | |
| https://sm.asisonline.org/Pages/Certification-Profile---Anjali-Sniadowski,-CPP,-PSP.aspx | Certification Profile: Anjali Sniadowski, CPP, PSP | GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>Anjali Sniadowski, CPP, PSP, admits that a security career may not be for everyone. She can list some downsides: irregular hours and hard work. But in her mind, the pluses outweigh any negatives.</p><p>“If you are someone who likes to help people, be part of a mission greater than yourself, and don’t mind unique challenges, it’s definitely the right path for you,” she says.</p><p>Sniadowski came to security in an unconventional way. She started on an academic track focusing on nonproliferation studies and WMD terrorism. But her focus shifted as she completed some consulting engagements that highlighted the intersection between government security programs and the private sector. </p><p>This interest led to a position with iJET, where she has worked for the last 12 years. She started as a watch operations manager, overseeing the intelligence analysts that produce the company’s global alerts and situation reports, and she was recently promoted to director of global programs.</p><p>“Global Programs is a matrixed organization,” she explains, which can involve pulling in multiple intelligence analysts, subject matter experts, and program managers to support a client’s security program. In short, Sniadowski is “an embedded resource with iJET’s top clients, helping design and run their travel risk management programs.”</p><p>“When I hear from a client that our program provided medical evacuations or guidance on how to handle an emerging security issue, it’s very rewarding,” she says. </p><p>This intersection between the worlds of security and program management led Sniadowski to pursue ASIS board certifications. Preparing for the Physical Security Professional® (PSP) and Certified Protection Professional® (CPP) tests also exposed Sniadowski to aspects of security management beyond those she deals with regularly. </p><p> “It’s imperative to understand the challenges and concerns facing a company’s security department and speak the same language,” she says. “The PSP and CPP certifications allow me to have intelligent and forthright conversations with CSOs along with security directors and managers to ensure we’re properly addressing their specific requirements. You need to be playing from the same sheet of music.”</p><p>She advises persons considering certification to research which one will help further their career. While iJET encourages all employees to pursue education and certifications as a part of their professional development, Sniadowski encourages others to turn to resources in their local chapter and to seek out mentors.</p><p>“What’s great about this profession is that there are so many avenues one can pursue,” and she lists physical security, cybersecurity, crisis management, business continuity, and investigations as examples. ASIS International will help provide the right networking and educational resources to develop each path, she notes. </p><p>“I strongly believe you stagnate the moment you start resting on your laurels,” says Sniadowski, and staying on top of emerging threats and trends in security management is important. To that end, she says, “ASIS is the perfect association to help you push your boundaries.” </p> | | |