Recently, ASIS launched the call for presentation proposals and reviewers for GSX 2022. We took this opportunity to sit down with the Chair of the GSX 2022 Selection Committee, Keith McGlen, CPP, Vice President, Security Services at UCHealth, to discuss learning and volunteer opportunities at this highly anticipated global event.

As the Chair of the GSX 2022 Selection Committee, what excites you most about this year’s event?

It’s both an honor and a privilege to serve in this role. Those Chairs that came before me did a terrific job at creating the “gold standard” for learning within the security profession, and I plan to honor that legacy and progress our efforts further in 2022.

Four things, in particular, excite me most about this year’s GSX event.

1. GSX has led, and will continue to lead, in the area of offering the highest quality education – providing professional guidance for security management professionals around the world.
2. GSX allows security management professionals the opportunity to dive deep into important case studies, best practices and leading trends throughout the security profession.
3. I am always impressed at how ASIS looks at GSX through the lens of inclusivity. Having access to global subject matter experts (both virtually and in-person) is a key differentiator at GSX.
4. As a volunteer leader, GSX is also a great opportunity to volunteer serve in the role of review. GSX is developed for security professionals by security professionals. Serving on the review committee has a profound impact, which reverberates globally. You can apply to be a reviewer here.

What are key things the Selection Committee will be looking for in submission proposals?

My first piece of advice is to familiarize yourself with the Call for Presentations page on the GSX site. If you are considering submitting a presentation proposal, make yourself aware of the types of topics covered at GSX. Here’s a partial list of a number of topics that will be considered:

We will be seeking proposals from security professionals that reflect the most significant, innovative, and high-quality thinking in security management. The professional expertise and experience of those who submit a proposal(s) are integral to delivering a robust education program that continues to shape the security management profession year after year. To deliver high-quality sessions that reflect the best security management concepts, knowledge, and practice, preference will be given to proposals aimed at our audience –Global security practitioners at the management and senior/executive levels across the spectrum of security, managing risk, active threats, cybersecurity, loss prevention, and more in both private and public sectors.

Lastly, get to know the process that is in place. It’s of the utmost importance that individuals follow the step-by-step process, instructions and timeline (i.e., deadline dates) as described on the GSX site.

What are the benefits to presenting at GSX?

The are numerous benefits to presenting at GSX, including —

• The opportunity to be recognized by your peers regarding your subject matter expertise.
• The opportunity to share your insights with global security management professionals.
• The opportunity to expand your global network.
• The opportunity to acknowledge your presentation in your own career development efforts (via your resume, LinkedIn, or in interviews).

If you are interested in presenting at GSX 2022 or becoming a reviewer, please visit the Call for Presentations page and submit your application by 1 February 2022.

By Michael Gips, CPP, principal, Global Insights in Professional Security

The COVID-19 pandemic may well be the most consequential phenomenon that the security profession has had to deal with. One slice of that consequence, albeit a big slice—has come in the form of increased insider incidents and threats. Having presented last month on a GSX panel on that topic, I offer some context and recommendations.

Let’s look first at what COVID hath wrought. Phase 1 covers the first few months after the pandemic set in. I call it “The Great Dislocation.” This phase was characterized by (1) rapid transition to work-from-home, (2) quick dispatch (or purchase) of devices that may not have been updated or configured correctly to (3) workers who were not used to using network resources from home and (4) had little security training. This resulted in (5) basic security protocols being ignored. Capping it off, (6) security was bombarded with new duties, including health screening, access control, and social-distance monitoring.

Phase 2 I refer to as “The Great Hibernation.” People realized that the pandemic would not be fleeting, and their lives filled with Zoom meetings, cabin fever, and the blurring of lines between home and work life. Children might play games on Mom’s work computer or use apps on her smartphone. In one case, a child took and posted a photo that happened to capture a parent’s computer monitor that displayed highly sensitive proprietary information.

As the pandemic dragged on, fears rose—what I call “The Great Trepidation.” Staff worried that their jobs, benefits, or even employers wouldn’t last. Many became distraught, depressed, and emotionally unstable. An American Psychology Association survey shows that half of all adults have exhibited negative behavior due to the pandemic, such as lashing out at loved ones. These feelings sometimes engendered resentment of their employer and a desire to get what they thought they deserved, perhaps through theft, sabotage, or corporate espionage. Security, HR, and management had to address concerns such as abusive staff behavior or violence committed at home.

Then we pivot to what has been commonly called “The Great Resignation,” in which millions shed their employment. Factors were many: fear of contagion at work, shifting life priorities, caring for children not physically attending school, the dread of commuting, vaccine mandates, and so on. More than 11 million U.S. workers quit their jobs from April to June 2021 alone. Another 4.3 million quit in August. Almost 50 percent of employees are actively seeking new opportunities. Another 41 percent of workers are considering quitting, including 54 percent of the youngest cohort, Generation Z.

It’s become common for companies to poach workers and for interviewees to ghost prospective employers. Human resource departments have become so desperate for talent that they might lower standards or sacrifice background checks—thus introducing further insider risk.

Overlapping The Great Resignation is a phase I’ve dubbed “The Great Reallocation.” Organizations are figuring out what constitutes the new normal, such as staggered schedules, hybrid office and work from home, and social distancing. Companies are finding that staff have forgotten basic policies and procedures, requiring re-onboarding much of the workforce. Meanwhile, returning workers who have built new lifestyles worry whether their employers have revisited their policies on maternity/paternity leave, elder care responsibilities, working with unvaccinated people, and creating a hybrid workstyle that is fair to all staff. This web of issues potentially creates a toxic and volatile workplace.

If that wasn’t enough of a perfect storm of insider threat, add the following: (1) political, economic, and social turmoil involving social justice groups, antigovernment agitators, anarchists, QAnon, antimaskers, anti-police protesters, and so on; (2) distrust of basic institutions such as health authorities (COVID denial, etc.), the voting system (a “stolen” presidential election, etc.), and anti-corporate activists (China targeting large Western brands such as Nike and H&M, etc.); and (3) ransomware actors reaching out to alienated staff, offering life-changing paydays.

So how do you navigate this treacherous landscape? Here are my top 10 considerations.

1. It all begins with people. Listening to, showing empathy for, regularly engaging with, and providing meaningful work and growth opportunities to your staff are all imperative. A fulfilled and respected worker is a loyal and happy worker.
   • Regular check-ins (at least weekly) with remote workers
   • Periodic in-person check-ins with direct reports
   • Revisiting policies and procedures in the new WFH environment
   • If you will be using productivity-monitoring tools, be transparent about it and explain the rationale
   • That culture must permeate the enterprise, including sponsorship, support, and commitment from the very top and across departments and divisions.
2. Likewise, an insider-threat program must have the commitment of leadership and buy-in across the enterprise
3. The best time to address insider threats is before hire; conduct background checks, etc. accordingly
4. Most insider activities are identified through worker tips. Maintain an easy-to-use anonymous reporting system
5. Inventory measures that you already have
6. Consider pilot activities and iterative short-term tasking
7. Institute regular security awareness training and refreshers, with positive incentives; consider gaming approaches to training
8. Don’t forget to consider the full range of insider threat beyond espionage, fraud, etc. and identify who will have responsibility (e.g. drug trafficking, smuggling, sabotage, harassment)
9. Also don’t forget to include contractors, business partners, clients, visitors, and staff family members among potential insiders
10. Consider an insider-threat working group to implement strategy, collect metrics, adjust policies, and track goals and milestones

Thanks to Randy Trzeciak, my GSX copresenter, for his contribution to this list.