Much has been made of generational differences and their effects on the workplace. Few generations have not found fault with those who came before or followed after, but the acceleration of technology and services has forced many organizations to contend quickly with the need to recruit and retain a digital native workforce. Security is no exception.

Here, Security Management connected with Angela J. Osborne, PCI, PSP, regional director for Guidepost Solutions and an advisor to the ASIS Young Professionals Community, to discuss multigenerational management and how recruiting a diverse workforce can benefit security departments and organizations—as well as some pitfalls to avoid.

Want to learn more about this issue? Hear more from Osborne, plus Jairo Borja and Michael Brzozowski, in their session How to Recruit and Retain Gen Z in Security Organizations on Monday, 21 September, at GSX+.

Security Management. How does having multigenerational talent—Generation Z in particular—bring value to an organization?

Angela Osborne. Having multigenerational talent in security departments is highly useful as we bring distinct perspectives based on our shared experiences as members of different generations. Our baby boomer colleagues often bring institutional memory, experience in working in the field, and an understanding in how to get things done within an organization.  These individuals often know where the landmines are placed and the past interactions with different departments and stakeholders.

Gen X is a bridge between baby boomers and millennials, and GenXers often have the ability to translate baby boomer expectations and explain the rationale behind the department’s structure, the method of working, and the means to navigate the entity.

For millennials, they bring a diversity of live experience, savviness with technology, and understanding of perceptions on how security guidance can be understood by millennials and Generation Z colleagues. Gen Z, in particular, is known for its openness, focus on practicality and fiscal responsibility, and digital nativism.

A strong team will focus on having representatives across these groups due to the fact that our organizations and client bases are made up of these different groups.  In security, much of our work is on training and awareness, gaining compliance on security protocols, and achieving buy-in to security culture. We need to present guidance and plans for our organizations by considering these distinct groups, keeping in mind that people are individuals, and we cannot assume things about people solely based on their generational range as well.

Security Management. What strategies have you seen succeed in attracting and retaining multigenerational talent?

Angela Osborne. Often in the security field, recruitment takes place based on people’s professional networks, as our work focuses on trust and integrity. The challenge with this is that we are limiting ourselves to our own pool of contacts. We will tend to attract people like ourselves with similar backgrounds and life experiences. Here are three best strategies that I have seen:

• Reach out to college and university career centers. Universities often have career posting pages to allow potential employers to promote new positions for recent graduates.
• Consider engaging interns. It is important to reach out to Gen Z early for internships as well. From personal experience, I joined the Archer Daniels Midland Corporate security team as an intern when I was in college.  It had a tremendous impact on my life.  Prior to this, I did not realize the diverse careers in private sector security.  We have to get the word out about the careers in our sector to attract key talent.  We want to identify people early in their careers.
• Engage the ASIS Communities and LinkedIn. I recommend reaching out to the ASIS Young Professionals Community leadership and posting about positions in Communities and on LinkedIn.
• Connect with high performers and ask for recommendations. It is a good idea to talk with high performers from the security department and from other departments to identify potential candidates.
• Place new joiners with supportive managers. The next recommendation is to match up the new joiner with a supportive manager. Studies show that people, particularly Gen Y and Gen Z, leave jobs because of bad managers. This is a critical element, and a check-in process must take place with both the manager and the new employee.

Security Management. How can a security leader successfully manage someone transitioning into or beginning their career in security?  

Angela Osborne. First and foremost, it is important to be clear about expectations. People transitioning into this field need to know what is expected of them, and I try to put these expectations in very clear terms for people.

The next step that goes hand-in-hand with clear expectations is to communicate continually, and don’t assume people will interpret your tasks and direction in the way that you would. We have to maintain open lines of communication, so if people have questions, we can address them early on in the process. The communication should take the form of phone calls or virtual meetings, email, and messaging to cover the bases.

As an example, when I first joined TAQA in the UAE, I reported to a manager based in The Netherlands. Our communication was all virtual for my first summer. This person was very engaged in ISO terminology and put everything in terms of ISO. He asked me to submit a deliverable plan. I submitted a list of goals in the SMART format in order to meet this requirement. We had a very circular conversation after this list, and I realized that we were not speaking the same language. He was looking for me to put my content in MS Project and to use ISO terminology. Once we clarified the terminology, we were able to work together in a more productive manner.

We also have to recognize that among generations we are likely to see things differently based on our life experiences. We should be able to express ourselves but to be mindful that not everyone will agree with us and some topics are not appropriate or productive for the workplace. I encourage teams to avoid discussing politics, religion, and controversial topics in the workplace. We should focus on our entity and department values and use these to guide our interactions. Our societies have a number of exceedingly divisive issues, but our teams must be able to function effectively without alienating people. This is why training and awareness on diversity and inclusion is needed.

We also cannot make assumptions that people joining an entity for the first time or joining a security department for the first time have the same understanding of ethical responsibilities—for instance reporting improprieties. We must stress the importance of acting in ethical manners and reporting concerns, and this should be communicated not just to full-time employees but also contractors and part-time employees. Security departments depend on their reputations, and the team members must hold each other to a higher standard to maintain stakeholder trust.

By Scott Briscoe

We’ll call him the prescient Mr. Gundry. In an article for Security Management’s Security Technology supplement entitled Building the Control Room of Tomorrow, Dan Gundry wrote: “Enterprise organizations relay on their SOC [Security Operations Center] for business operations. In times of an emergency, and as risks become more severe, a complete situational picture is necessary.”

Gundry is director of national control room sales at Vistacom, and he will be speaking on a panel at GSX+ on Monday, 21 September on The GSOC of the Future: What’s Next?

If ever there was a time of heightened emergency and severe risk for global organizations, 2020 defines it, giving organizations with high-functioning global security operations centers, or GSOCs, a chance to shine. Asurion, a leading provider of insurance, warranty, and support services for electronics, has offices on five continents. The company was featured in a write-up in the Nashville Business Journal early on in the pandemic. Very early on, as in 6 March. In the article, Kevin Wilson, senior director of global security for Asurion, is quoted: “Our differentiator is we have these security operation centers on both sides of the world that covers this on a 24-hour basis that gives us a level of awareness some might not have. Adhering to guidelines so that you don’t underreact or overreact has been key.” As was the information backbone that was able to be mined because the company had established SOCs and used them in their risk mitigation strategies.

Wilson is one of the panelists in the GSX+ discussion, along with Rob Hile, general manager at GC&E Systems in Florida, and Ryan Schonfeld, founder and CEO of RAS Watch.

For even more on operations center and the pandemic, and because you can never add too many letters to existing acronyms, be sure check out this article on Microsoft’s VGSOC (the “V” is for virtual), now COVID-19 tested and approved.

By Scott Briscoe

There’s only so much time security managers can devote to planning for the future as they ensure the present risk, safety, and security needs are being addressed. That time likely dwindled significantly as the COVID-19 pandemic unfolded.

Despite the near-term need to deal with organizational changes brought on by the pandemic, there remains a need for security managers to consider how their organizational environment is changing, and how that will affect risk management and security. Security Management recently caught up with David Feeney, CPP, CISSP, PMP, to discuss emerging trends affecting the security sector.

Feeney is a Deloitte risk and financial advisory manager in cyber and strategic risk. Feeney serves on the ASIS Standards & Guidelines Commission and has previously chaired the ASIS Physical Security Community and the ASIS ESRM Guideline Committee. He will also be leading a The New NIST Privacy Framework session at GSX+ on Thursday, 24 September. A recap of our trends conversation is below.

Foresight and Preparation

Security professionals should ask themselves which type of security professional they want to be:

• The reactive type: The person who waits until her or she is asked about something new only to then scramble to get an answer for use in later follow-up. (Don’t be this person!)
• The prepared type: The person who is ready with an answer before an inevitable question is asked about something new. (Better.)
• The proactive type: The person who learns something new and brings it to stakeholders before questions are ever asked. (Bingo!)

The sooner security professionals learn about emerging trends, the further along that spectrum they can operate and the more value they can bring to their stakeholders.

1. Automation

One emerging trend is the next generation of automation, which includes robotic process automation, artificial intelligence, and machine learning. It is important for security professionals to understand these concepts and how they differ because each provides significant security value if used properly.

• Robotic process automation (RPA) is basic automation that repeats a scripted process. It is ideal for repetitive processes that require no logic or decision making, but involve the same multi-step process being repeated cyclically. RPA adds value when it essentially scripts labor-intensive, repetitious processes to enable security professionals to use their time for more strategic efforts. Think “enter URL, scroll down, click button, click another button, close page, and repeat” – over and over. Such processes are ripe for RPA.
• Artificial intelligence (AI) adds logic. It is “smarter” than RPA in that it relies on logic to determine next steps. Unlike RPA, AI does involve decision making based on that logic. Also unlike RPA, there is more than one possible series of tasks to be completed. It is the logic that determines those tasks.
• Machine learning (ML) adds the ability to learn. It is an even “smarter” type of AI that enables its logic to evolve based on lessons that it essentially “learns” through experience.

All three of these tools provide value by allowing security professionals to spend more time on cognitive work of strategic value to the organization. The further along the RPA-to-ML spectrum an organization goes, the more tasks it can automate, and the more human talent is made available for other work.

2. Data Privacy and Protection

Another emerging trend that security professionals should understand—yes, even physical security folks—is data privacy and protection. There are many aspects to this, but one that has dominated headlines is protection of personally identifiable information (PII). The rapid increase in number and severity of private and public sector data breaches has given rise to a rapid increase in data privacy laws from various global regions, countries, and states. The European Union’s General Data Protection Regulation (GDPR) and the U.S. California Consumer Privacy Act (CCPA) may be among the most well-known, but other laws and regulations are affecting how organizations host consumer and other data. As new ones hit the books, the complexity of reconciling sometimes conflicting guidance only increases.

To try and offset that complexity, the U.S. National Institute of Standards and Technology (NIST) has released its Privacy Framework this year. The framework helps an organization document its current privacy risk posture and identify a path to its desired future state through a gap analysis and roadmap creation. It doesn’t directly provide an understanding of privacy laws, but it does map out what a comprehensive data privacy and protection should include.

Finally, facial recognition software has recently been put under the microscope due to concerns with privacy. While we may sometimes think that security and privacy are always complementary, they can be at odds with each other. Balancing these will become a narrower path as time goes on and privacy incidents continue to increase.

3. Security Convergence

One other trend that is continuing to emerge is security convergence. Specifically, two specific changes are gaining popularity:

1. Integrating physical access control systems with security incident and event management (SIEM) systems. SIEMs act as central hubs to many integrated subsystems, though these subsystems have traditionally been other cyber systems. In recent months and years things have changed, most recently the integration of physical access control data. Part of the credit for the increase in popularity is disruption caused by the COVID-19 pandemic, as access control data gives cyber analysts an indication of how many people are walking through specific areas. Pairing this data with other data sets from Wi-Fi access points and other sources can help identify overcrowded in-person gatherings or physical locations.
2. Reorganizing security silos so that the CSO/physical security lead reports to the CISO/information security lead. While a role reversal from what some of our tenured security folks may have experienced shortly after 9/11, this organizational alignment of physical and cybersecurity under information security has been making sense for an increasing number of organizations lately. If your organization follows this path, it will be important to understand the priorities, strategy, and language of both physical and cyber security.

By Steven Reinharz and Mark Folmer, CPP

Innovation should be viewed as the application of better solutions that meet new requirements, unarticulated needs, or existing market needs.

Put simply, innovators win. Innovators provide superior solutions at greater value than their competitors, and they manage an organization’s risk better. On both the security officer side and the integration side of the security service industry, there are many pain points, everything from pricing and compliance stress to staff engagement headaches and low perceived added value. To innovators, pain points are opportunities.

The best way to innovate in the sector is by asking 3 questions as you consider the assets that are being protected.

1. Can the function be automated? Evaluate if a standalone device could do the initial assessment and sort between issues and nonissues?
2. Can it be remote? Be sure to challenge yourself when answering this question! If we learned anything from the current pandemic, with predetermined workflows, much triage can be based offsite.
3. What else can the service do and how should it get done? Consider the delivery of the service, making it nonconfrontational, unbiased, and scalable.

Try something new. You may be able to provide superior value to your organisation. Automation will put your security team on the map, optimize your resource deployment and do so efficiently.

Steven Reinharz is the founder and CEO of Robotic Assistance Devices, and Mark Folmer, CPP, is vice president, security and industry. Folmer will be leading a GSX+ session on Tuesday, 22 September on How Top Technologies that Enabled Digital Transformation Affect Security.

Don’t you love it when a plan comes together?

When facing myriad evolving risks, security managers are forced to make tough choices on the fly. However, by having a strategic or master plan in place ahead of a crisis, professionals can manage risk and reduce the potentially overwhelming effects of incident response while improving buy-in and support.

In this short interview, Bernard Scaglione, founder and principal at The Secure Hospital, shared some of the key points of strategic security management planning with Security Management.
Want to learn more about this topic? Check out Scaglione’s GSX+ session, Strategic Planning: Managing the Chaos, Not Reacting to It, available on-demand 21–25 September at GSX+.

Security Management: What is the value of a strategic or master plan in a security management program?

Bernard Scaglione: A strategic plan helps security management define direction and focus organizational resources. Strategic planning is the process of documenting and establishing the direction of the organization by assessing its current state comparing it to the future state. It provides strategic direction and goals so that the security department can function with more efficiency and effectiveness. It allows for C-suite buy-in so that the security department can continue to grow and develop.

What are three common mistakes or pitfalls when developing a strategic plan?

Many people think that creating a strategic plan is an easy process, taking very little time or effort to create. In reality, the opposite is true. Creating a strategic plan takes dedicated resources and personnel to complete. It is a team approach, requiring the input of administration and key stakeholders. The good news is: it will pay off in dividends once implemented.

Many also feel that once the plan is complete, the work is done. The plan then ends up on a shelf—only referenced when purchasing equipment or requesting more staff. In reality, the plan is an active and changing document that needs to be reviewed annually or when a significant event occurs within the organization.

Developing a strategic plan is data-centric, requiring the gathering and analysis of large amounts of data to help in the proper development of strategic goals. This part of the strategic plan process is not always completed because of its complexity. It is important as part of the creative process to gather at least one full year of data and analyze it to determine trends and patterns. Done correctly, a minimum of two years of data should be gathered so that the developed patterns or trends are statistically significant and point the security department in the right direction.

How can a strategic plan help reinforce organizational resiliency?

Strategic planning helps to identify all potential threats and risks within the organization and provides a path to minimize those risks. It also allows the security department to change or shift gears when an adverse event occurs. Enabling the security department to quickly and efficiently adjust to changes within the organization. The plan lays out an operational structure designed to minimize threats and provides a plan to respond to those risks.

What else should GSX+ attendees look forward to learning in your session?

Strategic plans are not commonly used in the security field but are a useful tool in providing direction and growth. ASIS members should strongly consider viewing this session to learn more about strategic planning to see if it is something that would assist them in creating a more effective security operation.

By Eddie Sorrells, CPP, PCI, PSP

At this point it seems beyond banal, and painfully obvious, to state that 2020 has been a time of unprecedented change in our society. Remote work, virtual school, and that often fleeting hope that tomorrow, or possibly next week, …ok maybe next month…. things will get back to normal. Like most, I viewed the situation we are currently in much differently in March than I do now. Back then when someone would raise the prospect of still “doing this” in the fall, let alone winter, I scoffed. “Of course, things will be back to normal by then” I declared when faced by the prospect of cancelling an industry event, customer meeting, or family vacation. I was motivated only by a desire to get back to business as usual. But here we are still dealing with change and grappling with ways to still do the things that are important. But when it comes to our industry, instead of bemoaning all the routines of life that have been upended, let’s take a moment and spotlight the things that haven’t changed for the security professional.

The Need for Continuing Education

The beginning of 2020 ushered in a renewed call for security professionals to expand their knowledge base in many different areas. Security technology is advancing at a rapid rate, while threats are evolving just as quickly. And this was pre pandemic! Security professionals in early 2020 were in need of cutting-edge information related to best practices, recognized security standards, and ways to mitigate threats that change almost daily. Has this changed considering what we have gone through the past few months? Only in one very important way—now the need is greater! While the delivery method is different, and the dynamic of learning in itself has shifted in many ways, now is the time to run towards continuing education and best practices. Regardless of where you find yourself in your career, whether you are a CSO or in an entry level position, there is no greater strategic value for anyone working in security than continuing education. If we have learned nothing as security professionals in uncertain times it is to arm ourselves with information about what we are going through now, and what the future holds.

The Need for Networking and Mentorship

OK, let’s state the obvious from the outset: it is hard to match the value and benefit of in-person networking. But because of the times we are living in, this of course presents many challenges. So, do we place this aside until things get back to normal? I do not believe we can afford that kind of delay. Just as with continuing education, the need to freely exchange ideas, challenges, and potential solutions has never been more critical. Associations and networking events have taught me one critical lesson, even as I approach 30 years in the industry: I need mentoring at every stage of my career. The day that I decide I have nothing left to learn from an educational session, a talk with colleague, or friendly advice from someone who has walked where I am heading, is the day I shall realize it is time to do something else . The need for networking and mentorship never goes away, it just grows stronger.

So, have things changed in 2020? Of course, they have. But as we enter the final phase of this unique year in our history let us concentrate on what has not changed! Our industry is poised for bigger, better, and greater things than ever before. But we must continue to invest in ourselves, our peers, and our profession If we truly hope to reap the benefits for years to come. I look forward to taking another such step on my journey at GSX+.

Eddie Sorrells, CPP, PCI, PSP is chief operating officer and general counsel at DSI Security Services. Sorrells has two sessions at GSX+ this year: The Role of Off-Duty Police in Disaster Planning and Recovery and COVID-19-Related Emerging Lawsuits and Liability Issues.

By Claire Meyer, managing editor, Security Management

Insider threats have long been an issue of concern for security professionals. Whether they are acting unwittingly or maliciously, employees, contractors, and other insiders can put intellectual property, data, assets, and other people at risk. Now, with workforces worldwide shifting to remote work due to the coronavirus pandemic, security leaders are shifting gears to focus on how to monitor for threats when employees are out of sight.

For an update on this topic, Security Management magazine checked in with Val LeTellier, chair of the Insider Threat Committee at the ASIS Defense and Intelligence Council and author of How to Create an Insider Threat Early Warning System for a Remote Workforce from Security Management’s May 2020 issue. LeTellier will be presenting on this topic on Thursday, 24 September at GSX+, along with operational psychologist Dr. Malique Carr and corporate security senior strategist Scott Stewart.
Read more about the upcoming session here, and learn more about GSX+ here.

Security Management: How do remote workers create unique risk to the organization?

Val LeTellier: Put simply, remote workers create unique insider risk because an organization has far less control over the workplace environment and far less observation of employee behavior.

Control is important because insider risk countermeasures can be reinforced far more easily when workers are on-site. Within their own office, an organization can ensure that specific information technology infrastructures are used, that data and material is handled and stored in a certain way, and that the physical environment enables other security practices and policies. Outside their own office, the organization loses standardization and control and must take on the challenge of instituting, monitoring, and enforcing security measures within each employee’s different environment.

Beyond the physical reinforcement of security measures, the traditional workplace includes more nuanced value—in the form of social and group cohesion. This is important because in all workforces, the building of authentic relationships between workers creates a satisfying bond between employee, manager, and the organization. While beneficial to job satisfaction, morale, and productivity, this bond also strengthens organizational resiliency to insider attacks because cohesive groups have higher levels of trust and emotional unity and tend to look out for each other. Conversely, a lack of organizational cohesion can create or exacerbate negative issues, increase stress, and prevent timely responses to suspicious or disruptive behavior.

The second way in which remote workers create a unique risk is by the degraded level of organizational observation. This is important because independent behavioral assessment has traditionally been a leading way in which malicious behavior identified. Specifically, fellow employees and managers have played a large role in identifying threats.

With remote workers, this early warning resource is limited to email, conference calls, and occasional meetings, which can fail to provide enough exposure to for others to identify early indicators of problems. This is best illustrated in by the path an employee takes along the “insider kill chain.” With on-site employees, this process occurs is largely under a leader’s oversight, and those close to a potential attacker may recognize and report behavioral changes. With off-site employees, all bets are off.

The value of observation is even more relevant when the impetus for the accelerated remote work movement—the COVID-19 pandemic—is considered. Insiders are often driven forward by critical events, and the world is in the middle of a generational critical event. The related financial, emotional, health, and co-habitation anxiety brought on by the pandemic will naturally move some susceptible insider personalities to action either on their own or through outside manipulation. Without the daily in-person engagement of the traditional workplace, early indicators will be more difficult to spot.

Taken together, the expansive recent growth of remote work has created a new paradigm in which traditional insider risk countermeasures are degraded while the factors leading to insider action are simultaneously exacerbated.

Security Management: What else will security professionals learn about this topic in your GSX+ session?

Val LeTellier: By nature, insider risk programs for both on- and off-site workers are unique for each organization. They must be tailored to the organization’s risk profile, goals, strategy, resources, and culture.

Thus, the intention is not to provide participants a remote workplace insider threat checklist but to equip them with an understanding of the paradigm shift that is created by the remote work movement and highlight the window of opportunity they have to strengthen programs before temporary changes become permanent.

Using the remote workplace perspective, we then have an operational psychologist review the personality types known for different insider attacks, their common characteristics, and common precipitating events.

Based upon this, we together offer considerations for developing remote workplace strategy and tactics. Understanding that funding for insider threat programs is limited, these practical recommendations focus limited resources on the most relevant and impactful insider risk, with results that will not only improve insider resiliency but also overall morale and productivity.

TorchStone’s David Niccolini, executive vice president and co-founder, and Scott Stewart, vice president, describe insights security leaders can take away from their pandemic experiences.

1. The need for scenario-based planning

   Tabletop exercises or “blue sky” sessions before a crisis hits are extremely useful in helping company leadership develop an understanding of probable and possible crises. This type of scenario-based planning can help prevent what the 9/11 commission called “a failure of imagination.”

2. The importance of contingency plans to build resilience

   Based on your scenario-based planning, company leadership must develop contingency plans. While contingency planning cannot provide you with the exact solution for every possible crisis that might occur, the planning process will force leadership to think through and plan out issues such as communication, corporate priorities, and potential emergency actions. While no one could have precisely predicted how COVID-19 would unfold, in the wake of SARS and MERS, many companies did develop plans for a potential global pandemic, and when COVID-19 hit, they were much better prepared to face it than companies without plans.

3. The need for flexibility

   Since it is very unlikely that a crisis will play out exactly as your contingency plan anticipates, a great deal of flexibility is needed during a crisis and plans must be adjusted to account for unknowns. If you attempt to follow a plan too rigidly, you can develop tunnel vision and your response will become fragile and prone to shatter. Thus, plans should be viewed as guidelines that provide general direction and guard rails, not an exact recipe for success. However, the need for flexibility does not mean that planning can be abandoned altogether, attempting to build a plan reactively during a crisis will often lead to failures or perhaps disaster.

4. There are business opportunities during a crisis

   While many companies will suffer during a crisis event, there are always business opportunities available to those in a position to capitalize upon them. Companies who have items 1-3 above will be able to move more rapidly from “crisis mode” to “maintenance of a crisis,” which are two very different things. Once a company reaches maintenance point, they will be able to recognize and seize upon real opportunities that present themselves. This provides a distinct advantage over competitors who remain in crisis mode.

5. The need to prepare for the next crisis

   Moving into maintenance mode also allows you to begin to look for – and plan for – the next crisis – and as we’ve learned in the post 9/11 world, the next crisis is coming. For example, at the present time many people are laser focused on the challenges that the COVID-19 crisis is presenting; and with good reason, as these are unprecedented and challenging times. However, we believe that a myopic focus on COVID-19 is preventing some from preparing for the very real possibility of a crisis caused by significant civil unrest in the U.S. (and elsewhere) in the coming months.

At this year’s GSX+, Stewart will present on Insider Threats in a Borderless Work Environment. Stewart is also a contributor to Security Management magazine, including an online exclusive Q&A earlier this year on Security’s Role During a Pandemic Response.

Never before has the security profession been so tested. From COVID-19 to global threats, the challenges are adding up. The GSX+ education lineup, announced 15 July, is designed to give you a voice and the opportunity to stay current on the latest topics affecting the global security profession. Plus, each session will offer a real-time Q&A chat feature to further the conversation with your fellow attendees and session speakers.

What’s more, All-Access attendees can earn up to 25 CPEs toward their recertification and will be able to access on-demand recordings of GSX+ sessions through 31 December.

Take a sneak peek of eight sessions waiting for you at GSX+ this 21-25 September:

• How Today’s Drones Affect Privacy and Security

  The increased use of drones in the workplace and in law enforcement increases privacy concerns and the complexity of security environments. Understanding the basics of drone regulation is imperative when planning an appropriate response to the current threats posed by drones.

• Influencing the C-Suite for Security Program Success

  Often the biggest obstacle to launching a security program is getting final approval from the C-suite. Explore how to develop business case objectives for any security project, discuss the key items that should be included, and define how a cost-benefit analysis will help support the business case.

• Managing Stress During a Crisis

  Emotional intelligence is at the heart of crisis management, including managing an individual’s emotions and stresses. Combining technical expertise with these soft components is the key to sustainable resilience for both a corporation and its employees.

• Why the Security Industry Needs Women Leaders

  The security industry can build on the research and strategies used by others when making hiring decisions that make good business sense. A dedicated diversity and inclusion program in the workplace leads to a healthy and rich balance of voices and better outcomes.

• People Risk Management: A New Paradigm

  Companies around the globe have sophisticated risk management programs for financial, information, travel, and supply chain risks. However, a similar risk management program rarely exists for an organization’s most important asset: its people.

• The Business of Security Is the Strategy of the Business

  A quality risk assessment is a fundamental component of enterprise security risk management. Learn to analyze whether uncertainty is within acceptable boundaries of your organization’s capacity to manage it.

• Visitor Management in a Healthcare Environment

  Healthcare institutions are realizing that the opportunity to prevent violence starts with managing who enters the facility. Consider the case study of how one large academic healthcare institution accomplished this.

• Why a Cybersecurity Crisis Management Plan is Vital to an Organization’s Survival

  Understanding the difference between cyber crisis management and security-incident response is a critical component of an organization’s survival. Your senior executive team must be prepared and trained to respond quickly to crisis-level attacks. Are they ready?