In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “School Safety in 2023: Three Proven Concepts That Save Lives with Realistic, Affordable, and Modern Applications” presented by Greg Gerber, Director of Training at Safer Schools Together (SST) and John Callery, Vice President of Safer Schools Together (SST). Read on for what they had to say and don’t forget to register for GSX 2023! 

Q: How did you become interested in your topic? 

JC: While working for DEA an opportunity arose to speak at a school safety conference regarding terrorism in 2005. Shortly after that, I met Theresa Campbell from SST and decided that I needed to do more for school safety. My interactions with SST and other school safety experts showed me there was a need for my experience and I wanted to provide that as much as possible. Therefore, I conducted presentations on various topics of expertise and tried to lend my hand wherever needed to SST and the great work they do. Currently, as the Director of School Safety for Surefox North America Inc, we still collaborate on a weekly basis on issues, ideas and joint projects. 

Q: Tell us about your presentation and why should security professionals have this topic on their radar. 

JC: The presentation will provide the most realistic, proven, and attainable school safety methods available in 2023. We will discuss the need for the three required and attainable foundation pieces of school safety to build your infrastructure upon. The “good idea fairy” is too prevalent in school safety as this time, we need to examine what actually works and for the least expense for schools in these difficult budgeting years we have before us. This presentation is a step one on any road to mitigating school violence, teen suicide, and school attacks. 

Q: What advice would you give security professionals interested in this topic? 

GG: You cannot ignore the digital realm, period. Take any opportunity you have to engage with Digital Threat Assessment Training. Understanding how to find and preserve digital leakage combined with a heightened awareness of what to look for transforms your ability to intercept someone on the pathway to violence. Intervention is the best goal and pathway to safer schools and communities. 

Q: How do you see this issue evolving in the next 2-5 years 

GG: I think that we’ll see two major shifts. 1) a proliferation of social media platforms and their respective usage patterns. 2) the infiltration of AI within and across social media.  Communities and safety teams will need to adapt to the digital environment, remain abreast of emergent technologies, and find ways to harness AI tools advantageously. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring “Secure Your Drone Fleet Best Practices for Commercial Drone Cybersecurity,” presented by Michael Lees, Program Specialist at Cybersecurity and Infrastructure Security Agency (CISA). Read on for what he had to say and don’t forget to register for GSX 2023!

Q: Tell us about your presentation and why should security professionals have this topic on their radar. 

A: As Unmanned Aircraft Systems (UAS), more commonly referred to as drones, are integrated into our everyday lives through technological, legal, and regulatory advancements, security planning must evolve to consider them as a permanent cyber threat vector to the nation’s critical infrastructure. Traditional security practices consider drones as physical systems, only capable of physical tactics. However, drones are connected devices, carrying the same vulnerability to bidirectional risk as laptops, smartphones, smart home systems, etc. Such risks include cyberattacks, information security compromise, and privacy violations. Organizations adopting, or planning to adopt, drones as part of their commercial operations can enhance their security posture and encourage organizational cyber hygiene through understanding vulnerable drone componentry, inherent risks, and security options. 

Q: What advice would you give security professionals interested in this topic? 

A: Organizations must understand that UAS are Information and Communication Technology (ICT) devices, and should be incorporated into risk management frameworks, cybersecurity resilience plans, and security education and training awareness plans accordingly. For further guidance, the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems and Secure Your Drone: Privacy and Data Protection Guidance products can be found on the CISA UAS website – Unmanned Aircraft Systems | Cybersecurity and Infrastructure Security Agency CISA. 

CISA also strongly encourages organizations to consider procuring secure-by-design UAS manufactured, owned, and operated in the United States or by allied nations, due to security concerns regarding UAS manufactured by adversarial foreign powers. The Defense Innovation Unit’s Blue UAS program provides a routinely updated list of DoD approved UAS that are validated as cyber-secure and safe to fly. More information can be found at UAS solutions for the U.S. DoD. (diu.mil). 

Q: How do you see this issue evolving in the next 2-5 years? 

A: Due to their versatile nature, the applications for UAS are still being discovered. As UAS continue to proliferate across various industries, the potential for cyber threats will increase. CISA anticipates a growing emphasis on the development of robust security measures to protect UAS from unauthorized access, data breaches, and other malicious activities. Regulatory agencies and industry stakeholders are expecting to continue collaborating to establish comprehensive cybersecurity standards and guidelines to ensure the safe and secure operation of UAS. 

Q: Why do you attend GSX? 

A: Personally, September will be my first attendance at GSX. The purpose of this attendance is to help develop strategies to remain resilient against the evolving cyber and physical threats to UAS. Other goals include building or strengthening professional networks and connections, and to discover the most recent products, technologies, and services in the UAS and cybersecurity arenas. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring “Accommodating a Remote Workforce and Adapting Workplace Violence Strategies to Manage Company Risk Tolerances,” presented by Deb Andersen, PSP, Security Administrator, Physical and Cyber Security at MWI Direct, and Robert Achenbach, CSO and Senior Director, Corporate Security and Safety at First National Bank of Omaha. Read on for what they had to say and don’t forget to register for GSX 2023!

Q: How did you become interested in your topic? 

DA: The remote workforce paradigm once thought to be temporary has become the new and permanent norm. We were able to ensure employees had the necessary equipment to work remotely. We adapted procedures to accommodate training, communications and accessing data, but that’s only part of the equation when it comes to managing risk and keeping employees safe.  Over the last year, I’ve had countless conversations with my peers on this topic and they’ve all been wondering, including me – how do we provide support for our employees working remotely whether its workplace violence, securing the network or securing their work area/remote location? 

Q: Tell us about your presentation and why should security professionals have this topic on their radar. 

DA: Employees working from home do not have access to the same physical security protections or practices in place in the pre-pandemic workplace. We are heading into uncharted waters as we learn how to prepare for threats of violence to protect employees working from home or remotely. By understanding some of the challenges employees working from home face like working conditions, threats of violence, work life balance, and securely utilizing company resources like technology, we may learn how to support our remote employees. Through adapting to what’s already in place, having open communication and building trust, we can support employees without being too intrusive, but also provide adequate duty of care and ensuring employees have appropriate support and resources.  

Q: What advice would you give security professionals interested in this topic? 

RA: This topic has continued to evolve since the pandemic. The remote workforce is changing the way businesses operate. It is important for security professionals to evaluate their programs and ensure they have a risk-based strategy in place. Leverage Enterprise Security Risk Management (ESRM) to help identify key stakeholders to support the security program. There are a variety of resources that ASIS has that can be used to reference and help structure a security risk-based program. Likewise, take advantage of 3^rd party risk assessment professionals to help identify the key elements of a robust risk-based strategy. Therefore, my advice is to leverage ESRM to influence senior leadership and organizational collaboration, use ASIS networking and resources and finally partner with 3^rd party risk assessment professionals if possible.  

Q: How do you see this issue evolving in the next 2-5 years? 

RA: The new modern flexible workforce paradigm is progressing and altering the way businesses manage. In the next several years there will be numerous opportunities to share lessons learned and best practices. This model shifts more responsibility to the employer beyond the workplace and into the remote workspaces. As this environment changes, so will the risk associated with employee safety. Security practitioners now must think beyond onsite training and develop training curriculums that can reach the remote workforce. This includes developing and enhancing existing policies pertaining to workplace violence. There are great resources available that can provide a hybrid training program to introduce onsite hands-on training and deliver a robust e-learning curriculum to educate all employees regardless of their work location. Best practice is to understand the company’s risk tolerance, enhance existing policies or develop new ones, and develop a robust hybrid workplace violence training program that supports onsite and offsite employees. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Demystifying Artificial Intelligence for Security Professionals: How to Distinguish Real Value from Hype” presented by Dean Drako, CEO and Founder at Eagle Eye Networks, and Navanee Sundaramoorthy, Director of AI Products at Eagle Eye Networks. We spoke with Dean Drako about his session – read on for what he had to say and don’t forget to register for GSX 2023!

Q: How did you become interested in your topic? 

DD: I have always been interested in solving problems. In fact, that’s been the impetus behind all of the companies I’ve founded, including Barracuda Networks and Eagle Eye Networks. I founded Eagle Eye Networks because I had a problem finding a video surveillance system that I could use to safeguard Barracuda Networks offices around the world. I wanted a cybersecure system that could be centrally managed, and that was non-proprietary (i.e. it could work with new or existing security cameras from any manufacturer). All of the business systems at Barracuda had been converted to cloud, so I assumed I could find a cloud video surveillance system that would offer all the benefits of cloud. This was ten years ago, and such a system did not exist. I figured that I was not the only business owner with this problem. That’s why I founded Eagle Eye Networks.  

I’ve been following AI developments over the past several years. It’s probably important to mention that although Eagle Eye Networks is a video management system, we are a true cloud provider, delivering an open system that integrates with an unlimited number of tech partners. The open API allows integrations that expand the power of the video management system and address the unique problems of enterprise businesses around the world. There are many useful and specialized technologies in the security industry, and I’ve followed them all, but AI is a true game changer. It is already starting to solve long-standing, historical problems in the security industry–namely with smart search and smart alarms, but that’s just the beginning. 

Q: Tell us about your presentation and why should security professionals have this topic on their radar? 

DD: Security professionals’ jobs are going to change as a result of AI technology. The product that integrators sell, and that security practitioners use is going to morph from a Video Management System to an AI Security System. In the future, no one is going to be staring at a wall of monitors watching video. That is going away. This is a positive development for all involved, but this is a session for security professionals who want to understand where we are today with AI and to plan for the future. It’s designed to help them easily navigate the AI jargon, and to understand what the technology is and how it works. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Behavior Threat Detection & Assessment: The Demystified Proactive Approach to Security” presented by Michael Rozin, President at Rozin Security Consulting LLC. Read on for what he had to say and don’t forget to register for GSX 2023!

Q: Tell us about your presentation and why should security professionals have this topic on their radar? 

A: My presentation focuses on Behavior Threat Detection, a practical and proven method for preventing mass violence, sabotage, and other harmful acts.  

Too often, security operations are reactive, often tailing the threat actor. In an era where security challenges are proliferating, traditional measures and reactive tactics are often unacceptable. This is where Behavior Threat Detection comes into play. It’s an approach that emphasizes the proactive identification and assessment of individuals with malicious intent in real-world environments.  

During the presentation, I will provide a comprehensive overview of how this approach functions, illustrate examples of its successful implementation, and demonstrate how it can be seamlessly integrated with current security operations to get one step ahead of the aggressor and create a safer environment. 

Q: What advice you would give security professionals interested in this topic?  

A: For those interested in Behavior Threat Detection, it’s vital to comprehend that two principal components typically underpin any malicious activity: firstly, an individual harboring malicious intent, and secondly, the means or weaponry to execute the intended act. Behavior Threat Detection serves as a potent system in preemptively identifying individuals intending to cause harm, deterring them from these activities, and intervening before the malicious activity can be carried out.  These methods have been rigorously field-tested and have evolved significantly over the past four decades. 

From augmenting security patrols and checkpoints to bolstering applicant screening, employees’ security awareness, and workplace violence prevention, an increasing number of organizations are making Behavior Threat Detection a cornerstone of their security strategy. This approach stands out as one of the few genuinely proactive and empirically validated measures available today. 

Nonetheless, it’s important to recognize that Behavior Threat Detection operates most effectively as an element of a broader, holistic security strategy. Professionals should stay current with advancements in the field as new threat patterns and best practices emerge regularly. Furthermore, fostering robust relationships with your workforce, business partners, and surrounding communities can significantly enhance this proactive approach to security. 

Q: How do you see this issue evolving in the next 2-5 years? 

A: In the forthcoming years, I foresee Behavior Threat Detection evolving into an increasingly indispensable facet of security operations. Technological advancements are set to create more sophisticated capabilities, enabling quicker and more precise detection of potential threats and identification of evolving plans to execute malicious activities. 

However, there will also be challenges, such as the need for rigorous staff training, legally compliant and refined protocols, and policies governing the utilization of Behavior Threat Detection methods.  

Given these complexities, professionals certified and experienced in Behavior Threat Detection will undoubtedly become highly sought-after commodities in the security job market. This demand reflects the significant role such individuals play in an increasingly specialized field. As threats to physical security become more intricate, our detection and prevention methodologies must adapt accordingly. This domain will continue to improve and innovate.  

Q: Why do you attend GSX? 

A: For me, GSX is an invaluable opportunity to connect with other security professionals from around the world. It provides an excellent platform to learn about the latest developments in the security field, share insights, and contribute to the evolving dialogue on global security challenges.  

It’s a chance for me to share my research and experiences and learn from a diverse group of experts. By attending GSX, I can stay updated on the latest threat trends, security solutions, and strategies, ensuring I am well-equipped to respond to the rapidly changing landscape of security threats. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Partnerships That Work: Retail & Law Enforcement Become Allies in the War Against ORC” presented by Joseph Courtesis, Inspector at Jcour-Consulting LLC (3SI Securities), and Michelle Anderson-Silva, Senior Manager, Investigative Systems & Tools, at Gap, Inc. Read on for what they had to say and don’t forget to register for GSX 2023!

Q: How did you become interested in your topic? 

JC: As a member of the NYC police department ORC was a major issue. However, apprehending the perpetrators and prosecuting them to the full extent of the law is difficult. In fact, it is impossible if retail and law enforcement do not work together. The suspects often times run into the establishment (sometimes masked) and take large quantities of merchandise. They typically load it into a vehicle a flee the scene quickly. By the time law enforcement responds to the location the suspects are long gone. In addition, the lack of a detailed description of the suspects and an accurate description of the property stolen make it even more difficult to apprehend the suspects. 

Q: Tell us about your presentation and why should security professionals have this topic on their radar? 

JC: Our presentation will discuss some of the technology law enforcement is using in cooperation with retail establishments. I will discuss shared success stories that include apprehensions and the recovery of stolen merchandise. 

Q: What advice you would give security professionals interested in this topic? 

MA: Remain curious, find ways to be engaged and be the partner you want on the other end. We know that battling ORC will not be successful if done in a silo; therefore, it takes everyone doing their part and rolling up their sleeves to support one another. If the bad actors are on the same team, we have to be too. 

Q: How do you see this issue evolving in the next 2-5 years? 

MA: Time will tell, but I believe how legislation evolves will have an influence. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Social Engineering—The Risks to Our Companies and Employees” presented by Carlos Veiga, Head of Strategy and Operations – Risk Advisory & Consulting Services (RACS) at G4S / Allied Universal. Read on for what he had to say and don’t forget to register for GSX 2023!

Q: Tell us about your presentation and why should security professionals have this topic on their radar.

A: This presentation has the intent to share some initial information around the Social Engineering topic and its impacts, sparking the interest of the public on the topic. In today’s world, social engineering is recognized as one of the most effective ways to obtain information and break through a defense’s walls. It is so effective because technical defenses (like firewalls and overall software security) have become substantially better at protecting against outside entities. The same can’t be said for humans, who are often referred to as the “weakest link in your security posture.” 

Q: What advice would you give security professionals interested in this topic?  

A: Research. There is a lot of good literature around this topic that will help you understand the basics of Social Engineering and how those risks are materialized in the current world. 

Q: How do you see this issue evolving in the next 2-5 years? 

A: As the AI tools will be even more evolved in the near future, perpetrators will liaise on those tools to enhance and sophisticate their social engineering attacks (AI intel, deepfake videos, voice cloning, automated learning, etc). So, the future will be even more challenging in what concerns Social Engineering risks and AI. 

Q: Why do you attend GSX?  

A: It’s a world class renowned event with top security professionals that enables and facilitates the exchange of knowledge within the security community. Also, it’s important to keep up with the industry updates and recent product launches. 

In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “The Growing Threat of Alt-Social: Hacking the System to Stay Ahead of Virality” presented by Rebecca Jones, COO & Co-Founder at Pyrra Technologies Inc., and Welton Chang, CEO and Co-Founder at Pyrra Technologies Inc. Read on for what they had to say and don’t forget to register for GSX 2023! 

Q: How did you become interested in your topic? 

RJ: I’ve always been fascinated by the role of disinformation – propaganda – how it’s used to convince, rally and justify.  The serious damage it can do. As humans we have taken this to the next level with social media, and we have really seen it escalate in the US following the election (and electoral loss) of President Trump. That’s when I really started to take interest in how alternative social media is being used as a weapon against individuals, minority groups, companies and even governments.  

Q: Tell us about your presentation and why should security professionals have this topic on their radar? 

RJ: When it comes to the risks and dangers of alt-social we find that the security, risk and intelligence professionals who are all over it, are the ones who have already taken serious hits. Their principals, their companies have already been victims of malicious disinformation and reputation damage, victims of doxxing, victims of physical violence, victims of hate speech.   But many in the field are still learning.  Maybe they have heard of a couple of high profile examples, maybe they have heard of Telegram and 4Chan…but they don’t yet know what threats they should really be monitoring for, and how to stay ahead of them when they emerge.   Our presentation will help with that. 

Q: What advice you would give security professionals interested in this topic? 

WC: Unmoderated social media is a rapidly evolving ecosystem fed by disinformation, controversy, anger and hate. There is a site for everything: conspiracies, antisemitism, racism, targeting of lgbtqi+ people, hatred of women… the list goes on.  Security professionals cannot be expected to keep up to date with the evolution of this ecosystem, nor can they realistically collect and respond to these threats the way they have always done – we need to evolve even faster than the ecosystem to stay ahead of the threats. This session will help you to better understand the threat landscape, how you can better respond and arm you with information to educate executives as to why this is a problem now. 

Q: How do you see this issue evolving in the next 2-5 years? 

WC: Over the next 5 years, we expect this ecosystem to grow to an unmanageable size and the users of this ecosystem to become increasingly more tech-savvy, deploying all the tools in their arsenal to cause serious harm.  We expect an exponential number of businesses and their executives to fall victim to malicious disinformation campaigns resulting in significant reputational damage, financial losses and even physical harm. This problem is about to reach a tipping point – and within the next few years, companies will be viewing the threat of disinformation the same way they view cyber threats.