YOUR PROVEN SECURITY PARTNER
By Ellen Cools
By Neil Sutton
PFUTURE ECHOES
Tracing the evolution of security as a profession and anticipating what’s next
utting together a retrospective issue makes you realize you can’t possibly cover everything.
Forty years is a long time in any industry. As I read through our archived issues, it was fun to note the old ads that featured VHS tapes, giant cell phones and TVs with push buttons and wood paneling. There were plenty of familiar faces as well — a few dating back to the 1980s and even earlier. Some of them have retired now, most have moved on to different employers, while one or two have stayed with their organizations throughout their careers, a testament to loyalty and longevity.
In putting some thoughts together for this special issue, I tried to imagine what readers from those early days of Canadian Security would think about the current state of affairs in security. As pointed out in our cover story for this issue, there was no Internet to speak of in the 1970s — for that matter, there wasn’t a lot to discuss even in the 90s —and no one could really foresee how much it would shape the industry, from surveillance technology to loss prevention.
“Today’s anecdotes about C-suite discussions are about risk in the enterprise.”
One of the biggest topics of discussion, at least for the 11 years I’ve been associated with the Canadian Security brand, is professionalism and professionalization. Over the years, I’ve witnessed levels of frustration over security taking a back-seat to C-suite decision-making processes. I’ve heard anecdotes about budget cuts and the perennial favourite: security is only brought into the discussion during an emergency or after it’s already happened and clean-up is required.
I think if I had to share a message back through time, it wouldn’t be that we can view CCTV footage in real-time on devices the size of credit cards, but that the tide is turning for security as a profession. It’s no longer dominated by ex-military and expolice officers; it’s not about referring to a standard ops manual; it’s not even about securing locks and doors. All those aspects are still present, and arguably vital, but they are not what’s making security an exciting profession in 2018.
Today’s security isn’t perfect and it still has a long way to go. But more often than not, today’s anecdotes about C-suite discussions are more about the role of risk in the enterprise or a security strategy that incorporates both physical and digital measures (some may argue that the two will become indistinguishable before long).
I urge you to read this magazine cover to cover. A lot of people contributed their thoughts and ideas to this issue — their reflections on the past and hopes for the future. I’m particularly grateful this issue to our Security Directors of the Year for their wisdom (see p. 30) and ASIS International for supplying so much background information and their continued support.
Here’s to the next 40!
Group Publisher Paul Grossinger pgrossinger@annexbusinessmedia.com
Publisher Peter Young pyoung@annexbusinessmedia.com
Account Manager Adnan Khan akhan@annexbusinessmedia.com
Editor Neil Sutton nsutton@annexbusinessmedia.com
Assistant Editor Ellen Cools ecools@annexbusinessmedia.com
Art Director Graham Jeffrey gjeffrey@annexbusinessmedia.com
Account Coordinator
Kim Rossiter krossiter@annexbusinessmedia.com
Circulation Manager
Aashish Sharma
asharma@annexbusinessmedia.com Tel: 416-442-5600 ext. 5206
President & CEO Mike Fredericks
Editorial and Sales Office
111 Gordon Baker Rd, Suite 400, Toronto, ON M2H 3R1 (416) 442-5600 • Fax (416) 442-2230 Web Site: www.canadiansecuritymag.com
Canadian Security is the key publication for professional security management in Canada, providing balanced editorial on issues relevant to end users across all industry sectors. Editorial content may, at times, be viewed as controversial but at all times serves to inform and educate readers on topics relevant to their individual and collective growth and interests.
Canadian Security is published six times per year by Annex Business Media.
Publication Mail Agreement #40065710
Printed in Canada I.S.S.N. 0709-3403
Subscription Rates
Circulation Anita Singh asingh@annexbusinessmedia.com Tel: 416-510-5189 Fax: 416-510-6875 or 416-442-2191 111 Gordon Baker Rd, Suite 400, Toronto, ON M2H 3R1
Annex Privacy Officer Privacy@annexbusinessmedia.com Tel: 800-668-2384
The contents of Canadian Security are copyright by ©2018 Annex Publishing & Printing Inc. and may not be reproduced in whole or part without written consent. Annex Business Media disclaims any warranty as to the accuracy, completeness or currency of the contents of this publication and disclaims all liability in respect of the results of any action taken or not taken in reliance upon information in this publication.
CALENDAR
August 22, 2018
ASIS Toronto Annual Golf Tournament Angus Glen, Markham, Ont. www.asistoronto.org
September 12, 2018
Security Canada Atlantic Moncton, N.B. www.securitycanadaexpo.com
September 12, 2018 ISCPP Symposium Niagara Falls, Ont. www.iscpp.org
September 20, 2018
Retail Secure Mississauga, Ont. www.rcclpconference.ca
September 21, 2018
Cannabis in Retail Forum Mississauga, Ont. www.retailcouncil.org
September 23-27, 2018
Global Security Exchange Las Vegas, Nev. www.gsx.org
October 1, 2018
SecTor Toronto, Ont. www.sector.ca
October 4, 2018 CS@40 Toronto, Ont. www.canadiansecuritymag.com/CS40
October 8, 2018 (ISC)² Security Congress New Orleans, La. www.isc2.org
October 24-25, 2018
Security Canada Central Toronto, Ont. www.securitycanadaexpo.com
December 4, 2018
Focus On Healthcare Security Mississauga, Ont. www.focusonseries.ca
Customer service, professionalism recognized by APSA at annual awards
The Association of Professional Security Agencies (APSA) recently announced the winners of its annual Security Guard of the Year and Security Guard Supervisor of the Year awards, recognizing diligence and superior customer service on the job.
Supervisor of the Year was awarded to Claude Dubé, a supervisor with Commissionaires Ottawa, who works at Rideau Hall, the Governor General’s residence.
Dubé, who retired from the Canadian Armed Forces after 16 years of service in 2002, joined Commissionaires at Rideau Hall as a guard. He has since been promoted to shift superior, training officer and most recently section supervisor in 2013. He now oversees approximately 75 personnel and has worked in collaboration with the RCMP to secure VIPs including Prime Minister Justin Trudeau.
Kevin Cooney, business operations manager, Commissionaires Ottawa, who attended the award ceremony with Dubé, spoke highly of his contributions to Commissionaires and the clients he serves.
“[Security staff] are the foundation that make our success.”
— Nicole Lentinello, APSA
“We were honoured to put a package together recommending Claude for this award,” said Cooney.
Accepting the award, Dubé commented, “It’s really humbling, but I would not be able to do this without the support of Commissionaires Ottawa. It’s a great honour.” He also thanked his team and staff at Rideau Hall for their hard work and continued support.
The Security Guard of the Year award was presented this year to Mocko Yilla, a GardaWorld frontline employee who works at the Miziwe Biik Aboriginal Employment Centre in Toronto. Yilla works as a lone security guard at the
centre and has been embraced as a member of their team. Last year, Yilla was presented with the centre’s employee of the quarter award, a recognition normally reserved for the centre’s own employees. Yilla has an unblemished employment and attendance record and was recognized for his strong customer service skills. The award was presented to Yilla by Allan Gosling, portfolio director, protective services, GardaWorld. Gosling noted that when a client considers a guard to be a member of their own team, it is the “ultimate recognition” of the quality of service they are able to provide.
“It’s a great job and a great environment. It’s a really good company to work for. It’s been wonderful and I’m really appreciative of this [award] today. It’s very humbling,” said Yilla. He added that sometimes he might have to diffuse a situation as part of his job, but “it’s all about empathy,” he said.
Nicole Lentinello, APSA president, noted at the awards presentation that frontline security staff are “the foundation that make our success. I wish we could do more of this, but this is a great opportunity to highlight [their] efforts.”
— Neil Sutton
Mocko Yilla, GardaWorld (left) and Claude Dubé, Commissionaires Ottawa
Human-machine teams to identify insider threats
The McAfee Canadian Security Operations Roadshow, which made a stop in Toronto recently, offered perspectives from Stephen Jou, chief technology officer at Interset; Jason Rolleston, McAfee’s VP and general manager, security intelligence and analytics; and Brian Brown, McAfee’s enterprise technical specialist. Together, they discussed how security operations teams can adapt to an increasingly volatile threat landscape.
Human-machine solutions
The general theme among the speakers was “human-machine teaming solutions” — using automation and analytics to advance human capability.
Jou spoke about how analysts can use behavioural analytics and mathematical models to identify insider threats in an era of Big Data.
Generally, mathematical models look at previous reports of malware data and learn from past behaviours to identify threats. But how can these models provide a summarized view of risks and alerts?
Interset uses a probabilistic approach: their system performs aggregations and real-time monitoring
to collect data on users to determine the “behavioural risk,” based on a model that looks at the user, machine, and the type and volume of data.
The more these behaviours coincide on the same entity (i.e., the same user account), the more likely it is an insider threat.
SIEM systems
Meanwhile, Rolleston spoke to attendees about how security operations teams can identify threats through Security Information & Event Management (SIEM) systems.
What sec ops teams are currently doing in SIEM is not working, he explained.
Instead, SIEMs should focus on three areas:
• a data platform that brings in data at scale and makes it widely available;
• optimized sources that allow analysts to find anomalous data;
• and tools for investigation and response.
In fact, McAfee is using log management tools and advanced analytics to identify, investigate and respond to anomalous data.
Threat evolution
becoming a much broader surface,” adds Bryan Rutledge, McAfee’s regional vice president and country manager, Canada.
“This year we made the acquisition of Skyhigh Networks, a CASB [cloud access security broker] leader, to round out the portfolio in the cloud, because … in Canada we see a lot of people adopting cloud technologies.”
“One place you start seeing humanmachine teaming … is in the context of analytics.”
— Jason Rolleston, McAfee
Nevertheless, the ease with which hackers can access data still depends on multiple factors. Even when organizations do everything right to protect their data, their partners may not do the same. Consequently, it is important companies have firewalls and encrypted data, as well as a response plan in place if they are hacked, Rolleston explains. Additionally, security operations teams must have broader visibility of the data sets coming in and be able to identify a signal coming from all of the data, he says.
In an interview with Canadian Security, Rolleston elaborates on the evolution of threats and the need for a more modular response.
“Hackers have become very sophisticated in how they attack, and so that’s where you see the adding of things like behavioural analytics…and using math and Big Data to spot behaviours that otherwise would have been very difficult to spot,” he explains.
As such, McAfee is focused on becoming a ‘device to cloud’ company, protecting users wherever they compute.
“Where you compute now is
This is where the “human-machine teaming solutions” come into play, as doing this manually would be labour and cost intensive.
“One place you start seeing humanmachine teaming … is in the context of analytics and using that data, not to supplant or remove humans, but to aid, to help them spot things they might not otherwise have seen,” Rolleston explains.
“‘Capacity’ is the word I look for,” Rutledge adds. “[Machines are] increasing the capacity that an individual can handle in their job.”
— Ellen Cools
Jason Rolleston, McAfee
Bryan Rutledge, McAfee
LOOKING AHEAD TO THE NEXT FORTY
Congratulations on your 40th birthday Canadian Security Magazine! G4S is proud to partner with the leading voice in security news and insight for Canada, delivering stories that shape our industry. We look forward to the next 40 years and beyond as G4S continues to innovate and provide risk mitigating insight to our customers through our partnership. Congratulations Canadian Security Magazine!
Cybersecurity panel: staffing and education a concern
Apanel of cybersecurity experts recently convened by the Economic Club of Canada in Toronto discussed what’s good about Canada’s current cybersecurity posture, but noted that there are still many challenges ahead.
Ali Ghorbani, director of the Canadian Institute for Cybersecurity, gave Canada a “good mark” overall for cybersecurity, noting that the country ranks ninth according to the United Nation’s International Telecommunication’s Global Cybersecurity Index.
“The Canadian government recognizes that cybersecurity… is an opportunity,” he said, pointing out the economic benefits of good cybersecurity as well as the business benefits of the provision of cybersecurity services. However, he called for a more holistic approach to cybersecurity — one that emphasizes working effectively with overseas powers. “When it comes to international co-operation, we have some work to do,” he said.
“For Canadian business and the Canadian landscape, it’s an interesting time,” offered panelist Bonnie Butlin, co-founder and executive director of the Security Partners’ Forum (SPF). She noted that Canada released a new federal cybersecurity strategy only weeks ago. While the Canadian federal government focuses its cybersecurity agenda on trade and business, other international governments are interested in changing the culture around cybersecurity. “Finding our way is going to be an interesting challenge,” she said.
One of the biggest challenges ahead, added Butlin, is effective staffing — employing people who are equipped to handle the complexities of the shifting cyber environment. Students and recent graduates may possess the latest and greatest knowledge, she said, but that lead may evaporate when directly applied to the workforce.
“If the strategy is just to bring in the next crop of students year after year, that doesn’t address your existing work. Just relying on the immediate graduates is not a solution in and
Brent Arnold, Gowling WLG (moderator); David Clark, Travelers Canada; Bonnie Butlin, SPF; Ali Ghorbani, Canadian Institute for Cybersecurity
of itself,” said Butlin. “Degrees have a shorter shelf life than they’ve ever had.”
Because the field can change so dramatically year to year, keeping up-to-date on cyber knowledge will be a constant struggle. Training budgets for most enterprises are on their way down, she said, and it’s often up to the individual employee to upskill on their own time and on their own dime.
“Degrees have a shorter shelf life than they’ve ever had.”
should press its advantage in order to stay competitive with other countries. By encouraging training and placing high value on cybersecurity employees, Canada may be able to keep the homegrown skilled workforce here and also draw more talent from overseas.
— Bonnie Butlin, SPF
A solution, said Butlin, is to place greater value on recognized certification programs, which require constant upgrades to remain current. There is also a greater demand today for experienced employees — experience and tenure is a prerequisite of some certifications — and job loyalty is highly prized.
Ghorbani agreed, adding that Canada
Adding to the discussion, David Clark, senior claims counsel, specialty insurance, for Travelers Canada,
noted that cybersecurity awareness may still be lacking in some organizations. His company offers cybersecurity services and works with clients in the event of a data breach or malware infection.
“There’s not enough businesses out there that realize that it can happen to them,” he said.
He added that larger businesses,
in general, are more aware of the risks and are more likely to invest in cyber insurance. Smaller businesses may think that they don’t hold any data or information of significant value, or are labouring under the assumption that they can handle a breach without help.
Even companies that don’t retain customer information likely keep some data on file about their employees, which can also pose a risk, said Clark, who noted that Canada’s mandatory breach notification law will come into effect on Nov. 1 this year.
Disclosing a breach becomes even more thorny if you don’t have reliable expertise and “if you don’t know what you’re looking for.”
However, said Clark, the Canadian insurance industry is mature and resilient, which can help Canadian companies make the transition towards adopting a cybersecurity policy.
— Neil Sutton
by Mark Folmer
ASIS International’s Canadian legacy
Anniversaries
Mark Folmer
are a good time to reflect. With Canadian Security turning 40, this is a great time to look back and remember when the magazine and ASIS International have intersected across Canada. Since its creation as a Region in 1988, ASIS International has evolved in Canada. Interestingly, we have had various names, but whether you referred to us as Region L, Region 50, or Region 6, we have always represented security professionals in Canada.
Canadian Security Pioneers
Initially led by the now namesake of the Canadian Security Pioneer award, Ron Minion, Canada is now split into three divisions. As most industry professionals know, the award is presented annually to a Canadian security professional who has consistently worked for the betterment of the security industry over an extended period.
Nominated by a peer, the candidate must be a member of ASIS International in good standing. Today, Region 6 is split in three and is led by its own regional vice-president; the west, by Darryl Polowaniuk, CPP, PSP, the centre by William Van Ryswyck, CPP, and the east by Jean Charles Gris, CPP. The divisions allow for each of the 11 chapters to be reflective of local realities while working together to roll up on national and international initiatives.
Memorable events and a gathering of minds
Most of our industry leaders have experienced a Canada Night at ASIS Annual Seminar & Exhibits (now called Global Security Exchange or GSX). These annual events are unforgettable and assemble members from coast to coast. It has quickly become one of the mustattend events at the show for Canadians and all of our friends! Often, this is the only time that people from opposite ends
Canadian Chapters by Year
Edmonton/
Northern Alberta – Jan. 21, 1983
Calgary/
Southern Alberta – June 16, 1983
Ottawa – June 24, 1987
Canadian Pacific – June 21, 1988
Toronto – Jan. 10, 1989
Montreal – June 19, 1990
Manitoba – Sept. 9, 1990
Atlantic Canada – Oct. 2, 1991
Southwestern Ontario – Dec. 13, 2002
Saskatchewan – Jan. 20, 2011
Quebec City – March 14, 2012
of the country can connect with one another during the year. This makes the event a more powerful and impactful experience for those in attendance.
A wealth of knowledge and professional development
The suite of ASIS’s leading certifications are highly recognized across Canada. Whether it is the CPP, PSP or PCI, today there are nearly 2,500 ASIS members in Canada and 581 certifications spread across the country (not 581 individuals, but rather a total number of certifications, with some industrious Canadians opting for all three!) These certifications have become recognized as the standard in security credentials in Canada and often appear as role requirements in related career postings across the country.
Industry evolution
The security industry has really evolved over the years.
As part of that evolution, ASIS has actively promoted Enterprise Security Risk Management (ESRM). This approach recognizes that security responsibilities are shared by both security and business leadership, but that all final security decision-making is the responsibility of our businesses’ leaders.
The role of the security leader in ESRM is to manage security vulnerabilities in a risk decision-making partnership with the organization leaders in charge of those assets. In short, the accurate mining, maintenance and analysis of data is key to securing businesses today.
Canadian Security magazine has been present all along the way, to promote our association and its members. This includes trumpeting the names of winning chapters and awardwinning members — and there have been many over the years! Likewise, reaching out to leadership and members alike for their input on security incidents and trends.
Current ASIS Canada leadership looks forward to continuing to work with like-minded industry associations, industry professionals and Canadian Security!
Thanks, Canadian Security, for your leadership and partnership and for keeping security professionals connected, knowledgeable and informed.
Mark Folmer is the senior regional vice-president, Group 6 (Canada) for ASIS International.
Canadian Security Industry Pioneer winners (Ron Minion Memorial Award)
1999 – Ron Minion
2000 – Denis O’Sullivan
2001 – Patrick Bishop
2002 – Dennis Shepp
2003 – Phill Banks
2004 – Howard Moster
2005 – David Tyson
2006 – Roger Maslen
2007 – John Rankin
2008 – Gary Vikanes
2009 – John Grady
2010 – Greg Hurd
2011 – Chris McColm
2012 – Bill Bradshaw
2013 – Geoff Frisby
2014 – Christina Duffey
2015 – Dan Popowich
2015 – Dr. Wayne Boone
2016 – Patrick Ogilvie
2017 – Parnell Lea
Showcase2018
Powered by partnerships with industry-leading manufacturers, Anixter takes innovative approaches to help you build, connect, power and protect valuable assets and critical infrastructures. Our Showcase events highlight the latest products while providing you with direct access to the experts and engineers that drive the latest technologies and standards.
Attend this event and discover what Anixter and our partners can accomplish for you.
Who Should Attend:
• CSOs
• CFOs
• CIOs
• Electrical contractors
• IT managers
• Systems integrators
• Engineers
• Networking managers
• Contractors
• Data communications managers
• Purchasers
• Project managers
• CLECs
• Telecom managers
• Security integrators
• Facility managers
TORONTO
Mississauga Convention Centre 75 Derry RD W, Mississauga, ON
MONTREAL
Montreal Airport Marriott
In-Terminal Hotel
800 place Leigh-Capreol, Dorval, Québec H4Y 0A4
EDMONTON
Edmonton Expo Centre 7515 – 118 Avenue, Edmonton, Alberta T5B 4X5
TIME FOR A NEW PLAN
It’s about reframing the issue to focus on risk instead of defending a security budget
Over the past few years, I’ve been writing about approaching security programs from a riskbased perspective. This past year focused on Enterprise Security Risk Management (ESRM) and the benefits this framework and philosophy can bring to your organization.
I’ve presented at a number of conferences, built and run a company focused on ESRM, and became the Board sponsor for ASIS’ global ESRM initiative. Along the way, I’ve come across some truly dedicated security professionals who are really embracing the concept of designing their security programs to support business objectives by identifying risks to assets. These have all been small steps on a very long journey. And while they are positive milestones, there is still some reluctance to implement a security program focused on reducing risks instead of simply ticking compliance boxes.
“Maybe the idea of letting go of ownership of risk frightens some security professionals.”
professionals because they see this as an abdication of their perceived role. Maybe security professionals aren’t yet at a level where they can confidently translate the links between business objectives, assets to achieve these objectives, and risks facing the assets. Maybe our organizations don’t want us to remind them of the risks they’re facing because they would actually have to do something about the risks — including accepting them. Maybe the idea of formally documenting risks and then having an executive team articulate their risk appetite isn’t going to happen in some boardrooms.
I’m trying not to be frustrated by this observation. I realize it’s hard to shake decades of thinking and focus energies on identifying risks instead of buying more gear to complete a task. I know it’s difficult to ask security professionals to identify mitigation strategies and seek executive acceptance instead of arguing for more budget based on fear, uncertainty and doubt.
There are still many roadblocks to face when trying to implement a risk-based security program in organizations. I’ve heard comments ranging from “We already do this,” to “Why do we need another framework?” and my favourite, “This is too hard for our leadership to accept.”
Why is this journey so difficult? Why are we having such a tough time selling the benefits of a risk-based program inside our own organizations?
That’s a great question, and one I’ve been trying to answer for many years. Maybe it’s because there isn’t enough empirical evidence to support the claims that an ESRM program can reduce overall security program costs. Maybe the idea of letting go of ownership of risks frightens some security
Whatever the reason, developing and implementing risk-based security programs appears to remain the exception, not the rule. The majority of organizations I have been introduced to over the years seem to validate this statement, and continue to frustrate the security professionals tasked with protecting the organization’s assets. The frustration grows if the security professional has embraced the philosophy of ESRM, and can see the direct benefits of implementing a risk-based, business-focused approach to security.
I want to engage this audience, and ask for your help to motivate others. I want you to think of times you were able to use some of the concepts from this column to help reduce the risks facing your organization. I want to hear about your struggles and your achievements regarding a risk based approach to security.
We need to capture the collective knowledge of the security profession, and to hear from those in the trenches tasked with building and implementing security programs based on risk.
Reach out to me through LinkedIn, Twitter (@Tim_McCreight) or email (tmccreight@obsglobal.com). Let’s start a dialogue, and see where this goes. It’s time to rewrite our story.
Tim McCreight is the principal consultant for Online Business Systems (www.obsglobal.com).
Crisis24, an essential source of critical vetted security information with unlimited access to over 200 country reports. Content provided by IHS Markit supplements our Country Reports with an executive summary and operational outlook, around the world such as civil unrest, terrorism, environmental degradation, and pandemics and social stability.
• Customize your dashboard by selecting the regions, countries and topics of interest
• Receive alerts by text (SMS) and/or email
• Get unlimited access to all alerts and country reports with vetted security
SECURITY EVOLUTION
A closer look at the major events, influences and trends that have shaped the security industry over the last 40 years through the eyes of professionals
By Ellen Cools
Over the past 40 years, the security industry has evolved to an almost unrecognizable point.
Industry veterans indicate that 40 years ago, the industry largely consisted of retired police officers who were focused on physical security and alarms. Cybersecurity did not exist, and security was only called upon in response to a crisis.
But one aspect has remained the same: Canadian Security has been there to guide the industry. Over the years, we have evolved alongside the industry, transitioning from a magazine that included content geared more towards alarm dealers and installers to one dedicated to covering the major events and trends impacting end users and senior security managers.
CCTV: a “panacea”
Since the late 1970s, technology has become an increasingly important part of our everyday lives. So it’s no surprise that it has also been extremely influential in the industry’s development.
“When I first started, solutions were more physical and purely perimeter-based,” says Steele, who, during his career has also served as director of sales for ASSA ABLOY and contributed to Canadian Security. “In those days, the technology was not as advanced; it was mainly physical protection on the doors and walls and windows.”
“It’s not just about protecting the building, it’s managing the assets and the assets include the people.”
— David Steele, Davantis Technology
We asked a number of security professionals to reflect upon the past four decades: Rita Estwick, director of enterprise security development, Canada Post; David Hyde, owner and principal consultant, David Hyde and Associates (recently acquired by Total Cannabis Security Solutions); Steve Summerville, president, Stay Safe Instructional Programs; Elliott Goldstein, senior litigation lawyer, Epstein & Associates; Kevin Murphy, security director, Woodbine Entertainment; and David Steele, country manager, Davantis Technology.
Access control was rudimentary, and there were almost zero CCTV systems, he adds. Despite that, “CCTV has been a huge change in the industry.”
Hyde, who is currently a member of Canadian Security’s editorial advisory board, agrees, although he notes it has its benefits and downsides.
CCTV is often seen as a “panacea,” he explains — a replacement for security guards. But this can create an overreliance on cameras. “I think CCTV is a good thing when it’s used in real-time and in parallel with a security person that’s trained, but CCTV can be a bad thing because it actually can give a false sense of security and a false economy of security.”
Goldstein, long-time writer of the column “CCTV and the
Law” for Canadian Security, also highlights the impact of the technology.
Looking back over the past 40 years, one trend that stands out for him is the move from analogue to digital, which has changed the evidence-gathering process significantly.
“It’s certainly become more important to prove the chain of custody,” he shares. “You have to show continuous possession because of the ability to tamper with the evidence, to re-touch it and to doctor it …You have to be careful to show that that hasn’t been done, and if it has been done, why?”
A more recent trend is the influx of smartphones and social media, which allow the public to record events that otherwise would not have been recorded.
According to Goldstein, “That caused a huge increase in the volume of video that people had to look at at an event [and] the way surveillance information was handled.”
But CCTV has not only changed the way surveillance is captured, it has also played a vital role in the development of the relationship between police and security.
“I think the police have come to realize that they do need the security people in terms of providing [surveillance] evidence,” he shares.
In turn, the police have created liaisons and relationships with security.
Additionally, security professionals are increasingly called as witnesses in court. According to Summerville, an expert witness and retired sergeant in the Toronto Police Service, the relationship between police and security has “evolved favourably.”
office, like webinars,” Murphy shares. “And that just gives us access to so much more information.”
Estwick agrees, adding that education and security awareness are “absolutely critical components to any type of security program.
“Any time I think there’s an opportunity to speak to … an employee, a stakeholder, an executive, about security … you have the chance, in my opinion, to create security stewardship.”
“We’re starting to talk about security knowledge and management; it’s the leadership, the resilience.”
— Rita Estwick, Canada Post
“I’m seeing now that security has a very active role, often, in the safety of the public,” he elaborates. “Policing are strapped in terms of the resources they can provide, and as a result, they are perhaps working in better relationships with security providers.”
Creating “security stewardship”
Technology is not the only reason why security has adopted a more prominent role in society. Increased education has also been key.
Murphy, who just celebrated his 43rd anniversary at Woodbine Entertainment, says, when he started, “There weren’t a lot of opportunities for training. We’d join an industry association and go for a chicken dinner once a month and meet our peers and listen to a presentation by somebody, and that was our in-service education.”
Today, college programs in security and criminal justice university degrees are more commonplace.
Additionally, “on a day-to-day basis, we have access to so many different ways to learn that don’t require us to leave our
“Education is the key,” adds Summerville, “and it’s not only education of the guards, it’s education of the public, it’s education of the clients, it’s education of the community as a whole.”
So it’s not just security professionals who are better educated and aware. The public also has a better understanding of security’s importance and the role security — particularly security guards — plays in their lives.
Legislation: a driver of change
Legislative changes regarding training requirements played a key role in this transition.
“There literally was no physical training in the 80s and 90s,” Summerville explains. “At the time, there wasn’t even a mandatory requirement for security to be licensed.”
This changed with Patrick Shand’s death in 1999, when he was apprehended outside a Loblaws store by security guards and subsequently died in the arrest, Summerville explains.
The Patrick Shand Inquest in 2004 provided a number of recommendations, leading the government to revise the Security Guard Act, making it mandatory for security guards to be licensed and receive mandatory training.
The Inquest also increased public awareness about the consequences of untrained personnel and staff, Summerville says. Additionally, “it’s made us very, very mindful of our requirement to display due diligence, the duty of care for all people.”
Changes to the Occupational Health and Safety Act in 2010 led to further requirements for workplace safety training.
“At that time, what was legislated was a requirement to provide a safe environment not only for employees, but for staff to be able to summon assistance if exposed perceptionally to a risk in the workplace,” Summerville explains.
The Public Services Health and Safety Association (PSHSA) released a security risk book that identified a “procurement process with security to provide a safe avenue in the workplace,” he shares. “What that involved was a very detailed curriculum of training to identify what security would require L
… to be able to exercise appropriate judgement.”
PSHSA also outlined the need to vet training programs in order to increase public trust.
“It became an industry de facto standard, if you will, with respect to use of force training, the issue of intermediate weapons [and], most importantly, a fully-identified curriculum on how to de-escalate adversity.”
A paradigm shift: 9/11
But if there’s one event that has really influenced the industry in the past 40 years, it’s 9/11.
“9/11 was the biggest paradigm shift for quite a lot of aspects of security,” Hyde says. “That was really the time the threat of terrorism globalized and we started looking at it more closely, what linkages there were that came into Canada.”
It was also a major change in large building security and public safety, he says.
Professionalization
Consequently, in combination with increased education, training and new technology, 9/11 was a galvanizing moment toward professionalization.
“The ability to demonstrate the value of security in a business world has changed. I think we’ve got better at speaking the language of business.”
Murphy agrees, noting that 9/11 resulted in greater attention and funding for hardening facilities against terrorism and other breaches. For Murphy himself, with Woodbine Racetrack located next to Toronto-Pearson International Airport, his team had to determine how to respond in case a similar event happened, and the potential impact on the business.
Thirty to 40 years ago, security leaders were not focused on items such as a company’s reputational brand, business risks, “the intensification of the threat environment and the requirement to build security capabilities to mitigate those vulnerabilities and risks,” Estwick says. Instead, they approached risk from a singular lens. Now “we’re starting to talk about security knowledge and management; it’s the leadership, the resilience,” she says. “These are the terms that we are using today as it relates to the protection of not only various enterprises but the Canadian economy as a whole. And I don’t think 40 years ago we were that global in our approach and certainly in our messaging.”
— David Hyde, David Hyde and Associates
In response, Woodbine engaged in a review of their emergency management program and performed a risk assessment to determine how to mitigate the consequences, he says.
But distribution channel security was arguably impacted heavily by 9/11. For Estwick, in her role at Canada Post, it was the “first major disruptor.”
“It was not only the immediate impacts in terms of grounding airlines, but the after-affects that transpired, certainly in the United States, and the introduction to what I call the ‘Canadian consumer mainstream dialogue’ of threats. Terrorism became a very popular term,” she elaborates.
These threats could and would be transmitted through that distribution network, she adds. In Estwick’s opinion, the impact of 9/11 “speaks to the recognition of the intensification of the threat environment [over the years].
“I really do believe that that was the initial journey of this industry towards the adaptability and resiliency that’s been acquired. This is where industry leaders started to really look through those different lenses and the importance of health and safety, the importance of being visible, the importance of business continuity, crisis management, and all of those interconnections that needed to take place.”
From the installer perspective, Steele says the end users are more professional.
“In the beginning, a lot of the end users were ex-policemen who didn’t really know anything about security, whereas now they’re more educated,” he explains.
The installer has to “treat them with respect and you have to be as professional as they are. Whereas in the past I don’t think you had to be; it was more of a friendly relationship.”
Additionally, the end users’ demands have changed: “It’s not just about protecting the building, it’s managing the assets and the assets include the people, so you’re managing the people for them as well,” Steele says.
This professionalization also means “people are starting to look at security as a job, as a career, and not just simply as security guards or people who are selling cars one day and computers or surveillance equipment the next,” Goldstein says.
For Goldstein, this change is not thanks to legislation or technology, but industry associations such as CANASA and ASIS. They were the first to begin professionalizing and offering certifications, he explains.
A seat at the table
As the industry has professionalized, “The ability to demonstrate the value of security in a business world has changed,” explains Hyde. “I think we’ve got better at speaking the language of business.”
Now, positions such as CSO and security director, which didn’t exist in the 1970s, are increasingly common, and the professionals who fill those positions often come from a security background. “Forty years ago, I think it was assumed that you had to be retired from a police service to get a job as
Kevin Murphy, Sept. 2005 issue
Bosch empowers you to build a safer and more secure world. Our products are designed to work together to maximize facility control, better mitigate risks, and make systems easier to use and manage. Increase security and automate functions for easy operation. Trigger and execute audio announcements based on security events. Manage data with enterprise-wide control of video and security devices. Bosch products integrate seamlessly to help you create complete security solutions. Call us at 1-866-266-9554 to learn more.
a security manager or a security consultant…and that is not necessarily the case anymore,” Murphy shares.
“One of the benefits of having a retired police officer on board was that he brought his Rolodex with him and all his contacts, and that may have been the most valuable contribution he made,” he adds. “The view of static security guards in place letting people through doors wasn’t looked upon as anything that was terribly important.”
But now security is finding a seat at the C-Suite table. “Now we’ve been engaged in collaborating with the other aspects of our business to ensure their success and to ensure that we’re mitigating any risks to their business that they haven’t thought of,” Murphy explains.
Estwick agrees, adding that 40 years ago, “we were called
NOTABLE DATES IN CANADIAN SECURITY
1983 - First Canadian chapter of ASIS founded in Edmonton
1988 - Calgary hosts XV Olympic Winter Games
1988 - Canada recognized as a region by ASIS International
1989 - Al Sweet elected first Canadian president of IAHSS board (then known as IAHS)
1989 - École Polytechnique massacre in Montreal on Dec. 6
1992 - First annual ASIS International Canada Night
1995 - Montreal-based GardaWorld established
1999 - First ASIS Canadian Security Industry Pioneer award (Ron Minion)
1999 - Winnipeg hosts Pan American Games
1999 - Securitas enters Canadian market with Pinkerton acquisition
1999 – Y2K fears mount
2000 - PIPEDA legislation becomes law
2001 - On Sept. 11, the World Trade Center in New York City is destroyed by terrorists
2002 - CATSA (Canadian Air Transport Security Authority) founded in the wake of 9/11
2002 - American Society for Industrial Security officially adopts the name ASIS International
2004 - Inquest into the death of Patrick Shand
2005 - Private Security and Investigative Services Act (Bill 159) receives royal assent
2006 - First Security Director of the Year award winner: Gene McLean, CSO, Telus Communications
upon when there was a crisis, when there was a security event, but not necessarily factored into the overall strategy of the organization.”
Part of the reason why security now has more influence on the C-Suite is the “recognition that we as security people, we don’t own the risk. The company owns the risk.”
In fact, Estwick believes following an Enterprise Security Risk Management (ESRM) approach to risk management is “the way of the future, in terms of how we, from an industry perspective, are going to continue to influence our C-suite.”
A long road ahead
However, there are still areas for improvement within the industry. “I still think that security as a professional
2008 - Canadian Security publishes results of first annual security industry Salary Survey
2009 - G4S incorporates in Canada (history dates back to 1966)
2010 - Toronto hosts G20 Summit
2010 - Vancouver hosts XXI Olympic Winter Games
2012 - Canadian Security hosts first annual Focus On Health care Security summit
2012 - Most recent Canadian chapter of ASIS founded in Quebec City
2012 - Canadian Society for Industrial Security (CSIS) changes its name to the Canadian Council of Security Professionals (CCSP)
2013 - Canadian Security hosts first Security Career Expo event in Toronto
2014 - Oct. 22 shootings at Parliament Hill, Ottawa
2015 - Toronto hosts the Pan American Games
2015 - Dave Tyson becomes 60th president of ASIS International and first Canadian in the role
2017 - Quebec City mosque shooting on Jan. 29
2017 - Paragon Security celebrates 40th anniversary
2017 - 25th annual ASIS International Canada Night
2018 - Toronto vehicular attack on April 23
CELEBRATING SECURITY LEADERS
Canadian Security recognizes the contributions of three individuals who are making a difference to their organizations, peers, and the security community
To help celebrate Canadian Security’s 40th year, we are recognizing the accomplishments of security leaders who have contributed to both our success and the industry they serve.
Canadian Security has selected three individuals we feel possess some of the most important characteristics that lead to success in security: longevity, leadership, dedication, and perhaps most importantly, giving back.
Our winners this year are: Don MacAlister for Lifetime Achievement Award, Silvia Fraser for Community Leader Award and Michael Brzozowski for the Emerging Leader Award. They will receive their awards at the CS@40 gala luncheon in Toronto on Oct. 4. For details on how you can participate in the event, please visit www.canadiansecuritymag.com/cs40.
— Neil Sutton
E ssential
It all star ts with our Essential Pack Rich workforce functionality for leading ser vice providers, helps you manage contractual compliance and both financial and operational risk .
Ser vice Deliver y Pack
Putting you in constant contact with your workforce. Ser vice Deliver y Pack gives you the tools to deploy and manage enterprise wide
Insights Pack
Harnessing your data, the Insights Pack provides easy to use, easy to implement Business Intelligence (BI) tools designed to sharpen your analysis capabilities.
Engagement Pack
S calable & affordable, star t with the E ssentials, then simply plug in additional Packs as you go.
Driving up employee engagement and satisfaction to increase productivity. The Engagement pack intelligently automates processes to enable you to save time and money
Finance Pack
Granular cost control, automated payroll calculations and inter facing to your ERP.
Recruitment Pack
Setting productivity standards when onboarding employees, the Recruitment Pack streamlines processes to ensure compliant selection and recruitment
" T he world’s leading workforce management solution for S er vice providers "
COMMUNITY LEADER AWARD: SILVIA FRASER
Silvia Fraser moved to Canada 23 years ago from Romania without speaking any English and worked her way up to where she is today: a senior security professional working for one of Canada’s largest cities.
She jokes that she spoke a little French at the time, thinking that would be enough to get by in Toronto, but she soon realized that learning English was something that had to happen quickly.
Fraser was studying math at a Romanian university with the goal of becoming a teacher when she left the country.
“I gave myself a year to see how things would pan out,” she says. “I was learning the language.”
Once in Canada, she took a cleaning job in Toronto’s Jane and Finch neighbourhood, as well as other work. A brief interaction between Fraser and two female Toronto police officers when she was working as a building superintendent struck a chord. “That inspired me,” she says. “I [thought], ‘I want to do that.’”
Security career
Fraser began to map out a new career. With security as a potential stepping stone to police work, Fraser faxed her one-page resume to every guard company in the Yellow Pages. No one called back.
Fortunately, she saw an advertisement for an education program sponsored by what was then known as Human Resources Development Canada (HRDC). Fraser applied and was selected for a placement at a law enforcement and security program, which also included a six-month internship with a local security company.
Fraser started working as a security guard at CIBC Commerce Court in
downtown Toronto. She subsequently worked in investigations, loss prevention and emergency response.
Over time, policing became less and less important as a career goal as security came into focus.
In 2001, she joined the City of Toronto’s security department, which would be her employer for the next 15 years.
Fraser rose through the ranks, attaining supervisory roles and ultimately the position of manager, corporate security. She left professional security briefly in 2016 to work in Toronto Housing for a neighbourhood revitalization program and then became manager for a citywide real estate program.
But her sabbatical from security was short-lived. In 2017, Fraser joined the City of Mississauga as head of security.
Associations and giving back
Throughout her career, Fraser has sought training and extra-curricular opportunities. She has volunteered her time for the Canadian Security Association on its Ontario board of directors and has conducted a long association with the Toronto Chapter of ASIS International.
At ASIS, she was the first chairperson of its women in security committee, helping to organize what became an annual event spotlighting the roles of senior female security professionals.
Fraser also founded and organized the Toronto Civic Run, which held its inaugural event in 2010 as an awareness event to raise the profile of corporate security in the city. The event, which includes a sponsored walk and 100km bike challenge, also raised funds
for the United Way. Fraser is no longer directly involved, but the run will hold its eighth annual event later this year. She is now responsible for a Civic Walk event in the City of Mississauga, which also raises funds for the United Way.
A passionate runner, Fraser is participating in two marathons this year. She completed a half-marathon at the Toronto Marathon earlier this year and is in training to run the full event at the Scotiabank Marathon on Oct. 21.
On both occasions, she is running to raise money for a scholarship fund for security students that will be managed by the ASIS Toronto chapter.
Fraser, who found herself with a long road ahead of her when she moved to Canada in 1995, says she wants to give back. She was offered an opportunity in security via the HRDC grant and is eager to pay it forward to students who may also be looking for help and support.
“What prompted me to do this was, this year it was 20 years since I completed my law enforcement and security administration program. That HRDC program only lasted for two years and I was lucky to be a part of it.
“Why
“I thought, I’m going to run. I like to run anyway. Why don’t we help the young professionals getting into the industry and make it easier for them? That’s how it all started.”
through life, and is also invited to speak at commencement events at Fleming College in Peterborough, Ont.
“Her story for students is a pretty amazing story,” says Sherri Ireland, a part-time faculty member at Fleming and full-time security professional. “Ever since I’ve been teaching at Fleming College, I’ve asked her to talk to students.”
don’t we help the young professionals getting into the industry and make it easier for them? That’s how it all started.”
— Silvia Fraser
Fraser is also a regular at student events. She was the keynote speaker this year at Canadian Security’s Security Career Expo, where she shared some highlights of her professional course
A true motivator, Fraser “doesn’t see a barrier,” when it comes to potential career obstacles, says Ireland. “It doesn’t matter what it is.
She has a very unique personality that way… I’m always curious to see what Silvia’s going to do next.”
EMERGING LEADER AWARD: MICHAEL BRZOZOWSKI
Michael Brzozowski is helping to create a new ASIS certification so young people entering the security profession don’t have to follow in his footsteps.
Brzozowski is currently risk and compliance manager at Symcor, a financial processing service provider working with some of Canada’s largest banks. Brzozowski is, by all measures, an accomplished security professional, but his success story is a common one amongst his peers: he didn’t plan on it, and that’s something he wants to fix.
Brzozowski has worked at Symcor for about six years. He started working in financial services from the outset of his career. He attended Toronto-based Humber College for business studies and got a job working as a teller at a credit union. “I fell into security by means of my boss at the time, who was doing a lot on compliance and money laundering,” says Brzozowski. “It was kind of interesting, so I started getting into [it]. Eventually, they kind of gave all the security to me. I have a very risk averse personality, so I guess it fit well.”
Building security knowledge
Brzozowski next went to work for Intria, a payment solutions company owned by CIBC, working with a company director called Dominic Pizzi, who, he says, encouraged him to increase his security knowledge. “He really pushed me that way.”
Brzozowski left Intria and worked as a consultant with the Ontario government before taking a job with Symcor. At the time, Symcor was in the process of centralizing and maturing some of its programs, he explains. “Symcor is really where I got my desire to do my certifications and really become ‘smart’ at security, not just ‘do’ security.”
He was introduced to the ASIS
International Toronto Chapter about five years ago via a CPTED (crime prevention through environmental design) course he was taking at the time. Through the course, he met Joey McColm, who was working at Johnson Controls (and is also a professional racecar driver). McColm took him to an ASIS chapter meeting. There Brzozowski was introduced to chapter chair Jason Caissie and became immersed in the world of ASIS networking and projects.
Brzozowski has since served the Toronto chapter in a variety of ways, including as its vice-chair. He also started a local young professionals council (known as YP throughout ASIS) with McColm and Caissie and took an interest in the larger organization. He was invited to join ASIS’s international YP group, which he continues to co-chair with Angela Osborne, who is a regional director at Washington, D.C. security consulting firm Guidepost Solutions.
Brzozowski says he is keen to take some of the guesswork and uncertainty out of security career planning.
“Security has a really tough entry point,” he says. “A lot of people, like myself, fall into this industry. There’s no clear path.”
New certification
An issue for young or new security professionals is achieving an industry recognized certification. ASIS’s wellrespected CPP (certified protection professional) requires nine years of work
experience, or a combination of work and post-secondary education. Brzozowski says he’s working with Osborne and other members of the YP group to offer an alternative: an entry-level version of the CPP that would require fewer years to get to the point where you can qualify to sit an exam and potentially earn an important credential.
ASIS headquarters has been very receptive to the idea, says Brzozowski. With some fine-tuning still ahead, the plan is to launch the new credential in early 2019.
Changes ahead
Mark Cousins, who became Symcor’s chief security officer about a year ago, credits Brzozowski with helping him acclimate to the position. (Cousins was previously head of Transit Enforcement for the Toronto Transit Commission.)
“Other industry professionals look to him and he’s smart enough to know when to look to them,” says Cousins. “He’s always willing to give. He always goes the extra mile.”
Brzozowski says the rate of change in security has increased dramatically in recent years. It was practically in lockstep with the established practices around access control and CCTV for a long time, but rapid technology innovation is changing that. “I think this industry is in such flux that you never know where it’s going to go,” he says. But that’s all the more reason to get young people on board and invested in security early.
Canada’s Top Security Company
Offers congratulations to Canadian Security Magazine on your anniversary. Thank you for inspiring, informing and instructing the Canadian Security market for 40 years.
A special thank you to our COO, Don MacAlister, for your guidance, good nature and invaluable contribution to, not only Paladin, but the Security Industry as a whole. Congratulations on being recognized with a lifetime achievment award and for being an outstanding leader in our organization.
We continue to hold ourselves to the highest standards which both motivates our people and fuels our passion for constant and never-ending improvement. Mr MacAlister personifies this passion, and continues to set an example for all of us at Paladin.
Wisdom from the Security Director
Security Director of the Year winners share lessons learned
Throughout its 40-year history, Canadian Security has been the voice of the Canadian security director through feature interviews, articles, Q&As, columns, events and presentations. When Canadian Security launched the Security Director of the Year award in 2006, that relationship was further solidified. In total, 12 directors have received the award (with a 13th to be named later this year). We asked previous winners to share their thoughts once again and answer this question: What is the most important lesson you have learned in your security career and the one you impart most often to co-workers and colleagues?
James Armstrong
Vice-president, Security, Ottawa International Airport Authority, 2017
Over the course of a 25 year career within the military, security and intelligence fields, I have learned a key lesson that has applied in every environment that I have worked in — threat streams are constantly evolving and adapting to your security measures. No matter how strong your security measures, you will always be at a knowledge disadvantage against a threat, while invariably trying to catch up to the situation as it unfolds. The threats we face today are vastly different than the ones from just a few years ago. Cyber
Security Director of the Year 2017
security used to be something the IT department managed, but today the Internet of Things has pushed cyber threats into every realm of security. As society has embraced technology, so have criminals. At the same time, threats are quick to employ low-tech attacks, such as lone wolf vehicle attacks, that are challenging to counter. This has created a wide spectrum of threats with the added challenge that they quickly evolve and work around security measures. Simply preparing physical security measures is not good enough anymore. Security professionals need to lean forward with threat intelligence capabilities, develop enterprise risk management systems, maximize every asset to help detect threats, integrate with other assets and agencies, and train core mitigation skills that can be applied during any threat. This requires security staff to be critical thinkers with the ability to quickly observe and orientate to an evolving situation, analyze it and make
Camden offers a complete line of the highest quality electric strikes for cylindrical, mortise, RIM exit devices and glass doors, backed by a no-hassle 5 year warranty.
CX-ED1410
Grade 1
Fire Rated ANSI Strike
CX-ED1079L/DL
Grade 1
ANSI Strike with 3 Faceplates
CX-ED1579L
Grade 1
‘All In One’ Fire Rated Strike with 5 Faceplates
CX-ED1259L
Grade 1, Low Profile
Surface Mount
Fire Rated RIM Strike
FEATURES:
• ‘Universal’ models with 12/24V, fail safe/ fail secure operation and packaged with multiple faceplates.
• Exclusive features including one RIM strike model for both security and fire, ½” to ¾” latch projection.
• UL 1034 Burglary, UL 294 Access and UL 10C, ULC S104, Fire Listings.
CX-ED2079
Grade 2
ANSI Strike with 3 Faceplates
Call: 1.877.226.3369 / 905.366.3377
Visit: www.camdencontrols.com
appropriate decisions. This can only be achieved with a strong training foundation, understanding evolving threats, experience, having a complete understanding of the security assets in your toolbox, and the recognition that the threat also has a vote on whether your security plan will work or not.
Todd Milne
Director of Security Operations, University Health Network, 2015
The success of any organization is premised on the strength and ability of your team.
People are your most important asset. This strategic pillar is a critical component, if not the most important for a successful program.
(African Proverb: If you want to go fast, go alone. If you want to go far, go together.)
Security has come a long way over the years, particularly with associated regulations. We are accountable to various acts: Private Security and Investigations, Workplace Violence and Harassment, Privacy, just to name a few. Standards such
as IAHSS and ASIS security design guidelines are strong principles that assist with decision-making ventures and ultimately make us better equipped leaders.
Management and supervision is a vital element to ensuring compliance, implementation of effective security standards, operating guidelines and the oversight of staff and their performance against measurable results.
It’s imperative not to work in silos, but rather to embrace the many subject matter experts across all verticals that will ultimately support decision-making when structuring a sound security plan.
Thomas Gerstenecker Chief of Corporate Security, UNOPS, 2011
(Now: Founder and CEO, 3|Sixty Secure Corp.)
An essential component of success is communication.
In the field of security, it can often be difficult to achieve buy-in from staff and management on why a certain strategy is required. We cannot simply dismiss the viewpoint of our staff and/or clients who are the
Patricia Patton Director of Security and Operations, University of Regina, 2016
The most important lesson I have learned over my career is that communication is at the heart of every issue. Things that go well or not so well have all come down to how positive or negative the communication was. Email and texting, in my opinion, have changed how we talk to each other. It is very important to remember there are a lot of pieces of our communication with others that get lost in email/texting. Picking up the phone or talking face-to-face adds elements to a conversation that we should not forget.
Another very key element to communication is our willingness and ability to listen. Listening with the intent to understand is a skill I constantly remind myself to work on. Often we can catch ourselves listening while formulating our response, when in fact we need to listen with an open mind.
The work that many of us do is about the people we work with more than the technical skill we possess. How we get along with and communicate with people will dictate our success, in my opinion. It is through those relationships and communicating needs and challenges that we can work with others to help accomplish our collective goals.
• Disrupt the status quo;
• Think long term;
• Get out of that comfortable zone; and
• Add real value to the organization you are fortunate enough to be with.
I share my general professional philosophy with people I mentor directly or indirectly and to always ensure that risks are quantified and evaluated accordingly.
I also wish to congratulate Canadian Security magazine and offer a heartfelt appreciation for their continued pursuit of excellence in security coverage.
Dave Tyson
CSO, City of Vancouver, 2007 (Now: CEO, CISO Insights)
Understanding that I was responsible for my own career, from start to finish, that I owned it, its successes or limitations, has been crucial in my development as a security professional and a leader.
In my career, I have invested in my own success, whether that was paying my own way to ASIS or other conferences for development opportunities or volunteering for training to get ahead.
In 1991, as a security officer at Robson Square in Vancouver, I volunteered to double shift for free to get training for a role I wanted to be promoted into.
The next time a spot opened, I was promoted because the company did not have to pay to train someone; that led to
a site supervisor role and then an operations manager role within the year.
Later in my career, I paid to attend my first ASIS International conference. It was a lot of money, but it set learning, volunteering, mentorship and professional relationship opportunities in motion that gave me the career I have today.
Ask for employer support, for sure, but do not wait for an employer or supervisor to recognize your talent or commitment.
Drive your career, make a plan, stretch yourself, seek out learning and growth opportunities, and invest in your professional career.
Don’t be afraid to dream a little. I grew from security officer through the ranks to learn cybersecurity and became a chief information security officer.
I never thought something like that would have been possible when I started, but courage, tenacity and authenticity can help you get there. It did for me.
Tom Rousseau Vice-president, enterprise corporate security & loss prevention, Canadian Tire, 2014
STANDARD
Iam hard pressed to come up with the “most important” lesson, as I feel that within our own ecosystem we constantly deal with new risks and are constantly learning new important lessons from those new risks. As most of you know, we are now living in a world where things are becoming more intricate and are moving at a much faster speed. Although technology is helping us to keep up, it is also helping the criminal minds and allowing them to move faster and hide in better places. It seems that not only are we dealing with better scams, we are also seeing more of them.
Complacency is one of our worst enemies and I think if I was asked to pick my most important lesson it would be to never become complacent. Always be open to new ideas and new ways of doing things and always update yourself on trending or new technology. I guess it sounds like I am stating the obvious here but you would be surprised how many folks fall into this trap and learn the hard way. I would also add that sharing information amongst colleagues/police agencies, etc. is one of the most valuable tools we have as security professionals and is one of the best ways to help all of us stay ahead of the game. The old days of not wanting to share data or information because of fears of divulging “company secrets” are long gone. I strongly believe that there are multiple ways to achieve this without hurting the integrity of your company’s brands.
Canadian Security is hosting an anniversary event to celebrate four decades of security industry coverage and honour its leaders.
OCT 4 2018
TORONTO, ON BUY TICKETS
SANDMAN SIGNATURE HOTEL
By Derek Knights
READING FOR THE WELL-ROUNDED SECURITY PROFESSIONAL
I’ve been reviewing books for Canadian Security for a dozen years or so — more than a quarter of its existence — so I’m either experienced or old.
But in any case, it’s been a great run so far. I’ve learned a lot from some wonderful books (and a few stinkers) and I hope I’ve helped others learn something, too. When Neil Sutton, Canadian Security’s editor, suggested a recap of some memorable books, I readily agreed. It’s been a great trip down memory lane.
Most of the books I’ve reviewed have been ones I’ve chosen myself. But a number of books came from publishers sending them to the magazine, or an editor hearing of books they thought the readership would find value in.
The publisher of JP Bloch, a Connecticut university professor who writes sociology and criminology books, sent us a copy of his novel, “Identity Thief.” That was the first and, so far the only time, the magazine has published a review of a work of fiction (Nov/Dec 2014 issue).
But in the “real world,” three from 2010 stand out: “The Canadian Security Professionals Guide” (March); “No One Would Listen — A True Financial Thriller” (May); and “Flawless: Inside the Largest Diamond Heist in History” (July/August).
While Markopolos’ book warns of governmental and regulator inaction, “Flawless” gives tremendous “how-notto” lessons for security professionals and bad guys.
In October 2012, I had to share the magazine with my own boss, Carol Osler, who was Security Director of the Year that year and featured on the cover. In that issue, the review was Bruce Schneier’s terrific “Liars and Outliers” — still a book that no security professional should overlook.
“Let’s face it, security and investigative services are bascially a specialized type of customer service.”
In the first, author Christopher Menary provided the perfect guide for the entry-level security officer who wants to go places. Then Harry Markopolos tells the mesmerizing story of how he tried for 10 years to warn the U.S. government about Bernie Madoff — but no one would listen. It’s a great lesson in not seeing the forest for the trees! In “Flawless,” two journalists tell the story of the 2003 Antwerp diamond heist, also in true thriller fashion.
There are a few I really must speak about: two by Daniel Levitin, “The Organized Mind” (Sept/Oct 2015) and “A Field Guide to Lies — Critical Thinking In the Information Age” (Jan/Feb 2017). Every security professional or investigator should read these. And Heather MacDonald’s “The War On Cops — How The New Attack on Law and Order Makes Everyone Less Safe” (Mar/Apr 2017), where the reader needs to exercise critical thinking.
On management issues, there’s two versions of Bruce Tulgan’s book “Not Everyone Gets a Trophy: How to Manage Generation Y” (Oct 2009) and “Not Everyone Gets a Trophy: How to Manage the Millennials” (Jan/Feb 2018). Levitin’s two and at least one of Tulgan’s should be required reading for anyone in security and investigations who is working with incoming employees.
Why? Because the new worker is different. How different? Well, read Tom Nichol’s “The Death of Expertise — The Campaign Against Established Knowledge and Why it Matters” (May/ June 2017).
But of all the books I’ve read and reviewed here, probably the ones that have the most immediate value are any (or all) of the ones I’ve mentioned in previous compilations:
• “A Street Officer’s Guide to Report Writing,” by Frank Scalise and Douglas Strohsal
• “Write Well,” by Judge Mark Painter
• “The Elements of Technical Writing,” by Gary Blake and Robert W. Bly
• “The Elements of Style,” by William Strunk Jr. and E.B. White
• “Writing Without Bullsh*t,” by Josh Bernoff
And, to ensure your communications are not only technically correct, but “politically” correct as well, check out “I’m Right and You’re an Idiot: The Toxic State of Public Discourse and How to Clean it Up,” by James Horgan with Grania Litwin (Mar/Apr 2018).
Let’s face it, security and investigative services are basically a specialized type of customer service. Providing it poorly using outdated techniques, ignoring new technology, failing to be the leader in the customer-provider relationship, and then ultimately delivering a poorly written product is not tomorrow’s business model. So, for heaven’s sake, read some books.
Derek Knights is the principal of Knights Business Writing Services.
AVOIDING IOT PITFALLS
TYotam Gutman is the vice-president of marketing for SecuriThings (www.securithings.com)
he adoption of connected devices for home use has skyrocketed and is not likely to slow down.
Unfortunately, more connected devices means greater risk to consumers. Connected devices at home have an intimate relationship with their owners and, as such, pose a risk to their privacy. Smart devices can record users’ voices, movements, weights and eating habits, not to mention videotape them. In short, consumers must acknowledge that these products are not like traditional
appliances; they are sophisticated sensing devices and must be treated as such.
Before buying and installing a smart device, consumers must first educate themselves about the potential “snooping” capabilities of the device. If they decide to buy one anyway, they should strive to acquire one from a known mainstream vendor. The device should then be installed and configured with security in mind: privacy settings must be changed from the default ones, and proper passwords must be selected. Still, even these practices would not secure the device from a persistent hacker.
Consumers must demand stronger security measures from the IoT service provider — at the very least, the provider must be able to inform users if their devices have been hacked.
IoT for the enterprise isn’t the same as IoT for homes; the main risk shifts to
hackers using IoT devices to break into corporate networks and leak sensitive employee and customer information. Enterprises should approach with care when adopting IoT for the enterprise, and resist the temptation to connect everything to the web. The rule is: if the device doesn’t need to be connected, don’t connect it (or disable it from access to the web).
Enterprises should be able to identify and monitor all IoT devices within their perimeter, as well as ones outside the perimeter, such as remote devices they offer as a managed service.
Enterprises have the know-how to secure IT, but lack experience when it comes to IoT. It’s best to consult with IoT security specialists and vendors, and not rely on their existing manpower and know-how, which is simply insufficient to handle the security threats of IoT.
THURSDAY BONUS
• 550+ Exhibitors
• X Learning Stages
• D3 Xperience
• Career HQ
• Headshot Studio
• NEW! Career Fair
• ASIS Hub
• Con-X-tions Lounge
• Innovative Product Awards
• International Trade Center
Get special access to the keynote and enjoy lunch in the exhibit hall Promo Code GP40
PRODUCT
Attack-resistant door
ASSA ABLOY
ASSA ABLOY says it has partnered with School Guard Glass to develop attack-resistant door openings that comply with the 5-aa10 test standards recommended by the FBI’s Active Shooter Report. The door openings are designed using hollow metal door and frame construction with accompanying ASSA ABLOY hardware and are tested to ensure they can withstand an intense four-minute physical attack with the use of hand tools and after being shot 60 times with 7.62 NATO rounds. The company says that while the door or glass may not stop a bullet from penetrating the opening, the attack-resistant door assembly will remain intact so as to prevent an attacker from breaching the opening. www.assaabloy.com
Emergency exit option
Yale
The A-ALR Emergency Exit Option for 6000 Series Exit Devices from Yale Commercial has all the features of an alarmed exit device and is suitable for commercial applications concerned with loss prevention. The product features a durable aluminum rail design with ANSI/ BHMA Grade 1 certification. The built-in alarm is powered by a 9V battery and sounds at 90 dB at 10 ft. from the device. Other features include several alarm modes, low battery warning, tamper resistance and a red LED indicator to display that the device is armed. www.yalelocks.com
Exit door alarm
STI
The newly redesigned Exit Stopper Door Alarm now offers a number of new features. Alongside the audible warning alarm, models now have a flashing LED. The enhancement also includes updated text, universal sound symbols, and an area for a second language (21 label options included), allowing the unit to be used globally. The Exit Stopper (STI-6400) is easy to install, according to the manufacturer, and helps prevent unauthorized use of emergency exits and fire doors. When a protected door is opened, it emits a 95/105 dB alarm and flashes. The door alarm can serve as an security device which helps prevent theft. www.sti-usa.com
AD INDEX
ADT Security Services Canada 43 www.adt.ca
Allied Universal 11 www.ausecurity.ca
Anixter Canada 13 www.anixter.ca
ASIS International 41 www.gsx.org
Avigilon Corporation 44 www.avigilon.com
Bosch Security Systems Inc. 19 www.boschsecurity.com
Camden Door Controls 31 www.camdencontrols.com
CANASA 9 www.securitycanadaexpo.com
Commissionaires Canada 2 www.commissionaires.ca
Dfendus 35 www.dfendus.com
2018 • www.canadiansecuritymag.com
LED beacons
E2S
Warning Signals
With multiple operating modes, the LED beacons offer an extended operating life of more than 6,000 hours, lower current requirements and higher output levels, says E2S. The LED beacons have five flash rates for warning beacon applications: 1.0, 1.5, 2.0 Hz and double and triple flashes. They also offer high and low steady outputs for status indicator use. DC voltage versions feature three remotely selectable stages, enabling multiple warnings to be signalled from one device. The same light engines and control electronics are common across all product families: the STEx 316L stainless steel, the GNEx and E2x GRP and BEx and D2x marine grade LM6 aluminum enclosures. www.e2s.com
Notification appliances
Eaton
Eaton Wheelock Exceder LED3 notification appliances are compliant with National Fire Protection Association (NFPA) code requirements for flash duration. The Wheelock Exceder LED3 line includes strobes, horn strobes, horns, speakers, speaker strobes, low frequency sounder strobes, and sounders for ceiling and wall-mount indoor applications. High-fidelity speakers provide intelligibility for mass notification and emergency communications. The line has been UL/ULC listed as compatible with all fire alarm control panels and accessories determined to be compatible with Wheelock RSS strobe-based products.
www.eaton.com
Waterproof push button switches
Dortronics
Dortronics’ waterproof push button switches include the IP-65 rated WR5276-HD28/HD29 Series and IP-66 rated WR5276-HD22 Series, which have been designed to withstand harsh environments. The former are designed for card access systems or automatic door openers. The WR5276HD 22 Series Heavy Duty Push Button Switches are vandal-resistant and feature various timer options that can be fixed/ delayed or adjustable. Additional features include optional bi-colour LEDs. www.dortronics.com
Emergency Response Portal 21 www.emergencyresponseportal.org Feenics 37 www.feenics.com G4S 7 www.g4s.ca GardaWorld 15 www.garda.com
Innovise Software Ltd 23 www.innovisesoftware.com
Milestone Systems 25 www.milestonesys.com
Nortek Security & Control 27 www.nortekcontrol.com
Paladin Security 29 www.paladinsecurity.com
Rasilient Systems, Inc. 33 www.rasilient.com
Winsted 8 www.winsted.com
Secured Entry, Simplified
The H4 Video Intercom
Remote Entry Control
The H4 Video Intercom integrates a 3 MP camera with a high-performance intercom featuring exceptional wide dynamic range, low-light, noise reduction and echo-cancelling technologies for clear viewing, and two-way communication with visitors.
Using Avigilon Control Center (ACC) software, operators can receive, review and respond to intercom requests, and remotely grant access.
Avigilon Appearance Search™ Technology
Incorporates the unique characteristics of a person’s face to search for the same individual even if items such as their clothing change over time.
LightCatcher™ and Infrared Technologies
Provides clear image detail in a broad range of challenging lighting conditions, including nighttime.
Vandal- and Tamper-Resistant Housing
Aluminum construction provides reliable strength and durability in both surface and flush mount models.
avigilon.com/h4-video-intercom | asksales@avigilon.com
