CS - September - October 2017

Security Director of the Year 2017

Ottawa

Takeoff speed

Security Director of the Year James Armstrong, vice-president of security at Ottawa Airport, takes advantage of all eyes and ears when it comes to keeping people and assets safe.

By Neil Sutton

When work goes home

Information is often an organization’s most valuable resource. Keeping it safe, no matter where it goes and what device it resides on, is a continual challenge.

By Michael Murphy

By Neil Sutton

ATHE ALL HAZARDS APPROACH

Smart security professionals see resources everywhere

s the editor of Canadian Security, my role includes audience outreach.

One of the best ways to accomplish that is to conduct a survey and simply ask people what they think. I’m not a statistician or survey designer by training, but I do know you can’t really put much stock in survey results without asking some key questions about your audience. In terms of security, that means roles, titles, responsibilities and, more importantly, how those have changed.

This summer, Canadian Security conducted an online poll to gain a better understanding of how the security community relates to emergency management. We’ve highlighted some of those results on p.6 and you can find the rest of them on our website.

“Role change seems to be a hallmark of almost everything we do today.”

What struck me about the responses was their tremendous scope, not only in terms of the types of emergency faced, but the thought given to emergencies that are generally unlikely to occur. One survey respondent described this as the “All hazards” approach, tempered to an individual organization through the thoughtful application of a risk assessment strategy.

But what is really meant by that? That’s the million-dollar question in security, and answering it can really help a professional get the full attention of their C-suite. I think it also speaks to the issue of role change, which seems to be a hallmark of almost everything we do today.

When I asked our Security Director of the Year, James Armstrong, vice-president of security at the Ottawa International Airport Authority, to tell me more about his roles and responsibilities, the answers he gave me could have filled a book.

A military veteran with a career that has seen him take positions in Afghanistan and Jordan, he knows what it means to be busy, but he joked that his current role in Ottawa is the busiest yet. For Armstrong, it’s been an especially full year, particularly with Ottawa so much in the spotlight as Canada celebrates its 150th birthday.

The common denominator of Armstrong’s approach seems to be that he can recognize the security potential in others, including those that don’t actually have any previous background or training.

He’s essentially made all airport workers, from baggage handlers to retail staff, part of the security team by taking advantage of what they know, their familiarity with their surroundings, and their deep knowledge of what “normal” looks like in a busy airport. By leveraging their expertise, he has created new levels of awareness and a greater understanding of his environment.

Maybe that’s what is meant today by role change in security. Security encompasses so much more than it used to and its effectiveness is increased by getting everyone on board.

Group Publisher Paul Grossinger pgrossinger@annexweb.com

Publisher Peter Young pyoung@annexweb.com

Editor Neil Sutton nsutton@annexweb.com

Assistant Editor Ellen Cools ecools@annexweb.com

National Account Manager Jennifer Dyer jdyer@annexweb.com

Art Director

Graham Jeffrey gjeffrey@annexweb.com

Account Coordinator

Trish Ramsay

tramsay@annexweb.com

COO Ted Markle

tmarkle@annexweb.com

President & CEO Mike Fredericks

Editorial and Sales Office

80 Valleybrook Dr., Toronto, Ontario M3B 2S9 (416) 442-5600 • Fax (416) 442-2230

Web Site: www.canadiansecuritymag.com

Canadian Security is the key publication for professional security management in Canada, providing balanced editorial on issues relevant to end users across all industry sectors. Editorial content may, at times, be viewed as controversial but at all times serves to inform and educate readers on topics relevant to their individual and collective growth and interests.

Canadian Security is published six times per year by Annex Business Media.

Publication Mail Agreement #40065710

Printed in Canada I.S.S.N. 0709-3403

Subscription Rates Canada: 1 Year $40.95 + HST; U.S.A. (payable in US dollars): 1 Year $70.00; International (payable in US dollars): 1 Year $80.00

Circulation Tel: (416) 510-5189 Fax: (416) 510-5170 asingh@annexbizmedia.com 80 Valleybrook Drive, Toronto, ON M3B 2S9

The contents of Canadian Security are copyright by ©2017 Annex Publishing & Printing Inc. and may not be reproduced in whole or part without written consent. Annex Business Media disclaims any warranty as to the accuracy, completeness or currency of the contents of this publication and disclaims all liability in respect of the results of any action taken or not taken in reliance upon information in this publication.

Jason Caissie

Ashley Cooper

CALENDAR

October 18-19, 2017

Security Canada Central Toronto, Ont. www.securitycanadaexpo.com

October 26-27, 2017

Securing New Ground New York City, NY www.securingnewground.com

November 14-15, 2017 SecTor Toronto, Ont. www.sector.ca

November 15-16, 2017 ISC East

New York, N.Y. www.isceast.com

November 29 - December 1, 2017

PM Expo Toronto, Ont. www.pmexpo.com

December 6, 2017

Focus On Health Care Security Toronto, Ont. www.focusonseries.ca

December 6-8, 2017

Fraud and Anti-Counterfeiting Conference Toronto, Ont. ksllaw.com/conference

April 11-13, 2018 ISC West Las Vegas, Nev. www.iscwest.com

April 25, 2018

Security Canada East Laval, Que. www.securitycanadaexpo.com

April 15-18, 2018

IAHSS Annual Conference & Expo Chicago, Il. www.iahss.org

May 9, 2018

Security Canada Ottawa Ottawa, Ont. www.securitycanadaexpo.com

May 30, 2018

Security Canada Alberta Edmonton, Alta. www.securitycanadaexpo.com

IAHSS grows Canadian contingent with Ottawa chapter

The International Association for Healthcare Security and Safety (IAHSS) is capping a year of Canadian content by adding a new chapter in Ottawa.

Canadians have had especially strong representation in the health-care security association of late. The past two presidents are Canadians: Jeff Young and sitting president Martin Green. The association also held its most recent AGM in Vancouver.

IAHSS is very well represented in the U.S., with chapters across almost 30 states, some with multiple (California and Texas have three chapters, for example, and Florida has four). Canada also has representation coast-to-coast — there are chapters in B.C., Alberta and Nova Scotia, which was added last year — but Ontario now has the distinction of being home to two.

The existing Ontario chapter primarily serves members in the Greater Toronto Area. The Ottawa chapter, officially known as Ottawa-Carleton, was approved by IAHSS in August and its first official meeting was held on Aug. 31. The creation of the new group was spearheaded by Sam Asselstine, who recently accepted a position as manager of security, parking and safety, Royal Ottawa Mental Health Centre. Asselstine, who was an active member of the Ontario chapter, serving as its vice-chair, said he saw a need for more IAHSS representation in the national capital region. “I contacted some members and said, ‘If we were to have an Ottawa chapter, would you find that to be beneficial?’ The answer was overwhelmingly yes.”

An executive was formed — necessary for IAHSS headquarters to consider the approval of a new chapter application — made up of members of the professional health-care security community in the area.

As of August 2017, there are 231 Canadian members of IAHSS, about 90 of which belong to the Ontario chapter. Asselstine says the relationship between

the established chapter and the Ottawa start-up will be close and continuous, particularly since there is a deep pool of knowledge and experience that can be shared (refer to “The Heartbeat of Security” published in the March/April 2017 issue of Canadian Security magazine for more on how Ontario IAHSS members support each other).

Asselstine says the Ontario chapter board was very supportive throughout the application process. A number of them attended the Ottawa-Carleton inaugural meeting, including Martin Green. “Them being here means the world to me,” says Asselstine.

With a province the size of Ontario, it made sense to add a second chapter, says Green. (Hence the reason for three IAHSS chapters in a state as populous and large as California.)

Some of the more remote members of the Ontario chapter could teleconference into Toronto-based meetings, but hosting meetings on the eastern edge of the province offers an alternative. The new chapter will operate independently of its larger cousin, but Green says there will be co-operation for some functions.

Members will have the freedom to attend one meeting or the other, or both. The Ottawa chapter, for example, is expected to draw members from as far west as Kingston, and as far east as Montreal.

— Neil Sutton

Canadian award winners in Dallas

Three Canadian members of ASIS International will receive the ASIS International professional certification board regional award of achievement at a presentation in September.

The award event is part of ASIS’s annual seminar and exhibits, held this year Sept. 25-28, in Dallas, Tex.

According to the ASIS International website, the Regional Award of Achievement “recognizes certified security professionals who have made significant contributions to the advancement of the CPP, PCI, or PSP designation on the local, regional or national level.”

JD Killeen

JD Killeen is the director of national and regional sales for G4S Canada, and a member of the ASIS Toronto Chapter, as

well as a former chapter chair. Killeen is being recognized for his role in facilitating training sessions for CPP examinations. He hosts regular ASIS study groups at G4S’s Toronto facilities to help industry colleagues prepare for their exams.

The second winner is Col. Randy Brooks, an armed forces veteran who also spent more than three decades as a high school teacher, and has served as CEO of Commissionaires South Saskatchewan.

Brooks has volunteered with the Saskatchewan chapter of ASIS since 2012. Having earned his CPP certification, Brooks encourages fellow members to seek their own and supports them by volunteering his own time to assist in

Emergency update

Earlier this year, Canadian Security hosted an Emergency Management theme week, sponsored by Calian, highlighting the results of a survey that was taken by our online subscribers. You can still find all the EM content at www.canadiansecuritymag.com/ emergency-management-week

Here are some of the survey highlights. Stay tuned for Canadian Security’s Cyber Security week, starting Oct. 23.

What technology or service is best suited to providing EM notifications today and is most likely to be viewed and understood by its intended audience?

Social media (Twitter, Facebook, etc.) - 22.79%

Email and/or text alerts - 47.06%

Digital signage - 4.41%

Public address system - 25.74%

study sessions. He travels back and forth between Saskatoon and Regina to help members in both locations.

The third Canadian recipient of the certification board regional award of achievement is Allan McDougall, CPP, PSP. McDougall is a senior member of a new Ottawabased consulting initiative, Knowledge Advancement Solutions. A keen advocate of professionalization in security, McDougall has served on ASIS’s Physical Security Council and has offered certification preparation courses in Ottawa for almost a decade. He is also the Chief Learning Officer for the International Association of Maritime Security Professionals.

What type of emergency requires the greatest amount of preparation and poses the most likely threat?

Active shooter/terrorist event - 24.26%

Weather-related event or natural disaster (fire, flood, etc). - 36.76%

Digital/data breach (loss or damage of records, cyber-attack, privacy breach) - 27.21%

Disease/viral outbreak - 8.82%

Contamination (CBRNE) - 2.94%

What is the greatest obstacle facing emergency workers, front line workers and first responders today?

Maintaining up-to-date and effective training - 31.39%

Potential for PTSD or stress-related illness - 13.87%

Funding, equipment and crisis management tools - 42.34%

Health-related issue caused by exposure to disease, hazardous material, etc. - 12.41%

By Tim McCreight

FINALLY, ACCEPTANCE

Sometimes assuming risk is the path we must take

Security professionals like to solve problems.

We react to situations and develop solutions to return our operations back to normal. Identifying remediation strategies within an Enterprise Security Risk Management (ESRM) program is similar, but it takes us out of our security comfort zone and into the business realm.

This means that our previous experience regarding risk remediation must change, and we must embrace the objectivity of ESRM. And in some cases, we’re going to have to let our fears go and let our business leaders accept the risk. That’s going to be very difficult for many security professionals to accept. Our role in ESRM is to be a trusted advisor, offering objective information regarding risks facing our assets. We need to remove ourselves from the mindset that we have to “fix” something.

the risk. And, in some cases, the risk may be accepted by the organization — something security professionals are slowly learning to embrace.

“It’s not just security who has a say in the process.”

As my career matured (and thankfully, me along with it), I began to understand the value of collaboratively developing remediation plans with the business units I was working with. We need to move out of our security role and appreciate the business aspects of risk remediation. Sometimes, organizations will commit funds to reduce the risks. In other cases, the risk activities may be deferred if they’re posing an unacceptable risk to the business. And, in a few cases I’ve been part of, the risks are acknowledged and accepted because the potential reward is worth the risk.

I’ve had personal experience with this change in mindset, and it’s been both positive and negative. Early in my career, I was very passionate and sometimes a bit outspoken with my thoughts about a risk assessment. I remember being very upset that my thorough risk assessment didn’t seem to garner the same interest from senior leadership as opposed to my fellow security professionals. I hadn’t yet embraced the concept of trusted advisor, and believed that security was here to help solve all the problems facing the organization.

I hadn’t yet figured out that our role, in this latter stage of the ESRM lifecycle, is to provide objective, business-focused suggestions to remediate the identified risks. Security professionals do not accept these risks, nor develop individual projects to begin remediation.

The goal of this ESRM phase is to collaboratively assess options available to the business to remediate

This was one of the hardest lessons I learned during my career — when we come up with options to deal with risk, one of the options is to accept the risk. For me, this became a transition point in my career. I moved away from developing purely technical or security based solutions to solve a risk problem, and began developing joint opportunities with business units. I began to appreciate that others have a part to play in identifying remediation strategies — it’s not just security that has a say in the process.

We don’t have to lose our passion or resolve to continue protecting the assets of our organizations. Those strong feelings give rise to some amazing and ingenious ways of remediating risks. I’ve watched members of my team find creative solutions to address complex risk scenarios at the same table with finance, legal, HR and business team members.

The principles of ESRM, particularly in this phase, can positively affect the process of identifying options to remediate risks. Keeping an open mind, collaborating with diverse team members, and identifying strategies are all part of the ESRM process. I wish I had followed this approach sooner — I could have avoided some grey hair.

Tim McCreight is the director of strategic alliances at Hitachi Systems Security (www.hitachi-systems-security.com).

Powered by partnerships with industry-leading manufacturers, Anixter takes innovative approaches to help you build, connect, power and protect valuable assets and critical infrastructures. Our Showcase events highlight the latest products while providing you with direct access to the experts and engineers that drive the latest technologies and standards.

Attend this event and discover what Anixter and our partners can accomplish for you.

Who Should Attend:

• CSOs

• CFOs

• CIOs

• Electrical contractors

• IT managers

• Systems integrators

• Engineers

• Networking managers

• Contractors

• Data communications managers

• Purchasers

• Project managers

• CLECs

• Telecom managers

• Security integrators

• Facility managers

TORONTO

Mississauga Convention Centre

75 Derry RD W, Mississauga, ON

MONTREAL

Montreal Airport Marriott In-Terminal Hotel 800 place Leigh-Capreol, Dorval, Québec H4Y 0A4

EDMONTON

Edmonton Expo Centre 7515 – 118 Avenue, Edmonton, Alberta T5B 4X5

By Mel Gedruj

STORM CLOUDS AHEAD

Climate patterns are testing the effectiveness of security and resilience plans

In 1990, during the first Bush administration, the Naval War College’s Terry Kelley published a paper titled “Global Climate Change, Implications for the U.S. Navy.”

It was released in its entirety through a FOIA request 23 years later.

In it, Kelley describes the challenges facing the navy with the rise in ocean levels and the uncertainty it exposed the organization to, considering all the coastal real estate assets they own.

Both the U.S. and Canadian defence establishments have identified climate change as a national security issue.

“Analyzing previous disasters and crafting an adequate security policy should be the order of the day.”

Whether climate change is man-made or part of a long-term cyclical phenomenon, it is an issue hotly debated by politically opposed groups. Some are attempting to influence policy while others are intent on blocking any intervention.

For security practitioners, what is at issue is the impact of these recurring, often hard to predict extreme weather events. They constitute an environmental threat that requires leadership. Analyzing previous disasters, planning adequate preparedness and response as well as crafting an adequate future security policy should be the order of the day.

The human psychological response to traumatic, life-threatening events is known to be one that leads to acute stress. When combined with very disruptive situations where water and food are in short supply, it could stretch civil order to the brink of collapse.

Extreme weather events faced by cities, although infrequent, are on a scale that defies imagination, yet local governments are expected to make all the necessary arrangements to prepare their citizens, their own administration and their first responders; have shelters organized to provide temporary accommodation; and provide clean water — basically all the services a municipality supplies on a daily basis. Already, under “normal” circumstances, fiscal reality limits choices.

This is the type of problem that would

greatly benefit from a resilience approach. To remind us of the continuum that was described in an earlier column (January 2016 issue), the security-emergency (preparedness-response) continuity would need to be organized and managed very effectively not only at the municipal level but at the higher levels of governments based on the contribution each level is able to provide in an emergency and its aftermath. Throughout the emergency, security has to be interwoven with all activities designed to mitigate the impact. For instance, consider the devastation that Hurricane Harvey (August 2017) caused when it swept Texas’ coastal cities. First responders, including police, were working around the clock to help with evacuation. When law enforcement departments are busy assisting civilians, who will keep law and order? The fear of running out of food supplies or fuel may lead to disorder, including rioting and looting. Even when evacuation calls are made, traffic may lead to road rage as vehicles fill up the highways leading to safer locales.

In these instances, it is not unusual to call in the military to assist in keeping law and order. I witnessed this very situation in Baltimore, in the spring of 2015, during the riots — the National Guard was called in to secure the city, as local law enforcement were overwhelmed.

The acknowledged risks of climate change are multidimensional, requiring a policy framework that layers local, regional, national and global concerns. In 2010, Canada witnessed extreme events varying from Hurricane Igor to forest fires in British Columbia to the costliest hailstorm in Alberta’s history ($400 million).

There is no doubt that insurers are painfully aware of what is at stake.

A municipal centric approach can assist in providing a framework where resilience in critical infrastructure will both reduce the consequential impact and speed up recovery.

Mel Gedruj, OAA, CSPM is the president of V2PM Inc., specialized in municipal security management planning.

DECEMBER 6, 2017

TORONTO, ONT.

WHY YOU SHOULD ATTEND:

• Hands-on workshop session with an emergency management professional

• Guarding roundtable: how does Ontario’s new wage structure affect your department?

• Ransomware panel discussion: how to prepare and what to do if you’re attacked

• Update from IAHSS and message from the president

2017 SECURITY DIRECTOR OF THE YEAR

TAKEOFF SPEED

James Armstrong, Ottawa Airport’s vicepresident of security, is capping off a busy 12 months that included Canada 150 planning, an insider threat program, a massive IED training exercise and much, much more.

By Neil Sutton

No matter how much you learn, how much you train, no matter your experience or years in the field, events that require the intervention of a skilled security professional are — almost by definition — unpredictable. James Armstrong has essentially taken this worldview and made it a strength. Armstrong is the vice-president of security, emergency management and customer transportation for the Ottawa Macdonald-Cartier International Airport Authority. He is also Security Director of the Year for 2017, an annual award, sponsored by Anixter Canada, given to a professional who has displayed exemplary characteristics, as recognized by a group of his peers.

But what Armstrong really is, is a person who sees the value of a holistic approach, of using all eyes and ears at his disposal. Basically, doing what it takes to get ready for the improbable, but not impossible.

Armstrong is, by most measures, a newcomer to the field of professional security, but he spent more than 20 years preparing for the role by serving in the armed forces. He began his service career as a military police officer, but was soon recruited into the intelligence world and ultimately retired from duty as an intelligence officer (Lieutenant

genetec.com

Colonel). During that time, he served multiple tours of duty in Afghanistan, the Middle East and the U.S.

Even as a retiree, Armstrong couldn’t leave the military behind altogether. He joined the reserves, and to this day works in their intelligence division.

But Armstrong was also looking for a new experience after his service. “The stars kind of aligned when I saw the position available for the Ottawa Airport,” he says. “My dad was a pilot in the Air Force, so I’ve grown up around airports my whole life. In my own military career, I spent a lot of time in the Air Force as well. I always wanted to work at an airport or for an airline.”

Armstrong started working at the Ottawa Airport as its director of security in 2015, and was promoted to his current VP status less than a year later.

When he was first hired, Armstrong says the airport’s CEO Mark Laroche told him, “‘This won’t be as busy or exciting as Afghanistan,’ but I will have to say that it is… even more so.”

Armstrong joined the airport at a uniquely busy time for the city, as it readied for the major celebrations that marked Canada’s 150th anniversary, as well as the Ottawa 2017 events that are still going on — “we’re still kind of midway through that process,” he says.

With Ottawa as a focal point for the national birthday, the city experienced a major uptick in traffic and hosted a higher number of VIPs than usual. (Canada Day was also followed by a major 4th of July celebration hosted at the U.S. embassy in Ottawa.)

“When the 150th came up, we

worked very closely with the city and Federal Government to prepare for that,” says Armstrong. “A lot of that involved collaboration with security, policing and intelligence agencies. The big kick-off for us was preparing with the city for an emergency exercise. The city conducted an emergency exercise across the whole city, so we took part in that.”

Armstrong is a big believer in exercises that involve as many of the airport’s tenants as possible. Since coming on board, he has instituted several major programs that emphasize this holistic approach.

“We call it the ‘curb to cabin’ security approach,” he says. “That term is often used in the aviation industry to talk about a passenger’s experience, but we look at that in terms of security.”

A new insider threat program, for example, has provided Armstrong a more comprehensive view of what’s going on — or could be going on — inside the airport.

“You’re seeing security threats now where some of the threats come from within,” he explains. “They could be terrorist threats, but you could also have things such as workplace violence. In an airport, you could also have things like smuggling and other criminal activities. The insider threat in an airport crosses over a lot of spectrum.”

Armstrong has developed workshops in collaboration with the Ottawa Police, the RCMP, Public Safety Canada and Transport Canada, amongst others, to train supervisors that work at the airport, including airline workers,

ground handlers and retailers. The program stresses the importance of observing behavioural patterns and trains staff to look for visual cues.

“Are people stressed? Do they have financial concerns? Have you seen a change in their behaviour? Anything that stands out — we started to train them on that,” says Armstrong. Also, “how to report it and what could occur after they report it.”

More than 5,000 people work at the airport, in addition to the almost five million passengers that pass through its facilities annually. “An airport is such a big organization, it’s like a mini city,” he says.

“There’s so many facets and so many people through here… you’re always evolving and adapting. This program has opened our eyes to a number of things we need to monitor a lot closer.”

Armstrong says security has been able to realize cost savings within its own department by finding efficiencies, reducing overlap and pursuing projects like the integration of the radio system used by City of Ottawa first responders and the airport. Over the past two years alone, an estimated 15-20 per cent of the overall security budget has been saved. “We’ve found a lot of efficiencies. Those efficiencies have allowed us to reinvest critical funds into other security programs,” he says.

Armstrong runs an additional 20-25 workshops a year just on active shooter training and makes sure all tenants are actively engaged with security on a daily basis. The security department operates a “see something, say something” policy

with tenants and encourages them to offer tips, no matter how minor they may seem at the time. “We don’t care how small it is; we’ll go check it out,” he says.

“We’ve had staff find tens of thousands of dollars in cash and they turn it in, because they embrace that community concept that we’ve developed with the security program. We want people to see this as their house. They’re protecting their home as well. From the cleaners to the ground handlers to the airline staff. The ‘see something, say something’ program we have with our tenants — it’s fantastic.”

most people’s perception of what such an attack would look like. The more you train, the less likely you are to be shocked by the unthinkable.

“You can design a million different [security] plans, train everybody to those plans, but the minute the event happens, it may not go according to that plan. And we don’t want people to freeze,” he says.

“There’s a lot of moving pieces here and it never sleeps. It’s a very busy place.”

— JamesArmstrong, Ottawa InternationalAirportAuthority

When Mark Laroche was in the process of hiring a new security director three years ago, he wanted someone who was “camera-ready” — an individual who could step into the role and handle practically anything, come what may.

In addition to the numerous smaller exercises and ongoing security programs, Armstrong’s team plans one major exercise a year.

Last year it was “Exercise Dark Knight,” held in October. A simulated terror attack, it was coordinated with Ottawa first responders, as well as the RCMP, the Canada Border Services Agency, Public Safety Canada and other major security stakeholders, including U.S. partners. Dark Knight focused on the threats posed by improvised explosive devices (IEDs) and suicide bombers. Using actors, an event was planned that tested the airport’s response to several attacks staged simultaneously. Armstrong says he’s a big believer in creating scenarios that go beyond

Laroche gave Armstrong a vote of confidence only nine months into the role by promoting him to vice-president. The promotion was conferred at the time in response to the situation created by a taxi driver labour dispute, but Laroche says he wanted his security department to occupy a bigger seat at the C-suite table.

“A vice-president of security in any organization almost has to be a pest. He has to make the whole senior management team aware that there are security issues almost every day. If he doesn’t do that, he’s almost not doing his job,” says Laroche.

Armstrong credits his senior leader as one of those CEOs who “gets it,” who not only understands the value

of security but will go out of his way to support it. He also knows that not everyone who works in professional security is quite so lucky.

For his part, Laroche says he knows that security requires “a lot of resources for something that’s not going to happen 99.999 per cent of the time” but he says he typically puts the challenge back on Armstrong.

“I say, ‘you don’t have to convince me of the necessity. You have to tell me how you’re going to get it done.’ That gives him the liberty to be creative and find solutions. I think that’s the role of the CEO — make sure your VPs have enough room to operate, get out of the way, and let them do their job,” says Laroche.

When Armstrong was first notified that he was selected as this year’s Security Director of the Year, his initial response was to accept on behalf of the airport rather than himself. Armstrong works with a team of 32 full-time employees including security and emergency staff, the airport’s fire service and police detachment, as well as a canine unit (which recently beat out 20 other police and corrections units to win the Canadian Law Enforcement Detection Dog Championships). He also oversees the airport’s security contractor, Paladin Security, and maintains relationships with Ottawa Police, firefighters, the airport’s parking services, its taxi contractor, as

well as numerous stakeholders including CATSA, the CBSA, U.S. Customs, and others.

Armstrong was recently responsible for sending Paladin Security station manager Don Rolland on a Disney Quality Service Program, often considered the gold standard for customer service training. For Armstrong, the goal is two-fold: yes, improve customer service and imbue that throughout the organization, but also take advantage of the security implications. A security team that is fully engaged with the airport’s customers is also more informed.

“A lot of people’s first contact is going to be with the Paladin Security team,” says Armstrong. “We want them to focus on the customer service aspect, because when you’re engaged with somebody and you’re talking to them, you can detect anomalies a lot better than you can staring at them from a distance with a walkie-talkie in your hand.”

Next up? Armstrong is working on a drone detection program.

“There’s a lot of moving pieces here and it never sleeps. It’s a very busy place. I knew it was complex, but I didn’t know it was that complex,” he says. “It’s probably the busiest job I’ve ever had, but it’s also the most rewarding. It’s a place where you can actually see the tangible results of the team’s efforts and that’s important.”

We help preventing fire damage to protect your business and your employees

Specialized fire prevention and safety services to help protect your people and assets, regardless of your industry.

Drawing from GardaWorld’s in-house expertise as Canada’s leading security provider, our teams assess safety risks within your property and build a service offering that prevents them from occuring in the short and the long term.

Keep your operations uninterrupted, your people unharmed and your assets intact!

GardaWorld’s national control centre operates 24 hours a day, 7 days a week, all year and is supported by four control centres. Operators constantly monitor clients sites and employees on the field to assist both and coordinate fast emergency responses. Our fire prevention and safety services include:

■ Development of Fire Safety Plans

■ Inspection services

■ Evacuation procedures and practices

■ Rescues in altitude and confined spaces

■ Fire safety awareness trainings

■ Audits and security risk assessments

■ Industrial firemen

Contact us for more information

1 855 GO GARDA (464 2732) go.garda.com/fire-safety

When work goes home

Securing digital assets becomes a challenge when information leaves the office

By Michael Murphy

The traditional work day used to follow a three-part routine: commute to work, work in the physical office, commute home.

Now, with less structure and more tools at their disposal, employees find themselves working in new and more innovative ways. The digital workplace has become a revolution and companies need to adapt to thrive. This means investing in the right technology, establishing the right policies and security plans and overhauling the business culture. Mobile technology, when implemented correctly, enables employees to access corporate data remotely, securely and accessibly, so they can work on their own time, in a convenient location, on their preferred device.

And, with employers realizing the benefits of mobile work, such as increased productivity, reduced stress and lower costs, flexibility and accommodation are on their way to becoming a staple — and soon an expectation — of the modern workplace.

Oxford Economics recently worked with Citrix on a global study to evaluate how mobile technology is changing approaches to work, and how business leaders are integrating mobile technology and digital work into their strategies.

Globally, almost one quarter of executives surveyed responded that at least 20 per cent of the workforce is remote most of the time, and another

70 per cent said a similar number of employees are remote at least some of the time. Importantly, 48 per cent of executives say they will let workers set their own hours as long as the job gets done.

The study also found that Canadian companies in particular are leaders in the transition to digital work. Seventyfive per cent of Canadian organizations surveyed make data securely available to all users, compared to 59 per cent globally, and 77 per cent provide training to all employees for tools, software and services. And, it’s expected that more progress will be made over the next three years.

At the same time, a mere 20 per cent of Canadian companies have a cohesive and integrated mobile strategy in place today.

While digital workplaces improve employee productivity and performance, research shows that many companies have not invested enough in technology, digital policies and procedures or their business culture to be effective digital workplace leaders.

So, what would an effective digital strategy look like? When it comes to implementing a digital work strategy, security needs to be very high up, if not at the top of, the corporate priority list. As with all technological advancements, new innovations breed new threats, and corporations must evaluate their approach to security and continue to evolve their strategies to prevent a potential breach.

Specifically, with cyber threats a reality of the digital landscape, the time to make security a priority is now.

First, companies must understand that security should not be perceived as an inconvenience or an expense. In fact, it can be a driver of business value and a company’s biggest selling point.

Adjusting company culture, policies and work procedures to meet the security demands of the new digital workforce requires intertwining security into all aspects of the company’s fabric and all end points — regardless of whether an employee is present in the office, or a thousand miles way. Ultimately, this will ensure security holds a meaningful spot in

the corporate culture.

Second, a fulsome digital security strategy must be both proactive and comprehensive, and requires collaboration from IT, the HR department and C-suite executives.

A comprehensive approach to security requires a communication plan to make sure all employees are updated on security protocols and that security training is available regarding the sensitivity of corporate intellectual property. It means updating policies and procedures to secure mobile technology, an overall risk strategy to account for mobile workers and virtual workspaces and a process for effectively managing the use and security of employee-owned devices.

The human factor plays a significant role in protecting company data, through threats such as social engineering, phishing and spear-

phishing, so leaders must make security a commitment that all employees are responsible for upholding. By enforcing security best practices in a top-down manner, with C-suite executives leading the charge, employees will recognize the importance of protecting corporate data.

These virtualized workspaces can be quickly patched and don’t run the risk of being infected from a virus on employeeowned hardware.

“[Security] can be a driver of business value and a company’s biggest selling point.”

Finally, companies must ensure they are minimizing the opportunity for a breach in the first place. For example, through desktop virtualization, employees — remote or on-site — can access their work desktop through a centralized, secure data centre. With virtualization, IT can isolate threats, and speedily repair a system hit by malware without losing important data.

This holistic approach allows companies to take on growing cybersecurity threats, while also ensuring they are prepared for future challenges.

With an increasingly nimble workforce, encouraged by new apps and devices entering the market at an increasingly rapid rate, companies must make security a top priority to reap the full benefits of what the digital workplace has to offer.

Michael Murphy is vice-president and country manager of Citrix Canada (www.citrix.com)

By Derek Knights

UNPACKING THE THREE BOXES

TThe Three Box Solution

By Vijay Govindarajan Harvard Business Review Press

ISBN: 9781633690141

hree is a very significant number. Third time lucky; triple crown; the triangle (very stable); three’s company; three’s a crowd; or three on a match — a battlefield superstition that the first cigarette lit on a match alerted an enemy sniper, the second was for aiming, and the third for the shot. Three has good and bad connotations.

“The Three Box Solution,” a new business book from the Harvard Business Review Press by Vijay Govindarajan (VG, the dust jacket calls him) touches on both connotations but not necessarily intentionally. VG’s boxes are the present, managing your business at peak profitability (Box 1); the past, dumping practices and attitudes that inhibit innovation (Box 2); and the future, breakthrough ideas for new products or businesses (Box 3).

controlling change. In “Future Shock” (1970), author Alvin Toffler called change “the process by which the future invades our lives, and it is important to look at it [...] from the point of the living, breathing individuals who experience it.” Toffler spoke of change coming at us and VG speaks of us going and getting it.

“The book is about determining and controlling change.”

He takes us through his definitions of the three boxes and how they interact, writing in an easy-to-read-and-understand style. He defines each box through a series of case studies featuring both well-known and lesser-known companies. And while he discusses each box through the book, he wants the reader to focus on Box 3. Times are changing and your business must change with it, so you must embrace Box 3. Box 2 exists mainly as something to do to get to Box 3 and Box 1 is how you pay for it all.

The book is about determining and

A good plan. VG does a good job of explaining how and why companies need to read the landscape, and he describes the threebox program in a compelling manner. Where this breaks down is with the case studies. The experience became less compelling than the theory.

Keurig Coffee was one case study, but it seemed less about change as creating a new industry. Another was a heavy-equipment rental company. Both were interesting, if not inspiring.

My favourite was the story of Hasbro, the toy and games company. Board games and traditional toys appeared to be losing market share to competitors’ higher-tech products. Hasbro had an epiphany. It owned the rights to both toys and high-tech in its “Transformers” toy line. It showed longevity and adaptability, having been

a cartoon series as well.

Pushed by market forces and inspired, I expect, by Disney’s “Pirates of the Caribbean” success, it branched into the Transformers movies — a $4.3-billion revenue generator in its own right, and a series of $150-million commercials for its merchandise.

It’s an interesting story and a good sales pitch for the “Three Box Solution.” The others don’t hold up as well, such as the one about a U.S.-based megachurch. Perhaps something like an analysis of Apple and Steve Jobs, who appears to have been so innovative that the three boxes would have probably been running to catch up to him, would have been better.

Don’t get me wrong. I’m not maligning the book; I think it’s good and it’s an important read — particularly for the security industry, which really needs to start demonstrating it is agile enough to meet the future.

But business books are like diet books; there are so many and all have good suggestions and airy-fairy bits. You won’t go wrong with this one, but it’s not magic — you will need to work hard at it.

Derek Knights, CPP, CISSP, CFE CIPP/C, PCI, is the senior manager, strategic initiatives, global security and investigations, at the TD Bank Group (www.tdbank.com).

Addressable speakers

SIMPLEX

TrueAlert ES Addressable Speaker Technology includes addressable speakers with individual on-off audio control for each device. The speakers have the capability to deliver audio messages to specifically targeted areas within a building, allowing the fire alarm panel to be programmed and select exactly which speakers are used – and what message is played on them – during an emergency. Like the entire SIMPLEX TrueAlert ES family of notification appliances, the speakers provide appliance self-testing capability that takes only seconds to complete, as well as advanced programming and reporting features. www.tycosimplexgrinnell.com

Patient watch system

G4S

G4S Virtual Patient Watch raises an alarm the instant a patient either attempts to get out of bed, or begins demonstrating escalating behaviour requiring immediate medical attention. G4S Virtual Patient Watch has a wide range of potential security and safety applications in a health-care setting, including the provision of enhanced monitoring and security of patients suffering from psychiatric illnesses or chronic conditions such as dementia. Central to the system is a high-resolution bedside camera with infra-red capability that allows it to function in the semi-dark of night time units. The camera senses the movement of a patient who is preparing to get out of bed or who is escalating in behaviour, triggering an alarm to alert security or medical staff. www.g4s.com

Emergency communication OS Code Blue

EmerComm brings intelligence to the edge by giving emergency phones and other communication devices the capabilities of a full computer. This means creating a system that views its platform as an agnostic system of sensors and indicators, with phone functionality just one of the many layers it is capable of managing. Using this new operating system, Code Blue will be able to offer new products that provide a wide range of applications and functionality. EmerComm will be available in select models beginning this summer, with a larger rollout coming in 2018. www.codeblue.com

AD INDEX

Anixter 9 www.anixter.ca/security

Avigilon 24 www.avigilon.com

CANASA 7 www.securitycanadaexpo.com

Commissionaires 2 www.commissionaires.ca

Focus On Health Care 11 www.focusonseries.ca

G4S 23 www.g4s.ca

IP call station

Talkaphone

The Via Series Access and Courtesy Communication Pedestal includes a VOIP200 series IP call station and has optional card reader and push plate switch accessories. To add an additional security measure, customers can choose a card reader with a keypad. When used in access installation the included blue LED light band will change to green when the door is activated through the call station. The included VOIP-200 series call stations are constructed of IP66-rated, vandal resistant marine grade stainless steel. The call station can include an ONVIF-compliant, wide angle IP camera and can read ‘Call’ or ‘Help’ in a variety of languages. The Via can be linked with the AVM-1 IP Video Attendant Station. With the ability to connect up to 30 VOIP-200 call stations, the AVM-1 can monitor and regulate entry points and parking gates.

www.talkaphone.com

Fire/CO detector Mircom Group

The MIX-COSAP Intelligent Multi-criteria Fire/CO Detector combines four sensing elements in one unit to provide both fire and carbon monoxide detection. The MIX-COSAP is used in conjunction with the APB200 Series intelligent sounder bases which can generate either a Temporal 3 pattern for fire or a Temporal 4 pattern for CO alarm indication. The APB200LF intelligent sounder base produces the 520 Hz low frequency tone designed to meet the NFPA 72 sleeping space requirement. Both the MIX-COSAP and APB200 sounder bases are dedicated Advanced Protocol (AP) devices compatible with Mircom’s FleX-Net Series Intelligent Fire Alarm Control Units with firmware version 12.X.X or higher, operating in AP mode. www.mircom.com

Notification appliances

Eaton

Eaton introduces its new line of Wheelock Exceder LED3 notification appliances, compliant with the latest National Fire Protection Association (NFPA) code requirements for flash duration. The Wheelock Exceder LED3 line includes strobes, horn strobes, horns, speakers, speaker strobes, low frequency sounder strobes, and sounders for ceiling and wall-mount indoor applications. The line has been UL/ULC listed as compatible with all fire alarm control panels and accessories determined to be compatible with Wheelock RSS strobe-based products. www.eaton.com

Garda 17 www.garda.com/ps

Genetec 13 www.genetec.com

GTAA/Festi 20 www.festi.ca

Hikvision 16 www.hikvision.com

Securitas 19 www.securitas.ca

INTEGRATE

Everything you need to stay secure. G4S brings innovation to the forefront to help you leave risk behind. We can assess, equip, integrate and staff an end-to-end solution to secure your people, property and assets. It’s physical security for your company and emotional peace of mind for your people, all created by the integration of our unique products. To learn more about G4S Integrated Security Solutions, please visit www.g4s.ca or call 1-888-717-4447.

Protect what’s most valuable

The new Avigilon H4 Fisheye camera line offers a complete, high-resolution, 360-degree panoramic view with no blind spots. This cost-effective, easy-toinstall solution is designed to provide broad coverage with fewer cameras.

• Available in 6 and 12 megapixel resolutions

• High Definition Stream Management (HDSM)™ technology

• 360o control with Avigilon Control Center (ACC) software

• LightCatcher™ low-light technology

• Integrated with content adaptive IR technology

Learn more at avigilon.com/H4Fisheye