CS - Spring 2023

By Neil Sutton

Building security communities

The Canadian Security Top 10 Under 40 program, now in its fifth year, was created to acknowledge some of security’s up-and-coming leaders, but it’s also a great way to benchmark how quickly (and effectively) the industry is adapting to change and evolving.

You can read about each of the 2023 Top 10 recipients in this issue as they share personal stories, professional victories and future ambitions.

There is a palpable sense of pride in their words and a recognition that while the bedrock of security might be protection, new levels of service are being built on top of that foundation.

Within the Top 10’s responses are some telling phrases such as partnership, empathy, gratitude, respect, community, guidance, networking, mentorship and collaboration.

T hey also offer practical advice regarding some of the major issues in front of security right now, such as customer service; the role of AI; technology convergence; the provision of effective training; recruitment and retention; and the value of Diversity, Equity and Inclusion.

S everal respondents also highlighted the importance of acknowledging the vital contri-

butions of frontline security.

E mployers looking to hire talent should take note of the Top 10’s observations, as should anyone looking for process improvement within their own organizations.

“While the bedrock of security might be protection, new levels of service are being built on top of that foundation.”

Whether you’re a newcomer to the industry or you can remember carrying a pager, I think you will find some points of interest. I’m grateful to the Top 10 for sharing their thoughts and wish them continued success on their career journeys.

This issue of Canadian Security is also a celebration of sorts for another group of security professionals — the membership of ASIS Canada.

This is definitely a banner year for the Canadian arm of ASIS International. Noted Canadian security professional

Tim McCreight began his term as the organization’s president this year.

McCreight is well known to readers of this magazine through his regular column, Risk Perspective, and is a widely respected member of the

EDITORIAL ADVISORY BOARD

Martin Deslauriers: Providis Services Conseils

Agnes Pienio-Ganthier: Amazon Canada

Ken Doige: ESRM Solutions

Roxanne Krause: CN Tower

Danielle Weddepohl: Sheridan College

Rowan Hamilton: Commissionaires Great Lakes

security community.

I had a chance to chat with him recently as he began his term as president . We discussed everything from volunteering for associations to the importance of work-life balance. You can hear our conversation, which is available as a “Security Leaders” podcast episode, at canadiansecuritymag.com/podcasts.

ASIS Canada is also offering not one but three conferences this spring across the country, with engagements coming to Toronto, Vancouver and Edmonton.

T he latter, scheduled for April 19-20, is a particularly auspicious occasion since it marks the 40th anniversary of the establishment of the Edmonton chapter — the first Canadian chapter of ASIS International. (There are now 11 chapters across the country.)

If you are able to attend any of these events, they are sure to offer a full slate of education and networking. Event details are available via ASIS Update on p.6 of this issue.

Whether you are a member of this year’s Top 10 or part of a global community through ASIS, the security industry offers many opportunities for engagement. | CS

Spring 2023

Vol. 45, No.1 canadiansecuritymag.com

READER SERVICE

Print and digital subscription inquiries or changes, please contact Shawn Arul, Audience Development Manager Tel: (416) 510-5181 Fax: (416) 510-6875

Email: sarul@annexbusinessmedia.com

Mail: 111 Gordon Baker Rd., Suite 400, Toronto, ON M2H 3R1

EDITOR

Neil Sutton

nsutton@annexbusinessmedia.com

GROUP PUBLISHER

Paul Grossinger pgrossinger@annexbusinessmedia.com

ASSOCIATE PUBLISHER Jason Hill jhill@annexbusinessmedia.com

MEDIA DESIGNER

Graham Jeffrey

ACCOUNT COORDINATOR Kim Rossiter krossiter@annexbusinessmedia.com

PRESIDENT/COO

Scott Jamieson sjamieson@annexbusinessmedia.com

Printed in Canada

I.S.S.N. 0709-3403

Publication Mail Agreement #40065710

SUBSCRIPTION RATES

Canada: 1 Year $43.00 + Taxes; U.S.A. (payable in CAD dollars): 1 Year $95.55; International (payable in CAD dollars): 1 Year $110.00

EDITORIAL AND SALES OFFICE

111 Gordon Baker Rd, Suite 400, Toronto, ON M2H 3R1 (416) 442-5600 • Fax (416) 442-2230 canadiansecuritymag.com

Canadian Security is published two times per year by Annex Business Media.

Annex Privacy Officer Privacy@annexbusinessmedia.com Tel: 800-668-2384

Canadian Security is the key publication for professional security management in Canada, providing balanced editorial on issues relevant to end users across all industry sectors. Editorial content may, at times, be viewed as controversial but at all times serves to inform and educate readers on topics relevant to their individual and collective growth and interests.

The contents of Canadian Security are copyright by ©2023 Annex Publishing & Printing Inc. and may not be reproduced in whole or part without written consent. Annex Business Media disclaims any warranty as to the accuracy, completeness or currency of the contents of this publication and disclaims all liability in respect of the results of any action taken or not taken in reliance upon information in this publication

JEFF PENG

Vice President of Innovation and Transformation

ASIS Update

By Jody Reid

Let’s get together in 2023

ASIS Canada has an exciting year ahead! Chapters across the country are organizing exciting new events, attracting new members and engaging a growing number of volunteers.

T hree major events happening this spring are:

• Chapter 156 Edmonton/Northern Alberta: FORTIFY Conference, April 1920, 2023

• Chapter 193 Toronto: Best Practices Seminar, May 3, 2023

• Chapter 190 Canadian Pacific: The Future of Security Conference, May 25, 2023

2023 FORTIFY CONFERENCE: 40TH ANNIVERSARY CELEBRATION

T he Edmonton FORTIFY Conference kicks off the year as a celebration of the first chapter of ASIS in Canada! With a focus on celebrating past and future connections, the event continues in the tradition of connecting members and the raising professionalism in the industry.

Attendees will have the opportunity to celebrate and reconnect at the 40th Anniversary Reception, participate in two full days of education sessions, and visit the packed trade show floor. Earn up to 12 CPE credits.

With speakers on the agenda like ASIS International president Tim McCreight, CPP; past-president Dave Tyson, CPP; and 2022 Ron Minion-Canadian Security Pioneer Award winner Dr. Glen Kitteringham, CPP to name a few, the sessions are expected to be jam-packed with thought-provoking and conversation-starting lessons. Topics will include Enterprise Security Risk Management (ESRM); Cybercrime in 2023; and Staff Retention, Training and Career Progression, among many others. This conference has something for all security practitioners!

For registration, hotel and travel information , visit www.asisedmonton.com/ fortify-conference.

TORONTO BEST PRACTICES SEMINAR

ASIS Toronto Chapter’s 2023 Best Practices Seminar will return for the 27th year. The focus this year is on the post-pandemic: Digital Transformation, a new era in the security industry. With the physical security landscape evolving and violent crimes on the rise, security is a critical asset in society today.

S essions will include applying Crime Prevention Through Environmental Design (CPTED) principles with a different lens; the convergence of cybersecurity and physical security; the recruitment of talent; technological security advancements like artificial intelligence (AI), cloud applications, robotics and SaaS models; and an overarching focus on how to ensure diversity, equity and inclusion to help to drive these changes.

The schedule will be loaded with learning, networking opportunities and sponsor displays. This event is expected to sellout at the 200-seat capacity, in a new venue: the Arcadian Loft downtown Toronto.

Registration information can be found on the ASIS Toronto website: www.asistoronto.org

THE FUTURE OF SECURITY CONFERENCE

The Canadian Pacific Chapter in British Columbia is hosting a one-day symposium with the theme of The Future of Security. Opening the day with Tim McCreight, CPP and rounding out the morning sessions with vice-chair of the ASIS International North American Regional Board of Directors Mark Folmer, CPP, the day is packed full of star power!

The symposium will include engaging topics such as the use of data in decision-making ; industry certification and association support; the value of partnerships; leadership competency of the future; mental health and crisis response, and the convergence of IT and physical approaches to security.

With 100+ attendees expected, this is a great opportunity to reconnect with acquaintances and meet new contacts.

Watch for event registration at www. asis-canada.org/chapter-events. If you’re an ASIS member, look for details on the Head West Contest from your local chapter. Two lucky members will receive an expenses-paid trip to one of the ASIS events in Western Canada this spring. | CS

Trending

By Neil Sutton

Retail Council of Canada embarks on new cybercrime awareness venture

The Retail Council of Canada (RCC) recently launched a new cybercrime prevention campaign to provide educational resources for retailers and their employees, from frontline workers to IT security professionals.

The Retail CyberSecure initiative, which kicked off at the beginning of this year, was made possible through the support of the Ontario Ministry of the Solicitor General and includes partnerships with the RCMP and the Ontario Provincial Police, among other organizations.

The program, which will continue to roll out throughout the year, comprises a series of six webinars along with downloadable guides and e-learning modules.

The resources are offered for free to achieve maximum impact, said Rui Rodrigues, the RCC’s executive advisor for loss prevention and risk management.

The issue of cybercrime has become more acute for retailers, he said, as threats continue to ramp up. The pandemic also saw retailers become more reliant on online storefronts when in-store shopping was curtailed or temporarily restricted.

“Over the last few years, we’ve heard more and more from retail or-

ganizations about cyber,” said Rodrigues. “You can’t escape it.”

The CyberSecure initiative is “really focused on ways we could educate, provide awareness and share best practices,” added Rodrigues, “and doing it through various mediums.”

At press time, two of the six planned webinars are readily available on the RCC Retail CyberSecure resource website, focused on awareness training and current cyberthreats.

Webinars on threat action plans, defensive procedures, ransomware training and brute force attacks will follow in the coming months.

BATTLE ON TWO FRONTS

In some ways, loss prevention specialists are waging a battle on two fronts: the threat of shoplifting in brick-and-mortar retail locations and the ever-present spectre of cybercrime in the digital realm.

In both cases, education and awareness are key, said Rodrigues, along with collaboration with government and likeminded organizations to get the word out.

Rodrigues and the RCC recently provided their support to a Toronto Crime Stoppers campaign which raises awareness of the growing impact of organized retail crime. | CS

Coming Events

APRIL 26, 2023

Security Canada East Laval, Que. www.securitycanada.com

MAY 1-3, 2023

IAHSS Annual Conference & Exhibition Nashville, Tenn. www.iahss.org

MAY 3, 2023

ASIS Toronto Best Practices Toronto, Ont. www.asistoronto.org

MAY 17, 2023

Advance: Women in Security Online www.canadiansecuritymag.com

MAY 25, 2023

“Over

the last few years, we’ve heard more and more from retail organizations about cyber.”

— Rui Rodrigues, RCC

ASIS Canadian Pacific: The future of security Vancouver, B.C. www.asis-canada.org

JUNE 14, 2023

Security Canada West Richmond, B.C. www.securitycanada.com

JUNE 24-27, 2023

BOMA International Conference & Expo Kansas City, Mo. www.boma.org

JUNE 27-30, 2023

IACLEA Annual Conference & Exposition Orlando, Fla. www.iaclea.org

JULY 10, 2023

IAHSS Ont. Chapter Golf Challenge Gormley, Ont. www.iahss.org

SEPTEMBER 11-13, 2023

GSX Dallas, Tex. www.gsx.org

OCTOBER 25-26, 2023

Security Canada Central Toronto, Ont. www.securitycanada.com

By Kevin Magee

The CISO reporting structure

As cybersecurity threats continue to evolve and become more complex, it is essential for organizations to have a strong cybersecurity strategy in place.

This strategy includes having a chief information security officer (CISO) who can manage and mitigate the organization’s cybersecurity risks. However, deciding who the CISO should report to can be a challenging decision for executive business leaders.

So, what is the answer? As with most things related to cybersecurity, “it depends.” There really is no one-size-fitsall answer to this question. However, there are a number of considerations that should be taken into account to ensure the success of both the organization and the CISO.

The first consideration when deciding who the CISO should report to is aligning this decision with the company’s overall strategy, cybersecurity organizational maturity, as well as industry and specific business context.

If the organization is focused on stability, has a low risk tolerance and has low cybersecurity maturity, then the CISO could effectively report to the chief financial officer (CFO). In these organizations, the CISO function is often rolled into the responsibility of the CIO, who plays a dual role.

This structure would ensure that cybersecurity risks are managed cost-effectively as part of the organization’s overall risk

“Deciding who the CISO should report to can be a challenging decision for executive business leaders.” Kevin

management framework, assuming one exists. However, the unintended consequence of this structure could be that cybersecurity is viewed as an IT function rather than a business function, resulting in silos of communication, inadequate resource allocation and increased potential for vulnerabilities to emerge for attackers to exploit across the organization and its infrastructure.

If the organization is focused on a moderate program of digital transformation and innovation and has a medium to high level of cybersecurity maturity, then it may make better sense to have the CISO report to the CIO.

This structure can ensure that cybersecurity is integrated into the organization’s technology and business processes. However, it may also create a conflict between the priorities of the CIO, which could include cost reduction or improving user experience, and the CISO as security becomes an expense item that also creates friction to user experience and adoption.

If the organization is focused on extensive digital transformation and innovation and has a medium to high level of cybersecurity maturity, then reporting to a chief risk officer (CRO) or directly to the CEO makes the most sense. This structure en-

sures that cybersecurity is viewed as a business function and is integrated into the organization’s overall risk management framework. It also provides the best access for the CISO to the executive leadership team to inform business decisions and provide regular updates on the organization’s cybersecurity posture.

Another critical consideration for success, regardless of where the CISO reports, is the level of authority vested in the role and the degree of assigned people and resources under the CISO’s direct control. The higher the CISO’s position in the organizational hierarchy, and the greater accountability they carry, the more critical it is to match their responsibilities with an appropriate level of authority to manage and mitigate cybersecurity risks. This includes decision-making power over budget, staffing and technology investments.

Determining who the CISO should report to is a crucial decision for executive business leaders that should be regularly evaluated, reviewed and adjusted as business operations and context change to ensure the appropriate level of accountability.

However, this decision must also involve empowering the CISO with adequate authority and resources that align with their level of accountability. Only when these considerations are taken together, can organizations ensure that they have the necessary resources and support to effectively manage and mitigate cybersecurity risks. | CS

Canada’s Security Industry Meets Here Canada’s Security Industry Meets Here

Laval, QC 26 avril 2023

Richmond, B.C. June 14, 2023

Central

Toronto, ON October 25 - 26, 2023 West

Risk Perspective

By Tim McCreight

Maturing to resilience

Over the past nine-plus years, I’ve been writing about using a risk-based approach to develop enterprise security programs.

The concepts of Enterprise Security Risk Management (ESRM) are more commonplace, and organizations are embracing the philosophy that the security department is in place to enable the success of the business.

I’ve seen the introduction, reluctance, acceptance and now growth of ESRM across a variety of industries. Conferences now have tracks dedicated to risk-based security topics, and ASIS recently released its 2022 State of Security Management, highlighting that ESRM is alive and well across the security profession.

This year, I’m honoured to be the president of ASIS, and I’m grateful to see the growth and acceptance of ESRM and the concept of assessing risks facing an organization. ASIS published its ESRM Guideline in 2019, creating a common understanding and foundational approach to designing and deploying a security program based on ESRM.

I’m happy to have played a part in some of the amazing growth of ESRM, and feel very proud to know many of the security luminaries who continue teaching and coaching other security professionals on the philosophy. As I look into 2023 and beyond, my sights are focused on the next level of maturity for security professionals — the concept of resilience.

The 2023 ASIS Europe conference focused on that as well and I’m fortunate to have attended as ASIS president.

I feel this is the natural evolution

of the security profession. We’ve gone from being siloed and dedicated to tasks, to considering converging departments, to now focusing on security risks facing our enterprise.

“The security department is in place to enable the success of the business.”

We’ve elevated the perception of security from “the department of no” to “how can I help?” Our presentations at the executive and board levels now routinely deliver security risks facing the organization — along with recommendations to remediate — and requesting our executives to make a business decision for a security risk. This is such amazing progress during a relatively short period of time...well, if you consider the length of my security career short!

Now I feel it’s time to look ahead once more and consider the concept of resilience. It’s incumbent on organizations to understand the concepts of resilience and how boards

and executives must now develop their own approach to weathering the next storm. Security organizations can play a critical role in helping their entities survive and thrive during the next crisis — and there are so many on the horizon.

We saw during the COVID pandemic how successful organizations were able to pivot and adapt to changing circumstances. Whether it was impacts to their supply chains or sending employees home, organizations reacted and grew during turbulent times. And they relied on their security departments to be part of those plans.

In future columns, I want to explore the concept of resilience and how security teams play a crucial role in helping their organizations continue to grow. I’m looking forward to taking this journey with you. I know we’ll all learn and grow along the way. | CS

WOMEN IN SECURITY

Industry View

By Winston Stewart

The changing role of security personnel

Is there a future for human guards in this age of multidirectional cameras, AI and advanced access control security systems? The answer is yes, but not with the same job duties or skillsets as in years gone by.

The security guard industry as we know it today was established in 1850 by Allan Pinkerton with the founding of his Chicago-based National Detective agency. A great deal has changed since then, particularly over the last decade.

With the rise of technology and automation, will we still need guards? In this article, we will explore the role of the guard in this tech-driven world, why human security guards are still important, and what type of training and special skills they will need to succeed in the future.

TECH-SAVVY SECURITY STAFF IN THE DIGITAL WORLD

The role of the security guard is changing fast. State-of-the-art IoT-driven devices and access control solutions have certainly made it easier to monitor and secure properties, but they have created new challenges. While making security more efficient and accurate, they have also made it a great deal more complex.

The physical guard of tomorrow will play a vital role in interpreting this avalanche of data in order to make informed decisions to safeguard people and property.

Traditionally, the security guard has been responsible for maintaining a secure environment by performing regular patrols, monitoring surveillance systems and responding to security incidents. In addition to these responsibilities, security

guards today must also be trained to use technology effectively. This upskilling and security guard training will be increasingly critical. Guards must be knowledgeable about the latest security systems, leading-edge software and access systems and be able to troubleshoot problems when they arise. Also, with the advent of the “smart building” where everything is technologically integrated, including security systems and HVAC, guards will need to have more advanced technology training beyond day-to-day systems.

WHY HUMAN SECURITY GUARDS ARE STILL IMPORTANT

Despite advances in technology, human guards will remain an essential part of the security mix. Technology, however advanced, will never be the full answer; it cannot replace the judgement, critical thinking and decision-making skills of a human sec-

“The guard of tomorrow will play a vital role in interpreting this avalanche of data.”

urity guard. In a security incident, the guard must be able to assess the situation and respond quickly and effectively, which is something that technology cannot do.

A FRIENDLY POINT OF CONTACT — AND FRONTLINE DEFENCE

Technology today can never replicate the personal interaction and customer service that a human security guard provides. The concierge in buildings is very much a security role that will remain important in the future.

As the first point of contact for customers, employees and visitors, they play a vital role in creating a safe and welcoming environment, which is so essential for businesses and organizations. They can provide a personal touch, offer assistance and provide reassurance to those in need, which technology cannot replicate. And of course technology can be

subject to hacking and malfunctions, which can compromise security. Human security guards provide an extra layer of protection and can respond to situations that technology cannot handle. They can also provide backup support in the event of a technology failure, ensuring the continued protection of people and property.

Here are a few of the “must-haves” for the successful security guard of the future:

1. Technology savvy: Technology is changing the way security guards perform their duties. Security guards are now expected to have a working knowledge of various security systems, such as surveillance cameras, access control systems, smart technologies and de -

“Upskilling and security guard training will be increasingly critical.”

vices, and the latest AI-driven alarm systems. They must be able to use these technologies to monitor, detect and respond to security incidents in real-time.

2 Focus on prevention: A proactive approach to preventing security incidents, rather than just responding to them, will be essential. For example, security guards can now use video analytics and facial recognition technology to monitor crowds and identify potential threats, helping to prevent incidents before they occur.

3 Customer-centric: A more customer-focused approach will be essential. Guards will continue to provide assistance and support to customers and employees in a range of areas, including acting as

customer service representatives, and helping customers and/or residents with directions, information assistance and more.

4 Focus on response to data-driven insights: With the rise of big data and analytics, security guards are expected to be trained in data analysis—and also on how to respond rapidly based on data insights. More informed guarding decisions and faster response to security incidents will be a future trend.

These are just a few examples of how the role of the security guard is changing in Canada. It is important to select security guards — or a security guard company — committed to upskilling and staying up-to-date with new technologies and trends. | CS

Embracing The Future

This year’s leaders tell us what they enjoy most about security and offer suggestions for continuous industry improvement

The fifth annual Canadian

Security Top 10 Under 40 includes young security professionals working in cybersecurity, health care, guarding, property management and more. This year’s recipients tell us what they enjoy most about their careers in security, suggest some changes that could further improve the profession, and offer guidance on mentorship, education and other areas that contribute to professional growth and success. Please join us in congratulating the 2023 winners.

What do you enjoy most about your security role?

First and foremost, I work with great people. They challenge me, support me and make me better. I’m also fortunate to have an exciting and diverse portfolio. I’m passionate about health-care security and partnering with social services in our community. I love working for an organization that has a continuous improvement mindset and supports community involvement efforts. Giving

back to the communities that we serve is an immeasurable gift.

How has the industry changed since you became a security professional and what further changes would you like to see?

I’ve seen some great changes in the industry in the last 10 years. As a community, we’ve learned that the “enforcer” security professional isn’t the most effective archetype. We are evolving, and investing in training, mentorships, education and development. It is benefiting not only the security professional but also the communities that we serve.

Outside of professional training, what has helped you the most in terms of skills development?

I’ve been blessed to have great mentors, namely Don Leschuk and Aidan West, who supported me with leadership opportunities early on and encouraged me to be motivated, innovative and empathetic. Securiguard has supported me earning my IAHSS (International Association for Healthcare Security and Safety) designations, and I’m now studying for my CHPA (Certified Healthcare Protection Administrator).

How can the security industry encourage more participation and market itself as a viable and thriving career?

I think the more that security leaders collaborate with partners who are looking for skilled, quality personnel — and are willing to meet halfway in terms of creating mean-

ingful opportunities — the more we solidify the security industry as a marketable career. Once candidates see a future in security, we can both retain and assist these individuals to grow and thrive in purposeful roles.

Peng, Vice-president, innovation & transformation, Paladin Group of Companies

What do you enjoy most about your security role?

My role gives me a lot of opportunity to follow my innate curiosity and desire to challenge the status quo. This makes every day exciting for me. I get to explore a wide variety of business and industry problems of various scales, which challenges me in a way that I really enjoy. While this can be difficult at times, I find it extremely rewarding and consistently worthwhile.

How has the industry changed since you became a security professional and what further changes would you like to see?

It’s been very encouraging to see the industry evolve in the last 14 years since I joined Paladin. Some examples include more training and accreditations to professionalize the industry, a greater emphasis on Diversity,

Equity and Inclusion; increased transparency and accountability to improve practices; and, of course, advancements in technology to create more effective, integrated security programs. For further changes, something that is always in the front of my mind is to continually find ways to make the work of our frontline team members safer, less stressful and more rewarding.

Outside of professional training, what has helped you the most in terms of skills development?

One aspect that has been invaluable for me in my journey is the mentorship opportunities that I’ve been given. I’ve been fortunate to have met and connected with some remarkable people within the industry, and I am extremely grateful that all of them were willing to share guidance and feedback to help me with my continued development. Something that I feel is special about Paladin and much of the industry is that there is a high level of respect and appreciation that exists between all levels of security professionals. This creates a strong sense of community and an environment where people are motivated to contribute.

How can the security industry encourage more participation and market itself as a viable and thriving career?

I think it starts with satisfying people’s basic physiological and safety needs. Two components of this are in creating safer work environments and the continued advocation for frontline team members to earn a fair living wage. Once achieved, organizations will have a better opportunity to attract, retain and develop quality talent through such initiatives as enhanced education, training and embracing Diversity, Equity and Inclusion. Another element is if we can continue to explore new opportunities through process improvement and leveraging technology to reduce the amount of mundane activities that a security officer must perform, such as equipment audits and basic anomaly detection. While the above is not inclusive, it represents some areas I feel are productive to improving the value proposition and al-

lowing prospective entrants to envision themselves thriving in a career in security.

Dave Pym, Manager, occupational health, safety and security, Quinte Health

What do you enjoy most about your security role?

Security and emergency management have an integral role in health care. The interactions I have with patients and their families, colleagues, community partners and others is very satisfying.

How has the industry changed since you became a security professional and what further changes would you like to see?

Within health-care security, I see a focused approach to simulation and cross-disciplinary training. Clinical and security training together is a critical step to help reduce workplace violence and assist with life safety initiatives, fire code enforcement and more. There seems to be a growing interest in these types of opportunities on the clinical side. With further awareness, I think it would go a long way in re-enforcing the expertise that exists in our industry. With this also comes an increased accountability of competency within our industry. A top priority for hospitals when selecting security services is ensuring uniformed security are competent and trained in up-to-date programs.

Outside of professional training, what has helped you the most in terms of skills development?

Becoming an instructor in various programs and the relationships that come with that has really helped me grow as an individual and professional. Also, networking outside the industry and becoming more versed on what

our health-care and first responder colleagues are doing has enabled me to reflect on my career goals and education path. I am fortunate to have close ties with our local fire, paramedic and policing community partners. I value their guidance and mentorship.

How can the security industry encourage more participation and market itself as a viable and thriving career?

I think promoting the industry as a stepping stone to policing sends the wrong message to people who might be looking at our industry. The first step is showcasing the variety of security career verticals such as health care, technology, residential and government. It will emphasize opportunity and growth, making the industry more attractive. Highlighting the ties to law enforcement, sales, business and technology, and the mentorship that goes with it, will attract potential recruits too. Employers will want to invest in these individuals.

What do you enjoy most about your security role?

With a customer-centric approach, I enjoy being able to keep people safe and secure in their environment. It is incredibly rewarding to be able to protect people from potential threats and to be able to respond quickly to incidents/crises as they may arise. I particularly enjoy being a people leader, navigating through ambiguity and the feeling of satisfaction when I am able to successfully identify and mitigate security risks. I also enjoy the opportunity to collaborate with other professionals — both internally and externally — to develop creative solutions to security challenges.

How has the industry changed since you became a security professional and what further changes would you like to see?

The biggest change has been the move from physical to network security. This has been driven by the increased use of technology and cloud-based services, and the increased adoption of forward-thinking risk mitigation. Going forward, I would like to see the industry focus more on automation through artificial intelligence and the development of tools and technologies to better protect people, products and data services. I would also like to see more collaboration between organizations and their vendors, fostering development in the security space. Finally, I would like to see more awareness and education on security topics, ensuring the organization is better informed and prepared to respond to security incidents.

Outside of professional training, what has helped you the most in terms of skills development?

I have developed my skills extensively through several approaches. First, networking and mentorship aids in relationship-building which provides valuable opportunities for learning and skills development. Secondly, personal development has significantly impacted the growth of my professional competency by refining transferable skills such as communication, leadership, emotional intelligence and strategic thinking. Finally, adopting challenges and seeking feedback enabled me to overcome hurdles, ultimately building my confidence and elevating the learning curve.

How can the security industry encourage more participation and market itself as a viable and thriving career?

By driving Diversity, Equity and Inclusion, the industry can actively promote the recruitment of candidates from diverse backgrounds, creating a workplace culture that values different perspectives and experience. Secondly, the security industry can leverage technology to improve effi -

ciency, effectiveness and attractiveness to innovation. Examples of such systems can include AI-supported surveillance, access control systems and other cutting-edge technologies. Lastly, the industry can provide competitive compensation and benefits packages to attract and retain top talent.

What do you enjoy most about your security role?

I enjoy many things, but two stick out. The first is the constant reminder about how much knowledge is out there. The security industry is vast, and I try to learn from people who know far more about a topic than I do. The second is the opportunity to teach security to many students. Some of them have never encountered security before, and once they’ve taken a course on it, they decide it’s something they want to pursue full-time.

How has the industry changed since you became a security professional, and what further changes would you like to see?

During my time in the industry, I’ve seen security become less of a technology problem to be solved by system administrators and more of a business problem that everyone plays a role in solving. Security is no longer what the security team does but something of which all groups are now a part. I want to see this trend continue and more teams learn their specific role and why it’s essential.

Outside of professional training, what has helped you the most in terms of skills development?

I have had many fantastic mentors throughout my career. These mentors taught me important aspects of success, such as how to

do certain things the right way, navigate organizational politics and deal with conflict. Given our industry’s stress, they have also been accommodating with time off and relaxation. Most importantly, they have spoken openly and honestly about their successes and failures. All of these skills have proven to be incredibly valuable.

How can the security industry encourage more participation and market itself as a viable and thriving career?

The industry needs to be better at lowering the barriers to entry. For example, many post-secondary cybersecurity programs require a multi-year technical diploma in IT or a four-year undergraduate degree. These prerequisites make it incredibly difficult for someone out of high school or looking to change careers to enroll directly in accredited cybersecurity programs. Ironically, the individuals creating the courses or advising on their content may not have those prerequisites either.

L ikewise, cybersecurity certifications may cost thousands of dollars and are generally out of reach for younger individuals. We would reach a much broader and diverse audience if we started offering affordable, entry-level cybersecurity programs containing foundation technology courses. As for cybersecurity as a career, it’s the perfect mix of specialization, highly in demand and can be applied anywhere in the world.

What do you enjoy most about your security role?

I particularly enjoy collaborating with our customers and working alongside a large team of security professionals across the country. Each day presents an unexpected

challenge, however each challenge offers us an opportunity to grow and better ourselves. Teamwork and partnerships, both internally and externally, are critical to the success of an effective security program.

I furthermore enjoy the continued education programs available within the industry. I have personally invested time to participate in many training curriculums. I am excited and eager to continue to advance my professional educational growth.

How has the industry changed since you became a security professional and what further changes would you like to see?

I have been a part of the security industry for approximately 10 years and have seen many changes during this past decade. COVID-19, in particular, increased physical security demand while staffing levels began to decline. I am proud our organization was able to

navigate and successfully support physical guard deployment while also maintaining the health and safety of our security professionals and customers.

Technology has played a critical role in automating and streamlining our procedures during the pandemic. I look forward to further technological developments within the security industry to better service the needs of our customers.

Outside of professional training, what has helped you the most in terms of skills development?

Working and collaborating with colleagues around the country has assisted me in my journey of professional development. As unique challenges surfaced, we worked together as a team and approached each situation with confidence.

My mentors throughout the years have always empowered me to make decisions,

cultivating an environment that allowed me to develop my skills. I am very grateful and would like to sincerely thank my mentors who have both directly and indirectly provided support and guidance. Lastly, the security industry services a wide variety of professional sectors. I have had the opportunity to learn about the unique security requirements specific to my customers’ organizations. It has challenged me to customize our approach to support their overall security program.

How can the security industry encourage more participation and market itself as a viable and thriving career?

The security industry often does not get the recognition it deserves, and success can go unnoticed. In recent years, heightened efforts have been put into recognition initiatives to help emphasize our successes. I have been fortunate throughout my career

to have had amazing mentors who recognized and highlighted my work ethic and accomplishments. Recognizing and acknowledging the hard work and dedication of individuals is an initiative we should all incorporate within our leadership responsibilities to encourage added participation within the security industry.

Cadisha Miceli, Acting senior security coordinator, corporate real estate management, corporate security, City of Toronto 35

What do you enjoy most about your security role?

I love that my journey in the security industry is continuously changing and evolving. Fresh out of Police Foundations, I became security guard at Ontario Place, where I directed traffic and searched for missing children! Following that, I worked security courtside for the Toronto Raptors. Now, years later, I am responsible for a vast array of city real estate, including everything from the Association of Community Centres to the Board of Management Facilities. This also includes the Jack Layton Ferry Terminal, where over a million passengers travel annually to-andfrom Toronto Island.

Staff development is an important part of my job and something I enjoy as well. I have a hybrid security team, but still I try and learn everyone’s name, animal choice and their career goals. Try asking someone what animal best represents them! Not only will you get a good laugh, but also find out a little about their personality. If you are wondering, my answer is pitbull.

How has the industry changed since you became a security professional and what further changes would you like to see?

I’m happy to say that throughout my career, the industry has changed for the better. Integrity is paramount to brand reputation and

new technological developments have made way for enhanced accountability. Tactics and threats continue to evolve, so it’s incumbent on every security professional to keep up with the new technology.

Outside of professional training, what has helped you the most in terms of skills development?

Find the right people and you will flourish. Early in my career, I would go to professional development events on my own. Back then I had many anxious thoughts about going solo, but then I realized that many people were also at these events alone. If you aren’t sure about putting yourself out there, just go — eventually, you’ll find your tribe.

How can the security industry encourage more participation and market itself as a viable and thriving career?

Make sure you are on LinkedIn! It’s a great place to connect to many people. The younger generations are already on LinkedIn, including students looking for employment with career aspirations in their profile headlines. This is the best place to advertise job postings and showcase work cultures to attract the right talent.

, Manager, security and life safety,

How has the industry changed since you became a security professional and what further changes would you like to see?

When I first started in security, guarding was a stepping stone to police or other law enforcement fields. Today, the field of security has drastically changed. It is now being separated from law enforcement and growing into its own independent destination.

W hat would help the industry today would be to implement a change in frontline staffing requirements, such that they represent the different needs of security. For example, concierge versus a healthcare guard, versus a bank guard versus a tactical response guard, etc.

A tiered system would allow an individual to work with their own skills and competencies, while utilizing each person’s strengths. This would require a monetary adjustment between the different levels which would also increase staff retention in the industry as a whole, and benefit both in-house and third-party departments.

Outside of professional training, what has helped you the most in terms of skills development?

In terms of skill development, I’ve been privileged to spend time with some great leaders in the industry. Working with these mentors, I have been able to learn from their experiences and their own personal paths.

Working with organizations such as ASIS has helped me to grow tremendously. I’m currently pursuing my CPP designation which I hope to have by the end of the year. I will be aiming to obtain my PSP as well.

What do you enjoy most about your security role?

Throughout my career, I’ve been able to enjoy a variety of different verticals of security in many different locations. To me, the most enjoyable part of security is that there is no uniformity in day-to-day functions, and every day is unpredictable and different. The unpredictability of the job allows me to grow and to constantly be thinking and problem-solving.

How can the security industry encourage more participation and market itself as a viable and thriving career?

We have seen many changes/advances over the past few years, specifically throughout the COVID-19 pandemic.

It has been demonstrated that security is not a one-size-fits-all service industry, and there are many unique individuals that make security what it is today. It is important for organizations to know this and to encourage the use of subject matter experts.

Doherty, Security technical specialist, Microsoft Canada

What do you enjoy most about your security role?

Building trust and helping teams feel empowered. Nothing is more fulfilling to me than working with a team and having them feel confident in the solution we are progressing towards. There’s a privilege to getting to problem-solve and understand the risks and complexities organizations go through in terms of cybersecurity. Getting direct exposure and being able to approach that through the lens of creating a positive change in security teams is exciting. Another understated aspect of my role is the internal collaboration. Security is not a one-person job and it takes many talented individuals to lean on for expertise.

How has the industry changed since you became a security professional and what further changes would you like to see?

I officially joined this industry in 2020. The increase in malicious activity was terrifying, but there was excitement in the challenge. I want to see security vulnerabilities and risks being talked about at a business level. You can have as many security tools as you want but if policies and risks aren’t being understood from the top down, there’s a large disconnect that creates gaps and pockets for insider risk and mismanagement of security processes.

Outside of professional training, what has helped you the most in terms of skills development?

Mentorship, exposure and honest conversations. Mentorship showed me what was possible and how to overcome certain obstacles, like finding the areas that interest you most and tackling impostor syndrome

Competitive painting helped with understanding how to read a room. There’s a lot of difficult conversations in this field and understanding how to approach them in the moment is vital. Art Battle is a competitive painting exhibition where artists paint live for 20 minutes, competing against each other while a live crowd votes for their favourite piece. The key here is to understand what the crowd enjoys, create shock and tension, and then pull them in! These skills also apply to security storytelling.

How can the security industry encourage more participation and market itself as a viable and thriving career?

I truly believe we need to draw more young people in by highlighting the exciting and fulfilling parts of cybersecurity. Problem-solving and genuinely helping people, you quickly see the impact in this field.

Angelucci, Coordinator, security, parking & emergency response, West Park Healthcare Centre

What do you enjoy most about your security role?

As a security professional I find it rewarding to know that ultimately I am contributing to the safety and peace of mind of those I’ve been entrusted to protect. Allowing our health-care professionals to focus on the important job that they have at hand is something that gives me great comfort in the work that I deliver. I also find it a privilege to collaborate with people who share my passion, mindset and goal to provide the best security that is non-invasive yet provides optimal results.

How has the industry changed since you became a security professional and what further changes would you like to see?

The expectations of security professionals ha ve dramatically increased over the years from general duties to the inclusion of supporting other departments and programs. We also find ourselves in a world where cybersecurity is a growing threat and many have shifted their focus away from physical security as a result. I think the biggest challenge in health care is both the increase of violence and need for security to intervene in physical altercations. Health-care workers experience the highest level of workplace violence of all occupational groups.

S ecurity is historically known to be a reactive industry, as opposed to a proactive one, and this mentality needs to change throughout the industry. Investing in one’s security program while ensuring fair compensation for guards, given the level of risk they face, will result in less turnover, a higher calibre applicant, and a more secure environment

Outside of professional training, what has helped you the most in terms of skills development?

I’ve been fortunate in my 17-year career to have always found leaders and mentors who have seen the potential in me and confidence to provide me with additional responsibilities that helped me grow in the breadth of my experience, awareness and knowledge. Finding ways to be active and network has been a tremendous help in my career as well as participating in educational and young professionals events. I was also fortunate to have been introduced to the International Association for Healthcare Security & Safety early on in my career.

How can the security industry encourage more participation and market itself as a viable and thriving career?

I think we as leaders need to do more to help change the narrative when it comes to how people view jobs in the security industry. What was once meant to be a part-time job quickly advanced into a career when I was able to see the plethora of opportunities that existed. Like with any career, the effort you put in will determine your outcomes. | CS

LEARNING THE LANGUAGE OF FRAUD

Online fraudsters are constantly improving, making innovation and preparation a necessity for risk professionals

By Maryam Saeed

There is a quote, usually attributed to Albert Einstein, that says “in the midst of every crisis, lies great opportunity.”

O ver the past few years, as consumer adoption of remote work, digital payments and online shopping tools grew, fraudsters innovated, developing targeted social engineering practices to entice consumers to click on offers that are just too good to be true. This evolving threat landscape has created a perfect storm for fraud that continues to test the limits of existing anti-fraud measures in all jurisdictions.

Visa understands this, which is why over the past five years, we invested more than $10 billion in technology to reduce fraud and increase network security and hired over a thousand new specialists to protect our network from technology threats of all kinds. In the past 12 months, these efforts proactively blocked over $7.2 billion in fraudulent payments across 122 million transactions.

While Visa has had some success in blocking fraudulent payments, the extent of the problem remains shockingly high. Statistics compiled by Visa’s global anti-fraud

centre for the year ending Dec. 31, 2022, paint another picture:

• Total reports of fraud: 90,137 (down from 107,381 in 2021)

• Total victims of fraud: 56,352 (down from 68,087 in 2021)

• Total lost to fraud: US$530M (up from US$384M in 2021)

The total number of fraud reports did decrease slightly, but the total financial loss due to fraud grew by over 25 per cent — a wake-up call to show the situation is far from dwindling.

Visa’s recent fraud report, “The language of fraud,” highlights how criminals craft messages designed take advantage of consumer willingness to trust too-good-to-betrue texts and emails.

Working with researchers in the U.K., Visa commissioned a linguistic analysis that revealed how language is used by fraudsters in short messages.

The study found that the most enticing clickbait messages capitalize on consumer excitement, and fraudulently tout “winning,” “free giveaway” or “act now.” Among

Canadians, the study revealed that 59 per cent of Canadian consumers admit to typically responding to any type of scam phrases. Among the most common, positive news phrases (44 per cent), urgent phrases (38 per cent), and action required phrases (27 per cent) are among the top used to ensnare Canadians.

The numbers show that even the most tech-savvy consumers can be vulnerable to scams. While nearly half of the population are confident they can recognize a scam, 73 per cent are likely to miss the requisite red flags in digital communications; and over one-third (35 per cent) of Canadians admit to having fallen for a scam on one or more occasions.

It is unlikely that we will ever be able to stay one step ahead of the fraudsters, but we all have roles to play in trying to stay competitive with them. For Visa, that means investing in new tools and improving security measures, for example by expanding the use of artificial intelligence (AI).

One key feature of AI systems is the ability to scale and deal with exponentially increasing complexity. As AI is designed

around mimicking the human ability to interpret data by learning from experience, it is fundamentally more capable than any rules-based system.

Scale is the critical element. While humans and manual reviews are limited by available time, AI capabilities are only limited by the computational power assigned to the task. With the advent of cloud computing, this computational power is barely restricted.

AI-enabled fraud detection and prevention systems are becoming more prevalent. Rules-based systems are no longer capable of keeping pace with the rising tide of fraud. Vendors must differentiate their solutions as AI becomes increasingly common.

Financial institutions should deploy and encourage the use of existing and better anti-fraud tools, including multi-factor authentication and account-based alerts; and improved fraud strategies that factor in systematic criminal behaviour.

A s digital transformations continue

within organizations, and customer experience expectations continue to climb, focusing on risk management will not only help mitigate threats but build customer loyalty and improve business processes.

How do you start the process? Businesses need to identify and prioritize key digital transformation initiatives and the necessary risk management capabilities for each one. What changes are most important to your company? What extra risks are you assuming by not addressing them?

You cannot eliminate risk, but you can prepare for it through careful planning with manageable phases to ensure you can apply the proper protections at each step.

• Recognize that risk is constantly changing in response to market dynamics, so risk management cannot be static. Companies should not only manage present risks but also plan for potential risks on the horizon. Leverage data from risk management systems to inform and improve ongoing

Cadillac Fairview congratulates

Braeden Cockburn

Security & Life Safety Manager, CF Shops at Don Mills for being named one of Canadian Security’s Top 10 Under 40

Thank you for your unwavering commitment to public safety!

business and technology decisions.

• Bring risk functions to the technology and business decision-making tables. Risk management is more than a suite of technologies, it is a strategy to protect your greatest assets. Investing in technology can help automate and streamline risk and compliance, but it will not compensate for a lack of process. Start with a risk management strategy that aligns with strategic business goals, then select technologies to enable them.

Protection is Visa’s top priority. Our comprehensive approach to security relies on multiple layers of technology, analytics and security practices to help safeguard consumers, protect the payments system and reduce fraud.

Check-in regularly with anti-fraud professionals for the latest developments and how to respond to them. | CS

Product Focus

Surveillance & Analytics

VMS

Qognify

Qognify VMS 7.2 comes with extended support for body worn video, additional functionalities to support investigations, and a new web client architecture. In addition to supporting further video sources, Qognify VMS 7.2 offers new enterprise-class capabilities to simplify investigations and enhance privacy. Cameras, maps, and layouts can now be provided with logical labels and thus be grouped accordingly. As part of the release, Qognify now also provides cloud storage offerings designed for the specific requirements of video management. www.qognify.com

AI box for surveillance

IDIS

The NDAA-compliant DV-1304-A provides users with the benefits of AI-video through a 4-channel add-on box. This latest AI box from IDIS allows multiple analyses from just a single camera without any need for calibration. Pre-installed with the IDIS Deep Learning Engine, the box can connect to existing NVRs. Leveraging DirectIP plug-and-play technology, users can deploy additional boxes to expand their systems. Users can benefit from accurate analytics that can detect people and objects including cars and bikes, line crossing, loitering detection, and face detection, as well as faster event search. www.idisglobal.com

Outdoor cameras

Hikvision

Hikvision has introduced new ColorVu Motorized Varifocal Outdoor Cameras. These cameras enhance human and vehicle target classification with deep learning algorithms. Hikvision ColorVu technology provides colourful images using F1.0 advanced lenses and high-performance sensors. The new 4 MP ColorVu Motorized Varifocal Network Cameras are available in either a bullet (DS-2CD2647G2T-LZS) or dome (DS-2CD2747G2T-LZS) body style.

www.hikvision.com

Providing integrated security solutions across Canada with threat-risk assessments, guarding, mobile patrol, background screening, cybersecurity and more.