CS - Spring 2024

Integrated Security Solutions for the Logistics Industry

GardaWorld offers a comprehensive, multi-service security approach for logistics and warehousing facilities, providing a wide range of solutions to meet their unique challenges.

By Neil Sutton

The value of volunteering

Sometimes the most effective step you can take to boost your career or expand your industry knowledge is simply to show up.

We asked our 2024 Top 10 Under 40 recipients to offer advice for security industry newcomers and share some effective career-building techniques that have worked for them.

One of the most common responses is to pursue networking opportunities whenever and wherever they arise.

I know from personal experience how powerful networking can be. Every trade show, association meeting or seminar I attend is a gold mine of industry knowledge.

The conversations you strike up waiting in line to refill your coffee cup or in the five-minute transition period between the keynote speaker and the next presentation are some of the most valuable you can have.

The security industry is generally very effective at sharing information with trade media, but nothing can quite replace those one-on-one, in-person conversations.

In the business-casual environments that have become the stock-in-trade of expos and conferences, people are willing

to share their thoughts, tips and ideas. Every person at these events — whether they are a speaker, sponsor, exhibitor, attendee or organizer — is a valuable resource and they will likely look at you the same way.

“it’s worth devoting a few hours a month to industry participation outside of your normal routine.”

During the pandemic, I definitely felt hampered by the total absence of live events. There’s really no substitute for spontaneous conversation.

Several of our Top 10 Under 40 recipients (both this year and in previous years) volunteer for associations, which is also an effective way to engage with the security industry.

The communication skills you take away from particpating in committees and organizing association events are 100 per cent transferable to other aspects of working life.

Event planning and volunteerism also help to build camaraderie and establish new friendships.

As much as it put a stranglehold on live events, the pandemic also magnified the value of work-life balance. People quickly began to real-

EDITORIAL ADVISORY BOARD

Martin Deslauriers: Providis

Services Conseils

Agnes Pienio-Ganthier: Amazon

Canada

Ken Doige: ESRM Solutions

Roxanne Krause: CN Tower Danielle Weddepohl: Sheridan

Rowan Hamilton: Commissionaires

ize that limiting work-related travel and staying at home brought its own rewards, not the least of which is time.

It’s true that we all have a limited amount of free time at our disposal. But it’s worth devoting a few hours a month to industry participation outside of your normal routine. Anyone who’s done it will tell you it pays dividends both personally and professionally.

So sign up for an industry golf tournament, attend a seminar or drop by an association meeting after work. Believe me, they’ll be more than happy to see you. (For more information on upcoming ASIS Canada events near you, see p.6 for details.)

We at Canadian Security would like to offer our congratulations to this year’s Top 10 under 40 and thank them for sharing their career advice. Read more about their stories on p.14.

The Top 10 Under 40 program will return in 2025, so if there’s a co-worker or colleague you think should be included on the next list, please keep them in mind when we re-open nominations later this year. | CS

Spring 2024 Vol. 46, No. 1 canadiansecuritymag.com

READER SERVICE

Print and digital subscription inquiries or changes, please contact Shawn Arul, Audience Development Manager

Tel: (416) 510-5181

Fax: (416) 510-6875

Email: sarul@annexbusinessmedia.com

Mail: 111 Gordon Baker Rd., Suite 400, Toronto, ON M2H 3R1

EDITOR

Neil Sutton

nsutton@annexbusinessmedia.com

GROUP PUBLISHER

Paul Grossinger

pgrossinger@annexbusinessmedia.com

PUBLISHER Adam Szpakowski aszpakowski@annexbusinessmedia.com

ASSOCIATE PUBLISHER

Jason Hill

jhill@annexbusinessmedia.com

MEDIA DESIGNER

Graham Jeffrey

ACCOUNT COORDINATOR

Kim Rossiter krossiter@annexbusinessmedia.com

CEO Scott Jamieson sjamieson@annexbusinessmedia.com

Printed in Canada

I.S.S.N. 0709-3403

Publication Mail Agreement #40065710

SUBSCRIPTION RATES Canada: 1 Year $43.86 + Taxes; U.S.A. (payable in CAD dollars): 1 Year $97.41; International (payable in CAD dollars): 1 Year $112.20

EDITORIAL AND SALES OFFICE 111 Gordon Baker Rd, Suite 400, Toronto, ON M2H 3R1 (416) 442-5600 • Fax (416) 442-2230 canadiansecuritymag.com

Canadian Security is published two times per year by Annex Business Media. Annex Privacy Officer Privacy@annexbusinessmedia.com Tel: 800-668-2384

Canadian Security is the key publication for professional security management in Canada, providing balanced editorial on issues relevant to end users across all industry sectors. Editorial content may, at times, be viewed as controversial but at all times serves to inform and educate readers on topics relevant to their individual and collective growth and interests.

The contents of Canadian Security are copyright by ©2024 Annex Publishing & Printing Inc. and may not be reproduced in whole or part without written consent. Annex Business Media disclaims any warranty as to the accuracy, completeness or currency of the contents of this publication and disclaims all liability in respect of the results of any action taken or not taken in reliance upon information in this publication

DoorBird systems are not only renowned for their cutting-edge features but also for their sustainability and reliability, especially during harsh winter conditions. With a modular design approach, DoorBird ensures adaptability to various environments while prioritizing energy efficiency and durability.

By Jason Caissie

ASIS events happening across Canada this spring

Founded in 1955, ASIS International (www. asisonline.org) is a global community of security practitioners, each of whom has a role in the protection of assets: people, property and/or information.

R epresented in Canada by 11 chapters serving more than 2,000 individual members, there are over 100 Canadian volunteers who work to bring members and non-members alike access to local education and networking, and provide a vital connection to programs offered by ASIS International globally.

Each chapter runs their own calendar of events throughout the year – from lunch meetings to golf tournaments – and most have sub-committees dedicated to initiatives like Certification, Women in Security and NextGen.

You do not need to be an ASIS member to attend a chapter event, and many are hosting free virtual events, so take a look at our events page (www. asiscanada.ca/events/) and see if there is a chapter that is hosting something that might appeal to you.

For those ASIS members in Quebec, you may have noticed that we have merged the Montreal and Quebec City chapters into the new Province de Québec Chapter! This will allow for more consistent representation with the provincial government, and greater advocacy for French-language materials within ASIS.

“There are over 100 Canadian volunteers who work to bring access to local education and networking.”

S ome ASIS notable events coming up this spring include:

• April 9 – ASIS Province de Québec Chapter, Breakfast Meeting (www.asisquebec. com): Site tour at Radio-Canada.

• April 18 – ASIS Manitoba, Monthly Meeting (www. asiswinnipeg.ca): Presentation by the Manitoba Conservation Officer Service.

• April 18 – ASIS Southwestern Ontario, Monthly Meeting (www.asisswo.org): Details to be announced.

• April 24 – ASIS Toronto Chapter, Best Practices Seminar (www.asistoronto. org): A much-anticipated annual event with a fullday of learning; this year’s theme is Mitigation, Pro -

tection and Recovery.

• April 25 – ASIS Province de Québec Chapter, Soirée de la Relève (www.asisquebec. com): A wine and cheese event with the graduates of the University of Montreal’s Bachelor Degree in Security and Police Studies.

Of course, the crown jewel of ASIS Canada is Canada Night , a networking event hosted on the eve of the GSX conference each year in the United States.

This year, Canada Night will be on Sunday, Sept. 22 in Orlando, Fla. Visit the ASIS Canada website (www.asiscanada. ca) for more information and to get in touch about sponsoring Canada Night 2024!

And lastly, if you are an ASIS member and you have not taken advantage of the many new programs and initiatives offered by ASIS, I encourage you to login using your member credentials at www.asisonline.org.

You’ll find several new certificate programs on topics like ESRM and Facility Security Design, as well as free access (for members) to over a dozen standards and guidelines. You can also find information on the four ASIS certifications (APP, CPP, PCI and PSP) and connect with your peers globally in the subject matter communities on ASIS Connects.

I hope to see you at a future ASIS event in Canada, or at this year’s Canada Night in Orlando! | CS

Trending

By Neil Sutton

Securitas rolls out data centre certification globally to employees

Securitas recently announced the availability of a data centre certification for its employees, with plans to train more than 10,000 staff.

The training, which became available in February, complements the launch of Securitas’ Global Data Center Group in 2023.

Securitas staff who successfully complete the training — which focuses on physical access control, emergency response procedures, adherence to ethics and professional conduct — will be recognized as Certified Data Centre Security Professionals.

“Securitas’ certified data centre professionals will serve as vigilant eyes and ears, enhancing client safety by identifying hazards and improving working practices,” said the company in a press release when the training program was first introduced.

The certification is available globally, including to Securitas employees working in Canada.

Staff who currently work for one of Securitas’ data centre clients will be automatically enrolled in the program via the company’s learning management system and receive a notification that it is available to them. New Securitas employees working in data centres will take the training as part of their on-boarding process.

At the moment, the certification is internal to Securitas, but there are efforts

underway which would allow it to be recognized as a global industry standard.

Bert den Hartog, vice-president, global clients, Securitas, said the certification serves a dual purpose: to offer a higher level of service to the company’s data centre clients while providing valuable skills to Securitas staff and allowing them to gain a better understanding of how their role contributes to data centre security.

“Our officers will be security specialists in the data centre environment. Our specialists will be better prepared to provide security and safety service in a data centre and to continue with their professional development,” said den Hartog in an email interview with Canadian Security.

Securitas also plans to add more modules to the data centre training over time.

According to den Hartog, Securitas offers a broad range of training initiatives in addition to the data centre certification. Some training, which focuses on business ethics and values, is mandatory for Securitas employees.

These programs “make sure everyone in our company understands our core values, being integrity, helpfulness and vigilance, to make our world a safer place,” he said.

Other, more specialized programs vary depending on the client or industry.

“It has been proven that investment in people leads to better service and quality,” he added. | CS

Coming Events

APRIL 9-12, 2024

ISC West Las Vegas, Nev. www.iscwest.com

APRIL 24, 2024

Security Canada East Laval, Que. www.securitycanada.com

APRIL 24, 2024

ASIS Toronto Chapter Best Practices Toronto, Ont. www.asistoronto.org

APRIL 29-MAY 1, 2024

IAHSS Conference and Expo Orlando, Fla. www.iahss.org

MAY 15, 2024

Advance: Women in Security Online www.canadiansecuritymag.com

MAY 16, 2024

Security • Police • Fire Career Expo Vancouver, B.C. www.emergencyservicesexpo.ca

JUNE 19, 2024

Security Canada West Richmond, B.C. www.securitycanada.com

JUNE 24-27, 2024

IACLEA Annual Conference & Expo New Orleans, La. www.iaclea.org

JULY 13-16, 2024

BOMA International Conference & Expo Philadelphia, Pa. www.boma.org

SEPTEMBER 23-25, 2024 GSX Orlando, Fla. www.gsx.org

OCTOBER 23-24, 2024

Security Canada Central Toronto, Ont. www.securitycanada.com

OCTOBER 29, 2024

Security • Police • Fire Career Expo Edmonton, Alta. www.emergencyservicesexpo.ca

Window on Security

By Kevin Magee

In the director’s chair

In the ever-evolving landscape of cybersecurity, the stakes have never been higher.

N ew and emerging threats and threat-actors continue to loom large — opportunistically and intentionally targeting organizations, both public and private. This situation leaves many cybersecurity professionals feeling distressed and burnt-out and the leaders of organizations feeling overwhelmed and unequipped to effectively and securely lead.

Both groups share these feelings and challenges with me daily. A key aspect of my work is to encourage and facilitate their collaboration for more effective problem-solving, but it often seems to me that we need to do something more systemic and less transactional to really enable and empower change.

A few months ago, after I delivered a keynote on the importance of cyber-risk governance, an audience member asked a question that helped me identify the disconnection that creates so many of these challenges for us all. I had just discussed how strategic business decisions often create vulnerabilities that can be exploited throughout business processes and communications, which then rely on the tech stack to solve.

The question addressed this directly and resonated deeply: “If you could do something within your power to significantly improve the security posture for all Canadian organizations, what would you do?”

I thought about the enormity of the problem and how best to

systemically create positive change. My immediate response was: “I would help every cybersecurity professional in this room get appointed to a board of directors.”

Imagine the potential impact and profound transformative effect on Canada’s cybersecurity posture if we were to embark on a mission to appoint a cybersecurity professional to the boards of 100, 500, 1,000, or perhaps even every organization?

From local art galleries and

stand alone and apart — they are woven into the fabric of decision-making.

With a cybersecurity professional at the table, board members gain a deeper understanding of cyber threats, vulnerabilities and best practices. Simultaneously, cybersecurity professionals learn about business operations, financial considerations, and the delicate balance between risk and reward. This symbiotic relationship fosters informed deci -

“This symbiotic relationship fosters informed decisionmaking.”

museums to emerging startups, community colleges, major health-care systems, utilities, retailers, transportation, mining, manufacturing, and insurance firms, such an initiative would not only cultivate a security-centric mindset within the strategic decisions of these entities but also promote a mutual exchange of knowledge between cybersecurity experts and organizational leaders.

I have seen first-hand that when cybersecurity professionals take their seats at the boardroom table, they infuse strategic decisions with a security-centric mindset. No longer relegated to the IT report, cybersecurity becomes an integral part of organizational strategy. Risk assessments, incident response plans, and threat mitigation strategies are no longer afterthoughts or

sion-making and ensures that security considerations are not sacrificed for short-term gains.

As cybersecurity professionals gain governance experience, they can also ascend to more prominent boards. Their expertise can extend beyond firewalls and encryption protocols; they can become adept at navigating complex regulatory landscapes, managing stakeholder expectations, and aligning security initiatives with organizational goals. These newly seasoned cyber-risk governance professionals can then serve as champions, guiding organizations toward robust security practices.

Imagine a cybersecurity professional is appointed to the board of a regional utility company. Their insights lead to enhanced threat detection mechanisms, secure infrastructure upgrades, and proactive risk

management. As they gain ex perience, they move on to larger boards, perhaps a national retail er or a major health-care system. Simultaneously, fresh talent steps into their previous role, benefiting from mentorship and exposure to high-level deci sion-making.

Cumulatively and over time, this endeavour could markedly strengthen Canada’s defences against cyber-threats. Each boardroom appointment con tributes to a collective shield, a network of vigilant cybersecurity professionals working alongside their business leadership peers, safeguarding critical infra structure, sensitive data and cit izen privacy. As we bridge the gap between cybersecurity and governance, we help pave the way for a more secure Canada.

Stepping into a boardroom, even if just to present the quar terly CISO report, decisive opportunity to advocate for stronger cybersecurity rep resentation. It’s a chance to ele vate executive cyber-literacy and cyber-risk informed deci sions. The most effective pathway to mastering this advocacy is by gaining experience on a board yourself.

I am dedicated to empowering as many cybersecurity professionals as possible to transition from the technical confines of the server room to the strategic expanse of the boardroom. By each of us committing to encourage and mentor others on this journey, we can weave a network of success and resilience that stretches across Canada, one director’s seat at a time. | CS

Risk Perspective

By Tim McCreight

Adding resilience to ESRM

As we continue to recover from the global pandemic, there are security practitioners who are embracing a hybrid approach to protecting their organizations — bringing the concepts of Organizational Resilience (OR) into their Enterprise Security Risk Management (ESRM) based programs.

This is a relatively new approach to managing security risks, using a business focus and identifying opportunities to increase the overall resilience of an organization.

The hard-won lessons of those organizations that successfully navigated the pandemic are being revised, retooled and repurposed. Using ESRM as their foundation, a few security professionals I know are now incorporating the concepts of resilience into their programs — developing more robust procedures to ensure their organizations can continue to operate, regardless of the conditions they’re facing.

It’s an interesting blend of disciplines. Incorporating the concepts of resilience into a security program makes sense if we understand how these concepts and practices apply across an organization. Resilience focuses on an organization’s ability to recover from emergent threats, from internal or external sources.

A resilient organization has the capability to survive, and eventually thrive, in times of stress or uncertainty. And resilience impacts all levels of an organization, and considers the culture, resources and routines of the team members across the enterprise.

The parallels to ESRM demonstrate why this combination is such a good fit. A well-designed security program, built on the principles of

ESRM, requires security professionals to step outside of their department and interact with the entire organization. Risks are considered regardless of where they originate and the collaboration between the security team and the departments of an organization develops a stronger cultural acceptance of security.

“I’m excited to see where this next part of our collective journey will take us.”

Finally, within the ESRM model is the concept of continuous improvement and the ability to detect, react, respond to and recover from a potential incident.

I believe we have an opportunity to mature our ESRM-based programs to include the principles of Organizational Resilience, offering the next generation of security programs to our organizations. This maturity process, though, will take some work to recognize the benefits of combining these two philosophies into one coherent approach to securing an enterprise.

I still know of security professionals struggling to enact a risk-based approach to their security programs, due in part to the culture of their organization or to the reluctance of executives to accept risks affecting their assets. I think we may have a new avenue to pursue in these discussions — leverage the principles of

Organizational Resilience and focus on how the department will continue to operate in the face of change.

This means we all have some homework! I envision security professionals seeking out information on Organizational Resilience, what it really is, and how to embrace the principles of yet another philosophy. I can also see these same security practitioners taking a whole new group of organization team members for coffee, to learn what they’re doing to ensure the company is resilient, and how the security team can enable the success of the organization.

We’ve already done so much collaboration in the past; the skills we’ve grown in listening, questioning to understand, seeking confirmation, and designing a collaborative solution are sure to pay dividends as we begin assessing how to incorporate resilience into our programs.

I’m excited to see where this next part of our collective journey will take us. I think over the next few years we’re going to see more information on how OR will help ESRM-based security programs achieve even greater success.

I envision our programs maturing beyond where they are today — something I can’t wait to see! | CS

TOP 10 UNDER 40

Congratulations

Derek Burns for being recognized in Canadian Security Magazine’s Top 10 Under 40

Derek Burns’ steadfast dedication and excellence shine through with his recent nomination for the esteemed Top 10 Under 40 award. In his new role as Regional Director of the Pacific Northwest, he looks forward to delivering exceptional service and innovative security solutions to customers throughout British Columbia.

To read more about Derek’s path to success, scan the QR code

Industry View

By Winston Stewart

Protecting our protectors

The roles and responsibilities of security personnel have expanded far beyond mere gatekeepers.

They are the silent sentinels, the vigilant watchers who ensure the safety of our communities, businesses and institutions. Yet, as we entrust them with our protection, we must ask ourselves: How do we protect those who protect us?

Research sheds light on a disturbing trend: violence against security personnel is on the rise. According to one comprehensive study1, incidents of verbal aggression, threats of assault, and physical attacks against security guards occur at least once a month for 39 per cent, 19 per cent and 15 per cent of respondents, respectively. These figures paint a stark reality — one where security professionals face not just the threat of danger, but its grim inevitability.

The Canadian Centre for Occupational Health and Safety identifies security workers as one of the occupational groups most vulnerable to workplace violence. This underscores the urgent need for action to address the safety and well-being of security personnel across the country.

A larming headlines from Canadian news outlets over the past couple of years punctuate this narrative with distressing frequency.

Amidst these troubling trends, it becomes imperative to explore strategies to safeguard the guardians of our safety. Protecting security personnel requires a multifaceted approach that addresses the root causes of violence while implementing proactive measures to mitigate risks.

First and foremost, comprehensive training programs are essential to equip security personnel with the skills and knowledge necessary to navigate potentially volatile situations. From conflict resolution techniques and situational awareness training to de-escalation strategies, training initiatives should empower security guards to defuse tensions effect-

“Comprehensive training programs are essential.”

ively and minimize the likelihood of violence.

The importance of proper protective gear cannot be overstated. Equipping security guards with appropriate protective gear, such as body armour, helmets and communication devices, can significantly reduce the risk of injury in confrontational situations.

By providing frontline personnel with the necessary protective equipment, employers demonstrate a commitment to their safety and well-being while empowering them to perform their duties with confidence and resilience. Moreover, investing in high-quality protective gear underscores a proactive approach to risk management, ensuring that security personnel have the tools they need to mitigate potential threats effectively.

Fostering a culture of awareness and vigilance within organizations can enhance the safety of security personnel. Encouraging open communication chan-

nels and providing avenues for reporting safety concerns can help identify and address potential threats before they escalate into incidents of violence.

The implementation of technological solutions can augment the capabilities of security personnel and enhance their ability to respond swiftly to emergencies. From surveillance cameras to panic buttons, leveraging technology can bolster the security infrastructure and provide an additional layer of protection for security guards.

Collaboration between stakeholders, including businesses, law enforcement agencies and government bodies, is essential to address the systemic issues contributing to violence against security personnel. By fostering partnerships and sharing best practices, we can develop holistic approaches to enhance the safety and well-being of security professionals across Canada.

Additionally, legislative measures play a crucial role in safeguarding security personnel and holding perpetrators of violence accountable for their actions. Stricter penalties for assaulting security guards and enhanced legal protections can serve as deterrents while providing recourse for victims of violence.

As we confront the sobering reality of rising rates of violence against security personnel, we must reaffirm our commitment to protecting those who stand on the front lines of safety. By investing in training and proper protective gear, fostering a culture of awareness, leveraging technology, fostering collaboration, and advocating for legislative reforms, we can create safer environments for security guards to fulfill their vital roles in safeguarding our communities.

In the face of adversity, let us stand united in our resolve to protect the protectors and ensure that those who dedicate their lives to keeping us safe are afforded the protection and respect they deserve. | CS 1 https://pubmed.ncbi.nlm.nih.gov/21173537/

Leading the way

This year’s Top 10 show us the future of security and offer advice for the next generation of professionals

The sixth annual Canadian Security Top 10 Under 40 showcases the perspectives of young security professionals across multiple disciplines, including guard services, retail, cybersecurity, post-secondary education, and health care. This year’s recipients tell us what they find fulfilling about security and offer advice for newcomers to the industry. Please join us in congratulating the 2024 winners.

Tanisha Singh, Manager, cyber security awareness and training, Loblaw Companies Ltd.

What do you enjoy most about security?

What I enjoy most about security is the constant challenge and ever-changing landscape, where each day presents new opportunities to explore innovative ideas. I am passionate about promoting the importance of security by finding creative and unique ways to engage diverse audiences. Through a combination of empathy and innovation, I am able to build strong relationships with my colleagues as I advocate for cyber-awareness. Knowing that my efforts contribute to safeguarding valuable data and protecting

individuals and my organization gives me a strong sense of purpose in my work. As a woman in the security sector, I am empowered to inspire others by breaking stereotypes, serving as a role model, and paving a way for greater diversity and inclusivity in the field.

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

A crucial piece of advice that has significantly influenced my journey is to always stay curious and have a growth mindset. This guidance encourages me to continuously obtain new knowledge, challenge the status quo, stay informed on emerging threats, seek mentorship from experienced leaders, and actively pursue experiences that push me to grow both personally and professionally. By embracing a mindset of lifelong learning, I have been able to adapt to the dynamic nature of security and leverage an entrepreneurial spirit to engage colleagues in creative ways.

Do you have any advice for budding security professionals who are interested in launching a career?

Don’t shy away from pivoting into the industry even if you don’t have a security background. I believe that diverse professional experiences bring valuable and distinctive perspectives to the table. To be more competitive I recommend exploring cyber certifications and bootcamps, connecting with seasoned professionals, attending industry events, and engaging in online communities.

Networking not only opens doors to valuable opportunities, but also exposes you to diverse perspectives and insights that can enrich your journey. Most importantly, having a passion to learn and the right amount of dedication can pave a path to great success.

Paul Nicholson, Program director, security & emergency preparedness, Baycrest Centre for Geriatric Care

What do you enjoy most about security?

What I’ve come to enjoy most about our industry is the ever-present opportunity to effect positive change within an organization during the most challenging of circumstances or seemingly unremarkable moments throughout a day. Despite the evolving landscape and demands on our industry over time, I’ve always found that this fundamental opportunity to enact change — in attitudes, behaviours, public opinion, understanding and more — remains a constant in every interaction we have as service professionals.

Having been fortunate enough to be recognized and to have grown as a leader throughout these past few years, I find my enjoyment in creating the operational framework and resources that help my staff succeed (in partnership with them of

course). By ensuring they not only receive support but also feel supported in their work, my hope is that they will begin to find their own opportunities to enact change and further develop as professionals. As more of them contribute to tangible change within the organization, the more the organization recognizes their efforts and that’s when a department can really grow.

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

I’m extremely grateful early on in my healthcare career to have worked alongside two of the most passionate and learned co-workers within my organization’s risk management team. While I can say —with humility —that there was ample advice to go around during my time there, the notion that “a successful security team can’t only care for itself” was something that really set me on my path towards driving tangible change: better collaboration and operational transparency with stakeholders, and ultimately seeing security’s services recognized as a health-care discipline within the organization.

As service providers, I have always viewed us as having a dual role: we are able to provide services in support of our patients/clients as well as the organization and its staff, affording us the opportunity to build crucial strategic relationships.

Do you have any advice for budding security professionals who are interested in launching a career?

Once you feel you’ve learned how a security team “should” operate, set all of that aside. Redirect your focus towards understanding how your organization (or the organization you serve) operates, conducts business, communicates within itself and with others, and how they approach achieving their goals. While leading or running a successful security department is a great starting point for any career, a department that contributes to the success of its organization — in a way the organization recognizes and appreciates — becomes invaluable.

Mariam Chakvetadze, Crime prevention manager, Rogers Communications

What do you enjoy most about security?

I appreciate the constant learning and problem-solving, as no day is the same. Security is a dynamic field that never ceases to challenge and intrigue me. The ever-changing landscape of threats and the need for continuous innovations keep me engaged and motivated all for the same collective goal: the opportunity to contribute to the safety, security and protection of organizations and most importantly, the people within them.

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

One piece of advice that has resonated with me is the importance of continuous self-improvement and training. Staying knowledgeable about the latest trends, technologies, and best practices is crucial for staying ahead of emerging threats. Embrace the mindset of lifelong learning and remain adaptable for the ever-evolving challenges of security.

Do you have any advice for budding security professionals who are interested in launching a career?

I would emphasize the importance of building a strong foundation of knowledge and skills through education and hands-on experience. Seek out opportunities for mentorship and networking within the community to gain insights and guidance. Be open to new challenges and experiences, and don’t hesitate to pursue certifications and specialized training to enhance your skills and make yourself stand out — you can never know too much.

Stay curious and embrace a proactive approach to learning; be open to new challenges; and above all, remain passionate and committed to making a positive impact through your work. Just don’t forget to also take care of No. 1: you!

Aaron Ramhit, Manager, risk prevention & physical security, Scotiabank

What do you enjoy most about security?

Physical security is a rapidly evolving and growing industry with continuous learning opportunities and exposure to many verticals. In my current role, I have the unique opportunity to dabble in all things asset protection, travel and event risk management, and employee preparedness programs globally. This allows me to play a key role in contributing to the organization’s overall risk mitigation strategy. Working alongside an incredible physical security team at the bank offers a challenging yet highly rewarding experience. The industry is always forward-thinking and willing to share their experiences with young professionals. Many coffee chats over the years, getting in-depth industry knowledge, benchmarking and learning about new trends, has provided me with invaluable experiences.

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

Throughout my time in the industry, I have been lucky to build lasting relationships with colleagues and many industry professionals. Learning about their experiences, pitfalls and successes has been a pivotal guiding factor in helping me navigate the industry. One key piece of advice is to never stop learning. This doesn’t mean solely focus on

broadening your physical security knowledge (which you should always do) but expanding to other areas and looking for cross functional skills and learning opportunities in complementary areas. Learning doesn’t always have to be formal; informal learning through your manager or colleagues is key to growth.

Do you have any advice for budding security professionals who are interested in launching a career?

I can’t stress this enough: never stop networking and never stop learning. Networking has been instrumental in my career for bouncing ideas off others, learning how they navigate their career, industry benchmarking, and putting a face to a name when you’re applying to jobs. The best decision I made was joining the local ASIS Toronto chapter, going to their social events and joining the Education and DE&I committees. I strongly encourage any professional to take part in mentorship programs, reach out on LinkedIn and set up coffee chats, get involved with local security chapters, and attend association events and conferences. While networking can be daunting at first, it just takes one event and one connection to build a bridge between you and the industry.

What do you enjoy most about security?

I love that it is a dynamic industry and that it is constantly changing and evolving in a positive manner. The diverse environment helps me thrive and the work keeps me engaged as there are no two days alike. I am extremely curious and I find that there is no limit to what you can learn within the security industry. Having the opportunity to grow,

adapt, and change constantly keeps my work interesting. I also enjoy connecting with people in a meaningful way, which I get to do as part of my role. Knowing that you are trusted to keep people safe is rewarding.

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

One thing comes to mind that has help me grow as a security professional is to keep venturing outside of my comfort zone and to keep questioning what I see. This has allowed me to grow and develop new skills I never thought I would be able to possess starting out in the business. It taught me resiliency and the ability to adapt to any kind of situation. Being able to effectively question what I see has allowed me to develop critical thinking skills that have helped me use a creative approach in the work I do. Security is often rigid and bound by policies and procedures, but the solutions are not always within those parameters.

Do you have any advice for budding security professionals who are interested in launching a career?

I think it is important for anyone launching a career in the security industry to lead by example, be the change they seek to see, ask questions, be yourself, be curious and keep learning every day. Networking is important — do not underestimate the benefits of connecting with industry experts and learning from their experience.

Mathew Zielinski, Vice-president, operations, Paladin Security

the constant stream of diverse challenges and problems that come to the forefront daily. In this industry, no two days are the same. I thrive in this type of environment that constantly keeps me engaged, sharpens my problem-solving skills, and pushes me to think critically, all while building strong stakeholder relationships. The security landscape is constantly evolving, which forces those within the industry to adapt to stay ahead of the curve. To aid in learning and information-sharing opportunities, I’ve personally had technology companies come in and present to my team to help break down any knowledge barriers, spur creative thinking and increase comfort levels with new tools, software and technologies. This has led me to feel deeply fulfilled by contributing to the professionalization of the industry.

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

One piece of advice that has impacted how I engage with my security role is to always be proactive rather than reactive. In an industry where the stakes can be high and situations can escalate rapidly, being proactive is key to staying ahead of potential threats and mitigate risks before they escalate into crises. I strive to lead with a proactive mindset and a commitment to continuous improvement in security practices and protocols through prioritizing ongoing training exercises, education and strategic planning which instills trust and confidence in me and my team members when responding to security incidents and industry-related challenges.

Do you have any advice for budding security professionals who are interested in launching a career?

What do you enjoy most about security? What I find most exciting about security is

For security professionals looking to launch a career in the field, it is important that you build a strong foundation by gaining experience via security roles that provide valuable insights into the practical aspects of security operations. The security industry is quickly evolving with new technology. I recommend

finding opportunities to hone your skills in this area and learn more about new advances that will shape tomorrow’s security programs. Supplementing your on-the-job experience with relevant training, education and certifications will also go a long way in helping you develop your skills. I attribute a large portion of my success to mentors who have opened doors for me. Finding a mentor who can guide you along the way is important. One of my personal mottos is to pay it forward and I intend to prioritize opening doors for the next generation of talented professionals in our industry.

Hadis Karimipour, Canada research chair and associate professor, University of Calgary

What do you enjoy most about security?

What I enjoy most about security is its dynamic nature. Cybersecurity plays a critical role in our daily lives, constantly evolving and presenting new challenges. It requires individuals from diverse backgrounds and perspectives to collaborate effectively. I find it fascinating to stay updated on advancements in technology because there’s always something new happening in this domain. The field never stagnates, keeping me engaged and motivated to continually learn and adapt to emerging threats and technologies.

Beyond the dynamic nature of cybersecurity, what I find truly enriching is how my personal experiences in research and teaching intersect with this field. In my research, delving into the complexities of securing cyber-physical systems has allowed me to witness firsthand the intricate interplay between technology, human behaviour and security protocols. This firsthand experience has underscored the importance of interdisciplinary collaboration in ad-

dressing cybersecurity challenges, as it often requires insights from various domains to develop comprehensive solutions. Moreover, in my role as a teacher, I’ve had the privilege of imparting knowledge and fostering critical thinking skills among my students. Teaching about cybersecurity goes beyond simply conveying theoretical concepts; it involves instilling a mindset of vigilance and adaptability. Engaging with students from diverse backgrounds has reinforced the notion that effective cybersecurity strategies must be inclusive and accessible to all, regardless of expertise level or field of study.

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

One piece of advice that has greatly helped me engage with my security role more effectively is to always prioritize collaboration and communication. In the complex landscape of cybersecurity, no one person or team can address all the challenges alone. By fostering open communication channels and actively seeking collaboration with colleagues, industry experts and other stakeholders, I’ve been able to leverage diverse perspectives and expertise to develop more robust security strategies and solutions.

Do you have any advice for budding security professionals who are interested in launching a career?

Absolutely. I have several pieces of advice: E mbrace the diversity of cybersecurity. Understand that cybersecurity is a diverse and interdisciplinary field. It’s not solely about coding or technical tasks; there are myriad social, legal, ethical and managerial aspects to consider. Explore different facets of cybersecurity to find where your interests and strengths lie.

Recognize that cybersecurity can be complex and challenging, but don’t let that deter you. Instead, view challenges as opportunities for growth and learning. Every obstacle you encounter is a chance to develop new skills and deepen your understanding of the field.

Stay curious and committed to lifelong learning. The landscape of cybersecurity is constantly evolving, with new threats, technologies and best practices emerging regularly. Take advantage of resources such as online courses, workshops, conferences and professional certifications to stay updated and expand your knowledge base.

Cultivate a broad skillset that encompasses technical expertise, problem-solving abilities, communication skills, and a strong understanding of cybersecurity principles. Being well-rounded will make you more versatile and effective in your role.

Seek mentorship and networking opportunities. Surround yourself with experienced professionals who can offer guidance, advice and mentorship as you navigate your career path. Network with peers, join professional organizations, attend industry events and participate in online forums to expand your connections and learn from others in the field.

Remember the importance of ethical conduct and responsible behaviour in cybersecurity. Uphold principles of integrity, confidentiality and accountability in all your endeavours. Respect privacy rights, adhere to legal and regulatory requirements and prioritize the security and well-being of individuals and organizations.

Overall, remember to stay curious, keep learning and never underestimate the value of perseverance and dedication.

29

Laura Percy, Senior forensic investigator, Canadian Tire

What do you enjoy most about security?

Everyday is different! Dealing with new and unique situations encourages creativity and problem-solving in effective and interesting

ways. Pursuing a career in security has given more meaning to my work life; I enjoy the purpose my role gives me and the impact I feel my work makes.

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

The most helpful piece of advice I’ve received is that creativity is integral to the security field. Problem-solving is a huge component of this job, and to effectively problem-solve, creativity is required. In my role, I work with fraud prevention and detection and the most obvious, yet important, piece of advice I’ve received is “to think like a fraudster.”

It is necessary to understand the mindset and intentions of a fraudster to recognize the scheme being committed and investigate effectively. I’ve also learned in my role that the skill of converting data analytics into effective storytelling is equally, if not more, important than the data itself! This skill relies heavily on creativity to convert data into a meaningful story and bring the data to life.

Do you have any advice for budding security professionals who are interested in launching a career?

There is no one path to launching a successful security career. Take your path to becoming a security professional one step at a time. If possible, build connections with security professionals to create a qualified network to seek career advice from. Education will always help you move forward. When I started my career, as what could be considered a “traditional” accountant, I never thought I would work in security. When I noticed an opportunity to enhance my work life, I pivoted career paths.

Recognizing my accounting skills could transfer and enhance the security field I strayed from “traditional” accounting and pursued the niche of forensic accounting. Diverse backgrounds and career paths help improve the strength of security teams by providing different perspectives in pursuit of the common goal to enhance security.

Katarzyna Szumacher, Operations manager, ASP

What do you enjoy most about security?

A s an operations manager with over a decade of experience in various security domains, including tactical, events, concierge, industrial and retail environments, what I find most rewarding about security is the intrinsic satisfaction derived from the protective nature of the work.

The ability to contribute to the safety and well-being of individuals, whether in crowded event spaces, industrial facilities or retail establishments, brings a profound sense of accomplishment.

I particularly relish the opportunity to ensure that public spaces are secure and events unfold without incidents, providing attendees with safe and enjoyable experiences. The protective aspect of security resonates with me deeply, as it underscores the importance of our role in safeguarding both people and assets. It’s the dynamic nature of the challenges and the tangible impact on public safety that makes security management a fulfilling and meaningful profession.

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

A crucial piece of guidance that has significantly heightened my effectiveness as a security operative is the emphasis on perpetual vigilance and the “see something, say something” mentality. In the ever-changing landscape of security, maintaining constant awareness and promptly reporting any unusual or suspicious activity is paramount. This proactive approach not only sharpens one’s observational skills but also empowers

security professionals to anticipate and address potential threats effectively. Embracing a mindset of perpetual alertness and encouraging a culture of communication has not only kept me well-prepared for the diverse demands of my role but has also instilled a sense of confidence in addressing security challenges promptly and efficiently. This advice has proven invaluable in upholding a high standard of performance and responsiveness throughout my career as a security operative.

Do you have any advice for budding security professionals who are interested in launching a career?

My advice would be to prioritize gaining a breadth of experience. Working across various sectors and for different types of providers is crucial for cultivating a well-rounded skillset and promoting organic skill growth. I highly recommend starting with events security as it offers a dynamic environment that allows individuals to develop crowd management skills and valuable observational experience. Exposure to diverse scenarios, from tactical to concierge settings, provides a solid foundation for understanding the multifaceted nature of the security industry. This approach not only enhances one’s adaptability but also contributes to a more comprehensive understanding of the challenges and nuances within the field, ultimately laying the groundwork for a successful and fulfilling career in security.

What do you enjoy most about security?

What I enjoy most about our industry is

how much it impacts our daily lives. Before I got started in security, I didn’t realize that I was an everyday user. After being involved, I see it every day. When I grab a coffee I look at the camera systems in place, where the registers are located and the set up of access and egress in the building.

When I’m driving, I see businesses and think what their challenges would be and how we as an industry supply the solutions. I also enjoy the people. Because we are a part of so many different industries, you meet so many people with different views and backgrounds, and you learn so much about what they do!

Is there one piece of advice you have received that has helped you engage with your security role more effectively?

I think for me the biggest piece of advice

I’ve received is to understand the goal. Figuring out why we are doing a project, why the customer needs the service, has really adjusted my focus on what we do to solve the problem and how we would go about doing it.

B eing able to stop and put yourself in your customer’s shoes, and understand how much a challenge has an impact on their business, has changed how I look at our services altogether.

Do you have any advice for budding security professionals who are interested in launching a career?

My advice to those looking to launch a career in security would be to remember that this is a people industry. Concepts of security, risk management, CPTED and crime prevention programs are at the top of the list, but it’s supported by a foundation of relationships.

People have beliefs, fears and opinions and at the end of the day, relationships make the difference as to whether a recommendation is accepted or not. If you can foster meaningful relationships and connect with people, you can learn the industry and the technical side of the business and be successful. | CS Visit us online

For more information on this year’s Top 10 Under 40, including their recommendations for managing workplace stress and achieving work-life balance, please visit canadiansecuritymag.com.

Canadian Security’s Top 10 Under 40 program will return in 2025. Stay tuned for updates the nomination process will open later this year.

You’ve seen it firsthand. Security threats are evolving and becoming more complex. Elevate your knowledge and technical capabilities at GSX to rise up against this shifting landscape. Access expert-led education covering critical physical and cybersecurity topics. Discover state-of-the-art innovations, products, and trends transforming security. Find inspiration in keynotes from next-level thought leaders and world-class speakers. Go where the entire global security community converges to connect, collaborate, and meet tomorrow’s challenges head on.

RISE TO THE OCCASION

Put to the test

Physical and digital penetration tests can help identify an organization’s weaknesses before they are exploited

By Andrew Snook

Testing the internal security of a company is not a new concept.

But with the evolution of artificial intelligence coupled with changing workplaces in a post-COVID world, digital and physical penetration testing has become more important than ever.

When sourcing a security expert for physical security penetration tests, it’s important to ensure the client understands the difference between penetration tests and threat risk assessments.

“ When we do a threat risk assessment, we will look at threats broken down by categories: human-induced threats that could include things like criminality, terrorism, protest activity; infrastructure, which could be power failures, water disruptions, things of that nature; and environmental factors such as snowstorms, floods, natural disasters, earthquakes and hurricanes,” explains Brian Claman, president and managing director, Brian Claman & Associates.

“So, when you do a threat risk assessment, you bring together the various stakeholders, and you, as a consultant, walk them through these different things and ask them, ‘What keeps you up at night? What are the things that you’re worried about?’”

These assessments differ greatly from physical security penetration tests, says Andrew Kirsch, founder and CEO of Toronto-based Kirsch Group. “The pen test is where you have no information or insight in advance — or a very limited amount,” he says. “And you are testing all those things that they say are the right policies, processes, security, infrastructure, and testing how they work without any advanced knowledge of it.”

When companies believe they have robust policies and infrastructure in place, that’s a good time to recommend a penetration test to ensure everything is working effectively in a real-world simulation involving a threat actor attempting to gain access. And if something breaks down, they are able to identify the vulnerabilities.

“Often, we partner with the cybersecurity side, so there’ll be a logical security pen test, which is kind of the IT and network side, and then we do the physical side. Where there’s overlap on information security, can we get access to these sensitive areas, sensitive information, documents, passes, all of those things that the attacker would be interested in? And what are the controls? Where do we get stopped and run into one or two risks?” Kirsch says.

W hile companies may not perform threat risk assessments every year, which are more involved processes, they can do a pen test to see how things are going and keep people on their toes the same way companies do phishing exams and other cyber pen tests to keep their organization sharp. Asking clients

“A threat risk assessment, followed by penetration tests, can help wake people up.”

— Brian Claman, Brian Claman & Assoc.

the right questions before starting the tests is a key part of ensuring their effectiveness.

“ What are you really interested in here? What are you trying to test? Can people get in? Okay, great. But what are the sensitive areas that you want to see if people can get into? Are you testing the locations that have the sensitive information?” Kirsch says.

W hile any company that has a protection program could benefit from penetration testing, Claman says the most obvious ones that come to mind are shopping malls, office towers, critical infrastructure, tourism venues, or where there’s critical assets housed.

“As a practitioner for over 40 years in this industry, I would say nine times out of 10, people don’t even consider penetration testing. They think they’re doing the right things, until something happens, then they find out they’re not,” he says. “There are too many false assumptions. A threat risk assessment, followed by penetration tests, can help wake people up.”

A CHANGING WORKPLACE

Before the COVID-19 pandemic, working from home and hybrid working opportunities were not commonplace. But in a postCOVID world, many employers are reaping the cost benefits of having small office footprints, while employees are enjoying a better work-life balance with the opportunity to work from home.

But this environment can create new security risks. Kirsch says that employee situational awareness is most likely degrading from this new workplace model.

“I think that there are opportunities — and attackers probably see opportunities — to leverage the fact that we are so transient now that we don’t have these regular schedules, and that people are not familiar with their co-workers,” he says. “Maybe it’s not unusual to see a strange face or not know who everybody is. And I think, that way, we’re lowering our guard a bit.”

As workplaces adapt and evolve, companies need to review their security protocols to know if they are still effective.

GOING ON THE OFFENSIVE

Companies around the world are constantly bombarded with digital threats and the rise of AI has made these threats even more prevalent.

While many IT teams like to use the term “digital penetration testing,” Clément Cruchet, technical team lead for security testing and offensive security at Bell, prefers the term “offensive security.”

“ The idea is to have a holistic view of all the potential exploitation paths threat actors can take to compromise an organization or gain access to data. So, it’s offensive security including ethical hacking,” he says.

In addition to offering on-site penetration testing, Cruchet and his team test all kinds of digital threats from the simplest applications to network intrusion This also includes red team engagement for weeks or months, as well as social engineering and malware development. Having a solid physical security program

is also an important aspect of a company’s digital security, he adds.

“ You can have a firewall. You can have everything on network perimeter security well configured, but if your front door or your building is just open to anyone, then anyone can go on site and place a malicious device,” Cruchet says.

And while companies may have high security for entering an area such as a server room, their overall defences are sometimes not as tight as they might think they are. This is where physical testing can be of vital importance for digital security programs.

“ You think a lot about the physical security in a data centre or unauthorized people trying to enter the server room. But sometimes there is just an exposed Ethernet port on the wall just before the server room, for example,” Cruchet says. “Sometimes an intruder can cause a lot of damage without entering the most secure server room.”

With the availability of AI, threats have changed significantly over the past few years, forcing security and IT teams to adapt quickly. Cruchet says the scope has really expanded for attackers to gain access to, or leak, sensitive data. He adds that the human factor has changed significantly over the past 10 years, and needs to be part of security testing protocols.

“ We see this in a lot of security incidents, whether it is email phishing, whether it is multi-factor authentication, or USB units that get sent to an employee. So, the human factor is very important,” he says.

Companies need to ensure their security solutions, which represent a multi-million-dollar investment, are working properly, and that there are no blind spots or gaps. This is where penetration testing can pay dividends.

“Security, most of the time, is a cost. So, we need to find a way to find the balance between investing some money within that to protect the business and to protect our assets,” Cruchet says. “You need to do a pen test every year or every six months. It depends on the compliance and on what you’re trying to protect.”

A MULTI-PRONGED APPROACH

For organizations to optimize their security, Claman says the key is to have every person and approach working in unison.

“ We can’t look at penetration testing or threat risk assessments in a silo — it has to be holistic in nature. It has to be one of multiple components necessary to achieve the desired level of protection,” he says.

Penetration tests are vital because they test and validate assumptions, Claman adds.

“If you’ve ever watched a fine chef, and they’re making the sauce, they’re always testing it. They’re always tasting it throughout the process, because they think they’ve got it right. But that’s the penetration test. It’s the same thing with security. We don’t do it enough. We don’t do threat risk assessments, and then we don’t do the penetration tests. And we layer security on an organization without an overarching strategy. All these things have to interface,” Claman says. | CS