Thinking Positively About Security...
After walking the Secure360 trade show floor and listening to the talks I moderated on Day One of the conference I went home and rewrote my presentation keeping in mind that my audience was not going to be physical security professionals, but those working in logical security, audit, compliance, and business continuity. My talk became became a sort of autobiographical, editorial essay.
NOTE: These are the text and images used to frame my presentation. For the whole story you had to be there.
IN ADDITION TO...
- Logical security
- Information protection
- Audit
- Compliance
THERE IS ALSO...
- Physical security
WHY SO SERIOUS?
Physical security managers have personal, professional, and institutional
biases that affect the way we see the world, evaluate hazards, and communicate
risk.
We’re frequently more conservative, more hierarchical, and more risk
averse that the executives who rely on us to guide their business decisions.
Often we’re so focused on making sure bad things don’t happen we forget
we are also responsible for making sure the right things do.
THE UNEXAMINED LIFE
Let’s examine the means by which we can approach the security process
with a sense of corporate responsibility, critical thinking, and resist using
fear as a lever.
Let’s look behind the headlines for important clues for how our mindset
is reflected in the way we approach the services we offer and look at skills we
can add to our personal, professional, and institutional tool kit that make us
more effective business partners.
WE COME FROM DIFFERENT PLACES
Many physical security practitioners come to the private sector from law
enforcement
- Public law enforcement is about maintaining public order and investigating crime
And we increasingly come from the military
- The military is about protecting national interests and projecting power
While many of us have always worked in the private sector
- Business is about the bottom line
Images http:/commons.wikimedia.org/
WITH ENOUGH SHOTGUNS
“You can’t have enough off duty cops with shotguns.”
“Your job is to make sure nothing bad happens!”
“I can’t tell you what security is, but I’ll let you know when you’re
getting it.”
“When all you have is a hammer all your problems look like nails.” –
Abraham Mazlow
Image http://www.remington.com/products/firearms/shotguns/model-870/model-870-express-tactical.aspx
MORE USEFUL PHILOSOPHIES
Our job is not only to make sure nothing bad happens, but to make certain
the right things do happen.
Security is a people business: We work with people, to protect people,
from other people.
ISSUES FOR PHYSICAL SECURITY
- We are late adopters
- It can be difficult to demonstrate the effectiveness of our programs
- We treat risk wrong
- We tend to take the side of power
- We protect the status quo
- We are prone to lead with emotion, especially fear and anger
- We struggle to align our programs with the business
CHALLENGES AND OPPORTUNITIES
- Cognitive perception of risk
- Cognitive dissonance
- Confirmation bias
- Using fear as a lever
- Creative problem solving
- Enterprise risk management
- Servant leadership
TOPICS WE DISAGREE ON
- Social roles
- Workplace violence
- Role of private security in Homeland Security and the Global War on Terror
- Surveillance
- Prosecuting criminal suspects
- Use of force
- Profiling
- Concealed carry and shall issue laws
CULTURAL COGNITION OF RISK
AKA “Conservative White Male Effect”
“The ‘cultural cognition of risk’ refers to the tendency of individuals
to form risk perceptions that are congenial to their values.” – Kahan
Image http://www.thedailybeast.com/articles/2012/05/02/did-may-day-save-occupy-wall-street.html
It looks like so…
Photo http://www.culturalcognition.net/
Which means we disagree like so...
Photo http://www.culturalcognition.net/
COGNITIVE DISSONANCE
It is psychologically uncomfortable to hold contradictory cognitions.
This dissonance, being unpleasant, motivates a person to change his cognition,
attitude, or behavior, by
- acquiring new information or beliefs that will increase the existing consonance and thus cause the total dissonance to be reduced; or,
- changing one or more of the beliefs, opinions, or behaviors involved in the dissonance;
- forgetting or reducing the importance of those cognitions that are in a dissonant relationship
We tend to deal with beliefs that conflict with the evidence by the more
familiar concepts of rationalization, self-deception, irrational faith,
confirmation bias, and overestimation of one's intelligence and abilities.
Image http://en.wikipedia.org/wiki/The_Fox_and_the_Grapes
CONFIRMATION BIAS
- We are rationalizing animals
- We prefer evidence that supports what we already believe
- It’s why we do double blind studies and submit to peer review
- External attempts to change our beliefs frequently result in reinforcement of the belief
Image http://sacemaquarterly.com/methodology/why-does-medical-research-sometimes-get-it-so-wrong.html
SELLING THROUGH FEAR
- “The time for urgency is now!”
- “Do something!”
- “Workplace violence is an epidemic!”
Image from http://usopenborders.com/
“TWO FATALITIES A DAY”
HOMICIDE VS SUICIDE
TYPE II, III, AND IV
CLIENTS, CO-WORKERS, AND INTIMATES
WORKPLACE HOMICIDE RATES
Image from
http://www.bls.gov/iif/oshwc/cfoi/cfch0009.pdf
WORKPLACE ASSAULTS
Image http://bjs.ojp.usdoj.gov/content/pub/pdf/wv09.pdf
SERVANT LEADERSHIP
- Serve yourself
- Serve your team
- Serve your company
- Serve your profession
- Serve your community
- “Leaders don’t create followers, they create more leaders.” – Tom Peters
- Ask “What do you need more of from me? What do you need less of from me?”
Image
http://jamesstrock.com/services/21st-century-leadership1/servant-leadership
CREATIVE PROBLEM SOLVING
- Encourage creativity in problem detection and problem solving
- Cultivate your curiosity and interest
- Surprise your people
- “Creativity occurs at the edge of our comfort zones” - Mihaly Csikszentmihalyi
- Don’t forget to apply your solution, measure it, and adjust iT
Image
http://en.wikipedia.org/wiki/Mihaly_Csikszentmihalyi
ENTERPRISE RISK MANAGEMENT
Convergence of physical and logical security has not happened
- And maybe it shouldn’t
- Physical and logical security may not overlap enough
Assembles a variety of risk management disciplines under a single leadership
executive
Physical and
logical security, safety, environmental, emergency management, disaster
recovery, business continuity, compliance, audit, risk, and maybe even legal
Manage risks to the business interest
- Not fighting crime for the public good
- Not waging a global war on terror
Learn to accept
dynamic risk
WHERE DO WE GO FROM HERE?
- Cultivate our emotional intelligence
- Care for our teams
- Engage in appropriate influence
- Resist the urge to stage “Security Theater”
- Do not scare people – not deliberately, not accidentally
- Further the business interest
REFERENCES
ASIS International CSO Roundtable. (2010). Enterprise security risk
management: How great risks lead to great deeds. The CSO Roundtable of ASIS
International: Alexandria, VA. Retrieved from http://www.asisonline.org/education/docs/CSORT_ESRM_whitepaper_2010-04.pdf
Bodner, S. (2006). Servant leadership: The complexity of a simple idea. Pyramid
ODI. Retrieved from http://www.pyramidodi.com/papers/servant.pdf
Bureau of Labor Statistics (2011). Occupational homicides by selected
characteristics, 1997-2009. United States Department of Labor, Bureau of
Labor Statistics. Retrieved from http://www.bls.gov/iif/oshwc/cfoi/work_hom.pdf
Carroll, R. (2011). Cognitive dissonance. The Skeptic’s Dictionary.
Retrieved from http://www.skepdic.com/cognitivedissonance.html
Census of Fatal Occupational Injuries Charts, 1992-2010 (revised data) http://www.bls.gov/iif/oshwc/cfoi/cfch0009.pdf
Flaherty, J. (2005). Coaching:
Evoking excellence in others, 2nd Ed. Elsevier: Burlington, MA.
Leider, R. (2006). The leader in midlife, in F. Hesselbein & M.
Goldsmith, Jossey-Bass (Eds.), The
Leader of the Future 2; Visions, Strategies, and Practices for the New Era.
A Wiley Imprint: New York.
Lennick, D. & Kiel, F. (2008). Moral
intelligence: Enhancing business performance & leadership success.
Wharton School Publishing: Upper Saddle River, NJ.
Parker, P. (1999). Let
your life speak; listening for the voice of vacation. Jossey-Bass: San
Francisco.
Quinn, R. (1996). Deep
change: Discovering the leader within. Jossey-Bass: San Francisco.
Schneier, B. (2003). Beyond
fear: Thinking sensibly about security in an uncertain world.
Copernicus Books: New York.
RESOURCES
http://arstechnica.com/science/news/2010/09/skeptics-discount-science-by-casting-doubts-on-scientist-expertise.ars
Michael Brady, MA, CPP
Michael Brady is
a life-long security leadership professional. He has provided security and
safety services as a manager in high tech, as an independent security
consultant, and as an executive for security service providers. Currently an
account manager, consultant, and trainer for Hannon Security Services, Inc.,
Michael is also an adjunct instructor in the Security Management program at
Saint Mary’s University of Minnesota School of Graduate & Professional
Programs. Michael recently completed his Master of Arts in Human Development
degree where he focused on issues of leadership, team building, and problem
solving. He blogs at http://eclecticbreakfast.blogspot.com
and can be reached at michael_brady_cpp@yahoo.com