GSX Attendees Get Head Start on Education in Chicago
A select group of GSX attendees got a jump-start on the week’s education by attending pre-conference sessions on Sunday before the official start of the show. GSX Daily staff sat in on three of the sessions, which were held in addition to a variety of certification reviews.
During Sunday’s “Successful Security Consulting” pre-conference session at GSX 2019, security consultants and those preparing to start their own firms looked to industry leaders for tips that could help them take the next steps for success while avoiding pitfalls that can hold a new enterprise back.
The workshop, sponsored by the International Association of Professional Security Consultants, focused on how attendees can develop, market, and best provide consulting services. From laying the groundwork to the finer points of backing up and protecting their practice, the session touched on the entire spectrum of business development, especially for those joining growth markets like cybersecurity consulting.
Cybersecurity consultants can find familiarity in a top-down approach. Focusing on assets—determining which items and the level of security clients want—is a key starting point, the presenters said.
They also recommended talking to personnel to understand what attendees are protecting and find out which regulations affect their clients, which vary from industry to industry.
Dave Aggleton, CPP, stressed the fundamentals and how gaps in a practice’s legal structure or insurance create liability.
He recalled when a contracting company unexpectedly filed a $500,000 lawsuit against him. The suit was ultimately thrown out. But without his professional license insurance policy, Aggleton would have paid roughly $35,000 out-of-pocket in attorney’s fees. Because of the policy, the bulk of the fees were paid by his insurance company.
What is enterprise security risk management (ESRM) and how can security managers best implement it in their organizations?
That was the focus of a one-day “Introduction to ESRM” pre-conference session at GSX on Sunday. Speakers David Feeney, CPP; Amy Poole; and Timothy Wenzel, CPP, walked attendees through the basics of ESRM and how to integrate security as a true business partner to enterprise executives.
The pre-conference session was critical for GSX because ESRM has been “somewhat misunderstood” previously and applied to a variety of philosophies, including convergence, Feeney said.
“ESRM does tell us to look at risk management in a holistic way, but it is not the same as enterprise risk management,” he explained. “ESRM is an approach. It’s not a framework or a methodology…it lays out in a flexible way all that should be done—like a checklist.”
For instance, ESRM is a cycle that follows four processes: identifying and prioritizing assets, identifying and prioritizing risks, mitigating the prioritized risks, and continuous improvement of the security program.
The session also took a deep-dive into the recently released ASIS ESRM Guideline, which explains the approach and how it can enhance a security program while aligning security resources with organizational strategy to mitigate risk.
ESRM advocates Tim McCreight, CPP, CISSP, manager of corporate security—cyber—for the City of Calgary and ASIS Board of Directors member; Rachelle Loyear, vice president of integrated security solutions at G4S Americas; John Petruzzi, CPP, executive vice president of the Northeast Region of G4S Secure Solutions NA and head of Integrated Security Solutions for G4S Americas; and William Phillips, managing consultant and CEO of New Source Security, also appeared in a panel on the session.
They engaged in a robust dialogue, along with taking questions from attendees who ranged from security professionals convention centers tech companies to agricultural facilities.
A small but select group of GSX attendees participated in a series of exercises and discussions designed to hone leadership and management skills at the “The Courage to Lead: A Strategic Enabler” pre-session on Sunday.
Wesley Bull, one of the two group leaders, said there was a significant need in security for leadership development skills, in part because of a “false narrative” now hindering the industry. That narrative, in sum, is that emerging technology solutions across all dimensions of the industry have led many to believe that actual people, and the interpersonal skills required to lead them, are of increasingly lesser importance.
“Nothing could be further from the truth,” said Bull, who is CEO at the Sentinel Resource Group. “The need for professional development has never been greater, yet that’s the first thing getting cut [from company budgets]. And that’s a big problem for our industry.”
One of the reasons for the current importance of developing interpersonal leadership skills is that the workplace will soon include large representation from four different generations of workers–Baby Boomers, Millennials, and members of Generations X and Z, Bull said.
This will require agile leaders who can handle age diversity. “There’s very new dynamics coming,” Bull said.
Bull and fellow group leader Scot Walker, managing director at Sentinel Resource Group, led the group of about 12 attendees through various exercises that simulated different leadership frameworks. Participants learned methods for improving interpersonal skills and were encouraged to self-reflect for insights into their own strengths and weaknesses, as well as their own personal leadership styles.