Wednesday, November 30, 2011


So when Ivy League schools give FREE classes in cryptography, I don't waste any time in signing up.  Looks like Stanford University is doing just that.

Here's some info direct from the FAQ section:
When does the class start?
The class will start in January 2012.
What is the format of the class?The class will consist of lecture videos, which are broken into small chunks, usually between eight and twelve minutes each. Some of these may contain integrated quiz questions. There will also be standalone quizzes that are not part of video lectures, and programming assignments. There will be approximately two hours worth of video content per week.

Will the text of the lectures be available?
We hope to transcribe the lectures into text to make them more accessible for those not fluent in English. Stay tuned.
Do I need to watch the lectures live?No. You can watch the lectures at your leisure.
Can online students ask questions and/or contact the professor?Yes, but not directly There is a Q&A forum in which students rank questions and answers, so that the most important questions and the best answers bubble to the top. Teaching staff will monitor these forums, so that important questions not answered by other students can be addressed. 
Will other Stanford resources be available to online students?No.
How much programming background is needed for the course?The course includes programming assignments and some programming background will be helpful. However, we will hand out lots of starter code that will help students complete the assignments. We will also point to online resources that can help students find the necessary background.
What math background is needed for the course?
The course is mostly self contained, however some knowledge of discrete probability will be helpful. Thewikibooks article on discrete probability should give sufficient background.
How much does it cost to take the course?Nothing: it's free! 
Will I get university credit for taking this course?No.
The course is being taught by Professor Dan Boneh who heads the applied cryptography group at the Computer Science department at Stanford University. Professor Boneh's research focuses on applications of cryptography to computer security. His work includes cryptosystems with novel properties, web security, security for mobile devices, digital copyright protection, and cryptanalysis. He is the author of over a hundred publications in the field and a recipient of the Packard Award, the Alfred P. Sloan Award, and the RSA award in mathematics. Last year Dr. Boneh received the Ishii award for industry education innovation. Professor Boneh received his Ph.D from Princeton University and joined Stanford in 1997.

Here's another look at the link for the class:

CONTEST!!! Decipher this and win....

Okay, so I've decided to do another contest.  Some people may be wondering what coded messages and ciphers have to do with security.  Quite simply, none of your secure electronic communications could get done without them.  Plus, who doesn't enjoy a little mental exercise particularly when there is money involved - a $25.00 gift card.  Come on, folks.  It's the holidays.  If you guess wrong, it costs you nothing.  Win and you can use it towards any purchase at Amazon like that book you've been dying to read on your Kindle.

Enough talk.  Here's the message.  Decode it and email the text to  If you're the first person to solve it, I'll advertise your name as our only winner thus far and email you the gift card.  Easy peasy.  Here's a hint: It's a simple substitution cipher.

INSTRUCTIONAL VIDEO: How to Conduct Effective Bag Searches

I've decided to finally post the video I made on how to properly conduct a bag search.  I wanted to do a video to highlight some areas I feel are commonly neglected during these kinds of searches.  Most seasoned professionals won't neccessarily need to watch this video but I do believe it provides a great overview of some of the basics.  This all came about from a search I was subjected to during a recent visit to an amusement park.

Here are some of the pics I promised during the presentation on which illustrate how much insight a proper light and probe can provide.

View of the "concealed carry" partition...The bag comes with a
"universal" holster.
View of a small exterior zipper.  Using the probe to push down
on the anterior nylon aids in revealing more.
View of what I affectionately called "a big gaping hole".  This
is the largest interior portion of the bag.  I have packed
cameras, wallets, books, diapers, etc. ALL in here before.
Here's another link  to the article that started it all:

Tuesday, November 29, 2011

Top 10 MORE Questions To Ask Your Prospective Alarm Company

Not too long ago, fresh out the military, I was an alarm system salesman.  It was a wonderful learning experience that taught me many things.  One of those lessons was "All security companies are not created equal."  People assume, like they do with all major purchases, the most popular or cheaper brand is in fact the better brand.  The majority of the time they learn this is not case.  So, I decided to post some questions for prospective customers to ask when they begin their search for a security company.  (Please note this doesn't just apply to alarm systems.  You can apply these questions to camera systems, access control, locks, etc.)
  1. What areas will this alarm system not cover?  There is an implied belief among some customers that an alarm system protects their entire property.  Have you ever considered what would happen if someone broke into your neighbor's store and punched a hole in the drywall you share?  Do you have a sensor that will pick up the noise or vibration?  Chances are you don't.  The problem with modern security systems is they advertise exactly where you have coverage and where you don't.  Don't believe me?  Walk into a small storefront and notice how many infrared sensors you set off.
  2. What's your apprehension rate in my area?  This is particularly important if you're in an area where burglaries happen a lot.  If someone breaks into nearby businesses who use the popular name brand security service without getting caught, should you be buying from them?
  3. What's your response time to service issues?  What happens if some drunk rams his car into a nearby power pole and kills your alarm system?  Does your system have battery backup until service is restored?  If not, how soon can your company arrive to remedy the issue?
  4. How much do you charge per service calls?  Some companies make a living by selling a crappy installation and billing you every time it breaks and they have to come out and fix it.  You want a company with a good reputation for service and who makes house calls on the cheap.
  5. Can I cancel at anytime?  One of my first sales lead I had was a lady who was opening up a small Internet cafe.  She knew she had a need for the system but was concerned about our price and contract obligation.  The economy was rough and she, like many small business owners, didn't know if she would be in business for 5 days let alone 5 years.  Pick a company who is sympathetic to that.
  6. Are you developing original product lines or selling me something made by the lowest bidder?  I can't tell you how many companies I see selling all sorts of "new groundbreaking technologies" that were developed by a previous competitor just marketed differently.  If they'll lie about the product's origins, they'll lie about anything.
  7. Can I manage my account all in one place online?  Some of you aren't real tech savvy nor like to handle business online.  I totally understand that and encourage you to do what's comfortable for you.  However, if you like doing everything online as much as possible, inquire if they offer online account management.  If you're responsible for a large system and want to track multiple alarms or trouble alerts, it would be extremely helpful to have this capability.
  8. What kind of redundancy do you have for your alarm centers?  Do they transfer alarm monitoring to another facility if the original is affected by natural disaster?  Wouldn't it be a shame if where your building is at there are sunny skies, but the alarm center which is another state several thousand miles away was hit by a blizzard with no power for weeks?  What happens to your alarms?
  9. How much familiarization do your sales personnel get with the product?  Wouldn't you hate being sold a car the car dealer never drove?  How can someone tell you about the quality of their installation and service components if they've never seen them in action?  I would be highly impressed by any company who had new sales personnel going out on these calls with their experienced technicians.
  10. What separates you from everyone else?  Most salesmen will attempt to answer this but usually fail.  Why?  Because they're focused on what their company told them makes them different.  If he or she gives you an honest answer such as "We charge a higher price", he's good to go because he'll follow up with "You get what you pay for in life.  If you want a free root canal, I could give it to you but you won't sleep easy.  We charge more because we're worth more.  We provide better service, a better product that we developed, and a commitment to protecting your business rain or shine.  It took you a while to build this business.  We want to ensure you have a while to enjoy it."

Monday, November 28, 2011

Wonder if something like this could happen in the US

I wonder how long it would take a US company to realize it was being duped....Let alone an entire municipality.  Hmmmm.....Me thinks this may happen more than some folks will admit.  While in the United States we are very results-oriented towards crime prevention, given the right of circumstances this is extremely feasible and lucrative for certain nefarious individuals.

Imagine you're a medium size apartment rental community, you've never been robbed or vandalized.  However, given your location and the lack of resources you have to devote to a long-term security presence particularly after normal business hours, you're easily sold a 24 hour monitoring service by what appears to be a reputable company.  They have good letterhead, an 800 number, an awesome website with guys wearing suits staring at monitors, and some pretty authentic looking testimonials.  You decide to subscribe to their service with a monthly fee of $99 and the $2000 deposit for the "equipment" they installed.  There was drilling and a separate WiFi box.  You assumed they were legit.  How were you and the 30 other people in your city supposed to know they were crooks?

Not all flashlights are created equal....

Other than working from your home and talking about your passion in life, the biggest perk of this job is product review.  Sure, I love bragging to all of my military buddies that I work in my pajamas in between  my son's naps and my marathon reruns of Star Trek: The Next Generation.  However, this past month, courtesy of the good folks from Victory Defense, I have had the honor and privilege of reviewing one of the coolest flashlights I've ever come across.  In 10 years of service to my country, I have come across some cool flashlights that have everything from "DNA extractors" to strobe effects to disorient non-compliant subjects.  So what makes the LumenCam so special?

In addition to making dark places bright, it also functions as video recording device.  That's right, folks.  It's a camera and a flashlight.  I know what you're thinking - what a gimmicky product to sell.  I have to admit when I first saw it, the thought did cross my mind.  But there are some things about this flashlight that are hard to ignore.  Here are a few:

  1. It's waterproof.
  2. It records video and sound.  Why is this useful?  The video can be transferred from the flashlight to a computer and preserved for evidence.  It can also be used to give a first-person view during training after-action reviews.  Can you imagine if every member of a S.W.A.T. team were equipped with one of these during a critical incident in which loss of life occurred?  What if your security personnel were required to have these during their rounds?  If you have an incident where they need to respond, this flashlight could mean the difference between a costly civil suit with consequent punitive damages and a successful motion to dismiss.
  3. It has a USB port to transfer data from the flashlight to a computer.
  4. It's extremely durable.  Other than being made completely of metal, it has a grated surface to prevent slipping due to moisture.
  5. It has a rechargeable lithium battery.  All I have to say is "Holy Long Battery Life".  In a test to see if it would hold up as advertised, my two year old son left it on for THREE hours and it was still holding a charge!!!  ATTENTION FUTURE COMPANIES I WISH TO SOLICIT LATER FOR PRODUCTS TO REVIEW:  My son isn't involved in all product testing.  However, I feel if a two year old can break it, then you have some issues.  If my two year old can operate it, then your product rocks.
  6. It's dummy proof - almost.  The operations of the flashlight are pretty standard and thus extremely easy to do.  Don't believe me?  Check out the data sheet below.  However, the transferring of files may be a bit too much of an exercise for some of the less technologically savvy of our security and law enforcement brethren.  
  7. Video recording is seamless and the memory storage is pretty decent (4G).  I had zero issues with recording video and audio.  You could hear a whisper two to four arm lengths away.  The video was easily playable and required no special drivers or plug-ins.
  8. The light has phase brightness.  I affectionately called these "bright" and "really freaking bright".  I'm sure there's a much more technical and possible professional way of saying that but you get the idea.  It's your standard brightness you'd expect from a tactical light with brightness for near and far objects.
Did I like everything about the camera?  To be honest, I only had a few things I would change:

  1. I would like the flashlight to be somewhat smaller.  This is a great light if you have the kind of duty gear that has the ring you can attach standard police flashlights to.  If you don't, then you have to carry this in your hands the whole time you're on-scene.  A smaller light allows for the ability to have the light tucked in or recessed somewhere on your person (i.e. a pocket, inside your belt line, inside a pouch).
  2. The price was a bit much for a rookie to purchase right away.  This is where I believe the smaller size would be helpful.  You may lose some memory storage capacity but you would also be lowering the price and increasing your market share.
  3. If they do make a smaller size, place a trigger button on the bottom of the light if possible.  Having the light switch on the top could be counter-intuitive for some operators who have gotten use to tactical lights with triggers on the bottom.
  4. Make it what I call "rail adaptable".  It seems like every light you see these days looks like you can mount on a rifle or your pistol.  I'm not a fan of lights on pistols but I would like to see this in a much smaller size on tactical carbine.

All in all I really, really, really like this flashlight.  While I wasn't too impressed with its illumination, I loved how easily you could go from having no video to having full video recording.  I also enjoyed how easy it was to operate.  I hate picking up someone's latest and greatest in security tech and realizing its too gimmicky or complicated for the "guy on the ground" to operate effectively from day one.  I like tech that I can give a new guy on his first day without me having to teach him a full-on course.  This product is almost too simple.

You can say I didn't become really impressed with the LumenCam until after I finished reviewing it.  You see I live in a house with a two year old little boy who loves to bang, drop, drag, throw, drown, drench, punch, kick, bite, and bend anything he gets his hands on.  For a solid month, I've had this flashlight and watched in utter amazement as my son did all of those things and more with this light.

Conclusion:  If you have a little bit of cash and want to invest in something that's going to last and possibly be the only thing in your arsenal capable of telling things the way they really happened, drop by the folks at Victory Defense and get the LumenCam.  Believe me, it's worth it.

Looking to buy one, the wonderful people at Victory Defense are the ones to get it from.  Check it out here or at .

Here's a fact sheet about the Lumen Cam:

LumenCam Data Sheet

Friday, November 25, 2011

Do You Have Everything You Need to Earn Your PSP Certification from ASIS?

If you're a seasoned security professional, you're probably aware that the Physical Security Professional certification awarded by the American Society of Industrial Security, Inc. is one of the most sought after security certifications.  It takes a lot of work and experience to earn this certification.  It should.  It is the only certification of its kind that affords SAFETY Act liability protection.  What does this mean?  Loosely translated, according to ASIS, it "gives ASIS board-certified professionals, their employers, and their customers immediate protection from lawsuits involving ASIS certification and the ASIS certification process that arise out of an act of terrorism.  Not only does it limit the types of liability claims that can be brought against a certificant, but it also entitles the certificant to immediate dismissal of those specific types of claims."  As I embark on the journey to attain mine, I have decided to include a list of items all of those interested in learning more.


An earned Bachelor's degree or higher from an accredited institution of higher education Work
Four (4) years of progressive physical-security experience. OR Education:
An earned High School Diploma, GED equivalent or Associate's degree Work Experience:
Six (6) years of progressive physical security experience The applicant must not have been convicted of any criminal offense that would reflect negatively on the security profession, ASIS, or the certification program. All ASIS programs comply with the Americans with Disabilities Act. All ASIS programs are non-discriminatory. Eligibility for PSP® certification and recertification is denied only when an applicant does not meet relevant security-related criteria, when an applicant has violated the PSP® Code of Professional Responsibility, or when an applicant has committed an act that would reflect negatively on ASIS and the PSP® program.
Definition of Terms

  • "Physical Security" means the various physical measures designed to safeguard personnel, property, and information.
  • "Experience" means that the individual has been personally engaged in the physical security field on a full-time basis, or as his or her primary duty. Included is:
    1. Experience as a security practitioner in the protection of assets in the public or private sector
    2. Experience with companies, associations, government, or other organizations furnishing services or equipment, including consulting firms, provided the duties and responsibilities substantively relate to physical security.
    3. Experience as a full-time educator on the faculty of an accredited educational institution provided the responsibilities for courses and other duties relate primarily to knowledge areas pertinent to the operation of physical security program in the public or private sectors.
  • Successful Completion of Exam An examination is required for all applicants who meet the experience and education criteria. Candidates must pass the examination to achieve the PSP® designation.

    You'll need the following books and guides.  I've read the risk and analysis text and was pleased with its readability.  The topic wasn't as "sexy" as the physical security texts but it was still easy to comprehend.  I've scanned over some of the other books and the appear to be easy to read as well.  When I was in the military, these were excellent references for me.

    1. Design and Evaluation of Physical Protection Systems, Second Edition
    2. Effective Physical Security, Third Edition
    3. Introduction to Security, Eighth Edition
    4. Risk Analysis and the Security Survey, Fourth Edition
    5. ASIS Facilities Physical Security Measures Guideline (2009 edition)
    6.  Implementing Physical Protection Systems: A Practical Guide
    7.  ASIS Business Continuity Guideline: A Practial Approach
    You'll need to fill out the application and set a date for when you're ready to test.  There a few reasons I like the certification process.

    1. You're vetted based on your experience and not just knowledge.
    2. You get multiple chances to retest.
    3. It's a computer-based test.

    All in all, this means you can't simply "buy your way in".  Most of the people I've met with the certification were very knowledgeable and experienced.  Here's a link to the application and its handbook.

    Thursday, November 24, 2011

    Learn to take "no" for an answer or else....

    Kathleen Baty, an anti-stalking advocate and pioneer

    This week, we'll be profiling someone who knows what it's like to be "hunted" by someone else.  Her name is Kathleen Baty and she has been a pioneer in the world of anti-stalking legislation and prevention.  I had the honor of speaking with her in October.

    Good afternoon, Kathy.  I can't begin to tell you how much of an honor it is to speak with you.  I came across your profile on LinkedIn and Twitter and thought, "I have to talk to her."  What can you tell us how you began this journey.

    Well, for starters, I was a victim of a stalker.  While in college as a cheerleader, I became acquainted with a man who "hunted" me for 15 years. I literally hid in my home and was in fear of my life.  You learn a new set of skills when you're being pursued by someone like that.

    When did things reach the breaking point?

    One day, he gained entry into my home and held me at gun point.  He told me to get in the garage where he had meticulously laid out tools for what appeared to be my kidnapping.  I was shocked because it looked like he had been in there for a while.  I did everything I could to "humanize" myself.  During this, my mother happened to call and was alerted something was wrong.  Thankfully, she called the police and told them something was wrong.  Because of this nightmare, I had been working with them for years in trying to catch the perpetrator.  Just as we were going out to his car, the police arrived.  I can remember the police drawing down on him and seeing an officer who was standing a short distance away.  I ran to him as soon as I could.

    Would you say this was a catalyst to get you to lobby for stronger anti-stalking legislation?

    It was.  What also helped my cause was I an excellent communicator and could put a face to the crime.  I began working with U.S Congressman Ed Royce.  With his help and the tragic events surrounding actress Rebecca Schaefer, the first national anti-stalking law was enacted.  It provided stiffer penalties for stalking and clearly defined what it was for the first time.  There had never been a law which outlined what it was.  That's what made stalking so hard to prosecute.  Law enforcement officer couldn't arrest someone for simply following you around.

    Weren't you also instrumental in helping LAPD develop their Threat Management division?

    I was one of a few advocates and other law enforcement personnel who were among the first to start it up.  I provided a lot of useful information from a victim's standpoint.  It is out of this that in 1992, the Association of Threat Assessment Professionals was founded.  Its mission is to share and facilitate the experiences and techniques of professionals in the field of threat assessment and/or threat management.  We have partners from every facet of law enforcement and public and private sector security.

    What are you involved with now?

    I'm still active as an advocate for stronger anti-stalking laws.  I also do a TON of public speaking with regards to how women can better protect themselves and take charge of their own personal security.  I am a firm believer in "girl power".  I hold seminars and workshops for companies and other private organizations who are concerned about the safety of their female employees.  I enjoy speaking with the corporate security guys.  Many are very concerned about stalking and want to learn what they can do to help their female employees.  What I tell them is to be proactive and coordinate as much they can to law enforcement.  It also helps to have folks like myself to come in and speak to their employees as to how they can proactive protect themselves.

    Speaking of law enforcement, what do you think would help law enforcement in prosecuting these crimes?

    Better coordination.  Far too often, agencies don't talk to one another enough about cases that may impact one another.  For example, when a victim moves from one jurisdiction to another, the information needed to catch and successfully prosecute the perpetrator such as protection orders or even prior law enforcement contacts, is often missed.

    Kathy, thanks for speaking with me today.  You are a wonderful role model for victims and advocates alike.  It has been an honor to speak with you.

    To learn more about Kathleen Baty and her work, check her out at   to learn more about stalking, check out

    Captain, we are being hailed....

    It isn't every day you get to look at the future.  One day in October, I did just that.  It all started with a Tweet during ASIS 2011 regarding behavioral analytics.  I was somewhat curious as to what it was and so I chimed in asking questions.  Normally, when you start asking questions about a product, you don't expect the company to "follow" you on Twitter.  Well, BRS Labs did just that.

    Curious as to what behavioral analytics was and why BRS Labs thought it would revolutionize the security industry, I requested an interview.  Boy, am I glad I did because they didn't put me in contact with a PR minion.  Nope.  I spoke with the CEO and founder, Ray Davis, a pioneer in the tech sector.  According to the company's website, "In 2000, when the Dot.coms of the era struggled to deliver a cost-effective operating system for the Internet, Mr. Davis invented the only viable method to deliver computer applications online. With the technology built and patented, Simdesk Technologies delivered Office applications over the Internet at a staggering 20 million users per server, a benchmark that has never been matched."

    Good afternoon, Mr. Davis.  It is an honor to speak with you.  I have some very general questions to ask about BRS and behavioral analytics.  Would you please tell us what behavioral analytics is?

    Thanks, Scriven.  Let's first start off by explaining how this all came about.  Over the years, the security industry has developed and marketed what we term as "rules-based analytics".  What that entails is programming a CCTV system to alert an operator of a violation of a prescribed set of "rules" in its view.  It operates like a traditional "trip wire".  If the camera detects a pattern inconsistent with the users prescribed set of allowed patterns, it alerts the operator.  The industry went to this model because it realized the unrealistic expectation that an operator could stare at numerous screens for hours on end and reliably analyze various data streams.

    There are problems with this, though.  Installation costs in regards to "man hours" are high.  It can take hours or days to setup each camera with each set of "rules".  Additionally, they are also high maintenance costs as well.  If the camera moves, then you have to change the rules all over again.  Perhaps the biggest drawback is in "real world" situations it can cause missed or false alarms.  In other words, you can have a false alarm generated by a normal nonthreatening event.  This is an issue because as the event occurs over and over again the amount of false alarms increase and eventually the operator could begin to ignore any alarm from that camera thinking any alarm could be a false one.

    Obviously, the industry needed a better solution.  So at BRS Labs, we began to look for ways to make the system smarter and more adaptable to change.  The only way to make the system smarter was artificial intelligence.  (ATTENTION READERS:  This is where it gets COOL!!)  We created what is called an "artificial neural network" which could understand the "behavior" of an object and create the video into a computer language.  It generates "memories" over a period of time.  Rules-based systems are never as good as the first day.  With behavioral analytics, it is dramatically different because the system is always learning and adapting.

    Me (a HUGE Star Trek fan attempting to control my drool):  Did you just say "artificial neural network"?  You just made this Trekkie's day.

    As we developed this product, I often teased my children I was working to help create the "Big Brother" computer in the movies.

    What are some of the pros and cons of doing this sort of tech in the security industry?

    For starters, video analytics takes any where from 5 hours to 40 days to install per camera.  It takes behavioral analytics two weeks to learn.  After that, it never has to learn a new set of "rules" or patterns.  It literally studies the behavior of the objects in view and determines what is abnormal and what is not.  Traditional analytics generates approximately 1,500 false alarms whereas our system generates 1 alert on average per day.  After 30 to 60 days, it gets to less than one per day.  You can move a camera and not have to change to a different set of rules.  It will actively learn and adapt to its new "environment" or view.

    What are some of the challenges you faced when developing this system?

    First, you have to understand nothing like this had ever been attempted.  The challenges were massive.  Since no one had ever undertaken something like this, we had to start from "scratch".    Once we converted video into a programming language, the biggest challenge was developing a quality control for the product.  It had to be tested and the "kinks" worked out before its launch.  Because we are a software driven organization we took this approach.

    Who have been some of its earliest adopters and what is the future of this technology?

    One of our earliest customers was a major hotel in Bali who needed a system that could detect abnormal behavior.  This is significant because we were approached after the terrorist attacks there.  The customer was expecting to detect terrorists.  They got more than that.  Our system because it's constantly learning what is normal and what is not can detect any abnormal behavior.  In Bali, it was looking at an entrance and detected a security deficiency.  It saw several people bypassing a security checkpoint without being challenged or detected by the security personnel.

    Given its ability to detect such abnormalities, we have been approached by Defense agencies to develop a way for our product to exist within unmanned aerial vehicles.

    Me (having more difficulty controlling drool):  Did you just say "unmanned aerial vehicles"?

    The system can look at video of regardless where its taken and "learn" if anything in it view has changed and alert operators on the ground.  The applications are boundless.

    Me:  Mr. Davis, thanks so much for taking the time to talk with me.  This is perhaps the coolest thing I've heard affecting our industry possibly in the last 10 years.

    Here's a video of the system in action:

    Wednesday, November 23, 2011

    I'm really, really, really sorry....But I have a good reason....

    Just so you don't think I'm a complete loser, I have decided to do like every other celebrity and publish my mea culpa.....

    About Us