How To Get Your Family Interested in Security

A question I get asked sometimes is "How do I get my family interested in security?" The question, surprisingly enough, comes from security professionals who are passionate about what they do but find that their families either don't share their affinity for our trade or are rather lackadaisical about upholding mitigation techniques. Come on. Don't kid yourself. Your family could probably care less about security too. Your spouse probably says "That's why I have you, Mr./Mrs. Security Dude. That's your job." Yeah, I roll my eyes too.

As I stated in my previous podcast, you could pay $10,000 for the world's greatest door lock and have your entire mitigation ruined by a spouse or absent-minded child who forget to lock the door. It happens more than we like to admit. I also surmise it's why some of us are so passionate about security awareness training at work. Given that we view them sometimes as the "weak" link, let's look at how we can get them better at not just maintaining mitigation but also becoming independent security stakeholders.

1. Chill out and recognize who you're working with. You don't get to always hire friends and family. So, we're stuck with people who wouldn't know the difference between a padlock and deadbolt at times. And....why should they? "That's what you're here for" is a phrase I've heard countless times. Recognize the role you've taken as the security person of the house and how that has enabled them.
2. Don't scare them. We know things about the world in which we live that our families should never be exposed to. It's kind of why we do what we do, right? But ignorance isn't always bliss. In sales, I learned a term called "finding pain". It's a term used to describe learning what someone's personal security nightmare is and then exploiting that to get them to buy a proudct you sell to alleviate that "pain". Sounds pretty awful, huh? But it works. Do the same with your family. Ssssssssssllllllllllooooooowwwwwwwllllllllyyyyyy. This is where you explain to them how they could lose things they care about very easily if mitigation isn't there to stop the bad guy or at least aid in getting their valuables back or replaced. I have found explaining value and risk in its most basic and pure form has been very helpful with getting children on early as stakeholders. It takes a lot of time and patience but it is well worth it.
3. Invite them along to do a risk survey of the home. This sounds like something a bit too intense for your home but it's really not and rather easy to do.
• Give each person an area they're responsible for like their rooms or designated work/play areas.
• Have them inventory all of the items in that area they place value on. Tell them to ignore easily disposable items and clothes (absent something truly expensive).
• Also have them include photos of the most expensive items and to include any serial numbers if possible in the inventory.
• Give them value parameters. I make mine rather simple - irreplaceable, replaceable but painful to lose (cost too much or would take forever to get back), replaceable with very little to any pain. For smaller children, this could be a challenge so I encourage you to explain this a bit more in-depth and accompany them throughout the process.
4. Do your vulnerability assessments with them. We've identified things of value and the amount of pain it would create getting them back if it were possible. Now, have them look at all of the ways someone or something could make that risk a reality. For kids, you're going to have be patient and listen to every "ninja scenario". With boys, you'll hear this threat profile thrown around a lot. Get used to it. Explain the difference between a likely exploitable vulnerability and one's that will probably always remain vulnerabilities (Bad guys cutting a hole in your roof). Get out a map or overlay and have them articulate the vulnerability.
5. Address threats. Be sure to caution them to stay away from "thinking like a wolf" mentality. Most often, your family is a mix of really good people. So have them look at likely threats instead. With smaller kids, explain that because it's "likely" doesn't make it real. A bad guy could walk down the street and decide to randomly steal your kid - that doesn't mean every stranger is the bad guy. Explain that because we don't know every person who could be down the street means we can't exclude all of them as potential bad actors for certain crimes. This is also a good time to explain that most violent crimes occur when victims already know their attackers. If we know all good people, then we can reasonably say our probability of meeting harmful attackers is minimal. Crimes of opportunity can be more difficult to simply dismiss because the likelihood exists that you could be a victim of a stranger. Thus we have to mitigate that threat, as well. Discuss any sort of special security issues you face (i.e. any jilted lovers, enemies from prior jobs, stalkers, etc.). 
6. Buy door and window alarms from the Dollar Store and have them work through a variety of home security projects. My absolute favorite activity to do with children is building "booby-traps" with these Dollar Store gadgets. I have them take a map and examine their likely avenues of approach, chokepoints, and areas of final denial. Then, I talk about how the gadgets serve one purpose only - detection. Afterwards, we mark where the gadgets are on the map. Finally, it's time to deploy them. An old trick I learned was fishing line attached to magnet on the "alarm" and securing the sensor/annunciator to the object it's resting on. When the bad guy trips the wire that's wrapped around another object and attached on the other end to magnet, it will then yank the magnet from the sensor it's resting on and sound the alarm. Trust me. Kids love this activity.
7. Go over "secret" codes and how the alarm system at your home works. Sounds pretty basic but you'd be surprised how easy it is to get them on-board by having them understand how the control panel works. Maybe, you don't share the activation code but you can show them how to work the duress code and how to call for help. I like the idea of a "secret" code that's for everyone in the family only, as a way of building into the family a living duress code system for everyday use.
8. Next, go over contingency plans. Where do we go? What do we do? Who do we call? What are our "actions on contact"? Again, we're not making everyone in the house Jason Bourne but are making everyone in the house prepared for other events than just a house fire. Having a plan and even rehearsing that plan are absolutely key to having a comprehensive home security program.
9. Address access control. Growing up in my house, my mother would call this "Don't you let anyone in my house I didn't invite". Yeah, it was that serious. It's almost as if she was grooming me for this trade. Explain the rules for allowing people into the home. BE VERY FIRM HERE, ESPECIALLY WITH SMALL CHILDREN (WHO SHOULDN'T BE ANSWERING THE DOOR ANYWAYS).
10. Teach them situational awareness. This can be very challenging for some members of the family. Be patient and make it fun. I like to start with memory games by asking questions like "What was the color of the car outside as we pulled up?" or "What kind of hat did the guy walking down the street have on?" Do this enough times and you'll be in amazement with how fast they catch on.

Your experiences with this will certainly vary. I've had a lot luck here but I would be seriously remiss, if I didn't disclose that it's been challenging. The key is patience. Take your time. Understand the lay of the land. Most importantly, make this about us rather than about something you do.

Let me know if you have any ideas of your own.

How to Pick A Legit Professional Security Certification aka How Not To Get Scammed In Ten Easy Steps!!

One of the cornerstones of any successful career is training. It's no different in security. Whether you're at a seminar or enrolled in a course, you're doing so because you want to move forward professionally. What better way to demonstrate you're prepared for the "next step" than to take a course or two and learn a new skill? Yeah, it often sounds cooler than it is. What's even worse, in my opinion, is that for many of us the price of pursuing professional development ain't cheap.

I love the American Society for Industrial Security International (ASIS). It is awesome for all-things professional development in security. It has networking, great conferences, expos, a reference library, and its own bookstore. ASIS is also host to some of the most sought-after professional certifications around the world for security. There's one catch - it's pricey. It'll run you about $400 dollars including annual dues to pursue their Physical Security Professional (PSP) certification. It's recognized even by the United States government in the SAFE Act and also has ANSI/ISO 17024 Personnel Accreditation.

ASIS isn't the only horse in the stable offering professional certifications in security. My only problem is almost none of them require the breadth of knowledge, professional recommendations, and experience levels ASIS requires. Many are purely paper-mills.

There is a professional certification body that has a horrific reputation in our industry. I've heard from numerous of their certificate holders all that was needed for their certification was a check and they received a lapel pin, t-shirt, a CD with reference materials which were mostly outdated, and a diploma. In fact, if you go to their site and attempt to pull up their "sample" certification test, you get a 404 error code. There have been a number of articles written on the founder as well.

Getting a professional certification or even getting good training from reputable people can be difficult. My advice?

1. Ask around on security, tactical, or law enforcement forums. There are lots of forums on the Internet that cover these schools and certifications. You're not the only person who wants to grow professionally. Be careful - look for guys who have a solid reputation in the group. My favorite sources are the folks who don't have to tell you what they do every post but you have an idea.
2. Find a mentor to ask. Seriously, if you don't have a mentor in security, you're doing your career all-kinds of wrong. Get a mentor and ask about training and certifications.
3. Search LinkedIn. I know. I know. LinkedIn can be seen as the worst place to network. I get that which I said "search". That's right - look at the qualifications of folks who are where you want to be professionally and see what certifications they have. See if the certification passes your "sniff test". Basically, if it seems legitimate and checks out with other reputable sources, then it might just be okay. Be careful - even "legit" folks fall for the trap of easy paper-mill certifications.
4. Investigate who recognizes certain certifications. The easiest way to spot a fake certification is to which, if any government bodies formally recognizes them. By "formally", I mean look for statutory and regulatory citations of the certifications. If they won't recognize it on "official letterhead", then already have a good idea it may be something you don't need or want. 
5. Check to see if a certification is needed for jobs similar to a job you're wanting but on another employer's site. It sounds shadier than it sounds. Okay, it does sound a bit shady but let me explain. We're not looking for a new job - yet. We're looking to see if other employers require a certification for that position. For example, the other day I saw a job listing for a job I would give my left arm and my dog's favorite bowl for. Yes, it was that serious. That job listing had a certification I had never heard of and certainly not one I had seen on other listings. I scour the Internet and sure enough, it's really cool and legitimate certification. Psssst. If anyone knows a guy who knows a guy who can get me to a Lenel certification, I'd greatly appreciate it.
6. Check the price tag. I hate to tell you this but security training and certification ain't cheap. Personally, I have spent well over a few thousand dollars of my own money to get certifications and training. These certifications and training have given me a "leg up" on the competition in some ways and have afforded me new skills but they did not come cheap. Most of the legitimate stuff that is out there is expensive. If you can't get your employer to pay for it (because they're either too cheap or you're not employed), then I suggest saving up and paying later. Trust me. If it's cheap and supposed to be amazingly career-enhancing, chances are it's probably not one of those things.
7. Read and research the testimonials. A lot of places brag about having "security directors" and "officials" but often, this is just pure fluff. Wait. I misspoke - it's just a flat-out lie. I suggest you read the testimonials. I'm not saying some certification bodies don't have management and executives getting their certifications. There are some who definitely are not honest, though. Find out more about the people who laud the body - who they are professionally, do they actually exist, and whether they have a bias. You shouldn't base your decision on testimonials but they can be a key component in the process.
8. Check the reference materials needed for the course. I love any certification that requires industry-standard texts (ahem, ASIS....That's why I love how you certify). I also like certifications that have online instruction materials as well. Most paper-mills will furnish you with a text and have you take it open-book. Nope. Kind of a red flag for me.
9. Avoid open-book certifications. Not all open-book certifications are bad. Most are very cool. This was my preferred method of certification in the military. That said, I'm a grown-up now and employers like something that forces you to study and come away with industry-standard competence in both skill and comprehension. In other words, an open-book exam doesn't "teach" you anything.
10. Any respectable training or certification vets its students. Any program that doesn't ask you any questions beyond your credit card is probably not the kind of place you want a certification from. ASIS has you submit references for the PSP exam and sign a "blood oath". Just kidding, ASIS. No, just the references. I know if I was going to certify a person on a skill-set that could get people killed if not applied properly, I'd want them screened beforehand so I'd know if they could handle that responsibility. Pain in the butt for us going for the certification? No doubt. Make you feel like you belong to an elite group of professionals? No doubt.

Here are some legit certification and training bodies in security (PLEASE, NOTE THIS LIST ISN'T ALL-INCLUSIVE. I PROBABLY LEFT OUT YOUR FAVORITE TRAINING OR CERTIFICATION. BREATHE DEEP AND CHILL OUT):

• International Foundation for Protection Officers
• American Society for Industrial Security International
• International Information System Security Certification Consortium 
• American Society of Civil Engineers
• National Tactical Officers Association
• National Rifle Association
• Federal Emergency Management Agency
• Federal and State Law Enforcement academies
• Private tactical operations schools
• Government Training Institute
• Tactical Energetic Entry Systems
• Executive Protection Institute
• Executive Security Institute (it's been around for ages - I was once a student)
• Law Enforcement Learning
• TEEX

There are other thoughts I'm sure on this. The simple truth is getting certified is no easy task and if it were easy, you wouldn't like it very much.

OPINION: The Ten Things We Can Expect To Happen In Security For the Next Four Years

So....the election is finally over!!! There's a lot to be said about the politics of this election and what that means for insert-the-name-of-your-special-interest-group. Have no worries - I'm not going there. In the vein of "staying in my lane", I'd like to discuss what the next four years will look like for those of us in security.

1. Expect more protests. Seriously, nothing with respect to protesters and how they feel about a litany of political issues will change except they'll find more reasons to protest. There is little that can be done about it. Accept it. Monitor it. Hope to mitigate it. Move on.
2. Expect ISIL to show up more. Given the aggressive nature of how the next administration plans to engage ISIL, there will inevitably be more attacks either from the group or its sympathizers and ad-hoc members aka lone wolves in retaliation. Expect more attacks against soft targets during periods of high crowd frequencies or surges like major U.S. holidays. Why? Simply put: ISIL and most jihadi organizations are holy anointed apocalyptic cults who are actively trying to bring on the apocalypse and any conflict with the "West" is objective towards that goal.
3. Expect violence against minorities. The new administration has found its campaign rhetoric resonates with people who share ideologies that encourage violence against minorities. Not saying that message came directly from their campaign; just that the rhetoric resonates. How much more violence is unknown at this time. Seriously, it's been a few days since the election and while we've had a number of attacks reported, it's still much too early to see how far this develops as a long-term trend. That said, be very freaking vigilant.
4. Cyber security could get really interesting really fast. There could be more cyber attacks against this administration and groups who contract with them. Also, we could also see counter-attacks from groups who sympathize with the administration. Has there been any indication of this happening? I haven't seen anything yet but we should know soon enough. If public outcry continues, then we can expect potential cyber attacks in response or in tandem.
5. Border security could spawn a growth in physical security. The wall that is being discussed and presumably implemented will require an immense amount of physical security to augment surveillance and protect the wall. How many cameras and sensors will need to be installed? Who gets that contract? What about construction security? What about the wall itself? Lots of things to be hammered out but I expect some growth in the physical security sector if the wall comes to fruition.
6. More stringent controls on immigration and background checks needed for visas. This was a central part of the campaign and cannot be ignored. I suspect the new administration will rely on the hearings that have been held in Congress previously on visas and travel documents, as a guide. My suspicion is that not much will change for those who immigrate from countries we already share travel document information with. Much stricter guidance will come about for countries which have a history of poor identification documentation controls and who have poor passport security.
7. Police officers will continue to die in the line of duty. I mention this because there seems to be some mythology that exists which says tougher penalties on cop-killers means more deterrence. Time and time again, we've found that not to be the case. Yet, this is also a theme with the current administration. I do not argue that tougher sentencing is warranted for any murder; I do have issues when we infer a harsher penalty will bring a greater reduction than focusing on what drives the crime to begin with. Fix what drives people to kill and you will see long-term results in dramatically reducing the number of line-of-duty-deaths for cops.
8. Crowd mitigation will become a bigger issue than is being discussed in the security industry. If you've heard me speak on this topic before, I apologize but this needs to be said. We're not doing enough to mitigate crowd surges which serve as target-rich environments for bad guys. Unless the new administration hires national security people who understand the importance of mitigating this issue, my fear is this will continue to be exploited in a significant way.
9. Gun control and marijuana will continue to be big-ticket issues. Weed is legal in more states than before which means many of these states will be looking to Colorado and others to determine what should be their guidelines for security. I suggest if you live in a new weed state, brush up on this stuff. There's a big opportunity for growth.
   
   Active shooters will continue to murder people. Fixing this in the short-term is never going to happen. Again, expect this trend to continue until we discuss what drives it. Thus, gun control will grow as a hot-button political issue.
10. Criminal justice reform is not going to happen. The new administration has stated one of its primary objectives is the restoration of the rule of law and has taken on a very pro-law enforcement stance. Expect little in the way of discussing reducing or eliminating mandatory sentencing. It could happen but not for the next two years.

So that's how I see the next few years. It's not an entirely optimistic view but I believe it to be an honest view of what we can expect. I'm not going to take a pro or con position on the administration here but I would like my readers to begin the process of determining how they plan to mitigate some of these things. No matter who is president we have a profession that demands we place public safety above our political leanings. Let's do what we can to achieve just that - public safety. Perhaps, when we do this, rather than embrace fear and anger, the American people will embrace hope again.