We'll Leave the Light on For You

Sick of "green" this and "green" that everywhere you look?  I can even imagine the hard-core save the earth hippies cringing as the corporate world profits from the green craze.  But there has been one corner of this new green world that's intrigued me over the last few months. 

Being a security guy, lighting is as important to me as a comb is to a barber. And being from the Research Triangle Park (RTP) of North Carolina, I'm extremely happy to see the success of the LED technology innovators - CREE. In this frightening economy, it's impressive to see the kind of growth these guys are achieving. So the natural progression here is for me to start thinking about the benefits of LED lighting in security applications right? Absofrigginglutely. 

On the surface, it's easy to see how using LED technology has long term budgetary benefits over other options. And "being green" is feather everyone wants in their cap. But as you dig a little deeper, there may even be some more logistical and security-operational benefits. 

Seeing as how it takes a lot less juice to power LED lights, you open up a whole other level of options when you're talking sustained and durable lighting. I'm even seeing some solutions packaged to sell now. (I don't have any first hand experience with the linked solution, just using it as an example). 

Problem: When the power goes out - your lights go out. It's fairly normal to have emergency lighting inside your facilities but not your outdoor spaces. I may be off base here, but it's been my experience that asking your facilities management department to put your outdoor lighting on generator back-up is like asking your HR department to insure pets. It can be done, but it's going to cost someone a lot of money.

But what if your outdoor lights backed themselves up? I don't feel we are ready to have 100% solar power running our outdoor lighting. But I do feel that switching to LEDs help you keep them lit when the power goes down. 

I'd like to hear any experiences out there with backing up outdoor lighting, or using LEDs outdoors. Along with my concerns about 100% solar lighting - I also have concerns about how effective LED lighting is for this kind of use (we all do). 

You can find more info on Cree here and here. 

Social Networking at the Physical Security Industry's Largest Conference

The big question I was asked on numerous occasions during the conference was "Is it really worthwhile for security pros to use social networking and media?"

With the amount of industry users growing, the usefulness can't help but increase. (that's my short answer)

But I invite you to read on and see if my full assessment jives with what you are seeing as well.

It would be easy for some of us to say that social networking was a great success this year at ASIS. But, it would also be easy for some to look at meet-up attendance levels and overall "group" participation and argue against that fact. The difficult thing to define here is the "success" or "irrelevance" of the overall social networking activity - and how you measure that is fairly subjective.

That's because the users of social networking fall into three distinctly different groups. Probably more than that - but for the most part, I pigeon-hole everyone into three:

The Marketing or PR Pro / Provider: This game has been revolutionized in recent years by social networking, media and similar tools that have shifted the focus off of traditional marketing avenues. So it's no surprise that security equipment and service companies have started to get on board. The reasons for it's popularity have a lot to do with opening communication channels and new dimensions of information flow and monitoring (if properly used and planned out). How well does all this relate in the physical security industry? Not nearly as well as the rest of the world but there is definitely some positive growth. It's hard to argue with the success of marketing and customer service through this method, especially when you see what some of the larger providers do with it. It's refreshing to see @firetide, @HIDGlobal, @exacq, @DMP_ALARMS, @chelsiewoods, @ProtectionOne, @pprobinson, @ProvidentMike, @RhiannaDaniels, @Futureshield_CW, @Todd_Morris, @3VR, @stevesurf and BoschSecurityUS bringing that kind of enhanced service to their customers. It's a shame, but some of the larger manufacturers/providers are running social networking accounts with little to no value whatsoever. (not listed for obvious reasons)

The News Pro:

Call it New Media, Citizen Journalism or whatever you'd like - but things are different in the world of news. Social networking has given a press pass to just about anyone who wants one. I think this is a great leveling agent in many ways, and it can sure make things interesting.

The industry is already covered well by both print and online media, and the news industry in general is embracing social networking and media as a way to connect with users and enhance the relationship all around. I've watched with great interest as editors/reporters like @Sam_Pfeifle, @BrentDirks, @Security_Mag, @Leischen and @info4security have used social networking as a powerful tool.

The End Users, Consultants and Practitioners:

This group includes not only the end users, but just about everyone else that isn't selling a product, service or reporting on it. The motivation to use social networking is more clear with the marketing and news people, but there are more reasons and a wider set of goals with this group. Since goals very greatly among users in this group, it's difficult to measure success

In conclusion, I feel that most security professionals who are using social networking for non-sales and non-news reporting reasons are starting to see value. That's because the amount of valuable resources available varies directly with the amount of other industry people out there, using the same tools. One of the key benefits of social networking is the accessibility to others in the industry at all levels. This dynamic was slowly developing over the last few years, but the conference was a shot in the arm, boosting numbers of users and everyone's effectiveness. Thanks to everyone who participated in the conversations, and helped to further this developing medium!

More Conference News

A few things going on today in the social networking world for security professionals. 

But, to me the coolest thing was the arrival of the social networking lanyards from Laminex. 

Lanyards

As you can see, they turned out pretty well. Please note, the printed Twitter ID is the result of an iron-on transfer. If you signed up for your lanyard early enough I've got a transfer for you. Still not sure if I'll be able to iron them all on before the conference but I'll try. Also note that the lanyard to the left is modeled by my 6yo son. so unless you are under 4" tall your badge will not hang to your waist. 

TweepML List

The second cool thing was the completion of the TweepML for Physical Security Professionals. This is a dynamic list of 100 security professionals on Twitter. If you enter your user ID at the end of the list, you can choose to follow all, or select specific people to follow. It would be great if TweepML would generate a RSS feed of the members twitter streams but so far I'm not seeing any way to do that easily. 

Well, the only way to do it easily is through the FriendFeed Room. Unfortunately, there wasn't much interest when it was formed but maybe there will be now. 

Conference Tools

Which leads me to the third cool thing. If you've ever gone to a conference where you and others were using Twitter you probably noticed how easily information was shared between everyone by the use of hashtags. Hashtags are simply putting the # sign before a word. Doing so makes it easy to search for that word and compile a list of current tweets that contain it. For instance, if I'm at a vendor booth and they are about to start a demo of their latest technology - I can send a tweet with the #asis09 hashtag in it. Everyone following that hashtag will see the message and know. This kind of communication is new and strange to many. It falls between direct person-to-group communications and general postings of information. With person-to-group the ones receiving the message are expected to respond or digest the information. Just posting the information so it's available makes it difficult for everyone. With Twitter, the information gets to everyone who wants it - and people can choose to be as interactive as they desire. 

Andres Armeda has done an impressive job making this easy. We're in the process of configuring tools for social networking users to stay on top of things during the conference. The goal is to give people the resources they need to monitor what others are saying and doing without hassle. This will take the shape of a website that's streaming all conference related posts, RSS feeds that can be turned into SMS messages and even a specific twitter account you can follow to get everyone's traffic from one source. 

Meetups

Still need some help in this area. It's obvious that this year's conference will not have as many large scale events as previous years. However, I'm still trying to secure some agreements with the events that will be held to arrange for at least one meetup a day. Monday is the ASIS sponsored meetup at the President's Reception - but only conference attendees have tickets to the reception unless they are purchased specifically. Since a good number of us are exhibitors, that leaves a good number out in the cold without tickets. 

I'm hoping to arrange for meetups as part of larger events. For instance, if Company X is holding their event Tuesday evening, they agree to allow social networking users into the event to meetup with each other. If your company is interested in helping, please let me know. You may even be interested in hosting a small get together for Twitter, LinkedIn and Facebook users. If that's the case, you'll definitely earn a place in each of our hearts and I'm sure your investment will be returned through the solid networking value alone. 

 

ASIS 09, Meetup and Lanyard News

Two exciting developments came into shape today for social networking at the ASIS 09 conference:

1. ASIS gave the green light today to publicize the social networking meetup they will sponsor. It will be held at the President's Reception, Golden Horseshoe Saloon, 7:30-8:30 pm at Monday night at Disney Park.

"Guests can enjoy cocktails and appetizers while meeting the people in your networks and sharing a little more than 140 characters at a time!" (I have to give Peggy O'Connor at ASIS credit for that clever statement).

Now - this is very important - you must have a ticket to the reception in order to attend. If you don't, I'm sure we will be working out other meetup opportunities as part of other events but I think it's very cool of ASIS to host this one!

2. Our friends at Laminex are supplying a limited number of social networking lanyards. The idea of these lanyards is to let people who use social networking easily identify each other but not detract from the official ASIS ID badge or any company attire you may have to wear.

As you can see from my poorly constructed example, it will be a sexy, fashionable lanyard with both form and function. There is a space for your Twitter ID, but you can even use your name if you are not on Twitter. Laminex says it's possible to use iron on transfers to make the user names look slick, but that would depend on me hunched over an ironing board for hours. (Someone would have to answer to my Ortho). I'm not saying we won't end up with the slick transfers - we'll just have to figure something out.

Want one? Of course you do.

Just head over to this link and sign up.

Is your company hosting an event during the conference? I'm hoping to pull together other meetup opportunities as part of larger gatherings so let me know!

INFOSEC in the Social Networking World

As strange as it may seem, it's looking more and more like there may be yet another dynamic to this social networking thing. Nothing new really, especially to the social networking community - but I can see some definite room for growth. 

Working my way through the issues specific to physical security professionals, of course I ran across big picture organizational issues that should be addressed. For instance, how do you handle staff members in the organization you're protecting that violate INFOSEC rules? 

I always assumed INFOSEC concerns would be addressed through the "usual" channels, but it's becoming more clear there's a problem. 

Even organizations with robust INFOSEC policies and practices can have trouble when a new avenue pops up that doesn't follow the traditional information paths. The beauty of social networking is how effectively it cuts through tradition - but by doing so, it leaves behind the safeguards designed to secure sensitive info. Having that robust INFOSEC policy in place isn't enough anymore, it's the organizations with robust INFOSEC people that are keeping up in this game. 

So, like many things in this field - there are pros and cons to the situation. The cons are of course sensitive information being spread out to the world by staff members who don't think before they tweet/update/etc. But the pros are hopefully a return to support behind giving security groups the resources to mold and maintain INFOSEC rather than just audit it. 

How well does your organization communicate with staff (or whoever) about INFOSEC on social networking platforms? This could be something that can easily be covered by expanding current programs - or it could need much more. 

Time to Start Planning for ASIS 09

It's getting to be that time of year again, ASIS 2009 is just around the corner (end of September) - which is easy to remember because it's around the same time as my birthday. 

Speaking of which, all I want for my birthday is some great social networking opportunities for people attending the conference. Ever since I was a little kid (in terms of my relationship with ASIS) I can remember listening to the "old men" of the industry telling stories about how valuable the conference is when it comes to networking. They would talk about how they'd strike up a conversation with a guy from St. Louis and end up with a national contract, or find a breakthrough solution over drinks with a random engineer from Phoenix. 

No other organization, or event in our industry has the kind of networking power that ASIS wields - and although it's not the organization's only value - it's always a key reason anyone I talk to is involved. So a few months ago, as I started to write about social networking's value I was excited to see ASIS conduct a survey on the topic - and even form a conference blog, Twitter account, and Linked-In / Facebook pages. 

Let me pull it back for a second and talk about social networking in general - for the sake of the industry's "old men". Social networking is to the computer what traditional networking is to the typewriter. I was right there next to some of you as we moved away from the typewriter and started using computers. Having the benefit of falling somewhere between the Baby Boomers and Generation Y - it was fairly easy for me to help bridge the gap and show the old guard how beneficial new technology can be. So when I started seeing the tremendous value of social networking, I felt it was time to do the same thing. 

I was using Twitter at the ASIS '08 conference and ended up meeting some contacts I consider extremely valuable. In fact, there were just a handful of us doing it, and I think each of us found some value in one way or another. Even though Twitter had been around for awhile by that time, most of us were very new at the whole thing, so messages ranged from talking about industry events, to new products found, to commenting on how the Dixie-land band playing at the Pelco event played the Star Wars Cantina song.

I'm expecting this year to be different. I'm not sure exactly how different at this point, but there is much more social media activity in the physical security circles now so it will be very interesting. I've been talking to people in recent days about what their expectations are, and what is important to them when it comes to the topic. Here are some general observations - feel free to add yours in the comments, email them to me, or even dm me on Twitter.

• ASIS has done a very good job stepping up to the plate with the blog, and other social networking accounts. They are posting valuable information - not just lame posts you see from other organizations like: "see you at the conference!", "did you register yet?", "only 2 more months!" It's a very difficult job at times because feedback and interest can come in waves, sometimes weeks between any worthwhile dialogue. 
• A Tweet-Up / LinkUp is definitely needed. There is a lot of potential here for a group or organization to step up and "own" the event giving them a valuable edge. I've watched other industries in this stage of social network use and it's always the early adopters that end up forever associated with the medium and they are the ones that are most often rewarded with product loyalty, customer feelings of inclusion and word of mouth business. 
• It's the users that make or break the overall effectiveness of social networking at conferences. It's important that we share news, findings and help each-other using open platform methods where anyone can tune into the discussion and join in. (as opposed to closed networks) 
• As well as ASIS has done so far, no-one is seeing any signs of real-time conference interaction planned. It may be to early to tell, but they are in a position to follow through and help move things in the right direction for everyone. 

Another Case of Under-equipped Officers?

I'll never forget a conversation I had with a German Soldier during a joint operation one day. We were talking about career options after the military, and he talked very positively about being a security officer when his enlistment was up. 

I was a little baffled by his aspirations, but that was before I learned the differences between security officers in Europe and America. 

We all know that Europe has a substantial head start when it comes to dealing with terrorism and how corporate security can fill a lot of gaps when it comes to protecting people and assets. 

But I think we are still lagging behind far too much in how we deploy security officers, support them and still expect the world from them. 

Yesterday's attack on the Holocaust Memorial Museum should be an eye opener to anyone in charge of security officer operations. Especially in locations that can serve as likely targets for religious, political or ideological reasons. 

Few people know the exact details surrounding this event yet, but from most accounts it looks like a good case of security officers doing a great job. The fact that a man walked into the building shooting from the start, and everything was over in about two minutes with no civilian deaths is impressive. 

The fact that one of the officers died in the process is tragic, but what's even more tragic to me is the fact that it doesn't look like the officers were issued vests. 

The Huffington Post is reporting that they were not - and that the government could start providing them. To me, it's absolutely automatic for any officer carrying a gun, or screening people for weapons should have a protective vest. Unfortunately, that's the kind of thing that's too often susceptible to value engineering when the client and provider go over the nuts and bolts of the contract.  

No one likes spending money these days, but it's ridiculous to place the safety of your assets, in the hands of your officers when you pay them bottom dollar and give them the bare minimum for support.