ASIS 2010, Just Around the Corner

With the ASIS 2010 just a few weeks away, I’m starting to get things prepared for a successful conference. Unfortunately, that means taking a hard look at my lack of contributions to the online (physec) community over the last year and miserable blog update frequency. Of course there were plenty of personal and professional reasons for this, but who wants to hear about that?

There will be another session on social media this year, but we are planing to go a little deeper into things than last year’s basic overview.
It’s amazing to see the amount of professionals and corporations that are using social media in contrast to two years ago.

Steve Surfaro (@stevesurf) is leading the session again this year and Ksenia Coffman (@KseniaCoffman) will be adding valuable B2B marketing insight. II’m glad we’ll have an opportunity to talk not only about the mechanics behind using social networking, but also techniques that have been proven effective in various security settings.  

In preparation for the conference, I’m cleaning up the shawnf/physec twitter list and getting rid of accounts that are just automatically posting news stories or cramming marketing tweets down everyone’s throat. As of now, there are around 200 physec professionals and companies on the list. If you would like to be added, or know someone who should be just let me know. If you are not already using twitter lists - there is no better way to filter tweets into manageable topics and keep from being overloaded.
 

It's Location, Location, Location

Earlier this week we had a little excitement here in RTP. A suspicious item was called-in to police because it looked like an explosive device and was on the shoulder of I-40 (the major highway that connects RTP and the rest of the region). Traffic was stopped for four hours as authorities investigated the device and ultimately ended up sending a bomb squad robot in to destroy it with high-pressure water.

The device ended up being foam wrapped together, but if you ask me - I’d agree that it looked awfully suspicious. Especially with the red bungee cord dandling off if it looking like wire or commercial det-cord.

I think this is a great example of how an event on a public highway can impact the surrounding area. Take a second to think about what is transported daily over interstate highways. Sure, you’ve got a huge amount of corporate commuters passing you at 120mph, soccer moms in their huge SUVs, geriatric drivers who remember when the road was a horse path and service vehicles of every sort trying to hurry home or to their next job. But - you’ve also got hazardous materials like deadly chemicals, radioactive sources, explosives and truckloads of McDonald's food supplies whizzing by you just a few feet away.

So when something terrible happens on that highway - either accidental or intentional - there’s always the chance that the hazardous materials can be involved. And when that occurs, it has the potential to impact everything within miles. Not so bad if you are in the middle of BFE. But when you’re in the heart of a metropolitan hub, business district or residential development - the issue becomes very critical, very quickly.

A few years back, I wrote a little about this topic but I feel strongly about bringing it up again. Back then, I suggested that you consider the impact of this kind of event on the highway closest to your organization. Of course you have evacuation plans developed and tested (right?) and have tried to identify and mitigate threats that could impact your organization at that level... But have you considered not only the impact to your facility, but the logistical impact as well? If you are relying on that highway to get people out and away, or to bring in response support you’ve got to start developing plan b. Especially if the highway is a central part of your operation. Of course there are other routes that can be taken to get around a blocked highway, but how well are they known? Have you considered what using alternate routes will do to your time-lines? Have you considered the limitations of that alternate route and it’s capacity to handle your needs?

The same thing applies to other transportation methods and routes like railroads and even airports. All these things should definitely be considered in any emergency management plan, not only for the increased risk they bring, but the possible impact to your logistical plans.

Tenure, the Economy and Higher Education

From the looks of my voicemail log, I'll bet I'm not the only PhySec person working with higher-ed to have a busy day today. And yet, I wanted to at least put something out there (here) on the topic of how higher-ed and medical fields need to take a good look at how they break the bad news to staff members.

The tenure process in itself can lead to problems in terms of animosity because a non-tenured staff member feeling like they work three times as hard (and are more useful to the institution) as tenured staff. Adding to this kind of problem is the simple fact that the non-tenured staff member often has a legitimate argument.

But things move on to the next level when you are talking about terminating a non-tenured staff member's employment as they are thinking they should be getting tenure status. Aaaand to jump things up one more notch - we are in the type of economy that's not favorable to non-tenured staff members who've been recently fired.

I'm not saying anyone is justified in an "Amy Bishop" type of response, but I am saying that the problem has been stewing for some time now - and we should be working to mitigate that kind of risk. I've been approached in both the higher-ed and medical environments by professionals concerned about this specific kind of problem. More often than not, I end up saying something along the lines of:

In addition to solid background investigations that are actually reviewed and considered before hiring staff members, it's also a good idea to develop "red flags" that signal possible violent behavior in just about any aspect of the job. For instance, supervisors trained to look for the company's established "red flags" can often spot potential issues and develop a plan with HR to address them. The same kind of process can apply to HR's step-by-step process for terminating employment. But you shouldn't just focus on the specific employee. There are conditions that should also be "red flags" themselves either alone, or in conjunction with other named conditions.

After identifying your "red flags", coordination should be made with your security or police department about how to handle situations that arise after the threats are identified. Working all this out in advance helps everyone, especially the poor security / police department that's got to handle tons of last minute "um... we are going to fire this guy today... and he may freak out" phone calls. The security / police departments should try to be sensitive to the unique needs and concerns of the organizations needing help. Most of the time, they would rather have a non-uniformed officer nearby as not to escalate the situation or scare other staff members. But working together, organizations and security agencies can select "bad news rooms" (as I like to call them), ensure room set up is safe and even iron out duress words/actions. In office settings that deal in volatile meetings regularly it's a good idea to keep a room set up for the activity. In rooms like that, technology such as panic alarms and cameras can be used to further help the organization work with the security agencies.

We'll Leave the Light on For You

Sick of "green" this and "green" that everywhere you look?  I can even imagine the hard-core save the earth hippies cringing as the corporate world profits from the green craze.  But there has been one corner of this new green world that's intrigued me over the last few months. 

Being a security guy, lighting is as important to me as a comb is to a barber. And being from the Research Triangle Park (RTP) of North Carolina, I'm extremely happy to see the success of the LED technology innovators - CREE. In this frightening economy, it's impressive to see the kind of growth these guys are achieving. So the natural progression here is for me to start thinking about the benefits of LED lighting in security applications right? Absofrigginglutely. 

On the surface, it's easy to see how using LED technology has long term budgetary benefits over other options. And "being green" is feather everyone wants in their cap. But as you dig a little deeper, there may even be some more logistical and security-operational benefits. 

Seeing as how it takes a lot less juice to power LED lights, you open up a whole other level of options when you're talking sustained and durable lighting. I'm even seeing some solutions packaged to sell now. (I don't have any first hand experience with the linked solution, just using it as an example). 

Problem: When the power goes out - your lights go out. It's fairly normal to have emergency lighting inside your facilities but not your outdoor spaces. I may be off base here, but it's been my experience that asking your facilities management department to put your outdoor lighting on generator back-up is like asking your HR department to insure pets. It can be done, but it's going to cost someone a lot of money.

But what if your outdoor lights backed themselves up? I don't feel we are ready to have 100% solar power running our outdoor lighting. But I do feel that switching to LEDs help you keep them lit when the power goes down. 

I'd like to hear any experiences out there with backing up outdoor lighting, or using LEDs outdoors. Along with my concerns about 100% solar lighting - I also have concerns about how effective LED lighting is for this kind of use (we all do). 

You can find more info on Cree here and here. 

Social Networking at the Physical Security Industry's Largest Conference

The big question I was asked on numerous occasions during the conference was "Is it really worthwhile for security pros to use social networking and media?"

With the amount of industry users growing, the usefulness can't help but increase. (that's my short answer)

But I invite you to read on and see if my full assessment jives with what you are seeing as well.

It would be easy for some of us to say that social networking was a great success this year at ASIS. But, it would also be easy for some to look at meet-up attendance levels and overall "group" participation and argue against that fact. The difficult thing to define here is the "success" or "irrelevance" of the overall social networking activity - and how you measure that is fairly subjective.

That's because the users of social networking fall into three distinctly different groups. Probably more than that - but for the most part, I pigeon-hole everyone into three:

The Marketing or PR Pro / Provider: This game has been revolutionized in recent years by social networking, media and similar tools that have shifted the focus off of traditional marketing avenues. So it's no surprise that security equipment and service companies have started to get on board. The reasons for it's popularity have a lot to do with opening communication channels and new dimensions of information flow and monitoring (if properly used and planned out). How well does all this relate in the physical security industry? Not nearly as well as the rest of the world but there is definitely some positive growth. It's hard to argue with the success of marketing and customer service through this method, especially when you see what some of the larger providers do with it. It's refreshing to see @firetide, @HIDGlobal, @exacq, @DMP_ALARMS, @chelsiewoods, @ProtectionOne, @pprobinson, @ProvidentMike, @RhiannaDaniels, @Futureshield_CW, @Todd_Morris, @3VR, @stevesurf and BoschSecurityUS bringing that kind of enhanced service to their customers. It's a shame, but some of the larger manufacturers/providers are running social networking accounts with little to no value whatsoever. (not listed for obvious reasons)

The News Pro:

Call it New Media, Citizen Journalism or whatever you'd like - but things are different in the world of news. Social networking has given a press pass to just about anyone who wants one. I think this is a great leveling agent in many ways, and it can sure make things interesting.

The industry is already covered well by both print and online media, and the news industry in general is embracing social networking and media as a way to connect with users and enhance the relationship all around. I've watched with great interest as editors/reporters like @Sam_Pfeifle, @BrentDirks, @Security_Mag, @Leischen and @info4security have used social networking as a powerful tool.

The End Users, Consultants and Practitioners:

This group includes not only the end users, but just about everyone else that isn't selling a product, service or reporting on it. The motivation to use social networking is more clear with the marketing and news people, but there are more reasons and a wider set of goals with this group. Since goals very greatly among users in this group, it's difficult to measure success

In conclusion, I feel that most security professionals who are using social networking for non-sales and non-news reporting reasons are starting to see value. That's because the amount of valuable resources available varies directly with the amount of other industry people out there, using the same tools. One of the key benefits of social networking is the accessibility to others in the industry at all levels. This dynamic was slowly developing over the last few years, but the conference was a shot in the arm, boosting numbers of users and everyone's effectiveness. Thanks to everyone who participated in the conversations, and helped to further this developing medium!

More Conference News

A few things going on today in the social networking world for security professionals. 

But, to me the coolest thing was the arrival of the social networking lanyards from Laminex. 

Lanyards

As you can see, they turned out pretty well. Please note, the printed Twitter ID is the result of an iron-on transfer. If you signed up for your lanyard early enough I've got a transfer for you. Still not sure if I'll be able to iron them all on before the conference but I'll try. Also note that the lanyard to the left is modeled by my 6yo son. so unless you are under 4" tall your badge will not hang to your waist. 

TweepML List

The second cool thing was the completion of the TweepML for Physical Security Professionals. This is a dynamic list of 100 security professionals on Twitter. If you enter your user ID at the end of the list, you can choose to follow all, or select specific people to follow. It would be great if TweepML would generate a RSS feed of the members twitter streams but so far I'm not seeing any way to do that easily. 

Well, the only way to do it easily is through the FriendFeed Room. Unfortunately, there wasn't much interest when it was formed but maybe there will be now. 

Conference Tools

Which leads me to the third cool thing. If you've ever gone to a conference where you and others were using Twitter you probably noticed how easily information was shared between everyone by the use of hashtags. Hashtags are simply putting the # sign before a word. Doing so makes it easy to search for that word and compile a list of current tweets that contain it. For instance, if I'm at a vendor booth and they are about to start a demo of their latest technology - I can send a tweet with the #asis09 hashtag in it. Everyone following that hashtag will see the message and know. This kind of communication is new and strange to many. It falls between direct person-to-group communications and general postings of information. With person-to-group the ones receiving the message are expected to respond or digest the information. Just posting the information so it's available makes it difficult for everyone. With Twitter, the information gets to everyone who wants it - and people can choose to be as interactive as they desire. 

Andres Armeda has done an impressive job making this easy. We're in the process of configuring tools for social networking users to stay on top of things during the conference. The goal is to give people the resources they need to monitor what others are saying and doing without hassle. This will take the shape of a website that's streaming all conference related posts, RSS feeds that can be turned into SMS messages and even a specific twitter account you can follow to get everyone's traffic from one source. 

Meetups

Still need some help in this area. It's obvious that this year's conference will not have as many large scale events as previous years. However, I'm still trying to secure some agreements with the events that will be held to arrange for at least one meetup a day. Monday is the ASIS sponsored meetup at the President's Reception - but only conference attendees have tickets to the reception unless they are purchased specifically. Since a good number of us are exhibitors, that leaves a good number out in the cold without tickets. 

I'm hoping to arrange for meetups as part of larger events. For instance, if Company X is holding their event Tuesday evening, they agree to allow social networking users into the event to meetup with each other. If your company is interested in helping, please let me know. You may even be interested in hosting a small get together for Twitter, LinkedIn and Facebook users. If that's the case, you'll definitely earn a place in each of our hearts and I'm sure your investment will be returned through the solid networking value alone. 

 

ASIS 09, Meetup and Lanyard News

Two exciting developments came into shape today for social networking at the ASIS 09 conference:

1. ASIS gave the green light today to publicize the social networking meetup they will sponsor. It will be held at the President's Reception, Golden Horseshoe Saloon, 7:30-8:30 pm at Monday night at Disney Park.

"Guests can enjoy cocktails and appetizers while meeting the people in your networks and sharing a little more than 140 characters at a time!" (I have to give Peggy O'Connor at ASIS credit for that clever statement).

Now - this is very important - you must have a ticket to the reception in order to attend. If you don't, I'm sure we will be working out other meetup opportunities as part of other events but I think it's very cool of ASIS to host this one!

2. Our friends at Laminex are supplying a limited number of social networking lanyards. The idea of these lanyards is to let people who use social networking easily identify each other but not detract from the official ASIS ID badge or any company attire you may have to wear.

As you can see from my poorly constructed example, it will be a sexy, fashionable lanyard with both form and function. There is a space for your Twitter ID, but you can even use your name if you are not on Twitter. Laminex says it's possible to use iron on transfers to make the user names look slick, but that would depend on me hunched over an ironing board for hours. (Someone would have to answer to my Ortho). I'm not saying we won't end up with the slick transfers - we'll just have to figure something out.

Want one? Of course you do.

Just head over to this link and sign up.

Is your company hosting an event during the conference? I'm hoping to pull together other meetup opportunities as part of larger gatherings so let me know!