Security Consultant Monthly Dec 08

SECURITY CONSULTANT MONTHLY From the desk of: Johnnie L. Mock Security Consultant E-mail: [email protected] Web: www.jmock-consult.com Phone/Fax: 49-6805-615971

Vol. 1, Issue 1. Dec. 2008 Welcome to our first issue of Security Consultant Monthly. This will be a digest of thoughts, ideas, and sources for the security professional who is engaged in primarily security consulting or security training. Where information is gleaned from other primary sources, proper credit will be given. If you desire to be on our mailing list to receive the Journal by email please let us know at: [email protected] We encourage readers to contribute knowledge and experiences to the journal, or to request information on a topic of interest to you. As this year comes to a close, many important developments have transpired worldwide. We live in dangerous, but certainly interesting times. It is critical for the security professional to stay current and well informed. Hopefully this journal will expand with contributions and insight to make it worth your time to read it. Finally, we wish all of you a very

MERRY CHRISTMAS AND HAPPY NEW YEAR!

In this issue

1) Consultants Musings: Is the client always right? 2) Stories from the field: A winning smile 3) Book Review: Security Consulting, Third Edition 4) Product Review: Canon CanoScan Lide70 scanner 5) Organizations of Interest: ASIS, Security College 6) Final Word: Seeking reader input

Consultant’s Musings Is the client always right? Security, regardless of discipline, is a service oriented industry. That means that in order to be successful, you have to please the client. In sales, they often say that “The Customer is always right!” That might make for a great sales bottom line, but is it true in the security industry? And if not, when do you tell the client “No”, possibly risking future business? Obviously the answer will depend on the situation, where you are operating, the legal and cultural environment you are in, and your personal tolerance in regards to moral and ethical issues. My first experience with this issue came when I was doing labor dispute security in the United States. Labor strikes are covered by Federal law, primarily the National Labor Relations Act, as well as case law stemming from it, and it outlines what striking workers as well as their employers can and cannot do during a strike. I have had clients ask me to do things such as covert surveillance of Union activities which is a definite legal no-no. Often they were unaware that what they were asking was illegal. A polite explanation usually solved the problem, but when they were insistent, a polite “No” was in order. Even at the risk of loosing the assignment. Since I have been working internationally, I have had to review under what circumstances I would have to tell a client “No”, and decided on some basic rules of thumb. Primarily, I will refuse to perform any act that would jeopardize the security of my country, or of its close allies. Nor would I commit gross violations of international law. There are a lot of security practitioners who have found themselves in a lot of trouble for not thinking this issue through before acting on client requests. Each security practitioner works in their own environment, and it is a good idea to think every operation through as to when you might have to tell the client “No”. The client is not always right.

Stories From the Field A winning Smile

Understanding human nature in any given circumstance goes a long way in this business. A few years ago I was on my way to an assignment in Kosovo, flying out of Dayton Ohio, with a connecting flight in London. There was a major storm front closing in on the East Coast with airport after airport shutting down, and flight after flight being canceled. The terminal was full of irritated and grouchy passengers who most certainly did not want to spend the night in the airport terminal. The entire line of people in front of me at my checkin gate had been particularly obnoxious with the young lady trying to reschedule their flights, and when it was my turn at the counter she looked at me with this haggard deer in the headlights look. I smiled at her and said” Hi, I’m Johnnie. Take a deep breath and relax. You are not God and can’t change the weather, so whatever you can do for me will be just fine”. I noticed her male colleague glance at me out of the corner of his eye. The young lady did the best she could but there was no way I was going to be able to get a flight out of Dayton to make my connection in London. It looked like me and Mr. Laptop were going to spend an uncomfortable night in the airport, and to make it worse the bar was closed. As I thanked her for her efforts her colleague came over and said “We are not required to do this, but I am authorized to give you a voucher for a room at the Airport Inn with complimentary breakfast in the morning. I will even arrange to get you your checked bags to you so you will have a change of clothes. You have been the only decent human being this woman has dealt with all day.” So while most of the other passengers on my canceled flight probably spent the night in the terminal, I and Mr. Laptop had a free room at the Airport Inn, and the bar was even open! It’s important to know when to smile.

Book Review Security Consulting, Third Edition Charles A. Sennewald Elsevier-Butterworth-Heinemann ISBN: 0-7506-7614-0

In the profession of security consulting, Charles A. Sennewald needs no introduction. He is the founder and first president of the International Association of Security Consultants, and the author of a number of security texts including Effective Security Management, Fourth Edition. Security Consulting, Third Edition is an excellent primer for those security practitioners who are considering launching a new career as security consultants. He walks the practitioner through a number of steps needed to start a consultancy. Chapters include “Security Consulting as a Profession”, “Qualifications of a Professional Management Consultant”, “Starting the Business”, “Fees and Expenses” ect. He covers the important subjects of how to write a security survey, insurance and liabilities issues, and the consulting contract. It was this book that finally convinced me to set up a website for my practice. This book is a must read for anyone considering security consulting as a profession. ASIS members can purchase it on their online bookstore (see Organizations of Interest below)

Product Review CanonScan LiDE70 scanner

Those who travel a lot in this profession (like me) and basically need to take along a portable office are always faced with the tradeoff parameters of functionality, size, and weight. I have found myself more and more needing a portable flatbed scanner that would fit in my computer case (my case is the maximum size that will fit in an aircraft overhead compartment) along with my laptop and portable printer, which I could also use efficiently in the office. The LiDE 70 fits my requirements. The software that comes with it is user friendly and allows you to scan and save documents on your computer in Adobe pdf format (assuming you have Adobe Acrobat installed on your computer.) Since I construct all of my documents and training manuals in pdf, this was a plus for me. It is powered directly from the computer by USB-2, saving on an additional power cable. It also comes with a nifty stand leg that allows you to store it on its edge, saving space on crowded desks like mine. There are a lot of functional flatbed scanners on the market, but I have used this one extensively and can highly recommend it for the consultant on the go who requires the use of a flatbed scanner without having to depend on client assets or hotel business center equipment. Photo from Canon's Website Technical details can be found on Canon’s website at: http://www.usa.canon.com

Organizations of Interest We will post here various organizations that may be useful to the security practitioner. If you have an organization that you would like posted, please let us know. 1) American Society for Industrial Security International: ASIS is the largest security organization worldwide for security practitioners. If you are not already a member, and are engaged in the security profession, I urge you to join. They offer three highly rated certification: Certified Protection Professional (CPP), Physical Security Professional (PSP), and Professional Certified Investigator (PCI). Their monthly magazine, “Security Management” is one of the finest in the field. They also publish the “Protection of Assets Manual”, and “The Security Industry Buyers Guide”. Affiliation in this organization is a must for any serious security professional. You can find them at: www.asisonline.org

2) Security College BV If you live in Europe I can highly recommend this group. They offer a number of security training courses to include training and coaching for the three ASIS certifications: CPP, PSP, and PCI. (See the ASIS article above). Although the website is in Dutch, they speak excellent English and give their ASIS training in English. They are also a really great group of professionals. Contact them at: [email protected] Or www.securitycollege.nl

Final Word I stared this newsletter as a fun project and a way to enhance my contacts worldwide. I actively solicit articles from other security professionals; particularly those involved in Physical Security Consulting, Security Training, and IT Security. If you would like to contribute to our expanded Jan. 09 issue, please submit your article to: [email protected] Best regards and stay safe, Johnnie L. Mock