Doing Better
“The greatest danger in times of turbulence is not the turbulence — it is to act with yesterday’s logic.”
– Peter Drucker
As I observe the asset protection industry, the question of professional standards and practices is often on my mind. More specifically, I think about key drivers for further development of such standards and practices because there’s a lot of chatter in professional circles on needing to evolve, but no meaningful work on ways of doing it while we continue to see more recurring incidents with increasing scale.
Firstly, let’s consider the current state in our industry. It is plain to see the following:
1. We are divided into two camps: data protection (cyber security) and protection of tangible assets (physical security). Neither descriptor is accurate because of natural overlaps (ex. the “human factor” and attention to such assets as reputation). Each camp continues to struggle with solving various problems within their communities and for their clients. The proof of this is in recurring incidents and in multiple professional events where familiar points are repeated again, again, and again.
2. Each camp is suffocating under a growing pile of incrementally usable and generally poorly designed technologies with questionable performance outcomes. For example, a typical electronic access control and environment monitoring system for a high-rise building is designed using software and hardware products from at least ten different manufacturers. Even when all of these products are logically interfaced, the main graphical user interface offers a mediocre user experience at best.
3. We don’t have agreement on necessary qualities and skills for a professional in either camp. For example, while both camps actively prioritize the “human factor” threat, very few of us are trained in cognitive and behavioral psychology which offer direct resources for effective mitigation. Though professional certifications are widely available, we are yet to see qualitative and quantitative proof that obtaining them increases one’s ability to solve clients’ asset protection problems. Most recertification processes are intentionally kept simple because certifying organizations make a lot of recurring revenue from them. Not a single certifying organization in asset protection checks retention and successful application of initially acquired knowledge / skills over time as a requirement for recertification. To overcome this, I always encourage every professional to build and continually maintain their knowledge in the following 6 domains of asset protection:
- psychology;
- design;
- operational controls;
- technological controls;
- physical controls; and
- incident management.
There is one additional knowledge domain which should be discussed separately — professional polish. From the way we dress to our non-verbal communication; from the way we speak to the way we conduct research and prepare written deliverables — these and many other related skills create the foundation which helps build and apply knowledge / skills from the other 6 domains.
4. We don’t have a unified and rigorous academic curriculum similar to those in law, architecture, and medicine. Curricula available in higher education institutions relative to asset protection across both camps are simply disjointed, lacking critical review, and insufficient.
5. While connected with the point above, this one requires its own number because it is, in my opinion, one of the biggest problems in asset protection. We’re terrible at creating formal, easily navigated, and incentive-rich pathways for entering our industry. The talent is abundant, but our biases often force us into narrow focus: military, law enforcement, other government agencies, political science and international relations majors, IT, and engineering. This creates echo chambers and outright opposition to any divergent opinions. IN THIS DAY AND AGE?????!!!!!
Thoughts on how to do better
- It is time to establish a single professional body for our industry to recognize that the two-camp model doesn’t work. All professional benefits like events and certifications should be combined. Event programs and proposed presentations should be scrutinized for quality of originality, practicality, and forward-thinking.
- All recertifications should be tied to: quantitatively and qualitatively assessed re-testing, points through only accredited continual education organizations, as well as acknowledgement of positive contribution by each practitioner’s employer / clients.
- It may be worthwhile to require baseline education in the 7 domains above to serve as prerequisite to obtaining professional certifications.
- All technology products should go through more rigorous testing to determine ease of their interoperability, vulnerability mitigation spectrum, and user-centric design. Products not meeting and significantly exceeding minimum qualifications should be flagged in an industry-wide report.
- A unified minimum academic curriculum should be developed and shared with higher education institutions wishing to receive accreditation. 7 domains of professional knowledge should form the basis of this curriculum. Make individual industry organization chapters closely curate local higher education institutions for quality of curriculum delivery and validate at the top organizational level every 2 — 3 years.
- Develop a simple methodology for aspiring professionals to get into the field with guaranteed paid apprenticeships for those who meet established minimum academic qualifications. Future employers should compete for talent — not the other way around.
- Embrace polymathy and establish collaborative programs with fields of education, arts, human capital management, and various others. Hold polymathic game-based workshops to help innovate.
- Engage with primary education community to help raise awareness about asset protection profession and its benefits.
- Create a single industry-wide standard for application of asset protection and lobby to make it part of regulatory compliance regime internationally.
- Align professional code of conduct with contemporary ethical standards.
- On an annual basis, identify and publish a “not yet” list of questionable practices to be addressed. This report should cover all layers of the industry — from in-house practitioners to manufacturers to installers to service providers.
- … (leaving this blank for you to contemplate)
Thank you very much for your attention.
Soar above mediocrity!
