What are you learning?
“I learned so much!” People who attend professional education events often say this. The domain of asset protection is no exception. Very often I read or hear individuals proclaim how attending a training event or an industry conference filled them with knowledge. Did it really? Was the information shared accurate and useful? Why?
I’ve shared this story before, but feel compelled to repeat. A speaker at a risk conference announced to the audience that his colleagues had conducted a study which demonstrated that a high percentage (more than 70%) of surveyed organizations had a business continuity (BC) plan in place. When an opportunity arose, I asked the speaker, “Have your colleagues tried to determine the quality of existing BC plans to make the overall 70% figure more substantive?”. It turned out no one had bothered with this additional analysis. Without this, “70%” was a useless figure because one could type up a few paragraphs on corporate letterhead and call that document a BC plan. Useless…, but sounds important and meaningful. The same can be said when someone attempts to justify their expertise by stating the number of years in the industry.
Until recently I have been a member of the American Society for Industrial Security (ASIS). Regrettably, for several years I’d hesitated to stop my membership. The consistently poor quality of ASIS seminars and conferences I attended over the years is what finally helped me decide. Dated content, poorly selected and frequently unprepared speakers, the vibe of “doing the same thing and expecting a different result” have been on full display for a long time — long enough for me. Yet, most importantly, it was my skepticism about presented information that made me most disillusioned. Lots of “70%”-level stuff without much substance:
- “Organizations need more security training.” We know already! Tell us how to design, sell, and deliver it with the right frequency while optimizing information retention and habit building.
- “Schools need more technology and active shooter training.” We know this, too! Tell us how to properly blend tech and training with human performance and offer some solid evidence for your claims.
- “We need to blend physical and cyber security.” Emmmm…, really? What’s the best methodology for not only well-resourced organizations (the 1%) but for at least Fortune 5000?
- “We need to go back to basics in security.” Yeah, I used to say this as well; but this is going in one ear and out the other because there is no agreement on the meaning of “basics” and relevant maturity models. All the while, manufacturers and vendors are pushing more “solutions” into already oversaturated and — because of fragmentation — very complicated operating environments.
- “We need to diversify talent on security teams.” Agree wholeheartedly! But, let’s look at who currently fills mid to senior security roles in organizations and who recruiters look for. No surprise there — former military and law enforcement folks. Why? Does military and law enforcement experience directly translate into asset protection experience in the private sector? Based on my experience, it is not the case — not even close. So our industry lacks diversity of experience and backgrounds. This fosters assumptions that asset protection is a knowledge domain which cannot be competently practiced without having served in the military and law enforcement. This has been going on for a very, very long time. Do you know what else has been relatively constant? Repeating failures in asset protection: innocent civilians injured or killed at holiday markets, schools, industrial sites, and corporate offices; numerous information systems compromised; tangible assets stolen, damaged, or destroyed.
Though quite late to the party, our industry needs to embrace positive skepticism about means and methods of professional education. Those who attend professional education events also need to be a bit more positively skeptical and look for assumptions in educational content which they are receiving. It is important to question presenters relative to validity and depth of their material and offer honest feedback to help improve the quality of future educational events. Without this scrutiny we will fail the current and next generation of young and aspiring professionals.
Thank you very much for your attention.
Soar above mediocrity!
