Greipp: Welcome to Security Career Cast from ASIS International and University of Phoenix. Career Cast features security industry leaders addressing the latest risks, trends, and demands that face today’s security professionals. I’m your host Jeff Greipp, Vice President of Apollo Education Group.
And today I’m speaking with
Tom Langer, Vice President of Security for BAE Systems, and
Major General Spider Marks, Executive Dean of the College of Security and Criminal Justice at University of Phoenix.
Today our conversation is focused on the collaboration between private security and law enforcement. And how the collaboration can enhance the safety and security of companies and communities.
Greipp: On behalf of ASIS International University of Phoenix, gentlemen, welcome and thank you for coming.
Marks: Thank you Jeff.
Greipp: Today’s topic is gonna be about this collaboration between law enforcement and private industry security. And Tom, it’d be wonderful to hear a little bit about your background, because you’ve had careers in both industries.
Langer: Right after college I started with the Manchester, New Hampshire Police Department. And from there I joined what was Sanders and became BA Systems over time, a defense contractor. And I’ve been in security in that company for 35 years.
Greipp: With that background and experience, have you seen the collaboration between today’s law enforcement community and private industry security growing together? Are they siloed? How has that relationship evolved?
Langer: It really depends on the regents. You can be siloed in communities, in some communities. In other communities, there’s a very active relationship. When you think of a place like Lockheed Martin in Fort Worth, well it’s such a huge complex that they have to have a great relationship with local law enforcement. Because we in security can actually try to contain an issue, be the first responder onsite to an issue. But ultimately we need law enforcement to come in and end the threat and to contain the issue.
Marks: Isn’t it true as the security world has really evolved over time, I mean in our world, we didn’t have chief security officers even a decade ago.
Langer: Right, right.
Marks: So that space really has evolved and it still is evolving quite considerably. But my view has always been in my professional experience, I hit an inflection point when I started to realize that the law enforcement piece, the criminal justice side and the security side were really two sides of the same coin.
And that if you recognize that, you realize that the intelligence capabilities of the security side will migrate over to criminal justice. And the forensics and understanding the nature of criminality will—should migrate over to the security side.
Marks: So one really is a leading indicator of the other, but the skillsets migrate like a rheostat up and down this sliding scale. Criminal justice skill sets are migrating over to security. Security skillsets are migrating over to criminal justice.
Marks: In industry that’s been my experience, and in uniform that’s been my experience as well. Is that kinda similar?
Langer: Right, exactly. And it’s really up to the security professional to try to make that relationship work. To reach out to law enforcement. To help them understand what capabilities exist within industry. The insider threat is a great example of that. If you look at the the Alexis Case with the Navy yard shooting. Somebody knew something about what that individual had planned. It was not really a mystery to everyone. There were a bunch of people that knew. A strong relationship with law enforcement, be it on the base or the community, may have helped mitigate that-that circumstance. So security plays a vital role, especially in private industry in helping the local law enforcement understanding the nature of our—of our business community. Because we’re a microcosm of the community we’re in.
Marks: The challenge that you just described in terms of allowing criminal justice skillsets and security skillsets to interact is more than just a technical or an IT issue.
Langer: Right. Exactly. Exactly. It’s all about personalities, forming relationships. I don’t want to hire someone in the security profession if they’re not willing to reach out to the community. If they’re going to sit in the office or their desk and wait for something to happen, I’ve got the wrong individual. I need them to actually be gathering intelligence, be accessible to the employees, be responsive, listen, and all those traits are part of good law enforcement to really have a nature of what the nature is about and be accessible to the community.
Greipp: It’s so interesting to hear you both talk about this relationship between law enforcement and security. Is this an incident based relationship? Does it start earlier? How do you start this relationship?
Langer: I think it has to start earlier than that. Because we have the situational awareness in our immediate areas of responsibility, be it inside the gates or outside the gates. So we need to have a relationship with law enforcement. If we have an incident and the first time we meet the local law enforcement is at that point, we’re going to have a horrific event. We want to be able to be the eyes and ears for law enforcement and help them situationally understand what they’re about to enter, what they’re about to approach. Active shooting training either in our high rises or our colleges and schools is a great opportunity for us to partner with law enforcement and do these types of drills.
Marks: And you often realize as you get into the forensics - if there is something like an active shooter responding to your example, you realize, as you indicated earlier, that there were indicators beforehand. That we should not have been intellectually ambushed by this particular incident. And how well did we go see, go sense, go gather, go collect, and then what did we do about that intelligence, and how did we fuse it. What type of picture could we paint with that, and then who did we share this with. If those two sides of that coin are not working together, you simply are going into a gunfight completely unarmed. You’re ill equipped for the conditions.
Langer: And another great example the partnership that I saw last year was at the 2013 marathon bombing. A horrific case. But immediately they were able to get an idea of who the suspects were by taking all the security video footage, be it from the security professionals at the sites or through the vendors that supplied that equipment. They were able to have a picture of who their prime suspects were within a matter of a couple of days. And that was a real example of private and public law enforcement partnering together and getting that information out. And then extended beyond that time, when they went to the Friday lockdown in Boston. You know that there was security professionals in multiple institutions that were making sure that they had secured their environments to make sure the active shooter didn’t have a safe haven. There was really no place for him to go.
Marks: And let’s take that example again and back up for a minute considerably, and let’s take it to the national level or the international level. As I understand that particular case, there were opportunities for the United States and other international partners to share intelligence, a priority that would have allowed us to have a better sense of where those individuals were, what their motivations were that could have led to an intervention of some type.
Langer: You’re right.
Marks: And from an intelligence guy’s perspective, I look at that and I say, “How did that, at these very highest levels, how did that not occur?” Have we done a sufficiently good—rhetorically, have we done a sufficiently good job to unearth what went wrong there, and have we been able to address that in the intelligence relationships that we have at those very highest levels, so that we can then walk down that causal path and intervene at some point before you have the blast. It’s the notion of moving left of boom.
How do we get left of boom before that bad event occurs? What type of intelligence? What type of forensics? What type of criminal justice effort can happen, again, as you get ahead of that potential incident? And it’s both working together in order to get there. It’s not just the intel side.
Langer: And I think part of that for the security professional in industry to prove their worth, and they’re frequently having to do that in challenging budget times, is to show those relationships. Because a lot of times some of the senior executives say, “Well nothing happened, so maybe you’ve got too many resources.” You have to be able to show that part of this is the partnerships, the work you do with local law enforcement, the work you do with your own workforce to prevent those things from happening, to be the left of boom.
And that really shows the value to the business. So it’s up to the security professional to form those relationships and have those actually prevent things from happening and be able to show that to the leadership.
Marks: And you know, and unfortunately in business and in government, you’ve lived this. We are of an environment. We are of a organizational culture where we recognize incredibly talented people in their acts of bravery and how well they respond to critical incidents. And we put medals on everybody’s chest.
We don’t adequately engage with those who get ahead of those incidents and do a good of saying, you know, we’re about to have a big problem here, but we’re gonna get ahead of it, and we’re gonna create a new normal. We’re not gonna have a boom. We’re gonna get ahead of it. We’re in a culture where, you know, we recognize people and we hang those things on our wall and we go, “Look at all these great things I do.” Wouldn’t it be wonderful to say, “Look at all these great things I prevented.”
Langer: Yes, exactly. And if you look at the recent case in Ferguson where you saw a community that had no relationship with their law enforcement, at least that’s the way it looked to me. And if you look at that captain from the Missouri State Police that came in and actually was such an enormously calming influence right after the event. It was because he was accessible and he was listening. And you could see him connect with the community.
And that’s an important example for anyone, be it law enforcement or private security, it’s just the ability to listen, to be approachable, to be someone people trust going to, so that when you have a suspicion about somebody, say like an Alexis, but you’re worried about ruining their job or embarrassing them, um, that there’s a professional that says, “Wait a minute. We know how to handle this. We’re gonna do it with respect to dignity, but we’re going to follow up.”
Greipp: I’m thinking about our audience today. They might be a part of one of those progressive companies or communities that’s well integrated between private industry, security and law enforcement. What do you say to those communities or organizations that haven’t developed it yet, how do you begin?
Langer: It’s about helping people understand what a force multiplier turns out to be. It’s an overused term, but it’s true, because there are—there are security professionals working 24/7 in communities, in different areas that can be used. And they know their community. They know what looks right and what doesn’t look right. Law enforcement comes in, and unfortunately they’re-they’re taxed and they’re responding to a number of threats at any one time. When they come into an area, they rely on that security professional, someone who’s aware of that area to help guide them through that.
For a community to understand that those resources exist, and for businesses and security professionals to feel that—for them to be responsible for being part of the community. You’re not an island. We have to exist with the communities that we work in.
Marks: You have to have a persistent presence. It’s not like you’re going in to solve a problem and you’re in and then you’re out. It’s not like in the military terms. It’s not like a raid, you conduct an operation and then you’re gone before daylight. You’ve conducted a very precise operation and then you’re outta there. In order to have a community, in order to have an industry that is fully integrated both on the criminal justice, the law enforcement side and the security side, you have to have a persistent presence. And through that persistent presence you achieve trust. The point you made earlier, without trust you will always have the separate entities that exist.
Again, when we go back to when we were younger men, the law enforcement side and the intelligence side did not interoperate. Now, if you don’t have two decades to achieve trust, how do you accelerate trust? Well you’ve gotta have some crucible. And that crucible often is what is your educational training? What is your professional development training? How can we accelerate this element of interoperability, and through that interoperability, the byproduct is the foundation of trust. So we don’t have a bunch of time. You’ve gotta figure out ways, and there are ways to do that as you know. You’re a security and a law enforcement professional. We know what it means to try to accelerate trust. And that’s the foundation upon which you now can do your job in a very complimentary way.
Greipp: Tom, we’ve been talking a little bit about the Boston bombing. We talked about these other critical incidents in the US, General Marks as well. And I was thinking, are risks, are they expanding, are they changing? What are the emerging risks that we’re facing today, both in the law enforcement and security setting?
Langer: I was thinking about this based on some of our prior conversation. There’s an emerging risk in cyber-cyber bullying, counterfeit parts, insider threat, cargo, interception. There are threats emerging all over. So that’s where I think the private industry has so much to offer law enforcement, because we’re on the cutting edge of trying to understand what these risks are. How do we get involved? I think insider threat is going to be an enormous challenge for so many industries, especially those doing any of the government work, because they’re going to be looking for companies to have a program for insider threat. And as we look at it we realize that we’ve got a lot of bifurcated controls that we haven’t brought together in industry.
So we’re looking for people from law enforcement to come in and look at where we’re weak and where we’re strong. And then share those best practices.
Marks: You know, the notion of emerging threats, I—at this stage in my life, I have a hard time saying these are emerging threats. These are extant threats— You’ve been living with them. I’ve been living with them, and these are—and what we’re seeing every day are the shoulders, the permutations, the tangents of existing threats that now are morphing into things that really have their core from many years ago. So we’re looking at environment that I would say is as a matter of routine exceptionally chaotic, and you’re not, I’m not surprised by any new threat that comes up. Nor are we ever going to go back to some halcyon period where these kinds of threats are not going to exist.
We are vulnerable to our core all the time along the multiple verticals. So the notion of you’re training to standards that have been established and recognized across the board is absolutely critical moving forward.
These are threats that exist today that have existed before, and they’re gonna morph and to turn—and turn into other things as we go down the road.
Langer: If you look at cyberbullying, for instance, we’ve always had bullies.
Marks: Just a different tool.
Langer: It’s a different tool—And it’s a 24/7 oppressive environment on the target of the bullying. So school security and private security where the parents work are going to have an opportunity to intercede and get involved in this. To try to help, not only the kids that are being targeted, but the kids that are actually using cyberbullying and not realizing the damage they’re doing to their classmates.
Marks: Let me be a tad cynical here for a second. If you’ll allow me. Do you think that industry is sufficiently nimble and government is sufficiently nimble to really address some of these challenges like you’ve described, almost specifically in the cyber arena where-where challenges morph every day. There are new entries and new challenges into our cyber world every day because it’s a persistent capability on the part of those who intend us harm.
And they morph and change by the instant. Do you think industry is nimble enough to go after, do you think government’s nimble enough to kind of really address it holistically?
Langer: I think we have to collaborate. There’s no one person that can go after this by themselves. I think there’s a number of people in the country that don’t realize this is the new war space. Space was going to be the-the most recent war frontier, now cyber. We’re all at a cyber-war right now.
Marks: Yeah, it’s a domain.
Langer: It is—it is a complete domain.
Marks: It’s a domain of war. You got it.
Langer: And I think a lot of people don’t appreciate how serious the threat is. Whether it’s a government solution or an industry solution, I don’t think either one’s got the recipe if we’re able to solve this. We’ve gotta work together.
Marks: No, you’re right. And the thing I find very interesting, it’s almost troubling, is that when have we not heard in the last five years that the domain—the cyber domain, the internet is where bad actors hide and conduct incredibly malicious, viscous and amazingly, unfortunately, effective operations against us. How many times have we heard that? Yet, nobody believes that it’s a domain of war. And that the cyber domain is a routine presence for people who intend us harm to stalk and conduct operations.
I find it—I find it unbelievable, it’s almost like I go, “You’ve gotta be kidding me.” That they’re turning a blind eye until at some point it is personally so painful—they can’t have access to their money. They can’t turn on the lights in their house. All of a sudden we’re back to how many plows do we have as opposed to, you know, how much electricity can we have access to? I mean we could turn this nation dark in a heartbeat and we would have immense challenges, immense challenges.
Langer: Even today, you’re reading in the press that the Sony executives are reduced to pen and paper because they don’t know what computer systems they can trust.
Greipp: General Marks, I wanted to talk to as well, you are the executive dean over one of the world’s largest schools that brings these two industries together. How is your relationship and your investment in working with ASIS International helped to prepare these two streams of professionals?
Marks: ASIS International, which I would call—the governing body, the association that has helped codify the standards and the best practices in the security space. They have been crucial in our ability to develop a robust and begin to develop a robust set of offerings in the security space. And each one of those offerings is tied to an industry standard established by ASIS International.
So as a young professional walking into the security space, and I see this wide open field of opportunity—A little less structured, far less structured I would say then the criminal justice and law enforcement field, which is rather hierarchical, but the security space is wide open. If I’m creative and if I’m energetic and I’m willing to work hard, I’m going to find an opportunity that might be limitless and give me a lot of running room.
So what we’re trying to do—very humbly what we’re trying to do is present some programs of study where aspiring professionals in the security space can have an opportunity to grow, with a level of certainty, some level of certainty that they’re on a path that will lead them to a—hopefully a better horizon in terms of their career choices.
Langer: And if you look at young security professionals or young people coming into the field, when I’m looking to hire somebody at the entry level, I’m looking for somebody that’s got that curiosity. Not the full degree, but they’ve taken courses, and I understand the pressures of time and resources to be able to take these courses. But I’m looking for that curiosity, that desire to learn more, to understand the profession. And then the good news is once they’re inside most of these major corporations, they’ll have the educational benefits to be able to go pursue a higher degree and-and more courses, more certificate courses. So it’s a win-win situation. You come in with that kinda curiosity and you use the company to help leverage and launch your career.
Greipp: Tom, as a leader also, you’ve been very involved in ASIS for some time. What are your thoughts about what people can take advantage of at ASIS when they’re either thinking of entering the security profession or elevating the career and the credentials that they need?
Langer: ASIS International is 30,000 plus members worldwide. Thirty odd professional councils of like-minded professionals--volunteering, by the way, to get together and share best practices and help push the art to another level. We have three board level certifications.
And then we also have now certificate courses, so that people entering the profession or interested in entering the profession can take some of these courses and get a certificate at the end of it and start building on their resume and these entry level certification courses.
Marks: So that when you’re looking at resumes, you’re looking at resumes that are armed with the right skillsets at the right time to fill those positions that you see are necessary in the industry.
Langer: Exactly. And you’re always looking on a resume for somebody with that curiosity that’s trying to pursue, not necessarily a full degree, but at least starting at the certificate level and taking courses to understand the profession.
Marks: In fact that’s a—that’s a motivator.
Langer: It is.
Marks: I mean someone who doesn’t have degree—
Marks: I can go get that certificate in a shorter amount of time. Less expense of time, less expense of money. I am now more confident in that field. I’m now competitive for a position that gives me—at least it gets me in the door. Now I’m really on a very, very well defined path.
Greipp: When you mentioned board certifications, is that for the US or do they translate globally?
Langer: That translates globally, those are the standards. Those three are the standards across the globe. So there’s a lot of our members pursuing that. They’re a challenge to get. You have to—even being in the profession as long as I have, I had to study to get there, but they’re well worth it.
Greipp: So if I get CPP or a PCI from ASIS International and board certified, that’s a credential that someone would recognize in a company that has an international reach or in another country itself?
Langer: It is a global standard, that’s correct. This is an opportunity for somebody coming into the profession to get a great resource, not only publications, but meetings and seminars. And for us at ASIS to be able to supply the new teaching standards to the University of Phoenix and other institutions.
So it’s a great opportunity for our profession to get together, agree on standards, professionalize those standards and then help people educate and get-get to where they need to be career wise. So it’s really—it’s a wonderful environment for me. And the great news is being in defense contracting for so long, ASIS International helps me see other industries and how they approach security. We have a lot of things in common, but we have a lot of different technologies and a lot of different needs, but we work well together.
Greipp: You know, it’s so interesting. We started this conversation about the partnership between law enforcement and security. And I’m hearing about this value of partnerships between educational institutions and organizations like ASIS International. Are there other comparisons? Is this a new idea that can happen one time and then they can go back into their separate ways cuz they understand the other industry?
Langer: I think it has to happen long term. Because the security threats change depending on the technology—and the way you approach those change over time. So I think it’s a continuing relationship that we have to have together. There’s no one answer that’s going to stay fixed and concrete forever. We’re always going to be adapting. We’re always going to be changing. And I think the security professionals and private industry have a lot to offer law enforcement. We talked earlier about Cloud for example. In Cloud computing, industry has the insight as to where the risks are, where the vulnerabilities are.
And we can help law enforcement. We can help University of Phoenix in instructing those types of security disciplines. So I think it’s going to be a long term relationship. I don’t see it any time soon.
Marks: No, you know it really doesn’t. I would say that in order to achieve the scale you wanna try to achieve in terms of understanding the environment, so those best practices can come back. And again, as a guy who grew up in the Army, I always felt—and I spent time mostly in my career on the edges of this or—massive organization.
I was not frequently at the core or the center of the Army. I was out in the units that were kind of out there on the edges. And we were kicking those around and kicking up dust and figuring out new tactics, techniques and procedures. But in order for that understanding of that environment to be distributed broadly, it had to go back to the core. It had to be operationalized. It had to be put in a manner that it could then be distributed out. And I know you understand what that means completely. So in the education world it would be extremely difficult for us to deal with each of the industries that are coming up with their specific understandings and best practices in the security space. We want to have a relationship with ASIS International.
So you reach out into the industries. You become the database, the Cloud, the data repository. You’re the ones that help codify what that looks like. We have a relationship with you that allows us now to indirectly touch all those different industries through you. Best practices emanate from you because they emanated there. We now can put ‘em in a form that’s distributable, that’s manageable.
Langer: And then we end up—overall we end up with a security culture that’s common across our industries. And that’s where your success is gonna come from, because the saying that the culture will eat strategy for breakfast.
The security culture has to be the same across our industries, people willing to learn, interested in new technologies, willing to accept challenges. We need all of that to happen. And we want them to be equipped to handle the threats as they evolve. And education’s the only way they’re gonna get that.
Marks: You know, the example that I use is that if I walk into a room and we’re all speaking the same language. If we’re all on the same—essentially the same intellectual path of understanding what a particular problem is, each one of us, it doesn’t matter what we wear or what we look like, who we are. There’s a sense of trust because there’s a—there’s a common understanding of what it is we’re trying to do. That doesn’t happen unless there’s learning. And that learning doesn’t take place unless you can get it to folks and then what is that you’re getting to those folks. Some commonalities that exist in the eyes of ASIS International.
Langer: And I think that’s where we’ve changed from 30 years ago or 40 years ago when we got into this industry, is how much value we put on the education now. How much value we put on a workforce that has a hunger for more knowledge. Not just somebody to fill a slot. We want somebody who’s curious and energized. And hopefully we’ve got an opportunity for them to move up, but if we don’t and they go to another industry, I don’t have a problem populating industry with good people.
Greipp: You know, gentlemen, there’s a large number of people in the law enforcement community that look to a transition into private industry security. So what credentials are available to help them make that transition?
Langer: First of all, I wanna capitalize on what they already know. Their ability to form relationships, to be approachable, to be trustworthy, to have a curiosity about their own communities. I want to harness that. I want to translate that into the internal workforce, so they have an inside and an outside reflection. I can never replace what they know, what they’ve learned over their career. What I want to do is capitalize all those great behaviors, the-their verbal skills, their written skills, their approachability, to bring them into the security profession, because that’s where a lot of people are going to bring their first problems is to the internal security folks. They wanna just have a discussion with them, so there’s a lot of things we find from that.
Marks: I think what you just said is wonderful. It’s those basic skillsets that don’t necessarily demonstrate or appear on the resume. It’s the fact that they are ladies and gentlemen of honor, of integrity. They work hard. They persist. They’re going to lead, they’re going to as necessary follow. They’re going to complete the task. Those don’t show up on your resume.
You know, it’s the technical skills will show up on your resume. And we really need to—when we—when we hire professionals, especially—it doesn’t matter whether it’s a veteran or whether it’s someone whose fresh out of schooling or industry training. You want to hire hard and lead with passion.
And the point I’m making is I want to dive into that resume real hard and look for things I can’t find in the resume. In other words, I want to spend time getting to know that individual before I make the decision. “Yeah, I want you to join this team. You’re gonna add. You’re gonna bring gifts to this team that you otherwise wouldn’t have.” And then when I bring that type of talent on board, it’s not a difficult task motivating ‘em and leading them.
Langer: Exactly. And if I can make one other point. A lot like your industry and mine and law enforcement, my prior, career in law enforcement. Law enforcement and the military give young people incredible responsibility at a very young age. And it makes them very strong leaders.
Greipp: Gentlemen, on behalf of the ASIS International and University of Phoenix, thank you so much for your time.
I’d also like to thank our listeners for tuning in to Career Cast.
For more information about ASIS International and career information and tools, visit asisonline.org. And for more information about University of Phoenix visit Phoenix.edu/security. Again thanks.
Return to Podcast page