Contact Info

E-Mail : nandanbisht@gmail.com
Mobile : +91-9910477009

Wednesday, March 26, 2008

Security Management Profesional Development

Following are 5 Key Messages about the subject taken from an article with the same heading published in 'India Safe' magazine (March 2008 issue). These are being reproduced here with the permission of the author Mr David Cresswell, MSc, CPP, PSP,MSyl whom I consider my 'guru' and friend. The article is insightful, thought provoking and relevant in the present scenario where the industry is growing by leaps and bounds.
Message 1. Get qualified to do your job.
You ought not to be managing a corporate security function based alone on past achievements or qualifications obtained in the police, military or intelligence services. While this is a good starting point, corporate security management requires more specific skill sets, and the ASIS Chief Security Officer Guideline (www.asisonline.org/guidelines/guidelineschief.pdf) is instructive in this regard. Not only is this an issue of professional credibility – only about 10% of UK security managers, for example, have a degree in anything at all – there are liability issues on the horizon and I foresee in the future litigation arising out of major loss incidents in companies that employ security managers who don’t have formal qualifications in corporate security management. For example, one new piece of legislation now enacted into UK law is the Corporate Homicide Bill.

You don’t need reminding that in the security management professional we make life-safety decisions, I can think of no other business profession where this lack of qualification is so evident in the 21st Century.

In 2007 Professor Martin Gill carried out extensive research into the perception of the security management profession (attached). This is a quote from page 52 of the report:

It was striking that even those who discussed the role of the military and law enforcement background of security personnel most often did so disparagingly, even those with this antecedence accepted that few were able to meet the level of knowledge in business that good security demanded. One interviewee argued that those who came from a police or military background not only lacked business skills and crucially a knowledge of business processes, but they were not able to sell the security function to others, and because they ‘spoke security’ rather than ‘the language of business’, they were often marginalised in high level discussions.

The problem is that there is no single universally-accepted qualification for security management. The ASIS CPP is the most widely held security management certification but I can think of no examples where it is mandatory for security managers to have either certification or a security management degree. And the situation surrounding the lack of qualification, and often regulation, of security consultants is considerably worse. In the UK, for example, literally anybody can establish themselves as a practicing security consultant with no education and no criminal record checks.

Message 2. The key routes to professional development.
There are four basic professional development routes for the security executive:
Degree (Appendix C)
Professional certification (Appendix D)
Accredited training courses (Appendix E)
Attending high quality conferences such as this (ASIS Asia Pacific Conference, Singapore).
I have two things to say in this regard:
a. Firstly, these need not be regarded as discrete or mutually exclusive. In ARC, for example, we have pioneered the blending of training into degrees. Six weeks of training, with added pre-and post-course work, taking the total study time to 600 hours, is equivalent to just under half of a work-based learning Masters degree. Certification and training can also be blended, and we have done this successfully with out CPP and PSP preparation programmes. The next challenge is to get certification blended into degrees, and one UK university is already looking seriously at accrediting CPP as a component of its security management masters degree. I am liaising with PCB in this regard and I anticipate an announcement to the ASIS international community within the year.
b. Secondly, the growth in demand for both the CPP and PSP in the past 18 months has been nothing short of phenomenal. In the UK, Europe and Asia Pacific, as examples, the number of candidates sitting CPP and PSP has doubled in 12 months. From an average of 15 candidates annually throughout much of the past decade, UK numbers last year jumped to 36. This year we will exceed 50. Perception of CPP and PSP is shifting. It is no longer a certification for ASIS members - but is fast becoming the default certification for all senior security managers. If you are not already certified but it is on your “to do” list, do it this year, and lead the profession by example. (see attached article which appeared in UK security management press).
3. MBA or MSc?
In many of the companies with which we work security managers are expected to have highly developed generic business management skills. Thus, I suggest that an MBA may be as relevant as a security management MSc, especially if the MBA can be supported by CPP professional certification. On a recent security management course I delivered, eleven of the twenty participants either had an MBA or were studying for an MBA. Perhaps the way forward is to identify a university which is prepared to develop a security management MBA of which the CPP is an integral “specialism” element. I have recently been speaking to a number of UK universities to ask them to consider doing just this, and if you go to the main ASIS site you will see an advertisement for an on-line security MBA with the US Northeastern University.

4. No one size fits all.
The background of the security manager, be it military, police, intelligence, business or other, needs to be mapped against job descriptions to determine professional development needs. In almost all cases a CPP will be relevant, but military and police entrants may benefit also from generic business skills training, while business entrants will invariably require security management training or possibly a distance-learning security management degree prior to considering certification, which by reasons of pre-qualification would come later in their careers.

In 2006 two UK academics, Rachel Briggs and Charlie Edwards produced a groundbreaking paper entitled “The Business of Resilience” (http://www.demos.co.uk/files/thebusinessofresilience.pdf). The key message in the paper is that “the business of security has shifted from protecting companies from risks, to being the new source of competitive advantage”. The research centres on an analysis of the activities of the security functions of a number UK’s most successful companies to identify what makes them different – and better. In short the paper is about how, through diversification, you can add value to the contribution of the security function. The paper identifies as key security management functions in leading organisations:
Reputation management and regulatory compliance
Enterprise risk management
Corporate governance
Business continuity and crisis management
Infosec assurance
Corporate social responsibility and ethics

I would also be inclined to add to this list fraud risk management and due diligence, two potentially huge sources of loss if not managed properly.

Mapping this against the excellent ASIS Chief Security Officer Guideline produces some interesting professional development requirement challenges, which are not currently met in a single comprehensive programme, be it training, certification or Masters degree.
5. Convergence.
Finally, the new buzzword in security management is convergence (see attached handout). Convergence has different meanings but in this context I am referring to two interpretations of the word.
a. Firstly, traditional physical security systems are migrating to TCP/IP platforms. In other words, CCTV, access control systems, and asset management systems are becoming computerised. A networked IP CCTV system, for example, is in effect a computer network.
b. Secondly, threats are converging. Organised criminals and terrorists are increasingly being attracted by the prospect of attacking you via your IT systems.
This might take the form of:
- A major theft – recently, a bank in London narrowly averted the theft of $400 million dollars.
- An extortion attack in which an attacker remotely locks up your critical client-interface IT systems and demands millions of dollars. Banks, gambling sites and pornography sites have all been victims of cyber extortion. In the past year the perpetrator profile of a hacker has shifted from young amateurs to organised criminal gangs.
- And now the focus of hackers, criminal and terrorists, has turned to utilities. In at least one case attackers have caused a power outage affecting multiple cities, and in another caused a water utility to release sewage into clean water. With 80% of CNI typically in private sector hands, and the IT SCADA systems that control critical processes in these industries often inherently vulnerable to a misoperative attack, a future disaster from this source is almost inevitable.

Converged threats require a converged response, with security managers intellectually equipped to manage the response. The UK’s Security Service MI5 recognises this challenge and last year established the Centre for the Protection of National Infrastructure (weblink – Appendix F), in which IT security and physical security skill sets have converged into one agency.

Clearly, therefore, there is a strong case for security professionals of the future to be trained, or educated, to manage these threats, which, perhaps, means formal training and qualifications in IT and information security.

ABOUT THE AUTHOR

David Cresswell is a well-known international figure in security management training, having trained security managers from over 100 countries. As MD of the ARC Training International Academy for Security Management, he developed and introduced the concept of postgraduate university-accredited security management training courses for the international security profession.

Within the ASIS UK Chapter he is Chairman of the Professional Development Committee, responsible for CPP and PSP certifications in the UK, and a member of the Education Subcommittee of the ASIS European Advisory Council. In 2008 he received the Power of Certification Gold Award from the ASIS Professional Certification Board.

David is a Director of The Security Institute, and a member of the Institute’s Academic and Validation Boards. He is responsible for the development of security management best practice and is chairman of the Institute’s Working Group on the Corporate Response to Terrorism.

David is active in academic circles in his capacity as an associate tutor at the criminology faculties of both Middlesex and Leicester Universities, and liaises with a number of other UK universities on accreditation initiatives. His current project is to formally accredit the CPP as a postgraduate award.

David holds the CPP and PSP certifications and has an MSc in Security and Risk Management from Leicester University. His dissertation, examining the validity of formal risk analysis methodologies to assess the risk to businesses posed by terrorism, won the Imbert Prize for best security dissertation of the year 2007.

NOTE : Read the full article and another titled "Unprecedented growth in Demand for ASIS Professional Certifications in Security Management" by the same author in the latest issue of 'India Safe'.

Tuesday, March 18, 2008

"Thatti " YEARS का EXPERIENCE !!

Hi Folks ,

Today, 18 March 2008, is the day officers belonging to the 'silver jubilee' (SS-25) course from OTS, Madras, like me complete 30 years of service (civil and military combined). Earlier on during my service I used to joke about having "thirty" years of experience (the line was taken from a popular comedy serial !) at the drop of a hat. Well, it has become a reality now. How time flies !! Our course has been well represented in RBI too as the following list will demonstrate :

1. Capt Sharad Kumar Sharma, DGM (P&S), Secy's Dept, CO, Mumbai

2. Capt Tapan Kumar Chakravorty, Mgr, (switched over to general side), RBI, Guwahati

3. Capt B.S.Jaswal, Mgr (P&S), RBI, Chandigarh

4. Maj Rajiv Kumar, Mgr (P&S), RBI, Chennai

5. Maj Devinder Sharma, Mgr (P&S), RBI, Ahmedabad

6. Capt Sudershan Kumar, Mgr (P&S), RBI, New Delhi

7. Capt Rajaram Palaniappan, Mgr (P&S), RBI, Chennai

Our course has it's own website thanks to the efforts of stalwarts like Rajeev Saxena - http://ots25.com/ They have been organizing get-togethers and annual meets quite often. I have posted this as a link also on the right side bar of the blog page. The website can be accessed by clicking on the link.
Well, I think it is time to celebrate. There are a few of my coursemates here at Bangalore and we are planning to beat it up at the RSI. Cheers to 'SS25ians' !!

Friday, March 14, 2008

Lungar Gupp XXXVIII

1. Posting Fever. The constant buzz these days is regarding postings. And all is quiet on the 'Western Front'. Guys at Mumbai are fed up of answering queries to which they have no answers. Rumours are that only need based transfers may be effected. My friend Goyal has also represented for a posting back to New Delhi on 'extreme compassionate grounds'. He is even willing to proceed at his own expense if the Bank relents. Further, it is learnt that Capt Sinha is reporting to Chennai office on 28 March 2008 (Chennai has been 'flooded' with Security Officers - a case of 'too many cooks' - and no broth to cook ! What luck !!)
2. Aimol's Message. I was pleased to read a message from Aimol which he sent me on joining Vinay Cements. Wishing him all the best, I am reproducing the same for information of all our colleagues :
" I reported to my new office today and took up the appointment. It was really exciting. The first day went off coolly. I realised only on joining that I've been placed at a very high level/grade. In the company's hierarchy M-1 is GM, M-2 is DGM, senior managers/managers are in M-3. I've been placed at M-2. So, many senior officers in Marketing/sales/HR here are junior to me in Grade. There's only one M-1 officer here, and I am the only officer in M-2. The rest come in M-3. What a raise sir.. from Asst Manager to DGM! Anyway it's all by God's grace that I got this opportunity. I humbly accepted the Scorpio and other accessories."
3. Lien to Maj R.M.Bade, CPP. Bade is expecting to be relieved at the close of office hours today and will take up his new assignment with 'Nokia' at a location near Chennai on 17 March 2008. He is surely a lucky bloke to have got permission for maintaining a lien on the Bank. All the best to him too !!
4. The 'Tribe' is on the Wane. As per the latest seniority list of Security Officers there will be a total of 91 officers in all grades in the Bank as on 01 April 2008 (including two who have proceeded on lien). The breakup will be as follows : GM - 1, DGMs - 3, AGMs - 6, Managers - 37, AMs - 44. Do correct me if my calculations are wrong. The strength of AMs will go up as and when the 26 vacancies are filled up.

CPP Exam Update

Four Security Managers from RBI are expected to take the test for CPP on 03 May 2008 at New Delhi. They are - Maj B.Sahni (Chennai), Capt M.W.Khan (Lucknow), Capt Moin Zafar (Jaipur) and Capt Shailendranath (Nagpur). Here's wishing them all the best for the exam.
Two others, viz : Maj Neelesh Tiwari and Maj Ashwani Saini will be trying their hand at the November 2008 exam. This is an encouraging trend where more and more security professionals are keen on getting the coveted 'CPP' designation. Atempting the exam under the Bank's incentive scheme for higher studies makes good sense as one does not have to burn a hole in the pocket. Now that the study material is also available these numbers should go up !!

Thursday, March 06, 2008

"Chuck" De !!

On 04 March 2008 (yesterday was a holiday for us) I got news of two guys 'chucking' it (I mean the job). One is a senior officer who has been offered a lot of 'moolah' by one of the MNC Banks and the other is our own Maj S.S.Aimol from Guwahati office who has quit and is expected to join Vinay Cements at Guwahati itself. He is the guy who has been offered Rs 18 lakh CTC plus a Scorpio, laptop etc, etc. He was quite fed up of the long hours of work (with no incentive) the accomodation (which is a veritable jail once the office starts) and the 24/7 renovation work going on. The Security Officer's accomodation at Guwahati does not even have a balcony. I can empathise with him having spent 2 years and 9 months in that house myself. Anyway, here's wishing him all the best in his new assignment.