Ask McConnell, Get Solutions Feburary 2024 Edition
Jim McConnell
Chief Security Officer ? Chief Information Security Officer ? Physical Security ? Cyber Security ? Metrics ? Executive Protection ? M&A ? Supply Chain ? Fraud ? I Create or Mature Your Converged Security Program
HOWDY - What's Up Jim?
February is here, and subfreezing temperatures continue (below 70 degrees Fahrenheit) here in DFW. But I was in California for a couple of days and my rental car said 80 degrees, so that made up for it. And no, I'm not moving to California, I like my 100+ degree summers in Texas. January blew by so fast, a great time with a client in Spring, Texas, and got to support 3 engagements in my role at Texas A&M Engineering Extension Service - TEEX . They have a great Cyber Summit coming up that you and your teams should attend.
Hit the 10000 word milestone for my next book on Supply Chain Security and continue to be excited about challenging the supply chain and security industries to think differently.
Had the honor to participate in two great podcasts with Charles Randolph , Chris Story , and Allan Alford - So appreciate these guys' wisdom and knowledge and the opportunity to provide a unique perspective on Executive Protection, Metrics, and Getting a Seat at the Table / In the Room. A couple more articles are being published and signed up for a number of speaking engagements. Also got accepted by Texas School Safety Center for the consultant directory to support Texas schools.
Been busy, and a tad cold to get the drone out flying, but did learn something important from the team at Aloft.ai about restricted air space beyond the normal Class restriction managed by the FAA for example, my town's primary park has restrictions due to a lease from the Army Corp of Engineers. So don't just rely on FAA maps when flying.
Oh and it is tax season and all our personal and business tax info is into the CPA. Love that we set standards for recording transactions in our marriage and entrepreneur adventures.
Diane, my beautiful bride, is always working so hard in the crazy real estate world and "got on the board" in two categories for her broker, so proud of her!!. Need assistance in the DFW area, relocating to DFW, or moving your company to DFW, please reach out to Diane and let us serve your real estate needs.
Our son James is kicking the 2024 planning into overdrive with his existing and new clients at his two 3PL / Amazon businesses, love his heart to serve others in the supply chain industry. Now he gets to learn homeownership.
Still having fun mentoring LEO and Military transitioning to corporate security, looking at finally record my transition class so I can scale my mentoring for when I am not available. In addition to my little Office Hours / AMA session I do monthly for the Faith-Based Community, I got asked for a larger session with a national group and possibly two conference speaking engagements.
Leadership & Governance
Since I left Verizon as an employee, my faith and level of patience have been tested. I'm okay with that, my stress and distractions aren't where I want them, but I'm at peace because of my faith and the decisions my wife and I made 30+ years ago when we got married and managing/stewarding our finances, time, and resources since then. I have been "out in the field" 4 times in January, all are energizing, and thank you to each group of people who made it possible. Whether F2F, on a Video call or a Voice call, I humbly know that each interaction and client is a blessing. These all are teaching me to be a better leader to my family and my clients and students. What non-traditional sources of leadership training are you listening to? How much of our day is spent teaching and training vs. designing and operating?
Metrics of the Month: The percentage of your meetings that are focused on building the leadership capabilities of each of your team members.
Governance Update
Compliance vs. Governance vs. Integrity vs. (self-)regulations has been part of some interesting and tough discussions in my industry and circles so far this year. I have some tough ideas and solutions and know they would be best for the security industry and the security of society, but honestly, the social risk part of my brain isn't onboard, even though I believe more and more, is the right thing to do. I published a transparency reporting draft for the personnel security side of the security industry that I hope is the start of a tougher but greater discussion going forward. My professional heart is ready, so will see if the good Lord opens the right doors.
Metrics of the Month: Percentage of international regulatory driven security requirements that were part of your last 100 internal security assessments
Solutions We Provide:
Problem Sets & Solution Perspectives - Ask The Mirror
Are these problems:
Here are some thoughts, but also consider where else can we help? Whether Physical Security, Cyber Security, Fraud, Executive Protection, Personnel Security, Supply Chain Security, or a combination thereof, let's work together to move you, your team, vision, and strategy forward.
Insider Threat
I am truly convinced that the greatest example of converged security interwoven in the threat, action, vulnerability, intel, indicators, etc. is in the challenge of insider threats. Whether it is emails or texts (cyber) talking about physical violence or some other combination, I am going to go out on the limb that 100% of insider threats involve converged security as what was breach or used for the investigation. Maybe that is the reason both "Converged Security" and "Insider Threat" are so difficult for some CSO/CISO/Organizations to rebrace the reality of these two critical elements of a great security program.
Solutions We Provide:
M&A / Divestiture
Three opportunities crossed my desk in January of organizations about to be challenged with M&A Security integration challenges, why, pretty simple, New Year = New Money or New Pressures. Now did all these organizations wake up on January 1st and start thinking about "Who can we buy?" or "What part of the business should divest?". Security teams, listen, these strategy groups were answering these questions somewhere between 3 months and several YEARS ago. They just got far enough along in their due diligence and the MONEY timing that 1/1/20xx "pulled the trigger". Were you involved over the last 3 months or YEARS, great, then you shouldn't be surprised, if you are surprised, let's talk and eliminate the element of surprise.
Solutions We Provide:
Getting a Seat at the Table (Book #3 in planning stages)
I was humbled to discuss metrics and this topic with Charles Randolph and Chris Story on the CIPC Podcast and so much great insight from both of them, especially the "Getting a Seat in the Room" quote. #Boom
I also got to record an awesome episode with THE Cyber Ranch Cowboy himself, THE Allan Alford on this topic. I have never heard or participated in a podcast that provided so many action items for the audience to engage on immediately. If you and your team are struggling with getting a true "Seat at the Table", work with another partner to start with "Getting a Seat in the Room", sure start as an advisor/observer but be a servant. The first table may be a two-person table. Let us help you!
Solutions We Provide:
Supply Chain Security/Fraud (Book #2 being drafted)
So 10000 words into my Supply Chain Security book and I am still learning why this domain of security, is in many ways, still operationally immature but so interesting....because of its scale attribute. As I mentioned on insider threat earlier, it is one of the domains that is so impacted in a converged security model, that it causes confusion across the spectrum of stakeholders and especially the security teams. Not that I have figured it all out, but I have been doing this for over 20 years, my late father, my amazing brother, and even my son now, combined we probably have 80 years of background in different roles in this thing industry calls "supply chain". I had the privilege of writing an article for the amazing folks at Security Middle East Magazine on mapping vulnerabilities of your supply chain. I will post a link to it as soon as it is released. It will be "nothing new" to mature supply chain security programs and scary to ones that aren't ready. As with many things just because you don't measure your (supply chain) security challenges, doesn't mean they aren't there. Are you getting asked about this area often, never? Should you be?
Solutions We Provide:
Physical Security Vulnerability Discovery / CPTED
In January I got the opportunity to sign on with the Texas School Safety Center's consultant registry. This provides an opportunity for schools in the State of Texas to take advantage of my services, in particular physical security vulnerability discovery services. Excited to learn more about the unique elements of school assessments and unique operational and cultural differences. I also attended an amazing class by Andy Davis (MSc., CSyP, FSyI, CPP) and his great team at Trident Manor Limited on security at Cultural Properties, in particular museum security. Just Wow, Andy dropped some amazing insight into this unique type of client/"industry". I so need to get over to the UK and learn more from him and his team. Are you and your team still learning about the ideas on physical security vulnerability discovery including but not limited to CPTED? Are you reaching out to unrelated industries like Museums to see what you can learn from them?
Solutions We Provide:
Executive Protection Program Management (Planned Book #4)
领英推荐
Is this part of our security industry ready for a regulatory and compliance overhaul? YES Ready? I hope. Is this overhaul NEEDED, yes and like, uh, "yesterday". Some people think this is just about reciprocity, oh that would be awesome but we are still a long way away from that, unlike regular gun license reciprocity agreements. I think contracts and compliance will be tightening in the very near future. This all should hopefully eliminate the fly-by-night PaulBartCo Security companies, so quality and pricing can better reflect the risk, and yes, likely more consolidation. Feeding off my transparency report I mentioned early under Governance, if your EP program/service offering hasn't had a recent audit of your program management, let's talk, I'm putting together the final pieces on a strong audit plan for EP/Event Security/Guard Services, it's going to be an interesting offering.
Solutions We Provide:
Security Metrics (got the Book Yet? You have, leave a review)
Being transparent, I really wanted to get working on the 2024 Edition as I have a good amount of new metrics to add on, but trying to build the new business pipeline, the Supply Chain Book, and life has delayed the work. Hang in there, I still have a goal to publish later this year. I will say, I have been to a few airports in January and finally had the dream every author has, of seeing his/her book in the Airport store, then I woke up and just grabbed my normal, plane "meal": Sweet Tea and 3Musketeers bar for the plane. In the meantime, it is the start of the year, are you still using the same old 2023 or older stats, metrics, or template? Really, dust that stuff off, it's 2024, you don't have any more excuses (after you buy my book...hehe). Seriously, doing metrics right, isn't trivial, let us help.
Solutions We Provide:
Offshore Security Risk
I had a good export control discussion recently and it reminded me of my regular saying in my supply chain classes, "I am a Foreign National". The context for you to think about is if you have foreign customers and they have outsourced TO you and you are doing some or all the work outside their country of origin, YOU are the offshore security risk. Are you prepared for a customer's foreign nationals to come to your country and audit you for compliance? Imagine a set of Chinese auditors going to, say Canada, to audit a service provider HQ in Canada., as an example.
Solutions We Provide:
Security Operations Centers
Had a good call recently with a group of people looking to solve some security technology issues. The interesting thing was the perception that the related security functions were done in a security operations center. So 2024, what does a SOC look like? Still all in the same physical room? Are there things that historically have been done in the same room, but with technology advances and post-COVID lessons learned, is that best for the operations, organization, finances, or team? How has testing of your SOC people, processes, and technologies changed since COVID? Have you stress-tested your SOC (the function, not just the room) recently?
Solutions We Provide
Crisis Response
5 years ago in January, I joined my initial first responder agency, I was so green, but so wanting to learn (okay and waste money buying gear....thanks grace-filled wife). This past month due to policy changes in that agency, I stepped down. I already miss running to a crisis with my former team members. I see crises on TV and just want to get in my Jeep and get out in the field. My other agencies are less active, but have an opportunity soon to hopefully get on with a large state agency that I hope the good Lord opens the door for. I love being home with my wife and the flexibility, but I also love being out in the field dealing with or preventing a crisis. "Don't waste a crisis". How does your team, organization, define, manage, recover from a crisis? Are all crises, really a crisis after it's all said and done. Haven't had a true crisis in a long time and you fear people are getting stale, let talk about lighting a new fire with some training.
Solutions We Provide
Converged Security Training Program Management
What you don't have your 2024 budget approved yet? Doesn't mean your training program shouldn't have already started. Having a robust training map is key (don't have one, let's us help) Does no or limited budget mean, we just throw out the map/plan, of course not? Does cheap or free training mean it is not quality training? If you are anything like me, here are a few of goals of training that I have learned and experienced over the last 30 years in security.
Solutions We Provide
Gear
Three Family Go Bag classes being scheduled in Q1, with the change in my first responder activities and 2024, like you, pull all the gear out and check for expiration, check for things you really didn't use, check for things that are missing or need to add/upgrade. Pop a couple of Chem Lights to make sure your supply is still working. Reset batteries, etc.
Gear for your team doesn't have to be just fun tactical gear, what if it's just adjustable desks, upgraded screens, hubs, etc? That whiteboard got a permanent maker all over it, invest in a new one for the team. How about ultra-portable / pico projector for meetings?
Obviously always encourage your team to expand their personal gear cache and training thereof #Care
Solutions We Provide
I am working on a plan to be able to ship my Gear Class onsite so I can offer that class remotely. Interested, let me know. Maybe put one on at the next executive strategy retreat?
Faith & Grace & Honor - 1 Timothy 5:17
Praying for a great 2024 for my clients, leads, peers, your teams, and your families. If you "need to talk", I'm a pretty good listening ear. Recently got to listen to Mike Rowe and Neal McDonough about Neal's path to success, it was an inspiring story of all the "Butterflies" that have impacted his life the valley and mountaintop experiences. I needed it for encouragement as I continue through my first year as an entrepreneur. Listen all the way through, trust me, very impactful.
Looking for a speaker for your next Men's meeting/conference on honor, grace, defining success and/or mapping the proof of the good Lord's blessings, I would be honored support your event.
Honor (Planned Book #5)
This month I want to honor a few of the "firsts" in my life: Don Watson, Sam Watson, Tom Montuori , Gene Thomas - Sam sold the first computer (Commodore Pet) to my dad, that kicked off our family's interest in computers. Don gave me my first job at a retail software store (The Software Store) and training center. Tom was my first introduction to this amazing industry called corporate security. Gene was my first introduction to church security and my love for pastors. Obviously there are countless other "firsts" that I could honor, but as I kick off 2024, I reflect on countless firsts in my life that stressed me out while many times excited me. I'm still learning how to honor all the people and experiences that good Lord at allowed me to experience.
Interested in learning more about communicating authentic honor, I highly recommend this book from Dennis Rainey: The Tribute
Don't like the answers from the "Mirror"? Let us help.
Ask McConnell, LLC is a Converged Security services provider, HQ in Dallas Fort Worth, Texas, USA and we believe we can help build, assess, mature, train, measure, and augment your team on the problem sets mentioned above, for clients "from the Church House to the White House". Please reach out with your challenges and let's whiteboard some options together.
Licensed, Insured, Cage Code, Credentials, DUNS, Passport, TCOLE ID, TSSC Registered, and Access to "Tickets"
Have a blessed rest of your day, week, month, Happy New Year. If this newsletter added value, please subscribe, comment, and share.
Jim
#security #convergedsecurity #askmcconnell #ciso #cso #cybersecurity #informationsecurity #physicalsecurity #executiveprotection #fraud #audit #supplychainsecurity #securitymetrics #insiderthreat #mergersandacquisitions #offshorerisk