asis dec19 asis riskuk jan16 - asis - uk chapter 208 dec19.pdf · asis (uk) since 2006 and a...
TRANSCRIPT
David Clark CPP PCI PSP passedaway on October 14 after a veryshort illness.
David was a giant in the securityindustry. As well as his role as Headof Security at the Francis CrickInstitute, David devoted much of histime advancing the industry.
He was the immediate pastChairman of ASIS UK Chapter 208
serving for 4 years. He was also • a member of the CSO Center• a London First SRN advisory
board member • a past Chairman of the Security
Commonwealth• a member of the SIA strategic
forum • a member of AUCSO• a member of PISF
• a member of the Association ofSecurity Consultants
• a member of the GriffinNational Executive Board, and
• a member of the Internet ofThings Security Forum.David was also a passionate
supporter of many industryinitiatives from reducing knife crimeand other policing and crimereduction initiatives, a supporter ofincreased diversity and inclusionacross the industry, and supportingthose transitioning from servicebackgrounds.
David would be delighted thatKnifesafe, a project he was involvedwith closely, was a winner at theSecurity and Fire Excellence Awardsas was the Security Commonwealthwhich he transformed during histime as Chair.
David’s loss to the industrycannot be overstated.
Above all else David was afamily man, a good friend, arespected leader, a valuedcolleague. Our thoughts andsympathies go out to his family andmany friends at this time.
United Kingdom Chapter
NewsletterNO. 4 • 2019
Anyone who knew Dave, willknow of his pride in holding allthe ASIS Certifications, the‘Triple Crown’. Whilst there areover 10,000 ASISCertifications held globally,only just over 200 people havethe skills, experience andcommitment to excellence tohold all three.
Dave, with others, led a
campaign to have specialrecognition for thisachievement and I ampleased to say thatalthough Dave was notable to attend GSX inChicago as planned, theChapter purchased oneof the new pins andDave received this beforehe passed away.
www.asis.org.ukWINTER 20192
CHAPTER UPDATE
As a Chapter the last few monthshave been dominated by thesudden and untimely death ofDavid Clark CPP PCI PSP at the ageof 49. Dave had been ChapterChair for 4 years, before steppingdown in the summer. The WinterSeminar will feature a tribute toDave.
I feel confident that Dave wouldwant the Chapter to continue thegrowth and success that he andothers have worked so hard for.
Accordingly we are pleased toannounce that two members havebeen co-opted as Directors on tothe ASIS UK main Board. They willseek formal election at the AGM inthe Spring.
Please join me in welcoming themto the Board and we thank themfor the past and future leadership.
Russell Penny CPP MSyI RISC hasbeen an advocate and supporter ofASIS (UK) since 2006 and aCommittee Member / Director of theOperations Board since 2016 forwhich he received a Certificate ofAppreciation in 2017. He representsASIS (UK) at the SecurityCommonwealth. He is keen toensure that the ASIS (UK) Boardcommunicates with the membershipclearly and transparently.
He is the Founder and ManagingDirector for Denarius Consultancyand he is the UK and International
Security Consultant to ExelonCorporation, a Fortune 100 EnergyCompany.
He has a breadth of UK andInternational experience in Securityderived from roles and projects thathave included Chief Security Officer(Global) for Christie’s, the world’sleading art business; Director ofInternational Security Operations forConstellation Energy, a Fortune 125Company; Security TechnicalPlanning, Project Integration andSecurity Co-ordination for theOlympic and Paralympic Games,London 2012; Organisational andSecurity Reviews; Security Planningfor the Rugby World Cup 2015; leadon Critical Infrastructure inNorthern Europe for AxisCommunications 2017/8.
A former Branch Commander ofScotland Yard’s Flying Squad, heretired from the Police Service in2008 in the role of Detective ChiefSuperintendent as Head of theUK’s Police International CounterTerrorism Unit and NationalCounter Terrorism Security Office(NaCTSO). An experienced SeniorInvestigating Officer, his specialistUK and International roles haveincluded Operation Paget, Seriousand Organised Crime; Kidnap andRansom; Company Fraud;Professional Standards and CovertOperations Security.
He is a member of: the SecurityInstitute; Association of SecurityConsultants; Association ofCertified Fraud Examiners; SouthAfrican Institute of Security;Overseas Security Advisory Council(OSAC); Court Assistant, Liverymanand Committee Vice Chair of theWorshipful Company of SecurityProfessionals; Advisory Boardmember for Global TerrorismInternational Network (TINYg);Steering Group Member for Safety,Security and Resilience for MajorEvents International (MEI). He hasbeen a judge for the Security & FireExcellence Awards for the pastthree years and regularly chairsand facilitates conferences.
Darren Carter CPP
I have been a member of ASISInternational since 2012, I havebeen a member of several ASIScommittees and currently sit on theInvestigations StandardsCommittee and the Hospitality,Entertainment and TourismSecurity Council. In this time I haveremained an active membersupporting the great efforts ofthose who volunteer and dedicatetheir time to the UK Chapter 208.The Chapter draws a great deal ofadmiration and respect from itspeer group chapters across theglobe. I was invited to join theOperating Board back in 2017, andfelt extremely honoured in doingso, in the past two years theChapter has continued to buildupon its work. We have seen somepositive progress in particular, withits work to support YoungProfessionals, Women in Security,wider diversity issues and of coursepromoting membership andsupporting members in achievingtheir professional developmentgoals completing ASIScertifications: CPP, PSP, PCI andmore recently of course APP.
I am incredibly honoured to haverecently been invited to join theMain Board of the ASIS UKChapter, most important to me isthe confidence shown in me by agreat many people for whom I have
Chapter Update
www.asis.org.uk WINTER 2019 3
CHAPTER UPDATE
great respect and who’sprofessionalism I admire.
I very much look forward to beingpart of the team working hard tosupport the best interests of ourmembers and continuing the drivefor professional excellence withinour incredible industry. There is ademanding role, ensuring that ourgovernance is sound and ensuringwe are at the forefront of industryinnovation and initiative, but alsonavigating our industry along withour key partnerships through somechallenging times ahead.
Key award for The SecurityCommonwealth
The UK Security Commonwealthwon the Security Partnering awardat the Security and Fire ExcellenceAwards. The event is one of themajor awards ceremonies of theyear and this accolade is a tributeto all those volunteers involved andthe many membership bodies whoplay a part.
Its reach and value has beenrecognised in Ministerial andCentral Government circles. SyComhas supported a number of keyprojects working with the CabinetOffice, OSCT and CPNI. One of themore recent pieces of work hasbeen to provide feedback on thenew Government SecurityProfession Framework. Strong linkshave also been formed with theSIA, where a number of sharedobjectives have been identified,and with RISC where a joint projecton skills across the securityindustry is planned.
The current Chair is Guy Mathiasand he is supported by past ChairJoe Connell (ASC), Jayne King(NAHS) Dave Cooke CPP (IWFM),
Mike Hurst CPP andGraham Bassett (CSSC).
Mike, Jayne and Grahamare pictured belowaccepting the award onbehalf on theCommonwealth Members,which in addition to theabove includes AUCSO,DISA, BSIA, SIA, ASIS, SyI,Food and Drink SecurityForum, PISF, IHSM andmany others.
List of SyCom memberorganisations as at November2019
Association of Security Consultants
ASIS UK
Association of University ChiefSecurity Officers (AUCSO)
Association of Super Recognisers
British Security IndustryAssociation
Business Continuity Institute
CCTV User Group - (NationalAssociation of Surveillance CameraManagers) City of London CrimePrevention Association
Cross-Sector Safety and SecurityCommunications (CSSC)
Defence Industry SecurityAssociation (DISA)
Food & Drink Security Association
Fire and Security Association
Institute of Hotel SecurityManagement
Institute of Information SecurityProfessionals
Institute of ProfessionalInvestigators
Institute of Workplace and Facilities
Management (Formerly BIFM)International Professional SecurityAssociation
Internet of Things SecurityFoundation
ISC2
Resilience First
National Association for HealthcareSecurity
National Casino SecurityAssociation (NCSA)
National Cyber Security Alliance
National Security Inspectorate
Police and Security Group Initiative
Pharmaceutical Industry SecurityForum
Register of Chartered SecurityProfessionals
Royal United Services Institute
Security Awareness Special InterestGroup (SASIG)
Security in Academia
South Bank Business Watch
Security Industry Authority
Skills for Security
Security Systems and AlarmsInspection Board
Security Institute
Terrorist Information New YorkGroup (TiNYG)
Worshipful Company of SecurityProfessionals
Women's Security Society
Follow on Twitter @SyComUK
www.asis.org.ukWINTER 20194
YOUNG PROFESSIONALS
It is hard to overstate the value thatvolunteers have with ASIS Internationaland in particular ASIS UK.
Helping individuals develop their careersin the security profession is vital so weare especially grateful to our ASIS UKYoung Professionals Committee.
The Committee is led by James MorrisCPP, although he will be handing over thereigns shortly to focus on his role as anASIS UK main board director.
The YP programme was revitalised a fewyears ago by Stuart Eustace CPP PSP soparticular credit goes to him.
THE COMMITTEE ISSarah Hayward APPIris WickhamLeo KellyJerry RossIskandar Jefferies CPPRichard Brooks CPP PCI PSPCiaran Barry CPP CSyPTom GoodwinRiyaz Somani
We’d also like to thank former committeemembers Ross Bale and Paul WinstanleyCPP PSP.
The Young Professionals Counciladvances its mission to educate anddevelop young careerists by providing aforum to engage and learn from securitythought leaders, get involved with ASISprograms and activities, and connectwith peers from across the globe.
THE VALUE OF AN ASIS CERTIFICATIONENJOY PERSONAL SATISFACTION AND PROFESSIONALACHIEVEMENT BY:
• Validating your security management expertise
• Elevating your stature in the profession
• Gaining a competitive edge in the marketplace
• Enhancing your career and earnings potential.
• ASIS certificants earn an average of 20% higher salariesthan those without an ASIS certification (per ASISCertification Survey – April 2019)
• Broadening experience and training from lawenforcement and military backgrounds
The Value of an ASIS Certification to Your Employer
• Build a strong, dedicated team committed to highstandards and continuing professional development
• Promote ongoing enhancement of critical job knowledgeand skills
• Feel confident that your staff are using best practicesRecruit the most qualified professionals
• Reinforce orelevate yourorganisation’sreputation andcredibility
www.asis.org.uk WINTER 2019 5
MILE HIGH CHAPTER
On the 6th of November, James MorrisCPP, Director of Young Professionals andBoard Member for the UK Chapterattended a Young Professional andWomen in Security networking event ofthe Mile-Hi Chapter in the Greater DenverArea. The event, hosted at the ChurchillPub and Grill, occurred thanks to a workvisit to the city and was designed tofoster relationships between the chapters
and to see how the UK Chapter couldlearn from their US peers and vice-versa.Despite the severe winter weather thathit the city throughout the week, around40 members of the Denver Chapterattended, and the evening was a hugesuccess.
The Denver Mile-Hi Chapter has over 300members based around the GreatDenver Metropolitan Area, which is aregional hub for major organisations aswell as the HQ of several US companies.The chapter meets monthly, usually smallevents focussed on industry specifictopics including recent events on‘Understanding the Security Job Market,’‘AI in Surveillance’ and a ‘Security OfficerAppreciation Night’. While the Chapterhas struggled in recent years to maintainmembers’ engagement it has an activecore group that continues to drive thechapter, arranging events and identifyingtopics and trends for discussion.
The networking event was an opportunityto chat to the YP and WiS members andunderstand how they have seen theindustry change in recent years. Like theindustry in general the Denver Chapter’smembership slants heavily towards
experienced professionals from atraditional services background but hasseen an increase in graduates and directentry professionals in recent years andhas tried to encourage these individualsand support their development throughevents, mentoring and by discussing non-traditional skills such as business andcommunication.
The meeting highlighted one of the corebenefits of ASIS membership – theinternational network and the globalconnections that are available at a clickof a button and the value that all ASISmembers can gain from reaching out tofellow chapters as they visit other citiesand countries. The UK Chapter looksforward to hosting visitors from otherchapters at future events and sharing ourknowledge and experience with the ASIScommunity.
UK Board Director Visitthe Mile-High Chapter
www.asis.org.ukWINTER 20196
THE BIG GIVE
Axis Communications has been a majorsupporter and sponsor of ASIS UK formany years and, as our Education
Partner, supports and runs our CPE Days,which allow holders of ASIS Certifications toearn vital CPE credits in order to recertify.These are organised by Steve Kenny whoalso serves on our Operations Board.We’d like to thank Steve for his hard workand leadership.
The CPE Days are also open toChartered Security Professionals: we area licensee of the Register of CharteredSecurity Professionals and keen tosupport this.
Recently, a team from Axis has completedthe Three Peaks Challenge on behalf of PTSDResolution, a charity ASIS UK has beensupporting for many years. Rumours thatSteve was convinced to take part because ofa good vegan restaurant near Ben Nevis,have not been denied: (largely because I’veonly just started the rumour).
The Three Peaks (Ben Nevis, Scafell Pikeand Snowdon) are the highest mountains inScotland, England and Wales. The challengeis to climb each of these three peaks - oneafter the other!
Through a lot of training and hard work theAxis team raised £2,500 for PTSD Resolution.
This will become £5,000 with support ofThe Big Give.
PTSD Resolution as well as supportingveterans, is able to offer its therapy to anyASIS member in need of help.
ASIS ON TOUR
www.asis.org.uk AUTUMN 2019 7
ASIS UK – On Tour
Caroline BashfordASIS UK Board Director
I had the honour of participating in, andrepresenting the UK Chapter, at the recentPrivate Security Summit and OSPAs ceremonyin Bucharest.
The event marked the 10th anniversary ofthe Federation of Security Services in Romania,and was led by Mr Gabriel Badea the President.FSSA is a member organisation dedicated tothe improvement of regulation, standards andtraining of the security industry in Romania.
The day was centred around paneldiscussions with industry experts and coveredtopics including Private Security Associations,Regional and International co-operations, statesponsored cyber attacks against criticalinfrastructure, artificial intelligence and aneducated security manager – the balancebetween soft and hard skills.
It was also a great opportunity to meet withrepresentatives of other ASIS chapters.
The UK Chapter is by some distance thelargest in Europe with between a quarter and athird of the regional membership and is seenas a role model by many of the small chapters.
I would imagine almost all ASIS UKmembers are aware of the role inthe detection of crime played byCrimestoppers which is celebratingits 30th anniversary. The 0800555111 number gives people thepower to speak up about crime orcriminals at any time day or nightthroughout the whole yearincluding bank holidays.
There is much to celebrate whenyou realise that Crimestoppers hasreceived in its existence to datealmost two million actionablepieces of information which hasled to 145,000 individuals beingarrested and charged, £140million of stolen goods beingrecovered and drugs seized worthnearly £350 million. Then take intoaccount the information passed onto police which has helped topiece together the jigsaw in somany major investigationsincluding murders, serious sexualoffences, child abuse, and manyothers. As for me personally, I wellremember the part it played notlong after being formed, in aninvestigation I was involved induring my past life with the CID.
Then there is something thatprobably does not receive thecredit it deserves and should bemore recognised. How manypeople would know that theCrimestoppers Most Wantedcampaign in the UK and abroadhas resulted in 4,230 arrestssince it was introduced in 2005?The old cliché about the Long Armof the Law has surely never beenmore appropriate.
Whilst all this is impressive weneed to bear in mind that societyin the UK in the 21st century haschanged greatly and it is no goodreminiscing about the “good olddays” of policing and lawenforcement (actually in realitymany of those days were not sogood!).The fact is that attitudestowards contacting the police havechanged greatly and phoningCrimestoppers has proved itself
gradually over the years aninvaluable tool in providinginformation to Police.
Today however we face a neverending media narrative of theinvolvement of young people incrimes affecting communities upand down the country. We all knowthat law enforcement alone will notbe able to solve the problem. Tostate the obvious, education isprobably the main ingredient inconvincing young people in ourcountry to make choices whichtake them away from suchinvolvement.
Having in recent times taken upanother voluntary role ( glutton forpunishment I know!) this time as aCrimestoppers committee memberfor a region just south of London, Iwonder how many ASIS membersare aware of Fearless – the youthservice of Crimestoppers whichwas launched last year.
So what is Fearless? I would sumit up in simple terms as helpingyoung people understand howcrimes impact upon their lives andhow they can speak up aboutthem to Crimestoppers, with thecrucial guarantee of remaininganonymous and staying safe.
Delivered by outreach workers withappropriate training andqualifications as well as providingaccess to the fearless.org website,the target audience in schools andyouth groups is the 11-16 agegroup which reflects wide researchshowing their vulnerability to being“groomed” to take part in crimenot least online and via socialmedia. Crucially Fearlessguarantees the same anonymitywhich Crimestoppers has alwaysdone with the advantage of givinginformation online through thewebsite if required. The website iswhere young people can accessnon-judgemental information andadvice about crime and criminality.
Every aspect of crime is covered inthe Fearless programme and many
are the types ofcrime we are onlytoo well aware ofin recent times.These include:
Knife Crime – Ahot topic across the whole countryespecially in London and othermajor cities. The Fearlessprogramme explores the widersocial, physical and physiologicaleffects of this type of criminality.Scotland Yard chief Cressida Dickwas recently quoted as saying thatknife crime fuelled by drugs was atits worst level in her 35 yearcareer in London. Understandingsuch links is all part of how theFearless message is put across. Tohighlight the problem, policereleased images of the staggeringnumbers of blades seized fromchildren under 16 in just one twomonth period.
Child Sexual Exploitation – Adelicate subject to discuss withschools and youth groups at thebest of times but these days it isessential to educate young peopleon recognising the signs of thisissue and how to report it –anonymously if necessary andwithout fear. The extent of thisexploitation is often not fullyrealised. Some criminal gangs,usually as part of gang initiation,are involved in sex crimes andthere has been a significantincrease in cases of gang rape inthe UK over the past 5 years.
Street Gangs – Whilst mostcriminal street gangs arepredominately male, the role andrelationship of girls involved isoften underestimated. Girlsaffiliated with gangs are oftenused by multiple gang members toestablish status, seek revenge andeven used to lure rival gangmembers in honey traps. There arealso some girl only street gangsoperating in the UK. Fearless
www.asis.org.ukWINTER 20198
CRIMESTOPPERS
Crimestoppers – 30 Years and Fearless! CrawfordChalmers CPP
recognises that if involved withsuch gangs it can be very difficultfor members to leave. There aremany organisations that can helpand support young people withgang exit strategies and theseform part of the Fearlessprogramme, with the website alsoincluding a number of related linksfor seeking help.
County Lines - City gangs forciblytake over the drugs trade insmaller towns using children andyoung people. County linesoperators often groom and useyoung people as “runners”, makingthem carry drugs or money to andfrom the areas where theoperation has been established.This is often via train but also bycar and coaches. It is also notunusual for children to be forcedto stay over at a local “trap house”and made to distribute drugs inthe area.
Providing information to policethrough the fearless.org websitemeans going online to complete ananonymous form where youngpeople are asked to give as muchinformation as possible becausethey cannot be contacted back formore information. They are advised
that if they are using or sharing apublic computer they should deletetheir page history so no one willknow they have sent information.
A real indication of how societyand communities in the UK havechanged is the fact that ifsomeone filling in the form prefersto use their mother language, thenthey are encouraged to do sobecause there is a translationservice with over 150 languagesavailable!
Of course it cannot all be goodnews. I am aware and it is notsurprising, and understandable upto a point, that there are schoolsand youth groups who do not wantto receive a Fearless educationsession. Some schools worry it willaffect their reputation, or forexample parents are resistantbecause they feel their child is tooyoung to be exposed to theinformation available. I canunderstand where they are comingfrom, but we are talking about thefuture generations of this countrywho are growing up in a far morecomplex world than I ever did, anddeserve at the very least to beaware of what is happening intheir everyday environment.
How far then can Fearless succeedin educating children about crime,its risks and consequences?Clearly it will be a long termprocess and though I suspect itscontribution will take a number ofyears to evaluate, surely it can sitalongside other charities which areengaged in helping children leadbetter lives.
One big difference that Fearlesspresents of course is encouragingtoday’s generation who are beingbrought up on Facebook, Twitter,Instagram etc. that there is aneducational resource and websiteavailable to them which givesthem the chance completelyanonymously to “speak up” aboutthe crime environment they mayfind themselves in. Can they intime be fearless enough to do so?I believe so. As Olivia Wilde theAmerican actress, director andpolitical activist once put it: “Onlythe really young are fearless, havethe optimism, the romanticism totake unimaginable risks”.
References:
Crimestoppers: 0800 55511124/7 365 days a year
Fearless: www.fearless.org
CRIMESTOPPERS
www.asis.org.ukwww.asis.org.uk WINTER 2019 9
www.asis.org.ukWINTER 201910
GSX
GSX Sets the Standard for Security Innovation,Attracting 20,000 Global RegistrantsThis year’s Global Security Exchange (GSX), held atChicago’s McCormick Place offered six days filled witheducation and networking for the global securitycommunity. Attendance was strong with 20,000registrants from more than 125 countries and 550+exhibitors packing the convention center. Securityprofessionals also engaged in sessions around theworld via Global Access LIVE! streaming, withparticipants in more than 15 countries.
At the event the UK Chapter received its award for TheASIS Newsletter of the Year
and Vice Chair Mike Hurst CPP, Main Board DirectorsJames Morris CPP, Darren Carter CPP and DarrenWood were on hand to collect it.
www.asis.org.uk WINTER 2019 11
NEW MEMBERS
The last Security TWENTY event of 2019at the Park Inn at Heathrow, raised£2400 for Embrace: Child Victims ofCrime. Pictured left to right are ASIS UKDirector and Embrace Trustee, SteveEmmins of the charity and Roy Cooper,MD of Professional Security Magazine,who run the ST series.
Interest in ASIS International isincreasing globally and the UK is noexception. At the time of writing wehave had over 200 new andreturning members join the Chapterin 2019 and, globally, August wasthe busiest month for new joiners inthe association's history.
There are many reasons for thisgrowth, partly it is the result ofthe engaged volunteers who
• organise engaging andinformative seminars and CPEDays
• man stands at security industry
events to promote the benefitsof membership,
• speak at conferences, and
• demonstrate the value of ourBoard Certifications CPP PCIPSP: the new early career APPhas been well received
• The new UK Community page onASIS Connects is proving auseful communication medium.
Members also have
• Free access to Standards andGuidelines
• The ability to participate, learn
and share their knowledge
though the ASIS Councils
• Discounts to attend ASIS global
and regional events e.g. GSX
and ASIS Europe
• Discounted rates for
Certification.
• If you know security
professionals who are not
members, please encourage
them to join and be part of this
global community.
www.asis.org.ukWINTER 201912
Facebook, in the words of itsexecutives “is one of the mostconsequential companies ever”. Theyhave a point: over a third of people onearth use its services (Facebook,WhatsApp, Instagram, Messenger).Mark (as CEO Zuckerberg is knowninternally) launched the company in2004. It now has revenues of $60bnand recently swallowed a $5bn fineover data privacy without breakingsweat. It is on the cusp of launching acrypto currency with the modestambition of transforming the world’sbanking, and a dating service that,presumably, will transform the way wereproduce. It’s size, speed of growthand ambition is breath-taking.
I worked as a Regional Managercovering Europe, the Middle East andAfrica within Global Security,Facebook’s team responsible forphysical security (only really smartpeople do cyber and that is handled bya separate part of the company).
One of the company’s five corevalues is “be open", so in that spirit I'msharing what I hope is interestinginsight on a matter of public interest,whilst staying on the right side of theextensive non-disclosure agreementthat all staff have to sign.
Working EnvironmentFacebook offices are the crucibles ofthe 4th Industrial Revolution. Butinstead of the howl of the steam enginethere is the woosh of the espressomachine and the hum of the hard drive.Like sweat shops of old, everyoneworks in tightly packed rows 120cmapart, but the looms and presses havebeen swapped for elevating desks andergonomic keyboards. Everyone wearsclean jeans and California smiles.
The walls are brightly coloured andpasted, not with the words of ChairmanMao’s Little Red Book, but with thewords of CEO Mark's big red companyvalues: build social value, be open,
focus on impact, be bold and movefast. The ceilings are exposed, revealingpipes, beams, cabling and bareconcrete. This deliberately rough feel isconsistent with another of Mark'sslogans: “this journey is 1% finished”.So by my reckoning, if $60bn is 1%,he’ll be reaching his peak at around$6,000bn. And I don't think he isjoking.
The offices combine fun withefficiency. There are bean bags,massage chairs, board games, musicrooms, pool tables, play-stations, pinball machines, sleep pods and amazingvistas over city centres. Thousands ofstaff work in offices designed so thatany part can be reached within 3minutes. Facebook meetings come in30 minute chunks starting exactly onthe hour and half past the hour. Soevery 30 minutes the lifts and corridorsare filled with millennials, headphoneson, Mac open in one hand and acappuccino in the other, dashingbetween meetings. Punctuality inFacebook rivals that of Swiss railways.
Feeding FrenzyAll this frenetic energy needs fuel andFacebook supplies that in gargantuanquantities. All offices have restaurantsoffering breakfast, lunch and dinner.Free range scrambled eggs, grilledsalmon, steamed asparagus, glutenfree pizza, ice cream, fresh juice,pancakes, larks tongue in aspic.…There is no hunting around theneighbourhood in the rain for an eggsandwich. Teams eat together and“build social value”. And everyone isback at their desks within 30 minutes.It’s brilliant.
But there’s more! At every turn thereare groaning racks of biscuits,chocolate, crisps, granola bars, vitamindrinks, soda, yoghurt, gum, nuts,liquorice and even the odd bit of fruit.There is also beer, tequila and Prosecco
on tap - all free! Millennials aredisinclined to drink, but they like to seeretro drugs on display.
Facebook keeps you fat, happy andfocused, nourished in its ample bosom.There is a phenomena known as the“Facebook 15” because everyone putson 15 pounds within 3 months ofstarting at the company.
Nice PackageTo attract talent, Facebook salaries areat the top of the scale. The packageincludes a generous bonus scheme,share options, private healthcare, gym,travel and dry cleaning allowances, aswell as all the ice cream you can eat.
A junior security manager inFacebook is paid more than a seniorcivil servant in Whitehall. Small wonderthat Facebook is regularly cited as oneof the best places to work. Few couldget better pay elsewhere, or find a moreagreeable work environment. So mostare content to be clasped in goldenhandcuffs and to let out their beltbuckles regularly.
Facebook uses its own products forinternal communications, so everyone'sattention span is shredded. In meetingspeople flip constantly betweenWorkplace and Workchat (thecommercial versions of Facebook),WhatsApp, Messenger andInstagram. Just like teenagers lookingfor a hook-up on a Saturday night,
This devotion to screen time may besecond nature for a millennial, but I
Inside Facebook's Security Team: Heaven or Hal? A Consequential Company – Mike Croll CPP
www.asis.org.uk WINTER 2019 13
punched out my undergraduate thesison a ribbon typewriter, I got my firstmobile phone in my 30s, and I still usetwo fingers to type. So despite wearingjeans and a beard, I sometimes felt likean analogue man in a digital world.
Silicon PallyAll organisations assimilate the cultureof their headquarters’ location.Facebook, spawned in California’sSilicon Valley, is no exception. It’sinformal, liberal, and it positivelycelebrates diversity (unless you are aRepublican).
Facebookers greet you warmly, theyask about your family, they areconsiderate and polite, they look you inthe eye when they talk to you, they havegood teeth, they smile a lot and theysmell nice. Apart from all that, I havenothing against them.
They also have a missionaryearnestness about them. You senseThought Police gauging if you are onmessage, a true believer, fully embracingthe programme, as they make eyecontact that little bit too much.
Facebook’s headquarters for50,000 plump millennials is animmense series of adjoining university-style campuses each with vast hanger-like offices. But whilst Silicon Valleymay conjure images of bucoliclandscapes, orange groves and tastefulmodern buildings nesting amongstgently rolling hills, it’s actually a vasturban dystopia divided by megahighways.
The company is expanding so fastthat it places extraordinary stress onthe surrounding infrastructure. Trafficspeeds have halved and real estateprices have doubled in the past fiveyears. Locals are priced out andFacebookers’ lives revolve aroundworking, slow moving traffic, sleeping
in cell-like spaces, shopping on-line,and a dependence on Tinder forhuman interaction outside work. It’s asurprisingly asocial environment fromwhich to incubate the world’s largestsocial network.
Move FastFacebook is a tech company soeverything happens fast. See whathappened to Blackberry when it didn’tmove fast enough? And whilst themission is the “give people the powerto build community and bring the worldcloser together” there is a relentlessdrive to become a gazillion dollarcompany. So it is informal but up-tight,fun but serious, open but guarded. Andit has a level of compliance that manyarmies would envy.
The five core values shape theculture, but they are not a substitute forgood leadership. Some, like EMEA’s VPNicola Mendelsohn, are inspirational,others can be less Seven Habits andmore Game of Thrones.
It’s not only Lannisters who pay theirdebts, Facebookers do too in their ownworkplace fantasy drama. The corevalue “focus on impact” combined witha six monthly individual performancecycle keeps everyone scratching for“wins”. But detailed performance datais often overshadowed by the strengthof alliances. Favour with queens andkings can be the biggest influence onthe size of your bonus and whether youorder a new Tesla.
Facebook is increasing at around 40%a year and there are now around 90,000staff world-wide. So what does everyonedo? The gods of the company are thesoftware engineers (the Geeks areinheriting the Earth!) who make the on-screen magic happen. There are salesand marketing staff who sell the $60bnworth of adverts that pay for all thosecandy bars. Then there are CommunityOperations teams, the folks that takedown inappropriate content. These aresupported by services like HR, Finance,Facilities, Culinary and Security.
Global SecurityIn 2015 Global Security was a gang ofabout 10 unfettered by substantial
experience or self doubt. Its structurenow resembles that of an army, withover a dozen grades from door securityofficer to the Chief Security Officer. Thisis over twice as many grades as theCatholic Church from priest to Pope,and pretty impressive for anorganisation that prides itself on its flatstructure. And Facebook’s physicalsecurity budget for offices in 30 highincome countries now rivals that of theUnited Nations operating in 150countries including 20 war zones.
As with many companies, the visiblesecurity staff are contractors. They aimto give Facebookers a “frictionless whiteglove service” extending their role into aDisney-style visitor experience. “HappyMonday and welcome to Facebook!”.You do need to be unrelentingly cheerfulto work in these roles.
Many companies hope to retain 50%of their staff on security contractsannually, Facebook regularly retainsover 80%. Individual contractors valuethe buzzy environment, the lavishoperation and of course the free food isa major perk for this lower paidcategory of worker.
Big SecurityMost billion dollar companies havecorporate security teams of perhaps 20.The UN has about 100 in its New YorkHQ to manage security world-wide in thetoughest of environments. Facebookhas several times this number in GlobalSecurity including uniformed staffworking in darkened control centres thatlook as if they could coordinate anApollo moon landing.
In HQ, Global Security has fivedirectorates (Operations, Intelligence,etc) split into over 30 separate teamswith names like Operational Excellence,Strategic Business Partnerships andProtective Intelligence.
The HQ structure is replicated on asmaller scale in the regions but with allthe various teams reporting to HQ. Theemphasis is on collaboration ratherthan coordination. This highlycentralised system can be effective,although it’s not necessarily efficient.
New teams are spawned monthlymaking internal alignment ever morecomplex. It’s like being in a crowdedbed and having to move over to makeroom for new people. You don’t staycomfortable for long, and, like thekarma sutra, you need a big appetitefor new positions.
Counterintuitively, as the companyexpands, individuals’ responsibilitiescontract. So everyone becomes a hyper-specialist (with decreasing transferable
www.asis.org.uk14
WINTER 2019
Modern society has embracedtechnology with smart cities,commercial drones, connecteddevices and self-driving cars, andmany others are all either reality, orjust around the corner. Yet in a recentsurvey, seven in ten UK shoppers saidthat they consider facial recognitiontechnology to be ‘creepy’. This isbecause the perception of facialrecognition is tech that is invading theprivacy of people going about theirday-to-day lives, and of something thatthe government is using forsurveillance – the concern around‘Big Brother’ watching us. But like alltechnology, the use of facialrecognition has now become multi-
functional, with security capabilitiesbut also customer engagement, timeand attendance and footfall trackingamong other functions. With thegrowing use of these systems, thebest way to conquer the ‘creepy’image is transparency - providingknowledge of how the systems workand why we use them.
CCTV has become mostly accepted bythe masses, with an understandingthat wherever you are, you are goingto be viewed and recorded. Facialrecognition can be similar in thatregard, but it needs to have adatabase of information to link with towork effectively. If you are not on this
database, you are not going to berecognised and will appear as anunknown person. It is only when youchoose to share data that the systemrecognises you in a crowd. But
Facial Recognition – technology thatcan be embraced by all? By Oliver Lacey
skills) like a worker on a productionline. But much of security cannot bereduced to simple process, judgementis required. Security is often aboutmanaging fear rather process and I’mnot sure that there is an algorithm forthat. Yet.
Global Security leadership meetingsoften displayed more enigma thancharisma, featuring recitals of lists ofvalues, priorities, objectives and goalswhilst everyone listens in straight-backedattentiveness. It’s like Alexa reading ashopping list in an evangelist church.
Small ThreatsIn the past couple of years Facebookhas transmogrified from David toGoliath. And the trust that arrived onfoot has been departing on horseback,with user data in its saddlebags. Butthat doesn’t necessarily translate intoa loss in revenue, or real worldsecurity threats.
The main issues are users withaccount problems (a concern since adisgruntled user shot dead threepeople at YouTube’s Silicon Valleyoffice), haters that have their contentremoved, or protestors concernedabout digital colonisation and the tinytaxes paid on massive income. All ofthis is modest compared with the daily
threats facing transport networks,media organisations, retail empires orhotel chains. Let alone the UN orgovernments with embassies inconflict zones.
If you join Global Security from thepolice or military, it can feel like aparallel universe as you recalibratefrom handling life threatening situationsto handling elevator entrapments andqueues of excited visitors. It should bea joyous transition but it can feel highlystrung and humourless.
Facebook manages small threatswith big cash. This is coupled toambition that would make Napoleonlook timid and an “abundance ofcaution” approach would makehelicopter parents look reckless. Mostorganisations manage risk, carefullyevaluating impact and likelihood andbalancing resources against possiblelosses. At Facebook the emphasis is oncontrolling everything all the time.
Who’s in Charge?Security is intelligence led, systemsorientated and supported byautomation that aims to be consistent,replicable and scalable. And despite thecurrent legions of staff, it feels thatGlobal Security is advancing towards anartificial intelligence, algorithm-basedsystem that one day, like driverlesscars, will dispense with humans.
Some of this is impressive, but it’salso concerning. Accountability isunclear, judgement is subordinate tosystems and I wonder if anyoneunderstands the whole process. It’s
as if HAL 9000, Arthur C Clark’ssentient computer in 2001: A SpaceOdyssey is on the cusp of taking overGlobal Security.
A systems approach, combined withworst case thinking can breed fear andirrationality. Sarin gas is a military-grade weapon of mass destructionused very rarely by Middle Easterndespots and once, in 1995, by aJapanese cult. But mail arriving atFacebook is scanned for all conceivablemenace. In July 2019 the mediareported that a scanner alerted forSarin gas and thousands of staff wereevacuated. It turned out to be a falsealarm. One of the company’s largestoperational disruption events wascaused by a security systemmalfunction.
Heaven or Hal?Global Security sits at a uniqueconfluence of an abundance of wealth,tech, ambition and caution as itprotects Facebook on its march towardsglobal digital hegemony. Whilst it mayaspire to set the gold standard forcorporate security, its approach doesn’tproject neatly onto the complex,pragmatic and parsimonious real world.But there is no doubting that itrepresents something of a paradigmshift. However, a couple of yearsworking within it I left wondering if itwas heaven or Hal.
Either way, I'm grateful for thefascinating experience. And I’m now ona diet.
www.asis.org.uk WINTER 2019 15
FACIAL RECOGNITION
ASIS International Preferred CPEProvider Program
The ASIS Preferred CPE ProviderProgram offers organizations theopportunity to award pre-approvedcontinuing professional education(CPE) credits for their security orbusiness management-relatedcontinuing education offerings – andhelps ASIS-certified securityprofessionals easily identify non-ASISactivities that qualify toward theirrecertification CPEs.
For Certificants
Need to earn more CPEs? Searchthe Directory of Preferred CPEProviders and go to the providers’websites to find the continuingeducation activities that have beenpre-approved by ASIS. Each activitywill be identified with an ASISPreferred CPE Provider logo. If youattend any of these activities and self-report, your CPEs will be approved.
For Organizations
Interested in becoming a PreferredCPE Provider?
If the learning objectives of yourorganization’s course offerings alignwith the bodies of knowledge for theAPP, CPP, PCI, and/or PSP, yourorganization can be awardedPreferred CPE Provider status.
The Program offers two options fororganizations that provide educationalprograms:
1. ASIS Annual Preferred CPEProvider – for organizations thatoffer multiple educational activitiesa year.
2. ASIS One-Time Preferred CPEProvider Event - for organizationsfor which only one educationalactivity has been approved by ASIS.
KEY BENEFITS TO PROVIDER
• Join with a select group oforganizations authorized to offerCPEs pre-approved by ASISInternational.
• Build recognition for yourorganization with your listing in aDirectory of Preferred CPEProviders (coming soon) on theASIS Preferred CPE Provider
Program webpage (for AnnualPreferred CPE Providers only).
• Expand the reach of yourorganization to attract morecertified security professionals toyour educational offerings.
• Elevate your commitment toproviding continuing education forprofessional development andrecertification activities.
• Receive appropriatetools, resources, and support toensure your participants can easilyand properly receive CPE credit forparticipation.
• Stand out as an ASIS InternationalPreferred CPE Provider by usingthe program logo on marketingmaterials.
• Gain increased exposure via ASISmarketing and brand recognition.
Please visit the main ASISInternational site for more information
https://www.asisonline.org/certification/preferred-cpe-provider-program/
https://bit.ly/2s7Rx5y
considering other uses of thissoftware, sharing data to be added tothe system would unlock potentialbenefits – for example, frequentcustomers at a shop could beidentified using the technology andexpedited through a quicker paymentline, or given access to exclusiveareas or introduced to better dealsthat those not in the system would notsee. In this instance, it’s the decisionto share your personal informationthat gives you this access.
A key point about facial recognitionuse, is that to be effective, thesoftware must identify a face. Whilethis sounds obvious, there has beenrecent speculation that sometechnology can recognise a personwithout identifying the face but that ison a 2D still-image only rather thanusing a live stream of information.However, it remains the case that forfacial recognition systems to work, a
face must be identified through thecamera and this image quality can bedisrupted through multiple reasonssuch as lighting, camera positioning orcamera quality. And if the camera isnot able to see the requiredpercentage of the face, by being poorlypositioned, then the system will not beable to affectively identify someone.
Facial recognition cameras have nowbeen developed with wide dynamicrange and adjustable lighting whichcan all be focused on a set point, buteven then, if someone chooses towear a hood and sunglasses, they aremuch harder, if not impossible, toidentify. From a security perspective,anyone who is clearly acting in a waythat demonstrates that they do notwant to be identified, such as coveringtheir face, not looking at a camera,could be monitored by members ofsecurity team so the system remainsan element of the security programme
rather than the entire package.
Facial Recognition can be considered“creepy” and intrusive as it is a newtechnology that is not fullyunderstood, but it is a useful securitytool that can also be used to benefitthe everyday consumer if they arewilling to embrace it. There aremultiple added values to the systemfrom which customers could profit ifthey were prepared to share theirinformation – something manyconsumers have become increasinglywilling to do with other newtechnology and software. Companiesare looking at ways that facialrecognition can enhance the customerexperience alongside increasingsecurity which would benefit theshopper if embraced, instead ofsomething to fear. It is incumbent oncompanies to educate and increaseunderstanding to increase comfortwith the systems.
United Kingdom Chapter
Sponsors and Supporters