Security Consultants
So what exactly is a security consultant and what do they do? First, a consultant is someone that provides knowledge and information depending on their background and expertise. There are all sorts of comments that have been made about “Consultants,” and although some of them are not very flattering all of them need to be taken into consideration before you retain a consultant to assist your organization.
Yes, you read that right, we know that some of the things that are said about consultants are true, even if they are not complimentary in nature. So why in the world would we acknowledge that? Simply put, a person needs to fully understand what it is that they are considering, the good and bad, and they need to determine what it is that they need and then where to find those services.
Anyone can call themselves consultants, the real question is do they know their business and can they offer assistance to your business? So when we are talking about “Security Consultants” we need to drill down the term to ascertain if they are a true consultant or a salesperson.
What is a Security Consultant?
Many security product manufactures and security guard services claim to have security consultants on staff. We have met many exceptionally fine salespeople that market service technology and products but know nothing about security management. In fact, if you ask them questions about how to resolve security issues, if they do not have a product that addresses it they will often become uncomfortable. Although most business people can tell the difference between a salesperson and a true security expert, many times the lines are not clearly defined and in some cases that has lead to wasteful spending on products and services that were not needed.
We have also yet to find a security guard service that does not offer security consulting services. We have several good friends that are either working for such a firm or have worked for one. The concern with these types of security “consultants” is that they are driving business decisions for their employer, meaning that they are tasked with finding a way to gain your business long-term. Over the years we have read numerous security risk assessment reports authored by these types of security consultants and each and every one of those reports have recommended their guard services or other services such as alarm monitoring. The issue that often is associated with this type of business relationship is that the consultants offer an assessment for a reduced fee in hopes that they can get their clients to sign a long-term contract that is advantageous to the security firm.
Both of the examples above demonstrate that the security consultants are not independent, and they are there to sell their services or products to a client. Even if that is what your end goal is, to purchase security products or services, by going with one vendor you may not be getting the best information available. Your goal should be for unbiased and independent information that is current to established best practices and standards.
Independent Security Consultant
A truly independent security consultant is a professional that has the expertise and experience to provide the services and does so without steering their clients to a particular product or service. For example, an independent security consultant may recommend security cameras as part of their assignment, but if they are steering you to a certain product are they truly independent, or are they an extension of that brand? In some cases you may not discover any connection until you receive their recommendations, and then just because they recommend a certain product it is still not true indication that they have some affiliation with that product or service. So are you confused now? We just said you want a security consultant that does not recommend a particular brand, yet we say that it may happen even if an independent security consultant. So let’s clear that up; there can be cases where an independent security consultant recommends a certain product. If the consultant discloses why they are making that recommendation in a way that clearly defines why they are doing so, it may in fact be the best option.
For example, let’s say your consultant recommends a mass notification system and identifies the specific brand. The question to ask, if not already answered, is why that product over all the others. The consultant should be able to provide factual information based on their experiences as to why they are recommending that brand. At this point they will have to give you enough information to demonstrate to you that they have researched the product and it is the best available product to address your particular needs.
Specialized Security Consultants
Security consultants often have areas in which they have expertise in. In other words some security consultants will specialize in fields such as education, healthcare, retail, tourism, and so on. Remember, as you have likely already discovered there are thousands of security consultants in the United States and many of them are generalist, meaning that they have basic knowledge of general security. However, if your business is looking for a security expert for a particular industry, you have to dig deeper to vet out those that actually know your industry.
For an example, healthcare is a highly specialized field and yet more than 50% of the security consultants out there will claim to be healthcare security consultants. If your business is healthcare you know of the regulatory and accreditation standards that your health system falls under, and you understand the challenges of healthcare and the security services associated with healthcare. The problem is that the “Healthcare Security Consultants” often have no operational experience within the healthcare industry and learn as they go. We have met many consultants over the years that claim to be healthcare security consultants but have never worked in healthcare security. Some of them got their break into the field by being retained by a client that did not check their background, and the consultants were able to apply general security recommendations to the client even though they were in over their heads from the very beginning.
One such healthcare security consultant once said; I have found hospitals to be quite challenging with guidelines and restrictions. Others have said; I have worked with hospitals and I will often learn as I go because the industry changes a lot. Is this what you want if your business type has numerous regulations that you have to follow?
You can take the above example and interject any number of different industries into it and the results will be the same, unqualified security consultants are performing services that they are not familiar with. Knowledge and experience are critical assets, both for you as a business owner and for the security experts you retain to help protect your assets. It is important that your organization ensures that you retain a qualified security consultant, and you do so by asking questions and researching the consulting firm online.
Security Consultant Credentials
The number of initials that may follow a security consultants name can be endless. In fact there are a few consultants out there that may have over 25 sets of initials after their name, most of which may mean nothing at all to a potential client but they may look impressive to someone with no knowledge of what they represent. Since the beginning of the internet age all it takes is someone dreaming up a new credential and setting up a website to get a new certification on the market. For a small fee you too could add dozens of credentials to your résumé and quite frankly some people might be impressed by the initials. Credentials provide objective proof of an individual’s professional knowledge and experience and should be considered a requirement for a true security expert. So let’s take a close look at the most important credentials.
ASIS International is the preeminent organization for security professionals, with more than 38,000 members worldwide. This professional association offers three professional credentials to qualified members who possess the experience, education, and training required and successfully passes an exam.
The Certified Protection Professional (CPP) credential provides demonstrable proof of knowledge and management skills in eight key domains of security. Those who earn the CPP are ASIS board-certified in security management.
The Physical Security Professional (PSP) credential provides demonstrated knowledge and experience in threat assessment and risk analysis; integrated physical security systems; and the appropriate identification, implementation, and ongoing evaluation of security measures. Those who earn the PSP are ASIS board certified in physical security.
The Professional Certified Investigator (PCI) credential provides demonstrable proof of an individual’s knowledge and experience in case management, evidence collection, and preparation of reports and testimony to substantiate findings. Those who earn the PCI are ASIS board-certified in investigations.
There are other professional credentials such as the Certified Security Consultant (CSC) as managed by the International Association of Professional Security Consultants; the Certified Information Systems Security Professional (CISSP) which is a certification that is globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security; a Certified Fraud Examiner (CFE) credential denotes proven expertise in fraud prevention, detection and deterrence; and the Certified Healthcare Protection Administrator (CHPA) which is healthcare security expert who has been certified in the healthcare security industry.
If you are seeking a qualified security consultant you need to start with a CPP who is Board Certified in Security Management. These experts are well versed in security management practices as well as fields such as: Security Principles and Practices; Business Principles and Practices; Investigations; Personnel Security; Physical Security; Information Security; Crisis Management; and Legal Aspects.
If you work within a specialized field such as healthcare, you should also seek out a security consultant that also has the CHPA certification. This way you know you are getting an expert that has been vetted and tested by other healthcare practitioners and a professional association.
Regardless of your industry, when it comes time to retain the services of an independent security consultant, it is up to your organization to research qualified firms and screen out the inexperienced security consultants, your businesses reputation may be depending on it.