CSO/Leadership

 

 

https://adminsm.asisonline.org/Pages/Certification-Profile-Courtney-Klein,-PSP.aspxCertification Profile: Courtney Klein, PSPGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652019-02-01T05:00:00Z<p>​A moment of professional pride for Courtney Klein, PSP, came in 2018, when her organization received an alarming threat via Twitter. After conducting online research, she uncovered an individual with a proclivity towards violence, a sense of extreme self-importance, and a budding martyr complex—a combination that added up to a potentially severe threat. Overall, Klein and a colleague analyzed nearly 14,000 posts and provided authorities with a comprehensive report.</p><p>When the suspect was apprehended by a Joint Terrorism Task Force, he insisted his threats were just a joke. He was released, but within hours, he began dismantling the violent culture he’d been building online.</p><p>“That felt great,” Klein reflects, “because it started with me, my friend, and our insatiable thirst for answers.”</p><p>To Klein, a security career requires a commitment to explore the aims of criminals, root them out, and proactively prevent their actions. “Not everyone is inclined to be naturally curious or has the ability to keep up on global trends, current events, and technological innovation,” she adds. “Those with the skill set, interest, and a desire to learn, however? I welcome them to our field.”</p><p>She was a graduate student at New York’s John Jay College of Criminal Justice when she first considered a career in security. She was invited to join the school’s Terrorism Victimization Assessment (TVA) program—an entry-level security assessment training with a focus on terrorism.</p><p>“I didn’t have much exposure to security infrastructure growing up,” she notes, “so the whole thing seemed rather bizarre at first. But I ended up loving everything about it—particularly the theory of security practice and the chance to get a glimpse into the micro-cultures of our clients.”</p><p>She was first introduced to ASIS International by an instructor and mentor at John Jay who sought to connect her with industry groups. Realizing the benefits of networking with security professionals, she joined the ASIS Young Professionals and Women in Security Councils.</p><p>“It’s rewarding to promote the benefits of membership to young professionals and women, and it’s rewarding to promote to security managers the benefits of hiring young professionals and women,” she says.</p><p>Immediately following the completion of her master’s program, she took on an internship helping stand up a security division for a multinational corporation. Her organization’s chief technology officer required all interns to earn a professional certification—so Klein selected the Physical Security Professional (PSP®), which most aligned with her professional goals. </p><p>Now a security consultant with T&M Protection Resources, she enjoys a dynamic work environment that can change at a moment’s notice. “Sometimes I’m in the field walking a client’s facility,” she explains, “or sometimes I’m researching or working on reports. Sometimes I’m co-running a client’s crisis response team. There really is no ‘typical’ day in this field.”</p><p>“It’s questionable whether I’d be where I am today without my PSP,” she says. “The ASIS organization and its certifications are highly respected marks of security knowledge. Through studying best practices and industry standards, the certification process helped catapult my professional capabilities.”</p>

CSO/Leadership

 

 

https://adminsm.asisonline.org/Pages/Certification-Profile-Courtney-Klein,-PSP.aspx2019-02-01T05:00:00ZCertification Profile: Courtney Klein, PSP
https://adminsm.asisonline.org/Pages/The-Hard-Truth-About-Soft-Skills.aspx2019-02-01T05:00:00ZThe Hard Truth About Soft Skills
https://adminsm.asisonline.org/Pages/Certification-Profile-Nikhilesh-Sharma-CPP-PCI-PSP-.aspx2019-01-01T05:00:00ZCertification Profile: Nikhilesh Sharma, CPP, PCI, PSP
https://adminsm.asisonline.org/Pages/Christina-Duffey-Serving-the-New-Generation.aspx2019-01-01T05:00:00ZChristina Duffey: Serving the New Generation
https://adminsm.asisonline.org/Pages/Seek-Joy.aspx2019-01-01T05:00:00ZSeek Joy
https://adminsm.asisonline.org/Pages/Dancing-With-Yourself.aspx2018-12-01T05:00:00ZDancing With Yourself
https://adminsm.asisonline.org/Pages/Book-Review-IT-Policies.aspx2018-12-01T05:00:00ZBook Review: IT Policies
https://adminsm.asisonline.org/Pages/Certification Profile Jeffrey A Slotnick CPP PSP.aspx2018-12-01T05:00:00ZCertification Profile: Jeffrey A. Slotnick, CPP, PSP
https://adminsm.asisonline.org/Pages/Editors-Note---Supply-and-Demand.aspx2018-11-01T04:00:00ZSupply and Demand
https://adminsm.asisonline.org/Pages/Federal-Misconduct.aspx2018-11-01T04:00:00ZFederal Misconduct
https://adminsm.asisonline.org/Pages/Career-in-Security-Pathways.aspx2018-11-01T04:00:00ZCareer Pathways in Security
https://adminsm.asisonline.org/Pages/Building-a-Hostility-Free-Work-Place.aspx2018-11-01T04:00:00ZBuilding a Hostility-Free Workplace
https://adminsm.asisonline.org/Pages/How-to-Foster-A-Safety-Culture.aspx2018-10-01T04:00:00ZHow to Foster A Safety Culture
https://adminsm.asisonline.org/Pages/An-Investment-in-Employees.aspx2018-10-01T04:00:00ZAn Investment in Employees
https://adminsm.asisonline.org/Pages/Editors-Note---Code-Talkers.aspx2018-10-01T04:00:00ZCode Talkers
https://adminsm.asisonline.org/Pages/Employees-Lead,-Managers-Facilitate.aspx2018-09-26T04:00:00ZEmployees Lead, Managers Facilitate
https://adminsm.asisonline.org/Pages/Microsoft’s-Howard-Wins-Don-A.-Walker-Award.aspx2018-09-25T04:00:00ZMicrosoft’s Howard Wins Don A. Walker Award
https://adminsm.asisonline.org/Pages/Exceptional-Volunteers-Receive-Top-Award.aspx2018-09-25T04:00:00ZExceptional Volunteers Receive Top Award
https://adminsm.asisonline.org/Pages/Marquez-Memorial-Honoree-to-be-Recognized.aspx2018-09-24T04:00:00ZMarquez Memorial Honoree to be Recognized
https://adminsm.asisonline.org/Pages/Artful-Manipulation.aspx2018-09-01T04:00:00ZArtful Manipulation

 You May Also Like...

 

 

https://adminsm.asisonline.org/Pages/Five-Insights-on-ESRM.aspxFive Insights on ESRM<p>​There are five overall concepts that provide guidance about the nature of enterprise security risk management (ESRM). These concepts describe what ESRM is, what it can do for security managers, how security can gain C-suite approval for it, and how to implement a vibrant ESRM program for the enterprise. </p><h4>ESRM Is a Philosophy</h4><p>ESRM is not a standard, nor is it a rigid set of rules to follow. ESRM is a philosophy of managing security. It is based on standard risk management practices, the same ones that guide most of the other business decisions made by the enterprise. It requires partnership with the business leaders in the organization.</p><p>This philosophy gives the security leader the ability to manage security risks. This ability is not based on the latest incident or scare in the news, nor is it based simply on the manager’s own ideas of what is most important to protect. Instead, it is based on a shared understanding of what the business deems critical for risk mitigation, and what level of risk the business is willing to accept in different areas. This ability also requires that the business fully understand why the security risk mitigation tactics have been put in place, and what the impact of not having those mitigations might be. </p><p>The emphasis here is on business. ESRM philosophy recognizes that security risk does not belong to security. It is a business risk, like any other financial, operational, or regulatory risk, and final decisions on managing that risk must belong to the business leaders. That shift in understanding sets a security program up for a greater level of success because security leaders are delivering only what the business needs, and, more important, what the C-suite understands that it needs.​</p><h4>ESRM Is a Process </h4><p>ESRM is not merely an academic philosophy. A general approach for setting up and running a security program can be derived from it. Under that approach, ESRM in action is a cyclical program, and the cycle of risk management is ongoing:</p><p>1. Identify and prioritize the assets of an organization that need to be protected.</p><p>2. Identify and prioritize the security threats that the enterprise and its assets face—both existing and emerging—and the risks associated with those threats.</p><p>3. Take the necessary, appropriate, and realistic steps to protect and mitigate the most serious security threats and risks.</p><p>4. Conduct incident monitoring, incident response, and post–incident review, and apply the lessons learned to advance the program. ​</p><h4>ESRM Aligns with the Business</h4><p>Aligning the security program with business requirements is the most critical component of the ESRM philosophy. This means that the security program must receive governance and guidance from the business. We recommend the formation of a security council to ensure this alignment. </p><p>There are several ways to implement a council. It could be a loose, informal group that provides input as needed, or it could be a board-level initiative that has formal roles, meetings, charters, and documented responsibilities for ensuring security compliance. The council can be a venue for discussing security topics and risk management strategies, and it can host resolution attempts for conflicts in the process. </p><h4>ESRM Covers All Security </h4><p>There is no aspect of security that cannot be managed in alignment with the ESRM philosophy.  Many security professionals already practice much of the ESRM philosophy without thinking of it that way. For example, performing a physical security risk assessment on a facility is equivalent to the ESRM steps of identifying and prioritizing assets and risk. And setting up a crisis management plan can be considered an aspect of ESRM risk mitigation, as well as incident response.</p><p>The critical difference between programs that do these activities as part of a traditional security program versus an ESRM program is the consistency of approach in ESRM. In ESRM, these activities are not performed on an ad hoc basis but consistently across all areas of security risk. They are not applied to one area of the organization and not to another. And, vitally, they are not performed in a vacuum by security and for security, but in full partnership with the business leaders driving the decision making process for all risk mitigation.​</p><h4>ESRM Is Possible</h4><p>Implementing ESRM cannot be done overnight.  It’s an iterative process that allows your security program to evolve over time into a pure risk management approach. For the security manager, the first step to fully understanding the ESRM philosophy is to communicate it to the executives and business leaders in the enterprise.  </p><p>When implemented thoughtfully and practiced consistently, ESRM can completely change the view of the security function in any organization. The old view of security as “the department of no” will shift when business leaders understand that security is a partner in ensuring that the assets and functions of the enterprise most critical to the business are protected in accordance with exactly how much risk the business is willing to tolerate.  </p><p><strong><em>Rachelle Loyear i</em></strong><em>s ESRM Program Manager for G4S and chair of the ASIS Crime Management and Business Continuity Council. </em><strong><em>Brian J. Allen, Esq., CPP,</em></strong><em> is a member of the ASIS ESRM Commission. Allen and Loyear are coauthors of </em>The Manager's Guide to Enterprise Security Risk Management <em>and the forthcoming book </em>Enterprise Security Risk Management: Concepts and Applications.</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465