After retiring from over 30 years of service with the Portland Oregon Bureau of Police I became a private investigator based in Portland Oregon. I was soon hired by businesses large and small when something in the business “went wrong.” Often it was some type of large theft or embezzlement but sometimes it was some type of physical intrusion that put employees and staff at risk. And other times it was an industrial espionage attempt. Whatever “went wrong” I was hired to find out “who done it.”
Because I had always had an interest in physical security and had training and expertise in the field, I started offering advice to my clients on physical security concerns. Instead of hiring an investigator after something went wrong to find out “who done it,” I thought it would make sense for businesses to take some steps to PREVENT things from going wrong in the first place. That’s when I started offering physical security consulting as an adjunct to my work as a private investigator.
What Does a Physical Security Consultant do?
In brief, a physical security consultant provides advice to businesses and individuals on how to improve the security of their facilities, buildings, homes, and other valuable assets. This is often accomplished by first conducting a comprehensive physical security assessment. For a more in-depth discussion of what a physical security consultant can do for you, see my previous article titled: Why Would Anyone Hire a Physical Security Consultant?
The Physical Security Assessment
Physical security is about keeping facilities, assets and people safe from foreseeable threats. It includes physical deterrence, detection of threats and intruders, and taking steps to mitigate those threats. The physical security assessment addresses these three elements separately and collectively. A systematic and structured process is necessary in conducting a good physical security assessment. But the assessment is highly individualized and specific to the particular client’s needs so a ‘cookie cutter’ approach or some generic ‘check list’ should not be used.
In general, a well-done Physical Security Assessment involves:
1). Risk Identification.
The first step is to understand risks associated with a particular asset. That asset could be a commercial building, a parking lot, an open field, or even a home. This process involves touring the facility, reviewing past security breaches, interviewing property/business owners & managers, and reviewing security risks associated with the particular business industry.
2). Review and Assessment of Current Site and Facility Security.
This step is multifarious with the goal being to determine what security measures currently in place are working well and what improvements could be made to enhance specific security vulnerabilities.
This review process can involve reviewing current security policies, procedures and training. Security is not just the responsibility of designated security personnel. It is something that is incumbent on every company employee. But employees that are unaware of security policies & procedures or have received no training or inadequate training, cannot be expected to recognize a security threat and act appropriately. Surprisingly, during this review process sometimes security policies and protocols are discovered that are worse than worthless.
Interviewing the leadership team, managers, and employees is also helpful in understanding current security. Additionally, observing the facility from inside and outside can give the assessor an objective view of what is really happening. Sometimes, even a physical security penetration test is a good way to gauge the effectiveness of a facilities current state of security and identify weaknesses. For a more in-depth discussion of the benefits of physical security penetration testing, please refer to my pervious article titled: Physical Security Penetration Testing Can You’re your Business More Secure.
3). Surrounding area or neighborhood Appraisal.
This step is often overlooked by some assessors but socio-demographic characteristics of the surrounding area is an important consideration as no building/business/residence is an island unto itself.
Questions like these need to be asked and answered:
What is going on around the physical structure;
Is the area close to drug houses and high levels of street crime;
Is the structure surrounded by a blighted neighborhood;
Are there a lot of dubious looking foot traffic passing by the building/business/residence?
The list of questions can go on and on but anything in the surrounding area or neighborhood that might have an effect (either positive or negative) should be identified and analyzed.
My recommendations are always based upon three fundamental guiding principles:
1). Cost Effectiveness
When it comes to upgrading security from what was acceptable in the past or from what just evolved over time, there is no free lunch. Investing in improved security requires a financial investment but few property owners or businesses have unlimited budgets. It does not make sense to spend exorbitant amounts of funds on the latest new-fangled security gizmos if the possible effectiveness of the improvements is not cost effective. The challenge is determining what defensive countermeasures are likely to be the most effective and which will bring the most value for dollars spent.
When many people think about physical security they often think about locks, bars, alarms, surveillance cameras, lighting, guard dogs and uniformed guards. All of these components might have a role in an overall integrated security system but not all of them are practical in all instances.
All physical security countermeasures should be based on industry “Best Practices” and the latest research. If more exterior security lighting is recommended the question of what types of lights are best and where they should be situated should be asked and answered. If security cameras are contemplated the question of whether security surveillance cameras would have any meaningful crime deterrent effect should be asked and answered. Often security decisions are wrongly made based upon vendors pushing a product they have a financial interest in or seeing some security countermeasure somewhere else and figuring that it must be working.
How security countermeasures look is important. Formidable walls, razor wire and high fences can be effective ways to keep intruders out but few people want to work or live in a fortress. Physical barriers like fences and hostile architecture have their place in securing properties but are often limited by municipal code regulations. Whatever security measures are implemented should add a sense of increased safety and security without making occupants and invited guests feel like they are in a prison.
Furthermore, the final recommendations should be presented to the client in a comprehensive, well organized and easy-to-read report. Instead of just a generalized review of security vulnerabilities and recommended improvements, the report should provide specific point-by-point recommendations for each security vulnerability identified.
Acronyms, abbreviations, and technical terms like Fault-line attack, Throughput, Barium Ferrite Card, Bollard, Deadlocking Panic Hardware, Building Envelope can be mentioned in the report but must be defined and explained.
For those that are curious, these terms mentioned are defined below:
Fault-line attack: An attack that exploits gaps in security coverage to gain access to a system or facility.
Throughput: In access control, the rate at which people or vehicles pass through an access point.
Barium Ferrite Card: An access control card with identification information encoded
in the card via magnetic material embedded in the card.
Bollard: A bollard is any object that is used to confine traffic within or from a given area. They are vertical members made of wood, steel or concrete which are permanently placed.
Deadlocking Panic Hardware: Hardware with a deadlocking latch. The latch has a device that, when in the closed position, resists the latch from being retracted.
Building Envelope: The separation between the interior and the exterior environments of a building. It serves as the outer shell to protect the indoor environment as well as to facilitate its climate control. Building envelope design is a specialized area of architectural and engineering practice that draws from all areas of building science and indoor climate control.