Security News

The Changing Landscape: An Executive Recap to ISC West 2024

As the whirlwind of ISC West 2024 comes to a close, I feel compelled to share thoughts about the industry trends I’m seeing and the overall direction security is headed. (One of these overarching themes is that I realized I’m significantly shorter in real life than I'm perceived to be on Zoom!) 

But here are a few other thoughts:

On the attendance

It’s clear that we’re still a people-first industry that values in-person connection. Initial figures show that record numbers of people attended and it felt like the number of events happening and networking opportunities in general were off the charts – and I’m here for it! 

The "look" of the industry

It’s impossible not to notice that the look of the industry has made some drastic shifts in the last decade or so that I’ve been attending this conference. Diversity, in all of its senses, has started to find its way into (physical) security (finally!). In my experience, different perspectives, backgrounds, and experiences could not be more important in developing a holistic and well-rounded security program. Simply coming from a law enforcement background isn’t enough anymore (and I say that as someone whose law enforcement experience has had a profound impact on how I view the world). 

I’m excited both personally and through HiveWatch to bring new energy and experience into our amazing industry that is still so ripe for disruption (there you go, I went and used the “D” word). But we can’t rely solely on folks “finding” us; we need to play an active role in recruiting them. 

Artificial Intelligence (AI)

Where do I start with this one!? It feels as if “AI” and/or “ML” (machine learning) don’t make its way into your dialogue as a solutions provider or end user shopping for technology, are you even shopping/selling? I say that somewhat in jest, but the reality is that organizations as a whole have very active initiatives to optimize their workflows and reduce budgets (more on that later), and “AI” seems to be the catchall category to facilitate that. The rub is, many of the buyers and companies pushing solutions don’t fully grasp what AI is, how it can/can’t be used, implications of implementing and running it, total cost of ownership (TCO), how it works, privacy/legal considerations, and so much more.

I wish I kept an actual count of the times I heard, “We have a budget for AI this year.” I also wish I had a count of how many folks, when pushed, didn’t actually know what they were trying to accomplish with said AI. They were missing an internal strategy around what needs to be optimized or answers around how AI can tie their security objectives to overarching business objectives. 


In a recent panel, Dean Geribo, CSO at Moderna, said, “Security leaders need to be business leaders wearing a security hat.” This doesn’t mean that we don’t need security experts leading security orgs (more on that later); it means that we need to stop approaching security as both reactive and as a function that it is solely there to prevent bad things from happening while responding when they inevitably do. That part is important, but how can the function of security – typically a cost center – also enable the business?

The takeaway from this shouldn’t be that AI is bad; it’s absolutely a force multiplier that is here to stay. We can’t (and shouldn’t try) to eliminate people from physical security operations. But we can certainly reduce and optimize the people with the right applications of technology – and AI is a quick way forward in that regard.

To my manufacturer counterparts: Stop calling things AI that aren’t AI. It’s relegating the term to the early days of “analytics” and so many other “catch all” terms that lost their meaning because they didn’t deliver.

To my end users: Be critical of the products you’re exploring. If you’re non-technical, lean on your IT or technical colleagues to help evaluate products. There’s nothing worse than assuming a product is going to work in your environment the way it works in the controlled trade show floor environment. Your solutions are more technical than ever and rely on corporate infrastructure controlled by others like never before. Gone are the days of just picking a camera system, access control solution, etc. Integrations and interoperability are essential and that is a cross-functional conversation that needs to be had.

Physical security's place in the organizational chart is changing

This is a shift I started seeing a few years ago and seems to have accelerated as we continue to emerge from Covid. If security is just starting to talk about “digital transformation,” “move to cloud,” etc., you’re likely one of the last groups in the organization to be there. This has meant that physical security leaders are increasingly starting to report up through the technology team (CTO, CIO, CISO), versus the legacy model of being managed via legal, facilities, HR, etc.

This new reporting structure leads to a very different expectation around the gathering and use of incoming data. I could do a whole series on data, but the reality is: Physical security is a decade behind its cyber counterparts with regard to data extraction, normalization, and effective operationalization. Transparently, I’m biased on this last point since it’s a problem HiveWatch is actively solving for our customers, but the challenge is real. This changing expectation leads to my next point:

Ecosystems and partnerships are the new frontier 

Having been a F500 end user, consultant to tons of different companies, running a virtual GSOC-as-a-service, and now leading a GSOC-focused SaaS company, one thing is abundantly clear: Organizations have WAY too many point solutions. But we’re in the problem-solving business. So over time, we’ve solved problems that have come up with a solution. Those solutions compound over time and result in a typical GSOC operator having to be proficient in 10-20 different pieces of software. We’ll save staffing, turnover, and training for another conversation, but that’s a lot of software. Companies that grow through mergers and acquisitions (M&A) have it the hardest – even a corporate standard is no match for acquisition integration.

What about different guard companies in different regions? How do you manage those resources, track incidents, report incidents, validate performance, or ensure adherence to SLAs? What happens if/when you change guard providers? Who owns the data?

And here's where I get on my soap box: 

 It’s time for organizations to take control of their data and retain ownership. It’s time for organizations to insist that their software/hardware providers work together. It’s time that “open” actually means something!

As a software manufacturer, I’m proud of the ecosystem HiveWatch has started to build and the barriers we’ve knocked down with companies that historically have been closed to integration. We’re even building integrations with companies that have some product/feature overlap with us and that’s OK because at our core, we still have very different value propositions and the end user is stronger with us working together. It’s a huge market and there is plenty of room for a lot of big companies. 

Doing more with less and doing more with the same

While security budgets are still generally strong, it’s no secret that many leaders are being asked to do more with the same or more with less. The issues mentioned above with all the point solutions and different guard providers have led to a substantial increase in the number of people performing tasks over time. Compounded by staffing shortages, with the U.S. GSOC turnover being about 80% annually and guard turnover somewhere between 100%-300%, who can afford complex operations that require such substantial training!?

I spend a lot of time sitting in different companies’ GSOCs and one thing is universally true: there are way too many clicks. Efficiency in the SOC can mean a lot of things, but I’ve found that talking in “number of clicks” is a simple way to discuss a complex problem. A typical GSOC task may require 30+ clicks, but it should really only take about 3. The 30 clicks is representative of the various point solutions an operator has to navigate to facilitate their response. The “3 clicks”example represents a well orchestrated ecosystem of partners that each get to do what they are best at. 

Overall, I’m extremely bullish about the future of the industry. I’m seeing more innovation in the last couple years than I’ve seen in the previous decade. I don’t think it’s a coincidence that the acceleration of innovation, the realignment of the CSO in the org chart, and the changing “look” of the industry are all happening at the same time. Innovation by itself isn’t enough. My favorite innovations are solving real problems that our industry faces – not building cool tech and trying to find the problem that fits it. It’s an exciting time to be in physical security and I remain optimistic about the future of the industry and my role in it.

Topics:

Ryan Schonfeld
Ryan Schonfeld

Ryan Schonfeld is currently the Founder & CEO at HiveWatch, which has created a software platform that allows security teams to bring together data from their existing disparate security systems and provides them with an intelligent, holistic, and actionable view. This enables security leaders to respond to prioritized, “de-noised” risks. Ryan holds a masters in Information Systems and Technology from George Washington University and a B.S. in Justice from American University with a minor in Information Systems and Technology. He is proud of his past work as a police officer and investigator and an instructor for the U.S. Department of State's Anti-Terrorism Assistance Program.

Share:

Related Articles

How to Make the Most of GSX 2024

In a little less than a month, security professionals from around the world will pack up their bags and head to the sweltering heat of Orlando, FL,..

Haywood Hunter August 29, 2024

2024 GSOC Trends: 4 Key Takeaways

As we focus on the epicenter of physical security, global security operations centers (GSOCs) become a critical piece of the puzzle, often..

Jenna Hardie May 2, 2024
HiveWatch Computer and Mobile

See HiveWatch in Action

Learn how HiveWatch can elevate your security programs and technology with one powerful, easy-to-use platform.