ASIS Spring 2018 v3.1

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 49SURVIVINGMOTHERNATURE From earthquakes in Latin America to tsunamis in Asia and Category 4 hurricanesCase Studies in in the United States, it seems to be moreSuccessful Emergency and more common to hear about or directlyManagement experience devastating natural events that have caused entire regions to scrambleBy Glenn Sandford, CPP and Art Boyko resources and respond to save lives, provide aid, mitigate damage and recover from the effects of Mother Nature. Over the course of our company’s history, AT-RISK International has been involved with a number of these efforts. Last year alone, we responded to evacuation needs in Houston, Texas, after Hurricane Harvey and barely a month later, we deployed several teams to Puerto Rico in the aftermath of Hurricane Maria. Both operations resulted in solid successes for our customers as well as for AT-RISK, but there are always things to be learned. It is these lessons that we wish to share so that you can evaluate opportunities to strengthen your emergency management plans. Continued on page 51 49

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 501. Timing your response to the 2. With regards to being easy to carry food such asaffected area is critical. In a properly equipped, we cannot bars and other choices rich inbest-case scenario for a weather- stress enough the importance carbohydrates and protein arerelated catastrophe, you may of having tangible resources sufficient.have 7-10 days’ notice as to available for your team. Critical 3. Moving away from thewhere and when the weather items such as vehicles/trucks, practical aspects, it is worthevent will strike. As you know, ATVs, flat bottom boats, jet highlighting how important it isweather can be unpredictable skis, etc., will help ensure safety to have the correct relationshipsand in a worst-case scenario for your team and the people in place. After both Hurricanesyou may only have 48 hours or in need. Don’t forget to have Harvey and Maria, our teamless to react. In the case of a trailer and/or appropriate had an outstanding rapportthe latter, it will be extremely hitches, including DMV regis- with the local police, includingchallenging, if not impossible, trations for the trailers, to Incident Commanders, whoto deploy and equip a quality transport your rescue vessel conveyed important dailyteam. Proper planning is around. In addition to the matters regarding road closures,essential to a successful mission. required transportation items, curfews, hospital details, shelterWhen feasible, consider staging make certain you have other capacities, crime reports, etc.your team as close as safely supplies. This does not mean Possessing, conveying and usingpossible before the event. This clean out the shelves of your that information allowed for acan help reduce response time local Costco or Sam’s Club. Too safer and more efficient responsefrom days to hours. Make sure much gear can be cumbersome and generated confidence amongthat they travel with the gear and an unnecessary travel victims and corporate leadershipand supplies they will need or burden. Make your best estimate alike. Other types of relationshipsthat they have the means to on the length of stay and the are important as well. Thoseacquire those items while in type of assignment and bring may be internal to your organi-route to the deployment point. just enough supplies for that zation, such as finance and duration. Water, hygiene items, purchasing departments, or external resources such as vendors, travel agencies and other service providers that you may need to support or augment the team being deployed. Ideally, these rela- tionships and resources will have been established and tested prior to an emergency response. As the saying goes, “better the devil you know than the devil you don’t know.” 4. If your deployment is likely to be particularly challenging due to length or harsh condi- tions, maintaining high spirits and keeping your team moti- vated is an aspect well worth considering. Sometimes you need more than just financial50

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 51incentives to help your staff tive communication at all levels precious time. If you can’tmaintain positive attitudes of the operation cannot be decide whether the communi-and best efforts. As we saw overstated. Amid times of crisis, cation is timely or necessary,in Puerto Rico, some of the communicating effectively can it’s probably better to send itsecurity team in the field were be challenging for a variety than sit on the information.working 12+ hour days, 7 days of reasons, whether it be due There has been much writtena week for upwards of 2-3 to time, technology or simply about emergency managementmonths. Although that amount being overloaded. Some of planning and there are anyof work may look great in the the best emergency response number of fine resources tobank account, careful supervision managers state that they which you can turn to findis needed to maintain quality prefer to be bombarded with information about writing,coverage. Complacency, illness unfiltered information rather testing or updating a responseand burnout are common than risk being unaware of plan. It was our goal in thisconsequences of long-term a critical detail. While that article to detour away fromor difficult deployments. Even places a great deal of burden the conventional material andwhen staff don’t want to rotate on the manager, it is a best provide some real-life insightsout, an experienced supervisor practice that works well when into the practical aspects ofwill know that mandated the manager is one of the preparing and managing abreaks are in everyone’s best calm, cool and collected types quality emergency responseinterest. Having a corporate that is not easily flustered. team. While it is our hope thatleadership presence can also When possible, communications the information shared here isproduce a lot of mileage.Motivational comments from should be in writing, so that relevant and useful, it is oursenior management have far the recipient does not have greater hope that you willgreater value when given to rely on notes or memory. never have a need to put itface- to-face and in the same Consider that with all the into practice.environment as the deployment. various options available, it’s Glenn W. Sandford, CPP, isLocal supervisors or managers usually not hard to send off a Director of Operations, LATMcan also keep morale high by text, IM or email. If you have and Art Boyko is Manager,breaking away from adminis- the luxury of wordsmithing, Operations for AT-RISKtrative functions to participate that’s fine; however, don’t lose International.in the day´s work, stepping into help with routine tasks orstanding a post while the staffmember takes a 15-minutebreak. Other positive supporttools such as a “good work”letter that is read to the teamat the morning briefing canhelp to generate revitalizedenergies and increase motiva-tion among workers.5. Timely and effective commu-nication can help avoid manyproblems and keep small issuesfrom turning into big problems.During an emergency responsedeployment, the value of effec- 51

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 52 Physical Access Control System: Security Concerns and Best Practices By Alex AlexandraI. Introduction users and administrators, integration with other systems, and software and security updates.Physical access control refers to access to buildings,rooms and control gates, using Fob keys, access II. System descriptioncards, mobile device applications (apps) or othertokens to allow access to these areas. An access Most access control systems consist of the followingcontrol system allows the end user to manage components: access control software, control paneland screen access to a particular area, entry or or controller, credentials (contactless proximityexit point in real time. In some cases, for example or magnetic stripe cards, key fobs, bracelets,in restricting access to medical centers, companies apps, passwords, biometric credential, etc.), lockand agencies are required to adopt access control (maglock or electric strike, wireless locks), readerssystems as part of regulatory compliance. Hospitals (biometric, card readers with or without keypads),are required to comply with state, local and federalrequirements such as the Health Insurance Porta- a server (where the database resides), and a workbility and Accountability Act of 1996 (HIPAA), station. In an access control environment, anas well as with requirements set by independent, access point may be a door, gate, closet, or annot-for-profit organizations like the Joint Com- elevator door where the system permits access.mission for Regulatory Compliance. Additionally, The access control software is the heart of everysome companies need to comply with security-conscious businesses compliance regulations(SOC 2) or be in compliance with Security Councilstandards (PCI). Any software that resides on anetwork and works alongside a variety of IPbased devices is vulnerable to cybersecurity attacks.This article will describe best practices for physicalaccess control and will strongly suggest that thesuccess of an access system depends upon itsease of use, communication with and training of52

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 53meaningful system. The software usually handles referred to as 2FA. Sarbanes-Oxley and HIPAAa large number of access points, zones, different require that institutions establish strong internallevels of users, calendars, time periods, time controls to mitigate risks and protect data centerszones, and more. In addition, access control is from data breaches.usually handled by web-based software (client- The credential (fob keys, radio-frequency identi-based or web-based application) that can be fication (RFID) cards, bracelets, apps, etc.) willaccessed from any workstation with the right vary, depending on the level of security and thecredentials. Since the application is web-based, level of usage. Credentials should offer conve-the interface between a user and the software nience and ease of use and should be cost effective.may be accessed using the Internet or an Intranet Biometric authentication credentials sound andthrough a browser. look more secure but consideration of their use should be based on accuracy factors, such asThe access control database or Access Control false acceptance rate, false rejection rate, andList (ACL) resides on a server and is accessed identification rate. In some cases, a mobile phoneover a network. The control panel (controller or app using Bluetooth or Near-field communicationcontrol unit) gives the lock the signal to unlock (NFC) may be used as a credential for communi-the door when it receives the request from the cating between the mobile phone and the lock.reader. Then, it verifies the request with theuser’s credentials, and if the credentials match, III. Security concerns and risksthe controller signals to unlock the door. Accordingto Stalling and Brown (2008), the credential iden- Any software that resides on a network andtifies an individual during the human–machine works alongside a variety of IP based devicesinteraction utilizing the following methods of (readers, locks and controllers) is vulnerable toauthentication; “something the individual knows,something the individual possesses, something a variety of attacks. By compromising an accessthe individual is or something the individual does.” control system, a hacker would not only have access to its database, but could control all accessAn example of a secure credential is a combination points. The hacker could threaten to leak users'of a proximity card, (something the individual sensitive information, delete access data frompossesses), and a PIN number (something the users’ profiles, and open every door or gateindividual knows). This is an illustration of a connected to the system unless the institutionTwo-Factor Authentication (2FA) authentication. pays ransom. Many companies are turning to IPFor improved security, a 2FA or a Multi-Factor based access control systems but lack awarenessAuthentication (MFA) is usually employed. and understanding about security vulnerabilitiesAccording to The National Institute of Standardsand Technology (NIST), MFA is sometimes Continued on page 54 53

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 54that can lead to an attack. One problem is the how we use keys and locks. Wireless solutions,lack of communication and collaboration that used with a variety of credentials, can secureexists among the installers, the administrators many things besides just doors and gates. Smartwho manage the systems and the IT security homes integrate access controls, a variety ofof the organization. As a result, IT security credentials, and a security system, along withcan overlook issues such as insecure software, closed circuit cameras, lighting and sound systems,firmware installation of the readers, controllers under a single control panel that can be accessed from anywhere in the world.and wireless locks, unprotected mobile appinterfaces, insecure web interfaces and lack of Those using wireless solutions can expect antransport encryption. They may choose to favor increase in IT vulnerabilities and data breaches.convenience over security by simplifying user In the corporate environment, physical accessnames and passwords. controls, used with fire alarm systems, are becomingAnother issue is that some software manufactures critical investments for every organization.do not provide follow up with IT security afterinstallation. Furthermore, some components The choice of an access control system should be(readers, locks) come from third party vendors treated as a long-term capital investment. Twoand run on outdated software/firmware. important criteria should be ease of use and theHypothetically, an attacker could exploit all the ability to be transformative to the organization.above vulnerabilities to gain access to an organi- The system must have distributed intelligencezation’s networks. Hacking techniques include and the ability to integrate with other systems,packet-sniffers (e.g. Wireshark), where a hacker such as closed-circuit cameras, alarms, fire systemscaptures and analyzes data packets that can be (fire and life-safety codes), etc. In addition, theused to obtain information like passwords, etc., system should be expandable and be able to handleand a man-in-the-middle (MITM) attack where additional users, devices and locations withinthe hacker eavesdrops on the communication one application. In the age of mobility, the systembetween two targets using a separate computer should be capable of monitoring and providingthat accepts traffic from each one. Security attacks access using mobile devices (credential andbecome worse every year and will not lessen, monitoring apps). Furthermore, from a securityespecially when hackers know that organizations perspective, the system should be able to use smartwill meet their ransom demands. credentials like encrypted RFID card technology and biometric readers for additional security.IV. Conclusion and best practices Finally, the manufacturer must be able to regularlyPhysical access control technology has grown provide critical software updates, including securitytremendously in recent years and is changing and firmware updates, to the IT department of the organization. Any system by itself cannot survive unless the human element is involved. Communication with the vendor, manufacturer and the IT department combined with systematic training of administrators are critical for the success of the system. Dr. Alex Alexandra is an Assistant Professor in the Department of Security, Fire and Emergency Management at John Jay College of Criminal Justice.54

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 55 CERTIFICATION PROFILE: CARESS KENNEDY, CPP By Mary Alice DavidsonIn her role as president of Allied Kennedy was recruited into the to enhance their programs. SheUniversal Security Services’ security field while president of encourages managers to be outNortheast Region, Caress a staffing company. Prior to that in the field, and she leads byKennedy, CPP, keeps her focus Kennedy worked for AT&T, Xerox, example—spending much of herand her team’s concentration on and other Fortune 500 companies. time outside the office.“perfect service and keeping our One of her priorities at Alliedclients for life,” she says. The goal Universal is to “select candidates Kennedy makes a point to takeis to understand client needs and with the best fit for our clients,” advantage of the education andproblems “so we can provide she says. “And once they are networking available through hersolutions that raise the level of hired, develop and reward them membership in ASIS International.service delivery and satisfaction.” so they stay engaged.” “The conferences and guest speakers at monthly meetingsKennedy joined AlliedBarton in Memorable moments for her are outstanding,” she says. To2011 as managing partner of the happen when company officers further round out her professionalNew York/New Jersey region and or managers take on extraordinary skills, Kennedy attained angrew the region to the company’s duties. As one example during MBA in management from Pacelargest in terms of revenue. She Hurricane Sandy, officers saved a University and completed manywas promoted to her current passenger in a taxi from drowning other senior leadership courses.post in 2016 with responsibility in a flash flood by entering thefor eight states and more than water themselves and risking In March 2017, Kennedy received28,000 employees. That same their own lives. In another instance, the “Above and Beyond Award foryear, Kennedy earned the Certi- a manager and his team volunteer Outstanding Women in Business”fied Protection Professional® annually to provide security for a from New York’s City & State(CPP) credential. Pediatric Cancer Walk. Magazine. She was one of just five women to be selected in the“My motivation was to be sure One aspect of her work that Business category.that I had the requisite skills Kennedy finds especially satisfyingto act as a consultant to my is the opportunity to keep clients While she has forged an impressivecustomers,” she says. “The safe by recommending best career in executive leadershiptraining helped expand my practices and technology solutions outside of and then in the securityknowledge of security.” sector, she enthusiastically recommends the security fieldWhile Kennedy had a personal to others.incentive to become certified,she had the same goal for her “It’s a growing $40 billion industry,leadership team. and it helps people,” she says. “What could be a better career?”“I sponsored a large group ofthem, and we all attended a © 2017 ASIS International, 1625review session,” she says. “I also Prince Street, Alexandria, VA 22314.established a contest to incentivize Reprinted by permission fromthem to complete the exam.” the October issue of SecuritySeveral members of her team Management magazine.did pass the exam. 55

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 56 SMall UnMannEd aErial SySTEMS: The Changing Face of Emergency Management By John R. Morgan, CPPIt’s an exciting time in the world of small unmanned aerial There are roughly 770,000 drone owners who havesystems, hereafter referred to as drones, not the least of registered their drones with the FAA, and there arewhich are applications in emergency management. This about 80,000 certificates that have been issued by thearticle looks at the significance of this emerging technology FAA allowing for commercial and government droneproviding support to the discipline of emergency man- use. The true number of drone owners is elusive;agement and addresses past, current, and future trends. reportedly up to 2.5 million drones are flying overFor the purpose of this article, the author is referring to U.S. skies. The FAA categorizes drone use into threesmall quad-copter style drones weighing less than 55 areas (1) public operations – government; (2) civil –lbs., also referred to as sUAS, which are aerial vehicles non- government; and (3) model.in which the lift is generated by four rotors and the pilotuses a remote control to control the drone. Drones can and do support all four tenets of emergency56

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 57management: mitigation, preparation, response, and concerns over the use of drones ties into anotherrecovery, but recently have received notoriety for use emergency management concept called the three Cs:in the response phase of disasters worldwide, e.g. Communication, Collaboration, and Coordination.the 2008 Wenchaun Earthquake in China; the 2011 This is a significant consideration as the use of dronesFukushima Daiichi nuclear accident in Japan; the 2014 for emergency management intensifies and becomesmudslide disaster in Oso, Washington, as well as during more complex.the 2017 Hurricanes Harvey and Irma to assess damage. Besides flying safely, the successful outcome of flying aThe use of drones in emergency management is drone for emergency management purposes is to gatherencouraging since drones are versatile and can keep intelligence so that good decisions can be rendered. Dr.responders out of harm’s way while assessing a disaster Robin R. Murphy, the founder of the Center for Robotarea. Drones are able to fly over dangerous terrain Assisted Search & Rescue at Texas A & M University,at low altitudes, as well as fly within remote locations has pointed out that the flight should result in gatheringand can be deployed quickly. The cameras attached information and then disseminating the information toto drones offer high resolution images and drones can the needed stakeholders. Decision makers need actionablebe linked to sophisticated software, such as mapping data that is accurate and timely.software Drone Deploy or related software, dependingupon the mission. In 2013, Kelly Cohen, a professor at the University of Cincinnati, predicted disaster management and publicDrones in emergency management are not without safety officials would be among the first to be licensed tochallenges. The FAA currently mandates that a certified operate drones in the national airspace. Since that timecommercial drone pilot have line of sight of the drone, the FAA has allowed public entities, including publicfly no higher than 400 feet, and fly during daylight. A universities, to bypass the pilot certification exam anddrone pilot also needs to pay close attention to the self-certify via a certificate of waiver. There are otherbattery life of an airborne uSAS, as battery life is very predictions that the FAA will adjust the line of sight rulelimited, usually twenty minutes or less. The demanding in the future so that medications can be delivered toFAA standards of certification are well intentioned due disaster victims who are stranded as well as for otherto safety concerns but can also challenge a pilot who is emergencies. Not only is the technology evolving butlooking to provide benefit to vulnerable populations so are the regulations.when time is a critical factor. Finally, drone deployments for emergency managementOther challenges include instances of unauthorized are expected to increase exponentially as drone relatedflights that have resulted in jeopardizing the safety of software, training of users, regulations, and drone equip-emergency response personnel, such as in the 2015 ment continue to evolve to provide support to a hostSan Bernardino County Fire in which five unauthorized of stakeholders, including but not limited to emergencydrones were interfering with the safety of fire fighters. managers, first responders, and Incident CommandOfficials had to call off their operations to drop water System personnel. As of 2017, the Center for theand flame retardant to avoid midair crashes. Fortunately Study of the Drone at Bard College reported thatthe FAA is reportedly planning new regulations to 347 agencies, including state and local police, fire, andaddress the interference by hobbyists as well as those emergency management units had acquired drones inwho fly for profit. Those who fly for profit usually the last several years. FAA Administrator Michael Huertaphotograph a disaster in order to sell the video footage said drones play a transformative role. Emphasis is onceto news services or others. again placed on the data gathered by the drone that can potentially reduce the hours or days to provide disasterAdditionally, countries that do not allow drones to be response, thus saving lives. This is appropriatelyused in missions related to international humanitarian referred to as ‘data to decision’ and will continue toaid pose challenges. Other challenges include disaster change the face of emergency management.victims who may fear a drone because they do notunderstand its role or may perceive it as a threat to their John R. Morgan, CPP is an FAA certified droneprivacy. Overcoming privacy issues and community pilot, 14 CFR, part 107. 57

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 58 When the UNEXPECTED Strikes PERSON OF EXPECT THE BEST THE YEAR FROM BROWNGUARD® INSURANCE May 22, 2018 Chateau Briand 65 years of meeting and exceeding our Security Industry clients’ expectations. Hon. Errol Toulon Jr. Suffolk County Sheriff When it comes to insurance, there are no surprises with Brownyard Group®. As the longest-running, family Also Honoring: Arthur B. Colwin Jr. owned and operated specialty insurer, we set high Memorial Security Officer of the Year expectations for ourselves – a continuing promise to apply our deep knowledge of security industry risks to Young Professional Award deliver exceptional coverage, risk management and William McGuire President/CEO claims handling to Security Professionals. Global Elite Group Set high expectations for your insurance with Cocktails: 6:00pm BROWNGUARD – contact us for a competitive quote. Dinner: 7:00pm Insurance when you expect the BEST Individual tickets : $100 800-645-5820 [email protected] brownyard.com We Insure: Security Professionals, Private Investigators, Security Consultants & Alarm Services58

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 59Evaluating the TotalResilience Lifecycle:Mitigating Continuity Risk from VendorsBy Daniella Bove-LaMonicaResilience is a current buzzword space, a major vulnerability Resiliencewithin the security industry. point sits with the vendors. is aMany firms, particularly those The challenge is this: When yousubject to increased regulatory consider your incident manage- nuancedoversight, are in a race to prove ment/business continuity life- andto their investors, clients and cycle, have you included yourbusiness partners that they are vendors within that framework? subjectivemore robust, more disruption- Have you extended your risk concept,proof, more resilient than their assessment and analysis programcompetitors. But what defines a to include evaluating the level with afunctional resilience program? of preparedness of the firms threshold providing your sourced work? that variesA great starting point is the And if not, how do you sell the from firmBritish Standards Institute’s idea to senior leadership?ISO BS65000 “guidance” on to firm.organizational resilience, which Resilience is a nuanced andchampions “the ability to antici- subjective concept, with a 59pate, prepare for, respond and threshold that varies from firmadapt to events—both sudden to firm. The tolerance for businessshocks and gradual change.” continuity planning (BCP),However, regardless of how particularly when making arobust the program, most firms business case for spendingfail to account for continuity money, depends on the organi-risks related to their global zation’s risk profile and its largervendor operations when building operational footprint. And, whereout their organizational resources are constrained orresilience framework. focused on the more profitable areas of the business, the ideaAs we race to harden our of spending additional timecorporate perimeters against the or money that might nevernext Sandy, the next Barcelona, see a return on investment isthe next reputational challenge, not appealing to leadership.we must acknowledge that we However, there are some simpleare only as strong as our weakest steps that can be taken, withlink. For many in the resilience Continued on page 61

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 60 WIREWALL® SECURITY STARTS HERE 1.800.762.6374 . +1.508.234.8715 . [email protected] . www.riverdale.com CONTACT US For More Information OR Visit Us Online at: WWW.NYAES.COM 60

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 61limited associated costs, which can come back to the resilience price points. However, it canwill vastly improve a firm’s planning team to map out a also be managed internally at atotal resilience lifecycle. business impact analysis lower cost through certain tools (BIA) specifically relating to available for purchase or, ifFirst and foremost, it is impera- the vendor’s role within their nothing else, simple elbowtive that an organization decree business unit. Once all vendor grease, checklists and a keenbusiness continuity planning as BIAs are collected from across attention to detail. Harvarda key corporate value. Placing the enterprise, it is possible Business Review, in making aBCP front and center within the to tier out a vendor incident case for “prospering duringorganizational culture means response program that is both business upheavals” speaksemployees will become hard- accurate and responsive to a about fostering a “culture ofwired to account for it in their firm’s larger resilience strategy.actions. The operations team First andcannot just carry this mantle; it It follows that once the critical foremost,has to cross business units as a vendors are identified, the it is imperativecollective company value. business should work with that an these providers to understand organizationA security manager or business the maturation levels of their decree businesscontinuity practitioner cannot continuity programs. Does continuitybe everywhere at once. Employees the vendor have a corporate planningmust know to account for BCP resilience policy? Does the firm as a keywithin their deliverables and train their teams on incidentquestion practices that do not management and to what level? corporate value.meet the firm’s threshold. If BCP If this provider has a single site,is a core company value, it will how does it manage its continuity resilience” within organizationsbe a natural part of contract of operations in case of a business and individuals. The key here isnegotiations. The contract stage disruption? Are legal safeguards anticipating all of the variableswith a vendor is a critical juncture in place to protect the contracting that can actually impact thepoint for resiliency and the one firm from owning any financial bottom line. Expanding a firm’sarea where, most frequently, risk related to a vendor’s inherently narrow definitionoperations personnel are not in continuity issues? Working with of resilience to meet the truethe room. vendors to provide a transparent reality of one’s global operations accounting of their internal risk drives forward a clear path to aSecond, those who own the profile allows the contracting successful continuity of business.relationships with vendors organization to improve plansshould understand their vendor for its own potential business Daniella Bove-LaMonica is thedependencies at a fundamental disruptions. Business Continuity Managerlevel. A strong BCP program for Global Data Operations atmanager will provide guidance Solving for the total resilience Bloomberg, LP.and training to those business lifecycle need not be an insur-functions that have external mountable, expensive proposi-touch points on how to approach tion. Of course, like anythingthe vendor relationship from a in the security industry, thebusiness continuity angle. With mitigation of vendor risk canthe appropriate training, those be outsourced at varying levelsthat own the vendor relationship of sophistication at a variety of 61

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 62 Advancing Security in New York City and Beyond By Ernest J. PucilloIs there a rubric for advancing • Blacksburg, Virginia – • Aurora, Colorado –security in America today? In the April 16,2007, 32 killed, many July 20, 2012, 12 killed, 58 woundedcontinental United States statistics wounded (Virginia Tech) (Movie theater)indicate that the crime rate hasfallen to lows not seen since World • Omaha, Nebraska – • Newtown, Connecticut –War II, according to a report pub- December 5, 2007, 8 killed December 14, 2012, 20 childrenlished by the Pew Research Center (shopping mall) and 6 adults killedin February of 2017. This analysis, (Sandy Hook School)however, does not translate into • Kingston, Alabama –a perception of security across March 10, 2009, 10 killed • Washington Navy Yard –America. The perception held by September 16, 2013, 12 killedAmericans is that crime is rising. • Carthage, North Carolina –That perception is based on factors March 29,2009, 8 killed • Charleston, South Carolina -relating to global terrorism, mass (nursing home) June 17, 2015, 9 killedshootings, and violent crime in (Emanuel African Methodist Church)urban areas that represent a new • Binghamton, New York –paradigm for those involved in April 3,2009, 13 killed, 4 injured • Roseburg, Oregon –safety and security. (Immigrant Community Center) October 1, 2015, 9 killed, 9 injured (Umpqua Community College)Examining mass shootings in the • Fort Hood, Texas –United States over the last ten November 5, 2009, 13 killed, • Orlando, Florida –years shows how crime and disor- 32 injured June 12, 2016, 49 killed, 50 injuredder are changing our society. It is (Public Night Club)part of the problem that creates an • Appomattox, Virginia –atmosphere of fear and dread January 19, 2010, 8 killed •Las Vegas, Nevada –across the country. October 1,2017, 58 killed, 500 injured • Seal Beach, California – (Harvest Country Music Festival) October 12, 2011, 8 killed (Salon Meritage) • Sutherland Springs, Texas – November 5, 2017, 26 killed, 20 wounded (town church)62

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 63The list reminds us of casualties of vendettas and others represent learned through after actionwar lists but in a war that continues extremist jihadists. reports how to better defendover a ten-year period. Locations against violence using counterare towns and villages across The question at issue is how do we surveillance techniques by securityAmerica. The attacks are in schools, provide for the safety and security officers and police that may identifya movie theater, churches, shopping of people when the methods used some pre- operational planning bymalls, at public events, and no and the targets selected represent criminals. We also need to rememberplace is immune or safe for citizens. such a wide array of public locations? that some level of “force protection”As this war rages across America What methods do we employ to must be provided to visible officerswe are faced with a second front enhance security in open venues that are the first targets for criminalsconsisting of terrorists who are for public events and private attempting to take out our first linedetermined to punish us by killing organizations targeted by terrorists? of defense. We need to continue topeople through jihad. The last How do we enhance security in a engage the community at large totwo years alone show numerous maximum risk environment, and help us identify suspicious activity.attacks have been made to inflict finally how did we get here? As Benjamin Netanyahu, the Primemass casualties: Minister of Israel said, “Terrorism We live in a country in which cannot survive in a democratic• September 17, 2016 – Stabbing of some immigrants come for a better society for one reason, the people10 people in shopping mall in life and some come to destroy the won’t let it.”Minnesota. American way of life. We must adapt, like the Israelis have adapted, We need to continue to practice• September 17, 2016 – Bombing, to a constant and present danger. our response to violent incidentsAhmad Khan Rahmi- Shrapnel Since our enemies utilize varied of mass destruction working withfilled pressure cooker bomb tactics our approach must be so private industry in training anddetonated in crowded space on as well. exercises to enhance our ability toWest 23rd Street between 6th and save lives and recover from attacks7th Ave. A second device was Advances in technology have on our communities.found at west 27th Street. given us an ability to forensically identify perpetrators of crimes and It clearly shows that no oneSeaside New Jersey, a pipe bomb their associates. The utilization of method provides a solution to ourexplodes at about 9:30 am, no CCTV in many high-risk locations, ability to advance security in ainjuries reported. license plate readers, and more dangerous world. It is clear that importantly the ability to store and the social dynamics we face in the• November 28, 2016 – Vehicle retain large amounts of data from future are different from those ofattack, stabbing, 11 injured, these devices enhances our ability the post-World War II era. As we(Ohio State University). to quickly investigate crimes and are able to continue to advance in apprehend dangerous felons. The technological science and coordi-• October 31, 2017 – A man drives utilization of smart cameras in nate our efforts to support securitya rented truck down a pedestrian public areas can help us identify operations, we will meet the chal-walkway on Manhattan’s west side; suspicious packages. Department lenges that we face.8 killed, dozens injured. of Justice grants like COPS and Project Safe Neighborhoods helps Ernest J. Pucillo retired from law• December 11, 2017 – Ahayed foster information sharing from enforcement after 37 years at theUllah carries a pipe bomb into a the local community to the police rank of Deputy Chief of the MTAcrowded NYC Subway. The bomb and vertically from local agencies Police Department in New Yorkexplodes prematurely and Ullah is to State and Federal partners City. He currently teaches Criminalinjured with severe burns. 3 other in law enforcement. Continued Justice and Emergency Managementpeople injured in the attack. advancements in communications Response, Incident Command, at networks help to provide warnings The Long Island Business InstituteThis list is only a partial represen- to students on university campuses in Queens New Yorktation of terrorist attacks occurring and to local communities aboutacross the country. It shows some threats that may exist. We havevaried locations that are targetedby terrorists. Some have personal 63

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 64Disruptive Technologyis Vital to Staying Ahead ofToday’s Security Threats by Michael O’NeilWhen we think about today’s bomb makers continue to and mailroom packages fortechnology, it is hard to argue experiment at their own peril, explosives. Tactically speaking,against the benefits that cell synthesizing various chemical X-ray technology is not newphones, email and social media compounds in an effort to or disruptive, but when youbring to our daily lives. They disguise explosives and enhance combine X-ray capabilitiesafford incredible convenience their strength. Through the with the trained eye of a bomband a level of enhanced com- use of online communication technician, the value of themunication that we could not platforms, including social X-ray as a tool rises to a newfathom even a few years ago. media, this information is dis- level. SmartTech®® is a techno-Unfortunately, it is this very persed to hostile actors around logical solution that deliverssame technology that has created the globe who are using it to this rare combination.the single most critical issue for produce mass casualty events.enterprise risk and public safety. SmartTech®® was modeled afterTerrorists now exploit online Sustaining technologies, those a common medical industryplatforms and social media that rely merely on incremental practice. Physicians and clini-sites to radicalize and recruit, improvements to already cians around the world haveshare information and rapidly established solutions, will never long shared X-ray images andadvance the threat. Additionally, defeat this threat. To be successful, MRI scans in real time with onethey are consistently innovating the industry must develop and another to produce the bestto circumvent current security employ truly disruptive security possible diagnosis and responsetechnologies. solutions that innovatively plan. Similarly, SmartTech®® blend state-of-the-art technology allows questionable X-ray itemsTo successfully address the with trained experts.exponentially growing threats This combination isproliferating through terrorists’ critical for success.shrewd use of today’s technolo-gies, the public and private X-raysecurity industries need to Technologyadvance more quickly. Terroristtradecraft has continued to X-ray technologyevolve in the area of improvised is used by everyexplosives, particularly with major governmentperoxide based and other institution andhomemade explosives. Trained Fortune 500 company to screen deliveries64

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 65to be viewed in real time by (ULD), pallet or other cargo Addressing Security ThreatsFBI-certified bomb technicians container. Under the Advanced into the Futurewho analyze, confirm or clear Alarm Resolution process, thesuspicious visuals in mere suspicious package is immedi- For the security industry tominutes. It creates an economy ately extracted and examined advance in its mission to combatof scale which enables users to through on-site X-ray screening. terror, disruptive technologies,access expertise not available The on-site screener can then instead of sustaining technologiesanywhere else in the private utilize SmartTech®® to securely and processes, must be developedsector. It is important that we transmit X-ray images in real and deployed. Explosive detectionfoster continued innovation in time to a remote Emergency capabilities must continue tothe vein of SmartTech®® andlook to peers in different fieldsto identify technologies andprocesses that enhance thesecurity industry.Explosive Detection Caninesas TechnologyIn many environments, a Operations Center for immediate evolve, and we must createproperly imprinted and trained analysis and resolution by innovative and strategic tech-canine is the most effective trained bomb technicians. nologies and processes thattechnology for explosive counter radicalization throughdetection. Though the Pentagon’s In addition to ensuring 100 social media. The most successfulDefense Advanced Research percent screening of all cargo, security advancements thatProject Agency (DARPA) spent this process of layered explosive deliver the greatest protection$19 billion over several years screening, combining technology and peace of mind willto develop the next level of with human expertise, yields undoubtedly combine twoexplosive detection, the Agency invaluable cost and operational critical components: robustconcluded that the canine efficiencies. Eliminating misin- technology and human expertise.remains the unrivaled tool. terpretation of suspicious itemsMSA’s newly developed mitigates the liability risk that Michael O’Neil is theAdvanced Alarm Resolution is leads to service delays, business Chief Executive Officer ata patented process that capitalizes disruption, unnecessary evacu- MSA Securityon this canine detection capability, ations or, in the worst situation,strategically blending it with the mishandling of a true IEDuniquely-qualified subject matter threat.experts to deliver an unmatchedscreening solution.Within the air cargo sector, asan example, a canine mightindicate – perhaps even on aharmless substance like blackpowder in a nail gun – whilescreening a Unit Loading Device 65

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 66 HOW TO RESPOND TO WORKPLACE HARASSMENT ALLEGATIONS: AN ACTION PLAN By Katherine A. Lemire & Amy R. FooteE very Security Director should sexual harassment claim. Knowing submission to or rejection of know how to respond quickly how to recognize sexual harassment unwelcome sexual conduct by anand appropriately to sexual and knowing how to respond to individual is used as the basis forharassment claims to protect their reports of sexual harassment are employment decisions affectingcompany and everyone involved. essential to protect the accuser and such individual. A hostile workThis article will help Security the accused, as well as limit poten- environment exists when unwel-Directors, as well as Human tial liability for the company. come sexual conduct unreasonablyResources Managers, and C-Suite interferes with an individual'sexecutives understand what WHAT IS SEXUAL job performance or creates ansexual harassment is and what HARASSMENT? intimidating, hostile, or offensiveyou should do if you learn of working environment. The USallegations. Federal law recognizes two forms Equal Employment Opportunity of workplace sexual harassment: Commission (EEOC) defines sexualSecurity directors and their teams “quid pro quo” and hostile work harassment in part as unwelcomeare increasingly likely to serve as environment. Quid pro quo sexual advances, requests for sexualthe initial point of contact for a harassment occurs when the66

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 67favors, and other verbal or physical supervisors and others in decision- an expertise in harassment investi-conduct of a sexual nature when making capacity have known gation may serve to protect youthis conduct explicitly or implicitly about, allowed, and even fostered and your company from chargesaffects an individual's employment, harassment without stopping it, of favoritism and bias.unreasonably interferes with an the greater the potential liability 5. Know company policies. Yourindividual's work performance, if litigation ensues. company’s policies may defineor creates an intimidating, hostile, inappropriate behavior moreor offensive work environment. 2. Preserve evidence. The preser- expansively than federal and local vation of key information is law. Be aware of established report-Off-color jokes, sexually-suggestive absolutely necessary. As a security ing procedures to be followed ifcompliments about bodies or professional, you may need to you witness or hear of workplaceapparel, unwelcome and insistent identify and preserve relevant sexual harassment. Remember, too,invitations, vulgar language, overly- evidence, including video and that harassment can occur at off-site,familiar touching, standing inap- audio recordings. Ensuring you work-related settings such aspropriately close, and conversations extract and save vital potential conferences, meetings, events, andand innuendoes to sex acts or proof of harassment also protectssexuality may qualify as forms of your firm against allegations while traveling. Harassment byharassment. Sexual harassment can of not fully cooperating – or your company’s outside vendorstake the form of verbal conversation, worse, a cover-up. can also expose you and yourtexts, emails, social media postings, company to liability.and shared photographs. When 3. Maintain confidentiality. 6. Train your staff. A well-designedsuch actions are common in a There are many reasons training program can be a solidworkplace, they can add up to for limiting the number of first step towards eliminating sexualhostile environment harassment. people who know about a harassment from the workplace workplace sexual harassment and minimizing damage if harass-WHAT TO DO IF YOU allegation and investigation. ment occurs despite your best First, the subject of the alle- efforts.LEARN OF SEXUAL gation can suffer a tarnished Katherine A. Lemire is the reputation if it turns out he President & CEO, and Amy R.HARASSMENT or she did nothing wrong. Second, Foote is a Managing Director the complainant is vulnerable and at Lemire, LLC. This article isTo protect yourself and your must be protected from disparage- intended for general informationcompany, these tips can help in ment and retaliation. Lastly, as purposes and should not be deemedresponding to and preventing is true for any investigation, the to constitute legal advice.workplace sexual harassment inquiry will fare better if it is doneallegations. discreetly and witnesses are approached without advance1. Hear a Rumor? Don’t Wait. Act knowledge of the subject of theImmediately. If there is some kind investigation.of allegation — even a hint — don’twait. Even if it is “just” a rumor, 4.. Consider an outside investigator.the onus is on you to act on it. Federal law requires a prompt,Notify your company’s General thorough, and impartial investigation.Counsel or make a report through If the subject of the investigationyour company’s established report- is a manager, or perceived to haveing procedure. Stalling in response close ties to management, you mayto complaints and failing to interview have extra challenges in ensuringwitnesses could expose your orga- the investigation is perceived asnization to liability and you could impartial. Outside consultants withget blamed for dropping the ball.The longer an organization or its 67

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 68 Is Your Mailroom Your Open Door? By Gary Artinger, John Aizstrauts and Linda EspositoA n open door invites anyone to It takes no skill at all to deliver or and the USPS employees and customers, enter. An unsecured mailroom remove an item through the open offers Publication 166, Who Protectscan allow anyone to enter your business doors of your mailroom. Often, it is all Your Mail? Guide to Mail Centeras easily as mailing a package to you. too easy for that open door to allow a Security as a security reference forAn open door can also allow someone physical item that may cause irreparable businesses with mailrooms. It coversto leave your premises with something harm or disruption of your operation topics such as:that is valuable to you and your company. to be delivered to your business.One must only consider the amount Your mailroom can be the open door • Your Risk Level—Physical securityof valuable and/or sensitive information providing an amateur attacker access of your workplacethat passes through your mailroom to deep inside your facility.realize the impact this could have on • Your Mail Center—Employee rolesyour business. An unsecured mailroom Just as cybersecurity employs elements and responsibilitiescan allow important company assets such as complex passwords, firewallsto be stolen for personal gain or and access restrictions to help prevent • Mail Theft—Securing your maileven greater nefarious purposes. This unauthorized intrusion into you network, center from theftsituation deserves your utmost security mailroom security should utilize physicalattention. and procedural barriers to prevent • Letter or Package Bombs and Bomb something or someone from getting Threats—Establish a security andIn our current security environment into your business. In today’s world, bomb-screening planmuch attention is directed toward even letter-sized mail can containcybersecurity. Many companies know dangerous substances that can disrupt • Chemical, Biological, or Radiologicalall too well the reality of having their or disable your business. Threats—Securing your mail centersensitive information stolen by hackers. from hazardous substancesHowever, a computer hacker must The United States Postal Inspectionpossess highly specialized skills to gain Service, the federal law enforcement • References—Checklists andaccess to the “open door” in your agency of the United States Postal additional resourcesInformation Technology Environment. Service that is charged with protecting the US Mail, the postal infrastructure, An unsecured mailroom lacking ade- quate physical and procedural security measures can provide someone with an easy means to access and attack68

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 69your business. Their attack could be • Excessive postage something valuable getting out. Theftdelivered through everyday handling • Oily stains, discolorations, prevention is another key factorof packages and/or mail. Depending when considering the security of youron the nature of your business, your crystallization on wrapper mailroom.customers and your location, you • Strange odormay have varying levels of risk. If • Incorrect title or addressed Publication 166 also provides severalyour business has international dealings design tips for mailroom physical layout,or provides controversial products only to title which in itself is a security measure.and/or services, it may attract • Lopsidedunwanted public, political or extremist • Protruding wires • Make all work areas visible toattention. By routinely reviewing your The Postal Inspection Service has supervisorsmailroom operations, layout, employees specially trained Postal Inspectorsand tasks, you can begin to assess who will respond to situations where • Use one-way glass, CCTVs oryour risks and specific security needs. something suspicious is found in the elevated supervisor stations US Mail. They can determine if theSome primary areas of concern are item is hazardous and will handle the • Eliminate desk drawers andthe manner in which packages and item accordingly. Mailroom security similar hiding placesmail are received by your business suggestions from Publication 166 canand the number of locations where also help minimize the risks and business • Ensure adequate supervision,these items are received and dispatched. disruptions cause by suspicious items especially in high-value areasThe fewer and more restricted these delivered via commercial deliverypoints, the more control • Restrict access to authorizedyou have over what enters services. Although Postal Inspectors persons by using keys, card keys,and leaves your business. will not investigate items delivered ID badges or biometricsThis also helps minimize the by commercial delivery services, thenumber of locations and security procedures and protocols In conclusion, your mail-people that can potentially should be the same for all items room is the door into yourbe exposed if a dangerous delivered to your mailroom. business. An open door canshipment was to enter your An open door can also allow someone lead to significant loss oroperation. or something to exit from your business. disruptions to business An unsecured mailroom can mean operations.The Postal Inspection Service someone can easily exit with something A properly secured portalbelieves that mailroom that may be important or crucial to will allow essential itemssecurity is enhanced when your business. Therefore, adequate to enter, restrict entry ofemployees understand and mailroom security should not only dangerous items and pre-implement basic security protect against something hazardous vent valuable items fromprocedures. It is essential getting in, but also protect against being removed. Mailroomto screen mail for signs security needs to bethat an item may warrant addressed as part of anyadditional attention. Mailroom employees comprehensive securitymust know how to isolate a suspicious plan. While often overlookedletter or package, how to report it, and considered a minorand how to identify the contents in a operation within a business, ansafe manner. unsecured mailroom can proved to be an Achilles Heel allowing importantIn Publication 166, Poster 84 illustrates business assets to be attacked and/orexamples of things that may tip you stolen. In a world where communi-off to a suspicious item such as: cation is an essential part of business, mailroom security should not be• No return address overlooked.• Restrictive markings like “Personal”, Contributing Authors: “Confidential”, “Private” Postal Inspector: Gary Artinger, CPP, PSP, PCI• Badly typed or written and/or Homeland Security Coordinator: misspelled words John Aizstrauts, CPP, PSP Physical Security Specialist: Linda Esposito 69

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 70 A Page 1ASIS NYC Chapter The Village Club of Sands PointAnnual Golf Outing 516-944-7400Monday, June 11th Reservations on a first come first paid basis $1200 per foursome Sponsorships: Platinum $1000 - Gold $750 - Hole $300 Breakfast: 8:00-9:45 am Start Time: 10 am SHARP! Lunch: on the course Cocktails and Dinner: 5 pm Contact: Lynn Brown c/o Secure Access 38 West Park Avenue Long Beach NY 11561 Tel: 516-623-7500 Cell: 516-384-9447 Fax: 516-706-5530 [email protected] Show CommitteesTrade Show Chairman Exhibitor Committee Security Director
 Co-Chairs: Magazine &Raymond Dean Mark Berger Media Relations 
Co-Chairman: Bernie Jacobs Editor:Craig Schwab Member Cynthia Webster Executive Committee Charlie SchollChairman: Advertising, Design &
 Lynn Brown Show Coordination Production Vice Chairman: Maria-DiCarlo Cofell Don Blauweiss Don Francisco Jim Kitchen Diane DudzinskiTreasurer: Larry Seltzer Steve Sacchetti Website Management Secretary: VIP and Dais Committee Rich PattiBrian Reich George AndersonSergeant at Arms: Terence B. Hoey AcknowledgmentsManuel Gomez Steve Sacchetti We gratefully acknowledge70 First Republic Bank and Izabela Regula MG Security Services for their assistance with the Joette Faherty Person of the Year lun- cheon and all of the other Elisa Mula volunteers who worked tirelessly to make the 29th NYC-ASIS Tradeshow a success.

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 71 WISWOMEN IN SECURITY By Denise NilesIn the spring of 2004, a group holds several events each ASIS on February 8, 2018, for year. The focus is no longer a happy hour and networkingof women in the New York on how to apply your eyeliner social.City area held an event at but how we, as women, canJohn Jay College of Criminal work together in a predomi- Today, we aim for networkingJustice. The group originally nantly male industry. We and helping each other succeed.named themselves “The continue to see growth in With the fantastic supportWomen’s Group” since they attendance and participation of the Board of Directors ofwere compromised of all at these events. the NYC Chapter of ASIS wewomen and the directive was are able to reach and attractto support women in the Some of our popular events more women to our events.security industry. include the annual self-defense Despite our varied backgrounds class, held in the either fall or and positions in the industry,The event included presenta- spring and usually at Berkeley our common goal is to unifytions such as “how to dress College in mid-town Manhattan. and strengthen our commitmentfor success,” “how to apply The class is always over-sub- to support each other.makeup tastefully,” and scribed, and we may be able“resume building.” At the to hold two sessions in the The opportunities for womentime, the number of women future. in this industry are growingin security was limited and more women are inand the group was asked Our summer brunch is another positions of authority andto change the name to the popular event and is held in decision making. Issues such“Women and Minority Group.” late August. The atmosphere is as juggling home, work,The group agreed, and the light, the company excellent and children are topics withname was changed. The and it is a good place for which many women continueevent, for the most part, networking. The brunch has to struggle but together wewas a success; however, grown over the past few years are strong. We look forwardthe group did not gain any and we are happily looking to seeing you at our next event!traction and dissolved. for a larger venue to accom- modate more attendees. We Denise Niles is the LiaisonFast forward 10 years and are also planning to add a for Women in Security for thethe ASIS Women in Security CPR class for our members. NYC Chapter of ASIS and isgroup was formed nationally. In addition, we partnered Vice President-Key AccountsLocally here in NYC, this with the Young Professionals at Advanced Electronicgroup, known as WIS, is (YPs) of the NYC Chapter of Solutions, Inc. (AES).exclusively for women, and 71

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 72 Eugene J. Casey Award continued Ready! Fire! Aim! continued Get your EOD Mobile Unit TEN and deployed But as we know, in most good message to Office of the Secretary of Defense humor there is an element of truth. in front of (OSD), detailed to FBI HQ and Projects that go awry follow these DHS HQ post September 11, 2001 steps, and as effective project law for Operation NOBLE EAGLE; managers, we must look for the enforcement NSW Operational Support Team symptoms of b and c and step in and security TWO (OST2); and SEAL Team as needed to right the ship, lest the professionals EIGHTEEN. His military awards rest of the steps take hold. include: Meritorious Service at the Medal; Navy Commendations 10. Debrief each project and 2019 Medals (2); Navy AchievementASIS NYC EXPOo Medals (2); Navy Expeditionary apply what you’ve learned to Medal; Global War on Terrorism Advertise in Service Medal, and numerous the next project. other personal and unit awards. ESBapOrierlfycdfiearl With good notes, and whatever the He is also a two-time recipient outcome, every project provides aSend us your Insertion Order by of the prestigious FBI Director learning opportunity for the team July 13, 2018 and you’ll get a “Exceptional Service in the Public and for the team leader (that’d be Interest” award. FBI Director Louis you). Take time to have a formal 10% discount on your ad. Freeh awarded Terence for his review session at the conclusion Visit: asisnyc.org/expo work during the TWA Flight 800 of the project and get everyone’s recovery and investigation. FBI input on what went well and what Or contact Diane Dudzinski Director Robert Mueller awarded could be improved. It will be time 914.779.6846 or Terence for his work as Command well spent. Master Chief to assigned Flag [email protected] while assigned to FBI HQ, National So, that is my list of 10 things Infrastructure Protection Center about projects. I hope you found (NIPC) post-September 11, 2001. it worthwhile to spend the time reading, and more importantly, Terry is the founder and president that you took one or two tidbits of Hoey & Associates, Inc., a con- away to improve your own project sultancy established in 1995 that management skills. And if not, I specializes in security, crisis and hope it at least gave you something emergency management. He lives to think about, to compare your in northern Westchester County, own approach to, in what should New York, with his family. be a life- and career-long journey, that of self-improvement. Now, get This year we recognize Terence B. back to managing those projects Hoey for his outstanding and selfless and leading those teams! contributions to the United States of America, to ASIS International George W. Anderson is the Director, and to the NYC Chapter of ASIS. World Trade Center Security. He is a past chairman of the NYC The Eugene J. Casey CPP Award for Chapter of ASIS and currently Distinguished Chapter Service is chairs the Program Committee a special award given in honor of for the Annual Person of the Year one of the NYC Chapter’s founding Luncheon and is the Mentoring members. Coordinator for NYC ASIS.72

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 73 73

ASIS Spring 2018 v3.qxp_ASIS Summer 2004 5/1/18 5:34 PM Page 74 DOYLE SECURITY SERVICES, INC. At Your Service in New York, New Jersey & Pennsylvania PROTECTING YOUR PEOPLE, YOUR PROPERTY AND YOUR PEACE OF MIND. -iVÕÀˆÌÞ\"vwViÀ Services – Event & Life Safety Services – Executive Protection Services – Remote Monitoring Services – Mobile Guarding Services – Security Consulting Services (877) 377-7749 • doylesecurityservices.com 74