Selecting a Security Consultant

Conducting a security risk assessment utilizing an experienced security consultant can prove invaluable for your organization. It is imperative to seek out a qualified security professional.

Suggestions for selecting a security consultant:

1)  Review over-all security experience. How long has the expert worked in security management? Length of time is just one of many considerations and number of years should not be equated to knowledge. While military and law enforcement experience may be a consideration as a skill set, this experience may not qualify as security experience, unless for example, the police officer was a crime prevention officer, or the military assignments focused on areas such as, threat assessments or protection of facilities. The same thought process applies for a private security officer, simply working at a facility for 10 years, may not constitute adequate experience in the field of security. While these experiences may prove useful for employment within the security industry, this article applies to consulting within the field of security.

2)   Is specific experience required? A security consultant meeting the two key requirements (experience and certification) is qualified to act as a security consultant in the vast majority of security assignments. However, keep in mind that no one is an expert in all areas of security. The author has been involved in security for 50 years, has a graduate degree, board certifications and immense experience and considers himself an expert in only a very few areas within the field of security.

3)    Industry certification. Industry certification. The author recommends at minimum that a security consultant who is claiming broad based credentials possess the designation of Certified Protection Professional (CPP). This certification is the highest designation that can be bestowed upon a security practitioner. If consulting involves Physical Security, the Physical Security Professional (PSP) Board Certification is recommended. (See Board Certification explanations at end of this communication. A most important point regarding board certifications is that the certification represents that the security professional has passed a thorough examination by his/her peers and educational and employment has been verified. The security professional earning these certifications must also pass a challenging written examination demonstrating knowledge in various disciplines related to the certification.

One must also consider the accreditation of the board certification since there are numerous certifications which are not backed by a credible organization. The CPP board certification is accredited by the Department of Homeland Security, International Standards Organization and the American National Standards Institute. I have been asked to take exams for other certifications but when I inquire about their accreditation, I am informed that “we don’t have this sort of accreditation but we have thousands of influential members” which in my opinion is not sufficient when seeking a reputable consultant.

4)   Formal Education. While the author earned a graduate degree and believes that education is extremely important, he places experience and certification higher in the selection process.

5)   General liability insurance. An adequate Professional E&O Liability Policy should be in place to protect the consultant and consumer.

6)  Professional memberships. While professional memberships may be helpful to the consultant their primary purpose is to provide educational programs to keep the security consultant current. One of the most highly recognized organizations for security professionals is ASIS International. Another reputable organization for security professionals involved in the protection of critical infrastructure is InfraGard which is an FBI sponsored organization. However, simply being a member of such organizations does not mean the consultant is well versed in the field of security.

7)  Publications. While this credential is not crucial in the selection process, publications by the consultant may reflect his or her viewpoints and thought process relative to a particular consulting project.

8)  References. References are an important part of the evaluation process and should include, prior employers and peers who have worked with the consultant who can attest to their knowledge. Depending on the nature of the work, you may want to review a criminal record check provided by the FBI which the consultant can request by submitting their prints and a check to cover expenses.

9) Profit and Loss experience. P & L experience is invaluable. Too often security managers and experts see things from a one-sided perspective and are not able to properly balance risk and profit unless they have served in a P & L role.

10) Interpersonal skill. Does the consultant possess the skill level needed to interact with employees and senior management and orchestrate the security risk assessment process?

Jim McGuffey, M.A., CPP, PSP, PCI

The following three ASIS International board certifications in security are accredited by the Department of Homeland Security, The American National Standards Institute (ANSI) and The International Organization for Standardization (ISO).

Certified Protection Professional (CPP®) – This certification designates individuals who have demonstrated competency in all areas constituting security management.

Physical Security Professional (PSP®) – The PSP® designation is the certification for those whose primary responsibility is to conduct threat surveys, design integrated security systems that include equipment, procedures and people, or install, operate and maintain those systems.

Professional Certified Investigator (PCI®) – Holders of the PCI® certification have demonstrated education and/or experience in the fields of case management, evidence collection, and case presentation.

Disclaimer:  The articles contained on this website are written for general information purposes only and are not intended to be, and should not be used as, a primary source for making security decisions. It is the responsibility of the end users and viewers to evaluate and seek out additional guidance as deemed appropriate for application.

Scroll to Top