Conducting a security risk assessment utilizing an experienced security consultant can prove invaluable for your organization. It is imperative to seek out a qualified security professional.
Suggestions when selecting a security consultant:
1) Review over-all security experience. How long has the expert worked in security management? Length of time is just one of many considerations and number of years should not be equated to knowledge.
2) Is specific experience required? A security consultant meeting the two key requirements (experience and certification) is qualified to act as a security consultant in the vast majority of security assignments. However, keep in mind that no one is an expert in all areas. The author has been involved in security for nearly 40 years and considers himself an expert in only a few areas.
3) Industry certification. The author recommends at minimum that a security consultant who is claiming broad based credentials possess the designation of Certified Protection Professional (CPP). This certification is the highest designation that can be bestowed upon a security practitioner. If consulting involves Physical Security, the Physical Security Professional (PSP) Board Certification is recommended. (See Board Certification explanations at end of this communication. A most important point regarding board certifications is that the certification represents that the security professional has passed a thorough examination by his/her peers and educational and employment has been verified. The security professional earning these certification must also pass a challenging written examination demonstrating knowledge in various disciplines related to the certification.
4) Formal Education. While the author earned a graduate degree and believes that education is important, he places experience and certification higher in the selection process.
5) General liability insurance. A Professional E&O Liability Policy should be in place to protect the consultant and consumer.
6) Professional memberships. While professional memberships may be helpful to the consultant their primary purpose is to provide educational programs to keep the security consultant current. One of the most highly recognized organizations for security professionals is ASIS International.
7) Publications. While this credential is not crucial in the selection process, publications by the consultant may reflect his or her view points and thought process relative to a particular consulting project.
8) References. Request recent references to determine if the consultant was able to enhance their existing security program via cost effective strategies. Peer references are also important.
9) Profit and Loss experience. P&L experience is invaluable. Too often security managers and experts see things from a one-sided perspective and are not able to properly balance risk and profit unless they have served in a P&L role.
10) Interpersonal skill. Does the consultant possess the skill level needed to interact with employees and senior management and orchestrate the security risk assessment process?
The following three ASIS International board certifications in security are accredited by the Department of Homeland Security, The American National Standards Institute (ANSI) and The International Organization for Standardization (ISO).
Certified Protection Professional (CPP®) – This certification designates individuals who have demonstrated competency in all areas constituting security management.
Physical Security Professional (PSP®) – The PSP® designation is the certification for those whose primary responsibility is to conduct threat surveys, design integrated security systems that include equipment, procedures and people, or install, operate and maintain those systems.
Professional Certified Investigator (PCI®) – Holders of the PCI® certification have demonstrated education and/or experience in the fields of case management, evidence collection, and case presentation.