tumblr visitor

Security: @Syinstitute #itsyourinstitute – Assistance required! Can you spare some time?

In my network are many members of the Security Institute (SyI) and as you may know I was recently voted in as a Director. My portfolio has been confirmed as ‘Membership Growth, Retention and Sustainability’. This is one of most important areas and something I feel passionate about and was the main reason why I stood to become a Director. I would be interested to hear from any serving or potential members how the SyI could improve in this particular area.

Of course my role slots into a number of other portfolios for example, Member Services, Events and Exhibitions, Validation Board…..to name a few, but my focus is growing the membership and retaining the members we have.

If you want to become more involved in the development of the SyI please contact me as your support and guidance would be very much appreciated. This could be a sounding board for ideas or more, depending on the time you can commit.

I see this as a great opportunity to make a difference in the professional body that represents our industry and any help you can give would be beneficial to you, the wider membership and the future of the SyI.

Thanks very much, Paul

Contact me via twitter @chatbacksy or via LinkedIn

Posted in Security Institute

All this talk about information security is making me #wannacry

Wow the amount of information/cyber security ‘professionals’ that have suddenly come out the wood work is amazing! I’m seeing a lot of message in LinkedIn saying ‘contact us about ransomware’ or ‘are impacted by ransomware contact xxx for assistance’. I guess this gravy train will go on for  a few weeks yet. In my binary head the message seems simple:

  1. Patch your computers
  2. Harden your defenses
  3. Run a decent anti-virus
  4. Ensure that you have secure backups
  5. Raise awareness across your employees (unfortunately the weakest link seems to be us Humans??!!)

One interesting piece that I read on Twitter related to Sophos and how they have amended their website marketing relating to one of their clients…the NHS! Follow the updates below, this was originally posted by @maldr0id 

The Good

The Bad

The Ugly

Posted in Information Security Tagged with:

My first 100 hours as a Security Institute Director #itsyourinstitute

Since Tuesday I have received a great deal of congratulations messages and I feel proud to be able to represent my industry peers in the future development of the institute. 

Unfortunately in my first 100 hours I haven’t achieved a great deal (shame on me)…..but I’m in the process of setting up a meeting with our chair Garry Evanson to discuss my ideas and on the 16th May is my first board meeting. I have also completed the required Companies House forms to be officially listed a Director. 

Also on Tuesday Rick Mounfield was appointed as the new CEO, so it’s certainly a time of change! Rick takes up his new post next week and it will be good to work with him going forward. 

Once again thanks to the members who voted for me and feel free to reach out if you have any institute feedback or ideas for the future. 

Cheers Paul 

Posted in Uncategorized

Successful in being appointed @syinstitute board of directors #itsyourinstitute :-) #SyIAGM2017 

Today was the Security Institutes (SyI) AGM which of course meant it was also Director voting time….I am very pleased to say that with enough members votes I was appointed to the Institutes board.

big thank you to anyone who supported me during my campaign and those of you who voted for me. A special thanks to my proposer – Emma Shaw and my seconder – Sarah Austerberry.

As a side note a new Chief Executive was also announced – Rick Mounfield. Further details will of course be released on the Institutes web site.

Thanks again and I’m looking forward to representing the membership and helping to shape the future of the SyI. I will of course keep you posted on how things progress over the coming months.

Posted in Events, Miscellaneous, Security Institute Tagged with:

Standing for a Security Institute Director Position – PLEASE VOTE FOR ME #ItsYourInstitute

I have decided to stand for a Director position at the Security Institute (SyI). I am passionate about the security industry and I believe that the SyI plays a key role in not only increasing the industry profile but also the people that work within it. 

I have held various voluntary roles in the institute for the last 7 years (details below). 

In order to be nominated I require two serving institute members to support my application. I have been proposed by Emma Shaw FSyI CSyP (previously our very successful SyI Chair) and seconded by – Sarah Austerberry FSyI. Both of these are highly regarded security professionals in their own right and I’m grateful for their support.

I hope that SyI members I already know, follow me on social media and some others will vote for me. You can vote either in person at the AGM on the 25th April at the Hallam Conference Centre, London W1 or via a proxy vote (details are yet to be released). To attend and vote in person please book via here.

With 9 nominations it’s testament to the security industry that members clearly want to be become more involved in the development of the SyI. This is the most I have ever seen and there are only 5 available posts – so voting is very important! To read all of the candidate profiles please visit the SyI website.

Where do I feel the institute can develop and how I want to help?

My reasons for becoming a Director are genuinely for the benefit of the membership and to further develop the Institute. I have spoken with members (and also some people who are not) and their views are similar to mine.

  • Adding value to our membership or approach it a different way, decide what value we should be offering members and/or what do members expect
  • Better understand why members are leaving and improve membership retention
  • The post-nominal’s (ASyI, MSyI and FSyI) allow us to standout from other security organisations. The validation process should remain robust, albeit I do see opportunities for further improvement (including the application process)
  • Increasing the profile of the Institute and the industry
  • The security sector consists of professionals working in many different sectors, the SyI should not focus on one area i.e. Corporate is as important as Military or Government, and also Law Enforcement is as important as retail
  • Explore opportunities to work with other organisations where security professionals work i.e. Information Security and Business Continuity groups or Fraud Forums

These are big asks but I feel they are key to improving the profile of our industry and making the SyI ‘current’. In my opinion the only way to truly make a difference, is to be more involved in some of the key decisions being made.

My previous and current SyI experience:

  • Joined the SyI in 2008
  • Serving member of the SyI Validation Board since 2010 – please click here to read about this group
  • Previous Vice Chairman of the Validation Board 2011-2014
  • Previous Chairman and formed the Validation Board Working Group 2012-2014

My areas of professional interest are;

  • Security assurance and governance
  • Travel risk management
  • Developing innovative value ways of working
  • Increasing the profile of security to non-security people, for example when recruiting new roles  or if a security consultant is required institute members should be the first place to look

    Who am I?

    I have worked in the security industry for over 20 years and I am currently a senior global corporate security manager within a FTSE100 company, having previously worked in the public and retail sectors. I have a good depth of security experience across different sectors, overseas as well as in the UK.

    I am a keen ‘amateur’ blogger, having done this for about 6 six years,  I also compliment it with twitter. I think its important to engage with peers and I enjoy sharing security news, views and advice (when I’m not moaning about the poor South Eastern trains service).

    For further information on my professional experience please feel free to read my LinkedIn profile.

      When I told a colleague I was standing for SyI Director he said…”Paul if Trump can be the US President and Boris Johnston Foreign Secretary then I’m sure you can be a Director of the Security Institute”.

      And finally…

      We are working in a heightened threat environment with unprecedented exposure  on the security sector. There is such a great opportunity to be represented by a professional body that fully supports and is working to the benefit of its membership.

      Having been an institute member since 2008 and playing an active role via various voluntary positions, I have a good understanding of the institute and what it currently offers (and unfortunately what it does not). I am proud to be a member, but I believe it can offer more (much more), and as a result increase the profile of security…which would ultimately benefit us all.

      Thanks for taking the time to read this, I appreciate it’s a lot of information but I feel its key in order to fully understand why and how I’m approaching this. If you would like to contact me direct, please feel free to drop me an email via mr.paul.drury@gmail.com or tweet me @chatbacksy

      Posted in Events, Physical Security, Security Institute Tagged with: ,

      Travel Security – US bound flights to ban most electronic devices

      Typical!! Just as I’m about to venture onto a 9 hr flight, with my only saving grace being the iPad’s my kids will have surgically attached to them…

      The US has announced a ban on electronic devices from cabin baggage on flights from mainly Middle Eastern and North African countries. Officials said extremists were planning to bring down passenger jets with bombs. News about this begun to trickle out on 20th March but at the moment it only appears to affect some carriers flying from a dozen or so countries.

      These fresh restrictions which do not have an end date affect laptops, tablets, cameras, DVD players, and game players. Large electronic devices will only be allowed on board in checked baggage. Phones are exempt from the new rules.

      The impacted countries and airlines are (but expect this list to grow):

      The airports affected are: The nine airlines are:
      Queen Alia International, Amman, Jordan
      Cairo International Airport, Egypt
      Ataturk Airport, Istanbul, Turkey
      King Abdulaziz International, Jeddah, Saudi Arabia
      King Khalid International, Riyadh, Saudi Arabia
      Kuwait International Airport
      Mohammed V International, Casablanca, Morocco
      Hamad International, Doha, Qatar
      Dubai International, United Arab Emirates
      Abu Dhabi International, United Arab Emirates
      Royal Jordanian
      Egypt Air
      Turkish Airlines
      Saudi Arabian Airlines
      Kuwait Airways
      Royal Air Maroc
      Qatar Airways
      Emirates
      Etihad Airways 

      Update: The UK now plans to ban electronic devices for passengers flying to the UK from certain countries.

      So for now calm has once again been restored to the Drury household phew…but I might still tell the kids they can’t just for a laugh!

      Posted in Physical Security, Travel Security Tagged with:

      Fraud & Security – Social Engineering Awareness Workshop via @Jenny_Radcliffe

      Social engineering is becoming increasingly common as a means by which fraudsters gain access to companies’ and organisations’ data and systems.

      Employees are tricked by fraudsters into breaching security protocols or giving away information – exploiting people as the weakest link in the information security chain.

      The fraudsters’ techniques can involve physical access into buildings, email phishing and telephone calls, but a new breed of attacker is also now being seen, apparently using more psychological methods involving building trust relationships and using corporate websites, industry forums and social media sites.  Attackers get to know a company and its people so well that they can use employees to compromise their own organisation.

      As fraudsters continue to seek more sophisticated methods of attack, your organisation needs to ensure that its employees are made fully aware of how they can be targeted.  Your staff need to understand the dangers, and be constantly vigilant.

      This valuable, extremely topical one-day workshop – led by social engineering expert Jenny Radcliffe – will give you the tools to instill a culture of awareness among your employees, and help prevent your company or organisation being the victim of fraud.

      The training is held Wednesday 15th March 2017 or Wednesday 7th June 2017 Central London

      For details how to book please contact Judith on (+44) (0) 1303 261465 or email info@conference-network.co.uk or via this website

      Posted in Uncategorized Tagged with: ,

      Personal Security: CitizenAID app aims to help save lives in a terror attack

          

       

      Members of the public are being encouraged to download a new mobile application in an effort to save lives during a terror attack. Developed by military and civilian medics, the CitizenAID app helps to guide people through basic first aid skills and potentially lifesaving treatments which can be administered to patients in the vital time before emergency services can arrive. It also provides other immediate actions to ensure your personal safety during such an attack.

      The information is available through an app and pocketbook (but you will have to pay £1.99 for this!) and is designed to complement the ‘Run, Hide, Tell’ guidance given by the National Counter Terrorism Security Office in the wake of the Paris attacks.

      The launch comes just days after 39 people were shot dead in an Istanbul nightclub attack, and a fortnight after 12 people were killed when a lorry ploughed in to crowds at a Berlin Christmas Market. Because clearly their aim is to help people, why charge £1.99 for the pocket book (which I suspect is the same as the app)? Surely the more ‘freely’ available this type of information is the better for everyone!? In my opinion, stacks of these should be available at large transport hubs, shopping centers, football stadiums etc etc…..I really don’t understand why they are charging!

      It’s disappointing that the pocket book is not available until mid January…..why didn’t they delay the launch of the initiate?

      Whilst I’m on my soap box, I also think its confusing the amount of different agencies and organisations that provide this type of advice. I think there should be one central authoritative source that the public and businesses can refer to. Maybe there is a current organisation that could provide this? Or maybe one should be set up by merging a few of the ones that clearly appear to do the same or very similar functions…

       

      Posted in Counter Terrorism, Personnel Security, Physical Security, Travel Security Tagged with:

      Security: The reflective glasses that could make you (well your face) ‘invisible’ to security cameras

      I’m not sure if these are a good idea or not! 272 Backers on Kickstarter think they are….

      • The accessory, called ‘Reflectacles’, reflect light off of the wearer’s face 
      • This increases visibility and confuses security cameras’ infrared sensors 
      • The crowdfunded spectacles cost between £78 and £100 ($95-$125)
      • They are designed to ‘erase our faces’ even in low light conditions
      • Kicker pledges currently at $34,632

      Read more here

      Posted in Personnel Security, Physical Security Tagged with:

      Physical Security – House of Commons Personal Security Advisor

      The Houses of Commons are seeking to recruit a full time ‘Personal Security Advisor’ to ensure that MP’s are protected whilst away from Parliament. The role will be based in the Parliamentary Security Directorate at Westminster and will have a salary up to just over £61k.

      New roleI actually think this seems reasonable and is similar to any organisation which must effectively protect its work force, after-all as an employer you have a duty of care to keep your employees safe.

      High profile people and/or executives in large private sector companies can make themselves unpopular and sometimes this will come with additional threats and enhanced risks. Most corporate businesses have security advisors who can proactively support the business and their employees. MP’s at times make themselves VERY unpopular (no sh*t Sherlock) and as a result risks can be heightened.

      Gone are the days where the Police seemingly do everything, not only do they not have the resources but they are not the experts in all things security. This new position offers a consistent risk based approach, to provide guidance/advice and to give assurances for an MP’s total protection.

      The awful killing of the Labour MP Jo Cox in June has of course raised some serious concerns and in addition to this new role, The House of Commons have recently awarded a contract to Chubb Fire and Security to provide a ‘standard’ package of protection. The new role should tie this together nicely and ensures a consistent holistic approach…..to be honest for me this seems very sensible.

      I have read some interesting comments mentioning that unless MP’s have a security adviser each then how will this work? I can only compare from a business perspective and this clearly isn’t a close or executive protection role and with only 650 MP’s I absolutely think that a centralised advisory position is the right thing to do. Afterall, global businesses with thousands of staff have relatively small corporate security teams and with arguably a much larger remit.

      Not everyone will like it and yes we the public will pay for it, but something should be done. I hope they break the mold and look wider than the normal government recruitment position of employing ex police or military. This is not because I am interested but because a private sector security professional would actually be a better fit and add more value to the position.

      If your interested in applying click here, a summary of the job spec is below or click here for the full spec:

      Personal Security Adviser

      Salary Band: A2

      The Role

      The Parliamentary Security Department (PSD) is responsible for physical, personnel and cyber security for both Houses of Parliament. PSD sets security strategy, provides expert advice and delivers an operational service. It does this in partnership with the Metropolitan Police Service (MPS) and by working closely with the Parliamentary Digital Service, Strategic Estates, the Sergeant at Arms Directorate, Black Rod’s Department, and other key stakeholders.

      The Person

      The successful candidate will have the following skills/experience:

      • Sound understanding of personal physical security threats and risks and detailed knowledge of associated protective measures.
      • Significant experience of delivering personal security advice to individuals in a reassuring and authoritative manner.
      • Sound understanding of personal online security threats and risks and broad knowledge of associated protective measures.

      Benefits

      Annual leave starting at 28 days pro rata, Interest-free season ticket loan, Child care voucher scheme, Discounted membership of the in-house gym.

      Posted in Job Opportunity, Personnel Security, Physical Security