Scriven L. King is a security professional who has worked for the federal government for ten years and now enjoys a life in both the private and public sector. His previous positions have included law enforcement and security operations, physical security manager, crime prevention officer, and personal security officer. He is also the editor of The Security Dialogue, a blog where he enjoys talking about new security technologies, strategies, and techniques. You can follow him on Twitter @scrivenlking.
I’ve been a security professional for over a decade and worked in a variety of areas in this field to include everything from major event security, dignitary protection, security operations, armed patrols, bike patrols, security management, physical security, personnel security, and program management. In each field, I have come to the realization that most people have no clue what “security” really is. That’s right. I’m not just talking about customers either. Security professionals also have a flawed concept of what constitutes “security”. And you know what? You do as well probably. So why is it that so many of us have no clue what we’re talking about or asking for?
Let’s first examine what security is. Security is a psychological construct. In other words, security is something we humans feel because it helps us prioritize the other survival needs we have. Think about it. Ancient cave dwellers faced a number of survival issues daily – food, water, shelter, etc. Security was a primary concern, given they had to ward off dangerous predators and rival humans. Certainly, hunting and gathering can’t be done if you’re preoccupied with having to worry about keeping your stuff (and you) from harm’s way. So they did whatever they needed to in order to protect against would-be threats. Over time, those defenses were tested by these threats and what worked against them stayed and what didn’t they rid themselves of. As those threats became less frequent, less real-time evidence was needed to establish security. We no longer needed to see a threat to feel as though we had deterred them. A great illustration I use to make this point is locked doors. Why locked doors? Think about it. Every time you lock a door and leave for the day, you do so feeling very secure. When you lock the doors at night, you sleep easy because you feel have adequate security. Most often than not, you have never been burglarized. You have zero experience with actual criminals. Yet, you believe the lock keeps the threat away.
Why is this bad? When we forget the differences between security and actual protection, we tend to be more concentrated on the mental assurance we have evaded attack rather than actual data to substantiate it with. Would you rather get a vaccine that was tested in a lab with real viruses or one scientists feel will work? All security measures should be evaluated on how well they stop actual attackers and should be implemented with the understanding an attack will occur rather than if. Too often, we fashion security after the least likely scenario in which the threat will attack or on the presumption he has come but was thwarted by something we did that can’t be corroborated. How many times have security professionals sold a piece of equipment to counter a threat that will likely never show up? It’s like buying an operating table for your home. Some would argue that’s how we got the Transportation Security Administration and countless other security bodies. It’s been the leading cause as to why intelligence reform will never be sufficient. In that light, the misnomers about security are no more apparent than they are in national politics where various threats, real or imagined, compete for our government’s attention and money.
So how do we fix this? There’s no easy road unfortunately. We have to begin by formulating a national risk analysis based on realistic threat scenarios from across the security spectrum. This discussion should focus on criminal and national security threats. We shouldn’t shy away from the various socioeconomic or geopolitical ingredients that feed them. From there, we should discuss how likely we are to see the attackers and evaluated what has worked against them in the past. We should be wary of adopting someone else’s security solution to our problems. What works in Tel Aviv sounds really cool but may not work in the modern American security landscape. Finally, we need to develop attainable goals and projections. We will never be rid of terrorism. Never. So let’s stop making that goal. Instead, let’s create an environment that mitigates the threat the minute it’s known preferably before an attack occurs. A lack of clear and specific attainable goals has been the biggest threat to our security. Remember it’s not about feeling secure because the threat is not present. It’s about what defeats an attacker when he/she chooses to attack that should constitute security.