What is a physical security consultant?

This is an individual with extensive experience in the security industry and with expertise in the following facets of security consulting that include:

Note: A Physical Security Consultant should not be confused with a Cyber Security Consultant. The two are vastly different with a cyber security consultant being involved in securing software and typically company websites and network operations. There will be a later article on this Blog entitled “Cyber Security Consultant vs Physical Security Consultant”.

Ideally, the security consultant should have several years of experience including working with one or more security integrators, possibly one or two security manufacturers and should have at least 15 years of experience as a physical security consultant. 

Security Expertise in Greater Detail:

Video Surveillance:

Video Surveillance has undergone a total transformation in the last two decades from analog to digital technology, dedicated wiring to running via computer networks and wireless transmission and from simple surveillance to full scale detection and incorporating today what has been likened to the latest “industrial revolution” being that of artificial intelligence.

A good security consultant should have had experience of both analog and digital technology from a system design and implementation of same and the ways that older analog systems can be incorporated into modern digital ones.

The motto of good security consultants should be to protect a client’s fundamental return on investment wherever possible.

Most modern-day video surveillance systems comprise IP (Internet Protocol) cameras that provide greater image capability, utilize POE (Power over Ethernet) cabling such as Cat6, have advanced features such as video analytics built into the camera, are very effective in low light conditions and include scalability.

As there are a great many analog camera systems still in full operation, a security consultant should have reasonable experience in both replacing those systems with IP camera systems and with incorporating analog cameras into IP camera networks.

Camera technology continues to increase at a rapid pace and a security consultant should be familiar with the different MP (mega pixel) camera manufacturers, those with three and four sensor multi-sensor cameras, 2 channel cameras, those cameras with built in IR (infrared) capability, those with built in video analytics and those that are now appearing with AI (artificial intelligence) features.

Access Control:

A transformation is also taking place in the electronic access control arena.

This, in a similar vein to that of video surveillance, involves both infrastructure and device technology. As with video, the infrastructure has moved to computer networks or wireless transmission and integration with other security systems via a VMS Hub or other means.

Access devices have also undergone a transformation from proximity card technology to smart card technology, the development of biometric devices and following Covid, major developments in contactless access. 

Perimeter Control:

A physical security consultant should have a good working knowledge of various types of barriers ranging from basic fencing to that of maximum security, all types of automated gate control, various perimeter detection systems including electronic fence detection, ground (seismic) detection, vehicle barriers from simple bollards to advanced automated vehicle restraint systems.

The consultant should also be familiar with video motion and several video analytic programs that detect intrusion or possible intrusion into a facility.

Intrusion Alarm:

From experience, many intrusion alarm systems whether part of the electronic access control system or independent of same and relying on door contacts for alarm activation are often found to be defective with doors not secured by the system. The consultant should have sufficient experience to be able to detect such items including deactivated door contacts, frayed wiring, alarms working correctly but ignored, etc.

Visitor Management:

Visitor management is a key element in identifying who is authorized to have access to a facility and who is not. The consultant should be familiar with modern up-to-date visitor management systems which are often part of the electronic access control system. At the same time, a consultant should also be familiar with independent systems and how they integrate with a particular main system. This should include modern contactless access systems.

VMS (Video Management Systems):

Modern facility security systems are typically integrated security systems with an appropriate VMS system acting as the Hub that that effectively controls the ability of major security systems to work together. As an example, in a recent project it was possible to have a Genetec VMS system integrate the electronic access control system, visitor management, apartment WiFi locking system, intrusion alarm system, and security intercom with the video surveillance camera system. The camera system also provided the perimeter detection system utilizing video motion and video analytics.

However, not all VMS systems work with other systems as described above and it is important that a consultant have sufficient experience and expertise to know which systems and devices work with the major VMS systems.

Security Assessments:

Before commencing to design and implement new security systems for a facility regardless of it being new construction, new renovation, or upgrading and/or replacing an existing security infrastructure, a good consultant will carry out an assessment including a threat assessment of the facility. The most comprehensive assessment is typically an SVA (Security Vulnerability Assessment) for which there are different methodologies. Ideally, the consultant should be familiar and if possible, certified with the pertinent type for a given facility.

There are other types of assessments that include Security Oversight, Facility Security System Audit, Guard Services Assessment, OSHA Compliance, and Active Shooter assessment. If the individual consultant is not fully conversant with all assessments then they should have access to someone that is.

Risk Management:

The overall goal of any integrated or stand-alone security system is to provide an adequate protection level for the facility and employees, etc., and to reduce the risk of an incident as much as possible.

It is not possible in most situations to protect everything for logistical and cost reasons and thus identified risks, as they pertain to a given facility need to prioritized and managed. Hence a knowledge of risk management as it pertains to security should be another arrow in the consultant’s quiver.  

Security Guard Services:

It is often the case that a client anticipates with the hiring of a security consultant, it will be possible to eliminate or certainly reduce guard services if deployed at an entity. Thus, the consultant should have knowledge of unarmed and armed security guards and their operations as it is often not the case and any reduction may undermine adequate security for the facility.

Security Legislation:

In the past few years there has been a variety of security legislation applicable to education facilities, chemical plants, water and wastewater treatment units, transportation, critical infrastructure, and others. The latest pending legislation currently being worked on will apply to all Federal Agencies and structures.

It is imperative that a consultant be up-to-date on current and pending security legislation applicable to specific Industries both State and Federal. 

Security Protocols:

Frequently overlooked by companies but a key part of good security are security protocols such as dealing with the following:

The consultant should be familiar with security protocols in order to advise the client if so requested. Alternatively, the consultant team should have a specialist in that area.

Security Master Plans:

Consultants should have a knowledge of Master Plans and should always develop security systems and measures as part of an eventual master plan for the client. It is irresponsible to put forward security systems that may be approaching the end of their life cycle with no built-in upwards compatibility and which will leave the client with an expensive system replacement at some point. 

Security Integration:

All modern security systems should involve some level of integration. As a result, it is important to have experience with integrated security systems as well as know the main players from a security manufacturer point of view. There are certain products and systems that simply do not integrate. It is imperative that a consultant be able to ascertain what connects with what, not to mention which systems and devices at actually work in the field, and not just in a manufacturer’s testing department.

OnGoing Security Technology:

Security Technology and the security industry is changing at an astronomic pace and a good consultant will do their best to stay abreast of such. This involves attending webinars, meeting with manufacturer reps, meeting with manufacturers, attending presentations within reasonable travel distance and reading a host of security magazines and articles. 

Counter Terrorism:

Unfortunately, we live in a time of increasing terrorism both International and domestic. The open border has almost certainly allowed terrorists from overseas into the U.S. and as a result, a variety of terrorist attacks can be expected, particularly with wars raging in the Middle East and Ukraine. The consultant should have a knowledge of counter terrorism. 

Understanding the mindset of a terrorist, especially those such as Jihads where they believe they are following their God (Allah in the case of Jihads) that lead to very violent acts that the Western mind finds very hard to understand (witness the attack against Israel by Hamas) allows a consultant to assess high risk facilities and advise clients accordingly.

Computer Networking:

Using an existing network or a dedicated security network is becoming standard practice for cameras, access devices, intercoms, intrusion alarms and other security devices and systems and thus, it is important that a security consultant be familiar with networks, their limitations in certain cases and the overall capability of any existing network that will be supporting security systems.

Camera systems in particular can overwhelm existing bandwidth and will add to the memory requirements of the network.

Security Sustainability:

Under current regulations, by 2030 many Fortune 500 and 1000 companies have made a commitment to meet various sustainability goals that will include the use of smart phones both Ios and Android based, as the preferred access reader for electronic access control systems avoiding the use of plastic cards. The consultant needs to be able to provide appropriate advice to the client on such conversions.

Artificial Intelligence:

Already affecting video surveillance systems at both the camera level and VMS level and likely to have a substantial impact on future security systems and what they will be capable of, a security consultant will be required to have experience and expertise in this field.

Cloud Memory:

Many camera and access systems are utilizing “cloud” memory to store live data in terms of access databases and to archive recorded video. As with any software-based memory operation there are advantages and drawbacks and the consultant should be aware of these. They should also be aware of certain entities whose sales practices and “small print” contract requirements are highly questionable and may not be in the best interest of the client.

Door Hardware:

When dealing with access control and intrusion alarm systems, the consultant should have substantial experience and expertise in door hardware including mechanical locks, electro-magnetic locks, electric hinges, door contacts, exterior exit devices such as crash bars, exit motion devices and others. It is also important to be aware of local fire codes which may exceed national standards such as those of NFPA.

Intercom Systems:

A consultant should be familiar with main intercom systems and specific security intercom systems including video intercom door and desk units. 

Excellent Report Writing Skills:

Being able to write clear and to the point security reports is essential. With executives’ time at a premium, the consultant should be capable of providing an executive summary that covers the essential points of the report and allows the reader to easily study a specific section of the report if they require greater detail. 

Excellent Communication Skills:

It goes without saying that the security consultant has to be able to communicate clearly and in a sensible manner with all levels of management, operational employees, security staff and general employees in obtaining facts and information pertinent to the report. They must also be able to maintain a ongoing rapport with the client indicating what they have discovered relative to the report topic, and further discuss likely recommendations as they proceed.

The report should not contain surprises that the client was not prepared for.

Other As Required:

There may be specialized areas covered in a report where it is necessary for the consultant to have specialized knowledge, or for a member of the consultant team to have such knowledge.

It is easy to “hang a shingle” saying security consultant but having the necessary expertise and experience to adequately carry out a security assignment is something else. Due process on the part of clients in choosing a security consultant is essential.