Securitas is at it again. Apparently their Microsoft account has a hard time holding on to their scapegoated account managers, because they are hiring again. (Most likely this job is in South Seattle, NOT where they say it is on the craigslist post. Why the deception? It's Securitas - why not?):
http://seattle.craigslist.org/est/sec/2502780965.html
Last time I interviewed for that job it was worded exactly the same way. I made it through 5 interviews and was offered a $60k salary, only for them to reneg last second before I met to sign on the dotted line and begin training. For more information on how to interview with these types, check out: http://seattlesecpro.blogspot.com/2010/10/deadly-questions.html
Wednesday, July 20, 2011
Wednesday, May 25, 2011
Symbol of the Fedora
In Noir films, the Fedora is a symbol of the heroic private detective. IMHO this "PI" icon is the most professional stereotype in the security industry. Surveillance is increasingly becoming more important for security officers, and the PI stereotype simply works better for us than the alternative "mall cop" stereotype promoted by Hollywood.
Graphic novel illustrator and author Brian Thompson works in the security field, and literally embraces the Fedora for more practical reasons. He created the following document which humorously explains why: The Case for the Fedora.pdf
Graphic novel illustrator and author Brian Thompson works in the security field, and literally embraces the Fedora for more practical reasons. He created the following document which humorously explains why: The Case for the Fedora.pdf
Wednesday, March 16, 2011
Free Online Emergency-Management Training
There is free FEMA training in emergency management (National Emergency Management System or "NIMS") provided through their website. The courses are actually online, including the paperwork you need for certification, and including printing out your certification on your own printer: http://training.fema.gov/IS/NIMS.asp
These are some nice bullet points for your security resume.
These are some nice bullet points for your security resume.
Saturday, January 1, 2011
Surveillance Detection 101
I am not going to get into WHY security would want to do surveillance detection, OR what to do with information gained from surveillance detection. Those are separate from "how to do surveillance detection," which is what this blog-post is going to be about. I am going to stay theoretical here, and give no real-life examples.
The concept is "how to watch the people who are trying to watch you." Here is how it is done:
Step 1: Identify your major vulnerabilities. These are the targets at your site most likely to be attacked. Keep this number small, vandals or terrorists will want a big pay off for their efforts, so your are talking about only one or two targets here.
Step 2: Identify your hostile surveillance positions. A hostile surveillance position is any place someone can conveniently spy on your major vulnerabilities from. It may be possible to rent a helicopter to spy on your facility, but it is not convenient. Figure out which spots are realistic to use to spy on your vulnerabilities.
Step 3: Identify your red zone. Your red zone is the line of site area between your hostile surveillance positions and your vulnerabilities. Anything in the red zone is going to be seen by your enemies when they are spying on your vulnerabilities.
Step 4: Identify your surveillance detection positions. A surveillance detection position is a place you can spy on a hostile surveillance position from, outside of your red zone. These positions are key to being able to identify who's spying on you.
Step 5: Follow-through. Once you have your surveillance detection positions, you need to coordinate your information and analyze it for suspicious patterns. When gathering information you need to use a good cover, lest someone discover what you are up to: if someone discovers they are being viewed, they will cease to be viewable. The most important rule is "don't get caught," even if your enemies don't see you, anyone from a drug dealer to a law enforcement officer could have a very big problem with your spy-vs-spy behavior if he discovers you.
Theoretical Example: 1981
Let's say you decide to do some surveillance detection for your own personal double wide. First you identify that the thing most likely to be attacked on your property is your 1981 Pontiac Trans Am.
Second you identify the area that it can be realistically be spied upon from. There is a dirt road in front of your place, and you have a few neighbors across the street. That street and their yards are what you identify as your hostile surveillance positions.
Third, your red zone then turns out to be your front yard and your double wide (which can't be missed when looking at your front yard,) and the street and yards of your neighbors.
Fourth, looking around the neighborhood you realize there are woods not far from your home where you can see most of your red zone and hostile surveillance points, and a fishing pond where you can see all of the rest. The pond and the woods are now your your surveillance detection positions.
Fifth, you are avid outdoorsman anyhow, so you gather up your fishing gear, camouflage parka and bird watching binoculars and spend just a little more time at the woods and pond than you already do, taking careful notes on any suspicious activity. You log suspicious activity in the January issue of Guns and Ammo, and realize after a few weeks that there are indeed teenagers checking out your Thunderbird on a regular basis.
Thursday, December 16, 2010
Certification: IFPO vs. ASIS
Conventional wisdom says you should get your IFPO certifications (CPO for security officers, and CSSM for supervisors or managers) first, and your ASIS certifications (PSP for security officers and CPP for supervisors or managers) after you have been in the industry for 5-10 years. The ASIS certifications require a minimum amount of time for the PSP (5 years) and the highly-coveted CPP (7 years with a bachelor's degree, 10 years without, and of this time 3 of those years must be "in charge of a security function.") Conventional wisdom then contradicts itself with "the CSSM counts as a continuing education credit for maintaining the CPP credential, so it is good preparation for the CPP."
In my experience interviewing for management positions and being involved in training security officers on the job, and with my background in adult education, I differ with conventional wisdom on this:
So here's the IFPO + ASIS certification path that makes sense to me:
What this means to most security professionals is that they should be working on their ASIS PSP certification if they are not yet qualified for the ASIS CPP certification, only worrying about what the IFPO has to offer them AFTER getting the ASIS CPP certification. Summary: IFPO certification helps your employer, ASIS certification helps you.
In my experience interviewing for management positions and being involved in training security officers on the job, and with my background in adult education, I differ with conventional wisdom on this:
- The IFPO materials are more for Security Companies than for individual security officers. If you are setting up a new security company, the IFPO materials provide a great instant training program for your security staff, from new hires to management.
- Everyone in the security industry knows who ASIS is. If you mention that one of your goals is to be a CPP, the next question out of their mouth is likely to be "oh, are you already an ASIS member?"
- There are three kinds of companies out there: A) security companies that use IFPO materials, B) security companies that have sub-par training for their employees, and C) security companies with their own in-house training system. Most companies fit under the category of B and C and will look at you funny when you mention the IFPO. If the company does actually know who the IFPO is (company type A,) then your credentials bring nothing new to the table for them - you are only trained by the standards they have already set for themselves - nice, but not great.
So here's the IFPO + ASIS certification path that makes sense to me:
- IF and only if your work makes you, get the IFPO CPO. Studying the CSSM material at this point is a great idea because it's a top-notch management text, but no need for certification just yet.
- The first certification you pursue on your own is the ASIS PSP. Now you have an actual ASIS certification, even if it is not the CPP. It probably is good preparation for the CPP, covering some of the same technical material.
- A few years later you get the all-important ASIS CPP.
- You pick up the massively under appreciated IFPO CSSM for continuing education credits after getting your CPP (with little effort because you've been gawking at the material for years already.)
What this means to most security professionals is that they should be working on their ASIS PSP certification if they are not yet qualified for the ASIS CPP certification, only worrying about what the IFPO has to offer them AFTER getting the ASIS CPP certification. Summary: IFPO certification helps your employer, ASIS certification helps you.
Saturday, October 23, 2010
Deadly Questions
I recently went through a series of 4 interviews where I was basically offered a $60k/year job, and then they renegged on me just before the final "signing on the dotted line" meeting. The interviewer said this was as a result of my answers in the last interview*. (Other people from my company who have interviewed with this company say it seems this company does not like my company, and there are plenty of possible ways that could be.) Throughout this process I was asked a number of alarmingly provocative questions - the kind of questions that if you don't BS your way through, you are going to incriminate yourself.
One question they asked be about early on was "what do you know about being audited?" What they were probably talking about at the time (and I didn't get at the time because they did not say "security audit") is called a "penetration audit." A "penetration audit" is when someone employed by your client or security company tries to fool your security staff into not doing their job correctly. The client or security company then savagely beats the security manager for "not training the security staff sufficiently." This is why security companies own brief cases full of fake guns, bombs and other things that look like the belong in a toy store - is for doing penetration audits. Of course if you know that your account was "being audited" - it means you failed the audit, so both a "yes" and a "no" answer to this question is incriminating, because either "you don't know" or you have made a major mistake as a security professional.
Half way through the interview process, they had me submit written answers to the following list of questions (which they later cross-examined me on in a panel interview, and then cross-examined the verbal answers from that interview in yet another interview):
1 . Why are you interested in this opportunity with our company?
2 . What do you know about our company?
3 . Why do you wish to leave your current employer?
4 . What criteria are you using to evaluate the company you hope to work for?
5 . What are your career goals?
6 . How will this opportunity help you achieve those goals?
7 . What are the most rewarding/least rewarding aspects of your current job?
8 . If someone asked your current manager what are your greatest strengths and
your greatest weaknesses, what would they say?
9 . How have you handled situations in which there’s conflicting information from
a number of sources? How do you sort through it, get to the root issue, and
develop a relatively simple and practical win-win solution?
10 . How have you handled a surprise turn of events within an on-going project?
11 . What certifications do you hold?
12 . What is the current size of your staff?
13 . What is your management style?
14 . To you, what makes an effective/ineffective manager?
15 . Are you able to manage simultaneous tasks? Please give examples.
16 . What is an example of a time when you had to take a contrary position, against
some significant opposition? How did it play out?
17 . How would you rate your interpersonal skills?
So many man-traps to step in, so little time. My answers should have probably been measured in sentences rather than paragraphs.
* The questions from the final interview were (verbally):
1) name a serious mistake you have made in the work place, and what you have learned from it.
1.5) name three things you would hope to avoid in in your next job.
2) where do you want to go with your career,
2.5) what qualities would your manager need to help you get where you want to go?
There is no way to give a satisfactory answer to these questions without careful planning or extreme dishonesty. (For example, I gave them 4 straight answers for questions 1 and 1.5, answers that were for completely unrelated events. However, I got the impression later that they thought that they were all about exactly the same event, so supposedly I would have hired a young female security officer who I then sexually harassed and got into trouble with HR... which of course I never said or did was ever even accused do doing anything like that at all - those questions imply a correlation between your answers even when there is no correlation implied by your answers.)
What they are probably trying to do is make sure that the interviewee knows how to keep their answers short and not say anything to incriminate themselves. I want to collect a list of killer questions asked in interviews, and have my canned answers prepared. Feel free to leave nasty questions you have actually heard in interviews in the comments to this blog post.
One question they asked be about early on was "what do you know about being audited?" What they were probably talking about at the time (and I didn't get at the time because they did not say "security audit") is called a "penetration audit." A "penetration audit" is when someone employed by your client or security company tries to fool your security staff into not doing their job correctly. The client or security company then savagely beats the security manager for "not training the security staff sufficiently." This is why security companies own brief cases full of fake guns, bombs and other things that look like the belong in a toy store - is for doing penetration audits. Of course if you know that your account was "being audited" - it means you failed the audit, so both a "yes" and a "no" answer to this question is incriminating, because either "you don't know" or you have made a major mistake as a security professional.
Half way through the interview process, they had me submit written answers to the following list of questions (which they later cross-examined me on in a panel interview, and then cross-examined the verbal answers from that interview in yet another interview):
1 . Why are you interested in this opportunity with our company?
2 . What do you know about our company?
3 . Why do you wish to leave your current employer?
4 . What criteria are you using to evaluate the company you hope to work for?
5 . What are your career goals?
6 . How will this opportunity help you achieve those goals?
7 . What are the most rewarding/least rewarding aspects of your current job?
8 . If someone asked your current manager what are your greatest strengths and
your greatest weaknesses, what would they say?
9 . How have you handled situations in which there’s conflicting information from
a number of sources? How do you sort through it, get to the root issue, and
develop a relatively simple and practical win-win solution?
10 . How have you handled a surprise turn of events within an on-going project?
11 . What certifications do you hold?
12 . What is the current size of your staff?
13 . What is your management style?
14 . To you, what makes an effective/ineffective manager?
15 . Are you able to manage simultaneous tasks? Please give examples.
16 . What is an example of a time when you had to take a contrary position, against
some significant opposition? How did it play out?
17 . How would you rate your interpersonal skills?
So many man-traps to step in, so little time. My answers should have probably been measured in sentences rather than paragraphs.
* The questions from the final interview were (verbally):
1) name a serious mistake you have made in the work place, and what you have learned from it.
1.5) name three things you would hope to avoid in in your next job.
2) where do you want to go with your career,
2.5) what qualities would your manager need to help you get where you want to go?
There is no way to give a satisfactory answer to these questions without careful planning or extreme dishonesty. (For example, I gave them 4 straight answers for questions 1 and 1.5, answers that were for completely unrelated events. However, I got the impression later that they thought that they were all about exactly the same event, so supposedly I would have hired a young female security officer who I then sexually harassed and got into trouble with HR... which of course I never said or did was ever even accused do doing anything like that at all - those questions imply a correlation between your answers even when there is no correlation implied by your answers.)
What they are probably trying to do is make sure that the interviewee knows how to keep their answers short and not say anything to incriminate themselves. I want to collect a list of killer questions asked in interviews, and have my canned answers prepared. Feel free to leave nasty questions you have actually heard in interviews in the comments to this blog post.
Monday, October 11, 2010
Hospitals currently hiring in Seattle
At least 3 hospitals are currently hiring security staff in Seattle today, all of which you would apply for online through a website for that hospital:
1: Children's Hospital
2: Swedish Medical Center
3: Harborview Medical Center (apply through "UW Hires" website.)
The lowest one starts off at around $14.50 and has a pay scale based on experience that applies even when you are first hired including your previous experience. At least one of these hospitals is hiring 3+ security officers, so that your odds of getting on right now are very good. If you want to get into medical security, this is a good time to do it in Seattle if you are an experienced Security Officer.
1: Children's Hospital
2: Swedish Medical Center
3: Harborview Medical Center (apply through "UW Hires" website.)
The lowest one starts off at around $14.50 and has a pay scale based on experience that applies even when you are first hired including your previous experience. At least one of these hospitals is hiring 3+ security officers, so that your odds of getting on right now are very good. If you want to get into medical security, this is a good time to do it in Seattle if you are an experienced Security Officer.
Subscribe to:
Posts (Atom)