Approved for 13 CPE's

Approved for 6 CEC's


sponsored by


The Consultant Responsibility

BallroomSunday (10/20) 8:00 – 9:00 AM

Presenter: Will Wilkins, Executive Director, Global Security Operations, Valero Energy Corp.

"…the social force that binds you to the courses of action demanded by that force; every opportunity, an obligation; every possession, a duty."- John D. Rockefeller Jr.

The role of consultants, integrators, and other customer-facing business development managers has changed dramatically since 2001. Collectively, the industry has evolved towards greater dependence on IT and cloud based solutions that serve as force multipliers in the field. Moreover, vertical markets are continuously challenged with doing more with less and finding creative ways to leverage their products beyond their intended security application. This presentation offers the client perspective on effective organizational engagement, the importance of building operational benefit for products and services, and reveals the common metrics used in vendor selection. It explores how the need for innovation has reframed the functions of consultancy with responsibility. This obligation demands that the relationship shift from providing a service to becoming a trusted partner – one that understands the industry, its regulations, challenges, and opportunities. It requires acknowledgement that the first point of sale in any engagement is not your customer. Instead, together you have shared customers and only through effective collaboration can you maximize cumulative value. From this vantage, the social capital of the consultant must be greater than that of the economic return of the product or service being provided. This can only be achieved through transparency regarding capabilities and limitations, realistic expectation setting, and delivering beyond the point of sale.


sponsored by


Maximizing the Value of Your Client Relationship

BallroomMonday (10/21) 8:00 – 9:00 AM

Moderator:Chad Parris, PSP, CSC, Security Risk Management Consultants
Panelists:Jim Francis, CPP, LFJ Consulting Services, LLC
Mark Powers, Catalent Pharm Solutions
Phil Santore, DVS
James Stroud, J.P. Morgan

Our keynote speaker, Will Wilkins, will offer meaningful insight from the client viewpoint into understanding the dynamics and internal stakeholders of the security client's organization. With this as the symposium's opening backdrop, a panel of consultants and current and former end users will discuss their own experiences and insights which have contributed to successful, collaborative, and enduring relationships and greater value for the security investment.

Where's the Talent?

BallroomMonday (10/21) 1:30 – 2:30 PM

Moderator:Paul Boucherle, Matterhorn Consulting
Panelists:Chrissy McCutcheon, Security by Design
Michael Newsome, Butchko, Inc.
Chris Wiggins, Safer City Group (NZ)
Carl Will, Faith Group

Not only is the security industry in general faced with identifying and recruiting talent to meet its future challenges, it's even more difficult for the security consulting and engineering firms. While the opportunities in the security industry are clearly not understood by many in the early stages of their careers, consulting is also a mystery to a significant fraction of those already practicing security. Certainly the entry path to the profession is not clear. This session will feature a panel of younger consultants sharing their experiences in entering the profession. It will solicit ideas from our consultant attendees in order to add perspective and suggest some reasonable approaches to address the staffing dilemma.


sponsored by

Digital Watchdog

Cyber Hardening (double session)

PumaMonday (10/21) 9:15 AM – Noon

Presenter:David Brent, Bosch Security and Safety

As of 2015, close to 300 million IP cameras have been installed around the world. Many of these cameras have been installed with default user names and passwords and can be accessed from anywhere in the world. For years the question has been "How secure is the video that a system produces?" but that question is changing. Now the question is "Can my security system be used against me?" Most IP cameras are manufactured with an open operating system, or basic kernel, that gives no real consideration to data or cyber security. What are the current fundamental considerations that an organization needs to take into consideration before placing any IP camera on their network?

Cyber - The Integrator Perspective

PumaMonday (10/21) 2:45 – 4:00 PM

Moderator:Andrew Lanning. Integrated Security Technologies
Panelists:Phil Aronson, Aronson Security Group (ADT)
John Nemerofsky, CGL Technologies
Rodney Thayer, Smithee Solutions
Bruno Desrochers, Tech Systems

Increasingly, Government and Critical Infrastructure clients are seeking a higher level of cyber assurance from their supply chain partners which includes their security system integration partners. Consultants are uniquely positioned to translate a client's cybersecurity requirements into an electronic security system specification which ultimately goes out to the integrator community for implementation. This session will review, from the integrator's point of view, cybersecurity requirements and cost considerations the consultant could/should be discussing with their client during initial risk assessment, during commissioning/testing, and for post-installation monitoring, testing, and life-cycle management.

Cyber Certification & Specifications

PumaMonday (10/21) 4:15 – 5:30 PM

Moderator:Ray Coulombe, SecuritySpecifiers
Panelists:Ray Bernard, PSP, Ray Bernard Consulting Services
Gerard Racine, Andfinity Consulting Inc.
Norman Reames, CPP, CISSP, GHD

This session will deal will continue CONSULT's focus on cyber-security specifications. Issues to be discussed include:

  • Given the preponderance of cyber standards, which of these should be referenced in a specification?
  • What should baseline cyber qualifications/requirements be for both manufacturer and contractor?
  • What should initial submittals include in regards to cyber? Final submittals?
  • Should a product have passed through third party vulnerability testing?
  • What should be reasonably specified for a Contractor to perform on-site in order to cyber harden a system
  • Is it enough to follow Manufacturer published cyber recommendations?
  • Should Contractor technicians hold a cyber-based certification?
The session will address current efforts to formulate a cyber-security certification around the topic of cyber-secure installation, establishing a knowledge baseline that can be referenced in a specification's Qualifications section. Attendance at the prior "Cyber - The Integrator Perspective" session is recommended.


sponsored by


Design Implications of Data Aggregation (Big Data)

WolfMonday (10/21) 9:15 – 10:30 AM

Moderator:Mark Schreiber, CPP, Safeguards Consulting
Panelists:Werner Metz, PhD, Intel
Ryan Parker, R.W. Parker Consulting
Greg Skarvelis, Verint Systems

Over the past several years, the security industry has come to embrace the term "Situational Awareness". Also, the term PSIM (Physical Security Information Management) has been often overused and misunderstood. Both of these address the requirement to have, as much as possible, a holistic picture of impending and existing events to facilitate preparation and response. Now, with the advent of data science, which seeks to pull meaning from a large body of structured and unstructured data, there is the emerging potential to significantly enhance situational awareness and predictive analytics. This session will explore the likely relevance of “Big Data” to the security industry in general and its impact on the thinking behind security design.

Virtual Infrastructure

WolfMonday (10/21) 10:45 AM - Noon

Presenter:Fernando Macias, CCIE, VMWare

Virtualization has become the single most effective way to reduce IT expenses while boosting security and efficiency for all size businesses, and it now encompasses network and storage. Better understanding virtual networks and the underlying concept of micro-segmentation prepares you to have a more productive conversation with the IT organization, understanding what network and security virtualization features may be in use. Learn how a virtual networking fabric contributes to better cyber security. Logical security can be greatly enhanced by using micro-segmentation to reduce the impact of cyber-attacks. This session will cover the basics of virtualization and micro-segmentation and review current cyber security methodologies. It will also provide practical examples and review multiple ways to operationalize a software-defined infrastructure which, in its broadest sense, is referred to as Hyper-converged Infrastructure (HCI).

Secured Communication and the Future of the Converged World (to include IoT)

WolfMonday (10/21) 2:45 – 4:00 PM

Presenter:Pierre Bourgeix, Convergent ESI

The convergence of things with the fast paced movement towards machine learning, deep learning and synthetic cognition/AI is leading our world into a unified symbiosis. For thousands of years our world was disparate or separated - however today it is unified and connected. With this in mind we as humans have all agreed to drink from the chalice and move into the uncharted waters of unified thought. Data, meta data, converged technologies, IT, OT, PS, and IIoT integration using deep learning, machine learning, synthetic cognition /AI are the keys to today's industrial and IT revolution. Secured Communication and Secured Identity are two key elements that are required to begin this evolution and to insure that this new world is created in our image.

Converged Cloud Security (On Premise vs Cloud)

WolfMonday (10/21) 4:15 – 5:30 PM

Moderator:Frank Pisciotta, Business Protection Specialists
Panelists:Clifford Cox, LenelS2
Min Kyriannis, JB&B
Steve Van Till, Brivo

Cloud computing and services are fast becoming woven into the fabric of security for reasons of cost, program updates, and even cyber security. However, some worry about the loss of Internet connection, data back-up, availability, and even cyber security. Are some security applications better candidates to be in the cloud than others? In what situations, if any, do cloud solutions represent a poor fit? What questions should the security designer be asking of both client and cloud solution provider to formulate good solution recommendations?


sponsored by


Errors and Omissions (E&O) Insurance Considerations

HawkMonday (10/21) 9:15 – 10:30 AM

Presenters:Wayne Dean, McGriff Insurance Services
Erin Burns Walters, INSUREtrust

Hear from brokers and underwriters familiar with the security industry regarding the ins and outs of E&O insurance and how that relates to general liability and cybersecurity concerns. Understand how you might be liable for errors or failed products as a reseller or integrator. Learn how your professional liability as a system integrator might overlap with Cyber risk and how package policy forms might fail to address this. Do you know if you are fully covered for financial damages in the event one of the products you install fails to perform as expected? Do you know how your coverages will respond if there is a security concern in one of your Applications that integrates with the technology you sell? How to protect the company against work done by hired Subcontractors.

Cyber Risk and Incurred Liabilities

HawkMonday (10/21) 10:45 AM - Noon

Presenters:Wayne Dean, McGriff Insurance Services
Erin Burns Walters, INSUREtrust

There is a growing acceptance of the need for cybersecurity insurance. But how often do claims get paid…and why? The presenters provide insurance services to PSA Security Network integrators and will discuss the circumstances around several cases where claims against several integrators have been paid. What lessons are to be learned and how can security service providers better prepare themselves to be protected from cybersecurity liability? What are the main costs during a cyber event and how does the current insurance market cover these? Do you know the top Cyber Security and Privacy threats to your business and whether or not your Cyber policy covers these?

Surf the Privacy Wave; Risk Management and Operational Security in an Evolving Privacy World

HawkMonday (10/21) 2:45 – 4:00 PM

Presenter:Salvatore D'Agostino, IDmachines

The session will review the current privacy requirements for security and surveillance systems. It will provide an overview of the relationship of privacy to security and how this relationship is evolving both locally and globally at this time. The session will introduce the concepts behind measuring and assessing privacy risk and the creation of a resulting privacy profile. The session will review existing surveillance and privacy codes of conduct, standards, frameworks and references and how these can be used by security and surveillance service providers and professionals. It will look at the particular considerations in the use of analytics and cloud based services as examples of high privacy risk applications. The session will give examples of the countermeasures that can be used to mitigate privacy risk in general and in this particular use case. Finally the session will examine the ways to measure and improve the usability of privacy from the perspective of the enterprise and the individual.

Operations Risk – Holistic & Practical Assessment

HawkMonday (10/21) 4:15 – 5:30 PM

Presenter:Benjamin M. Butchko, Butchko, Inc.

Recognizing and evaluating cyber, physical, and operations risks provide for significantly greater delivery of value to the business operation. However, assessment and identification of risk is often performed in silos and from differing perspectives. Go beyond hype and marketing vernacular to see how a holistic view can be achieved through a manageable and repeatable process. Perform assessments that look beyond the tree and provide a clear view of the forest.


sponsored by


Mitigating Liability Risks During Hostile Event Response

BadgerMonday (10/21) 9:15 – 10:30 AM

Presenter:Jerry Wilkins, Active Risk Survival

Applying industry best practices can directly affect an organization's liability in the aftermath of a hostile event. There is significant published guidance including PASS 4th Addition Partner Alliance for Safer Schools, NFPA-3000 (PS) Active Shooter Hostile Event Response Planning, USSS Enhancing School Safety, and FBI Developing Emergency Operations Plans. Drawing from case studies including Mueller Water Products, the New Zealand Mosque Attack, and MDS High School in Parkland FL, this session will focus on the due diligence (actions and processes) an organization can pursue in preparation for a random tragic event.

Project Success or Fiasco: Dealing with Shocks, Illusions, and Ambushes

BadgerMonday (10/21) 10:45 AM - Noon

Moderator:Ed Chandler, Security by Design
Panelists:Jerry Blanchard, Protus3
J. Kelly Stewart, Newcastle Consulting
Brad Wilson, RFI Communications

Every project has its unexpected moments. Sometimes, though, the unexpected can feel like a tidal wave. Manufacturers can be suddenly acquired, client personnel suddenly change, product capabilities have been oversold or forgotten, or the contractor becomes more foe than friend. These and other situations can threaten the success or even viability of a project unless cooler heads prevail. Hear from a panel that has nearly seen it all to understand how they've dealt with different project-threatening situations and what they might do differently in retrospect.

Escalation: How to handle a project that goes 'sideways'

BadgerMonday (10/21) 2:45 – 4:00 PM

Moderator:Rodney Thayer, Smithee Solutions
Panelists:Bret Emerson, CommTech Design
Min Kyriannis, JB&B
James Stroud, J.P. Morgan

How do you handle resolving problems with vendor's “solutions” that aren't solutions at all? The physical security marketplace often shows up ill equipped to handle these situations causing a project to go sideways and responding in an ad hoc manner with one-off band-aid solutions? The answer may well lie in "escalation". Can problems be handled in an orderly manner or is there a need to escalate with extreme prejudice (cancel the purchase order, rip and replace)? Can issues be resolved, leading to a "lessons learned" conversation and ensuring the problem doesn't happen again? This panel will discuss processes, honed in the IT arena, that can be used successfully to manage vendor problems whose severity begs for escalation.

Understanding Security Systems Commissioning

BadgerMonday (10/21) 4:15 – 5:30 PM

Moderator:James Krile, Heapy Engineering
Panelists:Paul Benne, Sentinel Consulting
Jim Henry, Securitas ES
Forrest Gist, Jacobs Engineering

Have you ever approached a client about a value added service such as commissioning, only to have them respond that "Isn't this already included in your proposal?". In this session, we will discuss the often mis-understood and sometimes poorly defined project close-out activity referred to as Commissioning. We will explore some of the more essential aspects of Commissioning our increasingly complex and interconnected Security Management Systems. These include (1) What is Commissioning? (2) What is the justification for this value added service; and (3) What does the commissioning process look like?


Elliot A. Boxerbaum Award Presentation

Elliot A. Boxerbaum Award Presentation Sunday's Lunch will feature the presentation of the Elliot A. Boxerbaum Award for the 2018-2019 Security Design Project of the Year. The award is the security industry's only award recognizing excellence in security system design. It is specifically for companies engaged in security engineering and design. It recognizes collaboration, design excellence, uniqueness, creativity, and administration factors which contributed to a highly successful security project. Elliot A. Boxerbaum, MA, CPP, CSC, was founder and president of Security Risk Management Consultants, Inc., an independent security consulting organization providing security vulnerability assessment, master planning, design development, technical specification, and project and program management support services to a wide range of clients throughout the United States and abroad. He passed away in June 2014, from ALS. Once again, his wife, Debbie, will present the award.

WW II Navajo Code Talker

Our country's Navajo people were key to our victory in World War II. In the Pacific Arena, the Japanese managed to crack every communication code the United States used. The Marines turned to their Navajo recruits to develop a secret military language. Navajo Marines created the only unbroken spoken code in modern warfare. In 2007, Judith Avila met Navajo code talker Chester Nez and convinced him that his story needed to be heard. Chester, the last of the twenty-nine original Navajo Code Talkers of WWII, insisted that he “had done nothing special, only his duty.” Still, he agreed to tell Judith about his life. Judith recorded Chester's narrative, then committed the memoir to paper. Penguin published Code Talker: The First and Only Memoir by One of the Original Navajo Code Talkers of WWII in 2011. It soon became a best-seller and is still going strong. Judith, a graduate of Duke University, discovered writing after working as an air traffic controller and a computer consultant. She will speak at Monday's lunch and be joined by Chester's son, Mike, and grandson, Latham.

Questions or comments? Contact us at

About Us

CONSULT is a security industry event sponsored by SecuritySpecifiers. SecuritySpecifiers is an online community and network of security professionals established to address the need for the physical security industry to more effectively engage with designers and consultants.

Useful Links

Contacts Details