Security is a form of risk management, and all security begins with identifying risk. Every company relies on identification risk management as a part of its brand management. The threat is what determines risk. Threats are dynamic. A threat to an individual is different from a threat to an event, an asset, a company, or a military installation. Historically, security programs derive from the threats and risks. Technology has been used in these programs, but current technology continues to help reduce risk.
Security technology has evolved dramatically over the past decades. The purpose of security is to detect and deter, which then better informs the protection of a facility, asset, and/or compound. Security’s ability to defend has traditionally relied upon static defense mechanisms with humans taking an action once a camera, alarm, or sensor is notified.
Historically, technology advancements have varied in forms. In the early days, that included materials that made an intrusion harder. It evolved with cameras and sensor advancements, which provide faster indicators and warning. The sensors would feed the computer, which relied on an individual to review and act by identifying a potential intruder and addressing the size and scope of the event. Computers got faster and cameras got better, but the lag time between the event and the initial response did not necessarily correspond. Added time frames of response and giving guards post orders were ways to address gaps in the technology, but those tactics did not always solve the problem. Companies traditionally added more labor to security in hopes that would be the sole solution. While it may seem like the logical decision, with today’s challenges of different needs and sizes of sites, it’s time to consider a force multiplier compound that also includes acreage, fences, sensors, and cameras.
The reality is, over time, equipment ages and humans get complacent. This is manifested when there is a breach, break-in, theft, or attack on an individual or company. Those unfortunate events can be a result of significant gaps in security caused by the realities of man and machine: broken sensors, intermittent or inoperable cameras, facility features not maintained (parking lot lights, emergency call buttons). After significant security events, there is a great deal of scrutiny, but corrective measures are reactive.
Security is often considered a cost element, so often it ranks lower on the funding priorities. Organizations need to evaluate security as an enabler to the business, utilizing technology to maximize the resource utility. For example, time and speed to resolution are important in any security event. The speed of an intrusion detection reduces the potential theft, loss, or impact to the business, in turn reducing the impact to the company's costs and brand. The San Francisco Police Department deployed multiple types of security including mobile surveillance units and drones, which enabled not only detection, but also the ability of law enforcement to prosecute offenders. In a commercial vertical, the ability to identify reduces the time an intruder has to try to steal, allowing businesses to reduce loss prevention and contribute to the bottom line. In the federal space, time to detection enables teams to locate and identify intruders and perpetrators while meeting customer response requirements. Technology hardware and software solutions can provide value to current physical security environments. This is an opportunity to posture security as a return on investment.
During my decades leading teams in the federal government and private sector, I watched technology evolve rapidly. It continues to evolve and there is no slowing down. Forensic capabilities married with artificial intelligence can help investigate and close incidents faster. For years, incidents were investigated post-event. Investigators sifted through data, interviewed individuals, and provided a report of the event. This critical information relied on memory of the event by the individual on duty, and hopefully it was captured on a camera in the monitoring center. When it all went smoothly, the investigation could be close to a successful closure, but often there were missing elements. Key investigations may have been closed without knowing all the facts. Criminals, thieves, and adversaries use existing vulnerabilities to their advantage. Security can and should use technology to reduce this gap.
The application of agentic AI provides a capability to identify the intruder(s). Once identified, the options for prosecutorial actions are greater. The camera coverage can discern between a human and a four-legged intruder, perceive the size of a protest, or add visibility to what cannot be seen by the naked eye at night (if employing thermal cameras). Agentic AI has changed the calculus, reducing the gap between sensing and action. The identification and informing capabilities buy time. Time enables humans to take appropriate action sooner (i.e., call local law enforcement, deter the bad actor from entering in the first place). Agentic AI can maximize physical security resources and enable the implementation of stronger physical security countermeasures. For example, AI talk down can reduce risk and strengthen your security posture. It independently plays messages warning intruders off the property, intervening without a human guard. This capability can make your company, assets, facilities, or compound a harder target and will convince the threat to go elsewhere.
As with all technologies, there must be guardrails of utilization. One must ask and answer the “who, what, where, how, and when” questions to ensure legality and privacy are not concerns. If there are concerns, what is the planned mitigation? How does the technology address the cybersecurity concerns sufficiently to protect and defend a client’s data and personnel? Any technology utility must have a robust cybersecurity posture.
AI is the single technology in the past two years which has the potential to transform how security collects and analyzes data. Let the technology augment the entire security program posture. Customers may be uncomfortable until they understand the rules of engagement, the protections surrounding the data, and how it may relate to their risk management posture. Protection of the backend is as critical as the technology, which gives customers the information to utilize the technology to reduce risk, identify perpetrators, and prosecute as appropriate.
In my roles as a former federal security professional and CSO, new AI-powered security solutions would have provided me with actionable information sooner in protests, construction projects, and other use cases. This is not to say humans and static technologies should be discarded, but having a myriad of solutions allows for optimization of security resources.
Adoption of new technologies takes courage. But courage is bolstered by understanding the benefits of what the technology can provide to augment an existing program or provide a solution to an intractable problem. New security solutions can be easily deployed and adopted. Many are even mobile and can be easily utilized in ways traditional static structures cannot. In addition, the ease of acquisition for all customers allows more flexibility via some annual financial models, allowing security budgets and to go further. Also, new technologies can augment guards and help them be more successful. Ultimately, these innovations provide a powerful and flexible means to address modern security challenges more comprehensively than ever before.
