Security: a professional sector?

Effective security training is key to professionalising the security sector

Angus Darroch-Warren BA (hons) MSc CSyP FSyL PSP

The perennial debate, whether the security sector can be described as a profession and those who work in it as professionals, will only be settled when the necessary professional traits are in place. This includes certification based on competency, university level training and education and the development of skills based on sector knowledge. We are moving towards meeting these requirements and the Register of Chartered Security Professionals (CSyP), the ‘Gold Standard’ for practitioners, is an example of how the sector is moving to meet these requirements.

The continued professionalisation drive has led to the development of a number of vocational security courses at undergraduate and postgraduate level, while the more enlightened private training companies now align their courses with the National Qualification Framework (NQF) and link their courses, through credit values, to recognised higher education establishments and their academic programmes.

Effective, quality training in various security skill sets is therefore an integral part of professionalisation and key to business success - many businesses already recognise that investing in training has a positive impact on improving staff knowledge and skills.

However, some are less aware that good quality training has much wider reaching benefits than teaching core operational skills or ensuring compliance with mandatory licensing requirements. Providing good quality training for employees demonstrates that staff are valued by the business and is instrumental in staff retention, boosting staff morale as well as improving the bottom line.

Security professionals are more aware than ever of the importance of having sound knowledge and understanding of their field, however it is easy to overlook the importance of also developing a versatile, transferable skill set alongside expertise in a chosen discipline. In fact, transferable skills should be a key component of any rounded CV particularly in a challenging economic climate where the ability to demonstrate viable transferable skills will provide a significant competitive advantage. Examples of transferable skills include (but are in no way limited to) business management and financial skills, leadership, people management, evaluation/critical thinking, information gathering/research and communication skills.

Delivery of training has developed over the years and with increasing workloads and fewer opportunities to take time out of work, it can be difficult to find time to learn, particularly in a sector with irregular work schedules and a lot of travel. Thankfully, the days where the only way to get a qualification is to attend a college once or twice a week are gone. Many flexible learning options are now available, with distance and online learning gaining popularity.

Distance learning can be as effective as traditional face-to-face teaching when delivered correctly; this includes good quality materials, a high standard of support from tutors, and appropriate and timely feedback on assignments. Distance learning is used for a wide range of training from short courses taking a few hours to complete to postgraduate qualifications lasting a few years. Distance learning via e-learning, in particular, is increasingly in demand as all the relevant course materials and contact with tutors can be accessed using the internet.

The UK’s Security institute’s Certificate and Diploma security management programmes are both delivered online and bear testimony, through the increasing numbers of learners undertaking the courses, how quality e-learning is now recognised and can bring tangible benefits to learners.

From a practical point of view, distance learning courses often require a heavier investment in the development of learning materials than face-to-face training - interactive elements, such as online videos, take time to produce and can be costly. It must also be remembered that high quality written materials remain the bedrock of any effective distance learning courses and authors may need to learn new styles and/or develop new skills to ensure material is appropriate for use in a virtual learning environment. Maintaining the tutor-learner relationship must also be considered as the availability of tutors and their ability to respond to queries quickly is essential to supporting learners; it is therefore important to consider how and when learners can contact tutors.

Given the wide ranging benefits of distance learning, why should anyone choose face-to-face learning? Face-to-face learning remains a popular method of learning (the school and university systems are good examples here) and there are a number of advantages to face-to-face teaching that are difficult to replicate effectively within a distance learning programme.

The first reason is quite simple: some people are just better suited to or prefer face-to-face learning; different people learn in different ways and face-to-face teaching suits some learning styles more than others.

Motivation is a big factor too. It can be difficult to remain focused on distance learning, particularly when this is completed part time. Life becomes a fine balance between studying and other priorities and sometimes this has a big impact on motivation and enthusiasm. One of the biggest advantages of face-to-face learning therefore is the relatively shorter time in which training can be delivered. Focusing exclusively on learning can be an exciting and rewarding experience and it is much easier to keep motivation high over a shorter timeframe.

There are, of course, some skills that are easier to learn face-to-face than via distance learning - it would be very difficult to learn to deep sea dive without putting on a diving suit on and jumping into the sea! From a security sector viewpoint, skills such as security surveying, conducting investigations, interviewing and specifying security technology need to be taught using practical, hands on methods such as scenario based instruction. Learning by doing has proved a popular and effective delivery method although this does not preclude supplementing ‘classroom’ learning with some on-line teaching on theory (i.e. blended learning).

Face-to-face learning provides opportunities to learn informally as well as formally - learners often learn from each other, sharing individual experience, anecdotes and informal opinions about topics can be useful discussion points.  The spontaneous questions arising from group discussions often provide interesting learning points. The discussions in security management courses often bring up key learning points which can be analysed in relation to an individual’s working environment and the specific risk profiles of their organisation.

During face-to-face training tutors not only have a chance to use interactive methods of learning such as role play and scenario based exercises, they are also able to express their enthusiasm about a subject in a more animated way. It is also easier for the tutor to gauge the level of understanding throughout the course as part of the assessment process – they simply need to look around and judge body language rather than assess the nuances of language used in email or how someone sounds on the telephone. Spending time with the learner will allow for one to one sessions to address perceived weaknesses, something not usually available in a distance learning programme.

Investing in training is readily accepted as key for any business. However, training budgets have been stretched to their limits over the past few years as the economy has slowed down. In some cases, this has led to companies foregoing training altogether. In others, focus has been placed on getting value for money, which often leads to poor quality training if cost reduction is valued over quality. An over-emphasis placed on getting the maximum number of people through the training rather than concentrating on developing the key skills of core staff is also a potential problem, particularly as generic training is unlikely to meet anyone’s needs fully. Businesses need to look beyond the training itself and to the people they are training, they need to consider what the key security skills are that need to be developed.

Contrary to popular belief, training is actually more important during an economic downturn. A stiff economic climate puts pressure on businesses to boost efficiency. Businesses need to be highly skilled, innovative, and adaptive to succeed. By association staff are likely to need a wider variety of skills and tools to do their job and it is important to support their personal development through high quality vocational training.

Cyber Security: A Movement to The Cloud

By Keeva Gilchrist

The process of saving, sharing and accessing data within a company has always been prime focus in the digital age. Over the past decade, cloud computing has come into the forefront by making a bold move away from hard-drive storage. In this way, the cloud allows programs to run through a number of connected servers rather than be stored on any tablet, PC or smartphone. Some of these servers are designed purely for storage whilst others host various applications. This process can run on any number of connected devices and at any time, making it increasingly more convenient in commercial markets. With growing popularity, many major corporations are transferring their infrastructure to the cloud through servers like Dropbox and Office 365. Can the same be stated about their security systems?

In the past, USB devices, CD-R disks and external hard drives served as the only method of file transportation. These out-dated systems are now being replaced by cloud storage due to the many advantages it has for service users. Firstly, folder storage in the cloud allows the recipient access from any internet connection point in the world and grants users with instant sharing ability. Secondly, it is less likely to lose any data due to back-up functions and the absence of a physical storage device. Despite these advantages, creating and storing sensitive data outside of the company network can create a security-based anxiety. The risk appetite – amount of risk that the company is prepared to accept – will directly influence the level at which the cloud is used. In this sense, various pieces of documentation may be considered as too sensitive to outsource and at high risk being stored and shared on the cloud. While numerous servers offer moderately high levels of protection, cloud computing security is constantly evolving and adopting new measures as a sub-domain of information security.

Two further issues associated with cloud computing security involve concerns with the provider and the customer. In order to address these security concerns, the cloud providers must guarantee that their infrastructure is protected and that client data is secure. In addition to this, the customer must ensure that they are confident enough in the provider to make use of their virtual outsourcing services. Without a uniform understanding, the security of the cloud is at risk.

To overcome these concerns with cloud security, methods of encryption act as the major safeguarding mechanism that servers employ to offer data protection within the cloud. Some emerging cloud security companies are using a split-key system to protect client data. This new and ground-breaking security measure offers a double layer of protection for data transferred back and forth from the cloud. Each data object is encrypted with a unique key that is split into two, with one master key stored on premise and a second virtual key created in the cloud domain. Designed against key theft by enabling keys to be used in their encrypted state, the master key is never exposed in the cloud system. The result being that the data is directly controlled by the key holder.

In order for the cloud security mechanism to be affective, the appropriate defence barriers need to be implemented by security management. Cloud Security Alliance – a non-profit organisation dedicated to the implementation of vital cloud security measures – state that there are three major areas that call for concern within the cloud system. These areas consist of: security and privacy, compliance, and legal or contractual issues. In order to achieve a secure and functioning system, security management has to apply a number of controls to safeguard weaknesses and prevent hacking. These controls consist of deterrence, prevention, correction and detection. For successful application, a risk matrix based on asset, vulnerability and threat should be conducted in order to determine the appropriate control type.

For service-users, cloud computing offers low-cost and easy-to-use applications that can be accessed from any number of points. Although there are a lot of positive aspects involved in cloud computing, consumers need to be confident that their personal files are secure. Consumers and businesses alike must understand the opportunities of cloud computing, as well as the risks. In doing so, a uniformed decision can be arrived upon when considering cloud migration.

Welcome to 2015

2015 is here and it’s going to be a busy one for us all. Listening to suggestions from our clients and delegates, we have created our brand new blog — a place where clients, colleagues and delegates old and new can share experiences, voice opinions and keep the learning alive. We'll have contributions from all over the industry, and possibly some from outside... 

Our Values

Following the successful transitional period within our Group of companies, ARC Training have identified our core values and aims for our future. These primarily include providing a service of excellence to our clients and Partners, both in the UK and around the globe.

We are very proud to have delivered security training in over 16 countries in 2014. This has given us the opportunity to understand more about the varying cultures and training requirements that each country hold uniquely. It has strengthened our belief that every delegate merits the absolute best from their training provider. 

Over the past 12 months, we have delivered training for clients in Russia, Malaysia, Nigeria, Egypt, India, Pakistan, South Africa, UAE, Oman, Philippines, Germany, Austria, Saudi Arabia, Kenya and all across the UK. We're committed to keeping our courses current, relevant and interesting, alongside writing new material to maintain our standards within the industry. 

As always, we are very keen to hear your feedback and ideas, so please do get in touch with anything you'd like to talk about. 

Here's to a successful and peaceful 2015 for us all.