Professionalism is defined in the dictionary as “the competence or skill expected of a professional”.
This, therefore begs the question, what qualifications, skills or experience someone needs to demonstrate to become a security consultant?
In my four years of working with consultants, I have not found a single, clear answer to this question.
There is a popular saying within certain groups, where all you need to be a consultant is a business card and a website; however, I think the days of these types of consultants are reducing in number.
Some specific job roles in the security industry should be licensed, should consulting be one of them?
The role of education
There are more educated security practitioners out there than ever.
When we combine the benefits of the higher education process with many years of operational experience, this can lead to innovation, higher standards, and ultimately, better service for our clients.
Should we consultants to hold chartered status to work on a project of a certain risk rating, similar to that of the accountancy industry where only chartered accountants can work on certain tasks?
Just as security is a very diverse industry with many facets and specialists, so are the professionals that work in the space, such as retired Military Personnel or Police Officers, engineers who have worked “on the tools” and subsequently moved into consultancy positions, and academic professionals who are able to advise on strategy and detailed risk analysis.
Whilst there are clearly some pre-requisites for some specialists, such as Close Protection or perhaps Hostile Vehicle or Blast Modelling, there has to be a common baseline across the industry, in my opinion, combining knowledge and experience.
Should security consultants also hold a base level of government-sponsored security clearance?
This may enable them to get further detailed information and guidance from government agencies that advise on security measures for government, emergency services, and critical national infrastructure.
A good example of this where consultants need to assess solutions against government security standards.
The consultant needs to assess whether the product(s) he is recommending meet the mitigation requirements.
If the consultant cannot access the requirements documentation due to not having the security clearance, their job then becomes extremely difficult.
Security Industry bodies such as ASIS International have a baseline requirement for membership.
Professional bodies also require their members to adhere to documented professional and ethical standards; however, it is not mandatory for someone to join any of them, however, to practice as a security consultant.
Do we have an image problem?
The risk is that, as a profession, some people see security consultancy as an unnecessary cost or something that isn’t important to their business (until something goes wrong obviously).
This problem is not unique to consultants, however. I have heard comments from colleagues and professionals in the industry who said that their biggest frustration is misinformation, or clients getting the wrong information in the first place.
Whether from a website, online article or information from a sales person, this can set off a chain reaction of all kinds of issues, which could negatively affect the client experience at best.
So what can we do as an industry to improve professionalism in security?
We need to better educate our end user clients, they should be encouraged to engage with a qualified consultant when obtaining security advice.
When someone starts a business, they go to a Chartered Accountant or Solicitor to obtain financial or legal advice. They understand the importance of obtaining the best advice from a qualified professional.
Security in some organisations is just as important, if not more so, but why don’t more clients engage with a suitably qualified security consultant?
Manufacturers and system integrators have a key responsibility in the training of their staff and the quality and accuracy of documentation and information with regard to the systems they are selling and recommending.
Regulation of consultants could be a positive step if carried out properly, with the process and requirements clearly defined.
It has the potential to weed out the bad apples or people that claim that they can do something that they cannot, and ultimately, in my opinion, should improve the perception of the consulting world.