EXCLUSIVE: Inside the mind of a security expert


Share this content

Security Journal Americas catches up with Michael Gips, JD, CPP, CSyP, CAE, Principal, Global Insights in Professional Security (GIPS).

Can you identify some of the key trends you are seeing in the US security industry?

There’s so much going on. I’ve spoken extensively about the risk posed by social media, everything from tarnishing corporate reputations and brand value to spurring domestic extremism to undermining faith in institutions such as courts, legislatures and law enforcement.

That threat is only expanding and the market is just now starting to provide tools to counter it, such as mass data ingestion and predictive software. In the meantime, organizations occupy the perilous area between a laissez-faire attitude toward social media and closely monitoring staff posts on sites such as Facebook, LinkedIn and Twitter. Both options carry legal risks and raise cultural concerns.

Relatedly, I do a lot of work in the insider risk space. The global cost of insider incidents was already enormous before the COVID-19 pandemic – well into the trillions of US dollars annually. Insider risk is often segmented into distinct areas, but is much broader than many people realize.

It isn’t just occupational fraud, embezzlement, trade secret theft and workplace violence, but a multitude of other threats including, but not limited to sabotage, drug and alcohol abuse, malware insertion, forgery, terrorism and more; that doesn’t even include negligence or social engineering, which by some accounts constitute up to 70% of all insider incidents.

How has that evolved?

COVID-19, the Great Resignation, the surge in inflation, record low levels of unemployment, the mental health crisis and the hybrid workplace are among the factors contributing to a surge in insider incidents today.

Some of these come about because companies may not be securely set up for remote work, because they don’t have mechanisms in place to deal with overstressed or emotionally compromised staff, because they haven’t rethought policies and procedures before bringing staff to work, by forgoing background checks in the rush to onboard staff and so on.

Trade secret theft by executives who then quit and join competitors is rampant. A former engineer for Apple recently pled guilty to stealing Apple trade secrets involving self-driving car technology on behalf of XPeng Motors in China. The victims and culprits are at companies of every size. Executives have defrauded the government of COVID-19 relief funds to the tune of hundreds of billions of dollars. Federal authorities have called it the biggest fraud in a generation.

What security trend or event has surprised you the most?

I’m not sure that this constitutes a surprise, but blockchain seems to be stalled in the security space. A few years ago you couldn’t escape bold predictions on how blockchain would soon underlie the whole security infrastructure. That hasn’t happened.

Sure, blockchain is fundamental to cryptocurrency and it has some good applications in smart contracts, provenance tracing for items such as food and gems and a few other areas. But, it seems to be a technology waiting for an application. And I think that’s good. There is no sense in forcing a specific technology onto an application. I think the technology will really take route organically when the fit is right.

That’s on the technological side – what about otherwise?

It’s more a matter of being disturbed then surprised – along the lines of, is no place sacred? And I use the word “sacred” intentionally because I’m talking about the surge in targeted violence against American houses of worship.

I serve as the head of the security committee for my house of worship and it’s really an unpaid, part-time job. I’m constantly consumed with potential threats, incidents against other institutions, incidents in the nearby community, events and demonstrations in the neighborhood, traffic flow, guard staffing, usher and greeter training, access policies and crisis preparedness and balancing all that with maintaining an open and welcoming environment for worshipers, staff, clergy and students and faculty at the religious school.

That wasn’t in the volunteer position description a few years back, I imagine?

A couple of decades ago, a typical incident against a house of worship might be vandalism such as a broken window or a stolen statue. Churches, temples, mosques and synagogues used to be safe havens, but they’ve gone the way of schools. They are no longer immune to the impulses of the worst of our society.

Hopefully they are taking action?

Yes! Fortunately, religious communities have developed robust security programs and they are very good about sharing best practices with colleagues, be they Priests, Rabbis, Imams, Pastors and more.

One of the earliest examples is the Secure Community Network, or SCN, which was founded by the Jewish community in 2004 by a colleague and business partner of mine, Paul Goldenberg, along with Steven Pomerantz, who held senior roles in the FBI. Paul is a former law enforcement executive who for two decades has devoted himself to similar initiatives and is currently working on behalf of the Rutgers University Miller Center.

He was personally on the ground in Paris, Copenhagen, Sweden and Belgium in response to attacks against the Jewish communities there and has been horrified to see the violence migrate to this side of the Atlantic. We haven’t seen religious facilities in the United States ringed by armored vehicles, barbed wire and heavily armed troops yet – which has occurred in Europe – and I pray we never have to go there. The Miller Center has developed a wonderful array of policies, procedures, plans, best practices, trainings, social media threat analysis capabilities and experts that serve communities of all faiths.

As I said, information sharing among religions shows a true ecumenical generosity of spirit. Nobody personifies that better than Mary Marr, who runs the Christian Emergency Network. She is in the midst of creating a periodic safety and security forum based in Kroc Centers, which are community centers operated by The Salvation Army. Her vision is for combination in-person/streaming forums to be held at one of the dozen or so Kroc Centers in the United States.

Community leaders including faith-based clergy and officials will learn from nationally recognized SMEs, discover helpful resources and services and gain the tools to build or augment a community-wide safety and security posture.

These sorts of efforts give me hope.

Finally, what’s next for Global Insights in Professional Security?

I’m exploring some technologies that could be transformational. Voice authentication and verification for instant emergency response has tremendous potential.

I’m also working with the Network Contagion Research Institute, a dedicated group of scientists and analysts focused on threats arising from social media as well as with other companies that offer everything from a truly proactive insider threat solution to innovative crisis training to interactive courses on workplace violence prevention, travel risk management and situational awareness.

And, of course, I will be keeping up with trends and continually learning from security executives, technologists and the many other excellent practitioners and experts in our field.

Michael Gips, JD, CPP, CSyP, CAE

For more information, visit: www.gipsinsights.com

This article was originally published in the October edition of Security Journal Americas. To read your FREE digital edition, click here.

Return to Security Journal Americas NEWS INDEX

Receive the latest breaking news straight to your inbox