Antoinette King, Founder of Credo Cyber Consulting says that both physical security and cybersecurity need to be taken into consideration to minimize risk.

When I began my journey into the security industry the only role computers played was in programming systems through serial cables. As a technician responsible for installing CCTV and access control systems, experiencing digital transformation in its early days was exhilarating. I remember the efficiencies that occurred the first time I used a Northern Computers N-1000 panel that I could daisy-chain and program through a single computer connection. It was nearly miraculous. Simultaneously, the network video recorder (NVR) became an industry standard and in an even shorter timeline the IP camera hit the security scene. All of this occurred in less than a decade.

As a security professional in the industry for more than 22 years, I have seen my share of innovation and change, but it has not been without its growing pains. As a technician in the early days of networked physical security, we viewed the IT department as a bit of a roadblock. Our solution: let’s create our own network [micro segmentation] and not include them in the process. NVRs and access control servers had dual network interface cards (NIC) and we only needed a single IP address for each, eliminating the need to deal with the IT department at all.

A city of silos

For years, the physical security industry has hung its hat on building out its own network infrastructure to support its mission and objectives. We saw the IT department as the adversary and avoided interaction with them at all costs. What we failed to realize is that we were inadvertently adding to the organization’s risk landscape.

As I progressed in my career and started engaging with large global end users, I recognized that there was a massive gap in knowledge and understanding in endpoint security and cybersecurity in the physical security industry. The end users were starting to pay attention to operational technology (OT), the Internet of Things (IoT) and Industrial IoT (IIoT) as part of their cybersecurity programs. This was driving manufacturers in the physical security space to produce products that could meet the hardware and software cybersecurity needs of the end customers. However, the physical security integrators were still driven by legacy philosophies that the IT department was the enemy and that cybersecurity was not their responsibility.

Inspired action

In 2019 I realized that I needed to better understand the intersection of physical and cybersecurity. What better way to do so than go back to school in your 40s?

I enrolled in a master’s degree program at Utica College for Cybersecurity Policy and Risk Analysis. It was at this juncture that I began to see things I could not ignore. My passion for security was reignited by my new understanding of the intersection of physical and cybersecurity.

You cannot have physical security without cybersecurity and vice versa. The assets may be different in each case – people and property in the case of physical security and data assets in the case of cybersecurity – but the principles remain the same.

Credo Cyber Consulting was founded on the concept of bridging the gap between cybersecurity and physical security. Dispelling the mysticism that surrounds cybersecurity is the primary goal of our practice. As a woman in the security industry, I have faced many challenges. However, I have also had many amazing allies who have helped me achieve great things. We are experiencing innovation in both technology and culture; the future is bright and I am excited to see where it takes us.

This article was originally published in the March edition of Security Journal Americas. To read your FREE digital edition, click here.