Speaker Spotlight—Mike Kolatski, CPP, MAS, CIPS
In this installment of Speaker Spotlight, Security Management spoke with Mike Kolatski, CPP, MAS, CIPS. Mike’s career in security has taken him from the Milwaukee Brewers baseball club in the late 1970s to a Milwaukee police officer and then to San Francisco and Seattle working large-event security. He is currently the executive director of the Pacific Northwest region for Andrews International Security, where he oversees the operational, human resource, training, and financial functions for the company. During his seminar session, Mike will discuss how security professionals can make themselves a valued security leader for their executives. Speaking with Security Management, he talked about overcoming negative perceptions of private security and how security professionals need to diversify their skills in a new and precarious economy.
What’s your session topic about?
It’s a panel discussion with three other security practitioners from diverse backgrounds and career tracks. Our collective experience represents a broad spectrum of both the public and private sector with expertise ranging from former law enforcement, military, corporate, hospital, institutional, event, and homeland security. The synopsis of what we’re going to talk about is “How has security changed in the 21st century?” The transformation of security and security leaders is tangible. It’s no longer the historical or traditional view of someone hoping to enter law enforcement or looking to retire. We use the example a lot of the Paul Blart, Mall Cop-thing, which is unfortunately the traditional view of private security.
We view private security as a viable profession that needs to be recognized and viewed completely differently than in the past. We’re going to talk a little about how each one of us got where we are right now, both in the public and the private sector. And then what skills are going to be necessary to be successful in the 21st century because it’s driven differently now than how it used to be. Security used to be considered a necessary evil and always a cost burden with no tangible return on investment. We believe now in the 21st century that it needs to be a vital component of any organization’s total business plan. We also need to take a holistic approach to security rather than a “siloed” approach. Our panel will share their perspectives on the critical success factors and strategies to build and sustain security leadership both personally and professionally.
You’re trying to defy the public perception of security? That it is sophisticated and there is a greater amount of professionalism than the industry is given credit for?
Absolutely. I think historically it has always been considered a transitory job. Someone who’s trying to enter law enforcement or they couldn’t get something else, so they’ll take a job as a security guard rattling doors until something better comes along. It’s our belief that that’s totally wrong in the 21st century. Now it’s a viable profession. And it has to be looked upon in that way and because of that, there are different skill sets that are necessary for any security professional to succeed.
What are some of those skills?
I think security professionals now have to have a diverse background and a diverse set of knowledge areas, skills, and competencies. They need to understand core business principles. They need to understand risk management. There’s a whole assortment of things that we have to understand and be proficient in so that we can work within the business organization and be part of the entire plan.
Are we looking toward highly educated security professionals now?
I think it is a huge part, not only for the security professional to be educated, but I also think security professionals need to educate the general public and more importantly, the C-level executive so that they understand that it is an entirely different animal right now. I think certification and education along with experience is going to be extremely necessary along with a good healthy dose of common sense.
What does a historically siloed perspective mean? What approach is private security moving toward?
What we’re looking to do right now in security is to diversify ourselves throughout an organization, to show how we are interoperable in so many departments that may not appreciate or understand the value we impart. For example, security can be an integral part of a human resources department, in that we do our due diligence in conducting background checks and investigations. I think we’re part of the risk management picture, now that we can do things to help solidify security throughout an organization and not just the physical security part.
And intellectual property is becoming a big thing. We have so many laws right now such as HIPAA and Sarbanes-Oxley that we have to be aware of and help educate everyone so we are always in compliance with these evolving federal and state regulations. It’s something that is often forgotten. Security was the lonely guy out there, just kind of hanging out and being directed. In contrast, I think security professionals are and desire to be the ones directing rather than being directed.
The threat matrix now isn’t just physical; you’re also looking out for legal as well?
We’re looking at legal threats. We’re looking at what is intellectual property. We’re looking at things right now that weren’t truly considered part of security. It was an idea that you had IT security, you had physical security, and never the two shall meet. You hear the word “convergence” bantered around all the time. I think that’s a nice word but I think you have to define what convergence is, because in our opinion, that has already happened. And people trying to fight it say “oh no we’re always going to be siloed and separate” – it’s a losing battle, because it has already occurred. Now our job is really to work together to make it a unified effort security-wise to encompass the entire range of security threats and solutions. This is the concept of enterprise-wide risk management and security.
How has that traditional siloed approach evolved between organizations?
The latest statistics show that 85 percent of all critical infrastructure is held within the private sector. And law enforcement is stretched to the max right now. My experience as both a former law enforcement officer, and now having been in private security, is that law enforcement was also caught up in the traditional view of security as law enforcement hopefuls. And so they were very, very hesitant to share information that would be critical in the private sector to make their jobs easier and more effective. That is one of the areas where finally the walls are being knocked down. Law enforcement is becoming more reasonable in sharing information. But private security also needs to know its limitations. Sometimes we tend to cross that line and start acting like law enforcement. I think that’s where those barriers get put back up. But I think the public is starting to recognize just how important security is. And they are really looking at us to do much, much more than the idea of just being someone that’s rattling doors or taking reports. Our job in security is to prevent crime by predicting what may or may not happen through risk analysis.
In your job, have you ever felt resistance from the ownership of a company regarding the sharing of information because they felt it might give away proprietary information?
To a limited degree, educating our clients has become a critical part of our job as security professionals. Organizations need to be aware of what we need to do, to be in a position to best help and protect them and to understand that it is very much a team effort. There’s always going to be highly confidential information that they will be hesitant to share and I think that’s with good reason. But I think once an organization and the public understand what we’re trying to accomplish there will be less chance of that happening.
With the economy in shambles, is security still considered a growth industry now?
It depends on the organization. I think it’s a double-edged sword right now. I think in this economy, security is becoming more and more critical. A lot of times, people equate security with terrorism, and yes that’s absolutely fair, but certainly not the full extent that security has to cover. But I also think as we look at the state of the economy with the layoffs, the increase in workplace violence, and the extremes people may be willing to take and suddenly security becomes invaluable. Yet on the other side, when organizations start looking at budgetary cuts and they’re trying to save every dollar, it becomes our job to justify our existence. And it has to be done in a whole different manner than using uncertainty and doubt and trying to scare people, saying “You need more security.” You have to educate the decision makers and make them understand the holistic approach to security. We need to use this approach to integrate ourselves into all aspects of an organization to assure total security.
You brought up something interesting: terrorism. How much do security officers and professionals really fear terrorism as opposed to crime considering terrorism is such a low-probability event? Aren’t security professionals more concerned about crime?
I think that is a fair statement. I think that the likelihood of true terrorist activity is always going to be there. But it’s being able to analyze what your individual situations are and then understanding the likelihood or non-likelihood of that event happening. I’ve always believed that each organization needs to analyze the events most likely to occur and then mitigate those threats. As a former weapons of mass destruction trainer, the likelihood of a true terrorist act occurring is probably low against most organizations. Yet if it occurs, the consequences could be disastrous—even more so if that organization isn’t prepared for it to at least a certain extent.
If you are a critical infrastructure then it’s imperative that you are prepared for these types of events much more so than if you are three-story office building where you may have some people that come in who may be angry and combative. This is another aspect of security that you’re more likely to encounter and so you have to be ready for that.
What’s the feeling within security circles on inherently safer technologies (IST) considering your background with WMDs?
I think you have to take that question a step further and say “What is the cost if we lose this as compared to the cost if we can prevent this?” And sometimes I think that is a hard thing for people to do. Security is often based on trying to prevent events and yet it’s hard put it in a true metric form and say “Because of this, this, and this, we did prevent this.” The question is “How do you know that?” It’s really hard to quantify something like that. You can qualify it by saying the likelihood of it happening is X. These steps will help mitigate those things. Can you completely prevent it? I don’t think so. I think in the security industry we’re really looking at that entire range of things. Our job is to prevent events from happening. I believe that within security circles we understand being proactive in preventing events from happening through the use of technology; the challenge now it to educate the “C” level so that they can understand the risks and consequences of the different options.
I thought the funny thing with ISTs is that you completely eliminate the risk of the after effects of an attack?
You’re trying to minimize the effect if, in fact, the event occurs and that’s exactly what that’s looking to do. And I think that is a good way via risk management to take a look at the critical infrastructure part of the security realm. Complete elimination of the risk is always the goal but history shows it is a goal infrequently achieved.
Do you feel that more critical infrastructure providers would be open to ISTs if the federal government would subsidize the cost?
I think that they would be, but I’m not sure that will truly occur within the next several years based on the economy. I think they’d be more open to listening to it, but I think we have to really educate everybody on this too. I think we speak security jargon that other security professionals understand and anybody else will nod but they won’t really have a clue what we’re saying. You have to make it personal. You have to make it understandable, so that people can relate to it and then really evaluate it on terms that they can understand. I believe that there is still in an inherent distrust by the private sector of any government subsidies because of the potential of government “interference”.
What are your tips for security professionals to survive in a down economy?
They have to be so much more diverse and open to education and willing to go into areas that they are not very comfortable with right now. I’m huge on the education part of it—to understand the business aspect of security, to understand the relationship and interaction of physical and IT security, to understand we are in a changing world. The complexity of security is going to grow as are the requirements of security. We have to be able to anticipate that, understand that, and then be proactive in it. Often times, we’re more reactive than proactive. We’ve got to change that thought process. We have to be more proactive and assist organizations in moving towards a holistic view of security where all departments become part of the equation. The more we can educate people on that and make them understand that the little things that they do are going to have a massive effect on the entire security realm. We’ve just enlisted a great deal more security people and we are going to need that because it has to be an all or nothing idea.
In your ideal world, what are you looking for a security professional to possess educationally? How high should the educational level and attainments be?
Number one, I think that academia has to accept security as a profession. This is slowly happening but it still needs true direction. I think you’re seeing more universities and colleges offering security courses rather than traditional criminal justice degrees because they are not really the same in this day and age. Once academia accepts that and we start seeing more opportunities to educate all of our professionals at this higher level, I think it can only help all of us.
Since 9-11, it has grown quite strongly right?
If we take a look at, for example, the universities that do offer graduate courses in security management, I don’t think there are even a dozen universities that offer that degree. It’s so important because it encompasses so much more than just security. I think that we as professionals have to become more diverse both academically and in practical applications of our job. We have to understand a lot more than just the security aspect to be truly successful in today’s economy. And that’s where we’re pushing the whole thing. The idea that you have to continually educate yourself to network, to understand more things, to ask the questions that can make you more successful. Things such as the ASIS Seminar and Exhibits, where you’re going to have so many educational sessions, where you have so many professionals of different backgrounds that you can learn so much from by just being able to interact, network, and ask the questions that maybe you wouldn’t have asked two or three years ago.
You talked previously about security traditionally being reactive, what accounts for that?
Reactive is traditionally what security is. The idea that an event happens and we have a plan that if the event happens, then this is what we’re going to do. I don’t think we’ve focused on enough “Here’s a possible event that could happen: What can we do to prevent that?” If you spend the money upfront, to help prevent an act, it’s going to save an organization, the public, everybody, so much more than trying to clean up the mess after it happens. The 21st century security professional is tasked with breaking out of this.
What interests me about this is if you go into a more proactive security stance don’t you have to worry more about violating people’s civil liberties?
We walk a very fine line and I know that the states and the courts argue about it all the time. It becomes a balancing act, weighing the need to protect the masses yet respecting the rights of the individual. Cultures and expectations will always be a major influence of what is deemed acceptable and necessary. If you compare security in Israel to security in the U.S., as compared to Britain, it’s all a very different culture. In the states right now, we’re struggling to balance civil liberties as compared to security and I don’t think one has more weight than the other. I think it’s just a matter of recognizing that balance and educating everyone as to X and Y and how the two really need to work together.
It’s going to a very painful and a very long process in the United States because security by its very nature is going to be inconvenient. Expectations have changed, both from the private and the public side, in regards to what needs to be done to protect us versus not stepping on people’s toes. It’s a huge culture change for us. 9-11 shocked us into it. I can recall being in the police academy back in the early 80s and one of my instructors saying terrorism will never hit the U.S. as it does in Europe simply because of the ability to communicate, that we have much better communications. But we can see what happened with that theory. But traditionally everybody thought that. Sometimes you have to give up a little to gain a lot.
So you would be an advocate for more security in American society? Do you think that’s likely?
It’s really hard to see where we’re going right now. I think – and a lot of security professionals feel the same way – as 9-11 fades into the dark, security once again is becoming a little bit lessened in regards to its need. And I think that is a terrible thought process to fall into right now. Terrorism isn’t going away. Law enforcement is going to be continually constrained to be able to provide what it did in the past. I think private security will have to assume more responsibility yet continue to balance that with its interaction with law enforcement and the public. It’s an interesting quandary because the economy is dictating fiscal restraint and yet the events of today are saying security is needed more. And so it’s really defining again, “What is security?” and then insuring that it becomes part of the business plan. Security can be increased without causing disruption to a person’s day- to-day activities if done intelligently and correctly.
If what you are saying is true and security is moving up in prominence, almost law-enforcement-like, has there been any talk within the industry on how to make private security more accountable to the public?
I think as an industry we’re struggling with that question. We’re still learning how interoperable all these different pieces are right now and it’s going to take a little bit of time. Our profession has changed dramatically from when I first started in the 70s and it’s quite incredible to see this evolution. But I think we still have a ways to go until it’s truly accepted and we truly understand the importance of cooperation and interaction between law enforcement, private security, and the public in general. It truly is a team effort that needs to be done and everybody needs to take a little responsibility in this.
If security isn’t impeding in too many people’s lives now, they probably don’t feel the need for the conversation yet?
I would agree with that. Often times, security is taken for granted, that it’s always going to be there and we are in a nation that will always be secure. And I think we need to make sure people understand that yes, it’s true, we are a very security minded nation but I think we need to go a step farther right now to not only let people know we have security but make them understand how that works so they can see how they can have a major effect on it too.
For full coverage of the ASIS International 55th Annual Seminar and Exhibits, click here.
- Login or register to post comments
- Printer-friendly version
Security Management is the award-winning publication of ASIS International, the preeminent international
organization for security professionals, with more than 37,000 members worldwide.
ASIS International, Inc. Worldwide Headquarters USA, 1625 Prince Street, Alexandria, Virginia 22314-2818
703-519-6200 | fax 703-519-6299 | www.asisonline.org
© 2010 Security Management
This site is protected by copyright and trade mark laws under U.S. and International law.
No part of this work may be reproduced without the written permission of Security Management.
Powered by: Phase2 Technology
Comments