ASIS International recently announced that it will co-locate its 2012 ASIS International Seminars and Exhibits with (ISC)2, an international association of IT security professionals. It's the second time that ASIS has done this (the first time being in 2011 at the Orlando tradeshow), but merging IT security concerns with physical security and risk management is already the norm for 2012 ASIS International President Eduard J. Emde, CPP.
Like many in the field, Emde started in the security industry almost accidentally. While studying in Rotterdam, he picked up a side job as security officer, was inspired by security managers he met, and soon joined ASIS International as a student member in 1990. Over the years he earned his CPP (Certified Protection Professional, the association's highest certification), but he also earned his CISSP, the equivalent information security certification from (ISC)2. That ability to wade through both the information and physical security worlds has been a boon to Emde, whose security management roles at accountancy firm KPMG, security role at ABN AMRO Bank and at the European Space Agency required protection of both data and intellectual property as well as the protection of employees and physical spaces.
Emde recognizes that duality, and he says that smart security directors should see it as well: "[Information security] has always been there from the traditional side. Industrial security always entailed a certain element of information protection" – even if, as he notes, information security formerly meant data shredding.
Like Emde, ASIS International's membership and leadership is changing. It's no longer an organization of people who just think about guard force management, gates, cameras and door locks. Today, Emde notes, there are three chief information security officers (CISOs) sitting on the ASIS board, and to Emde, the security leader of today has to be adept at protecting the entire organization, from network risk to workplace violence risks. Emde and the organization are currently researching that change in the role of the membership. At the age of only 42 himself, he says the organization is also recognizing a need to support younger members – something which the organization is implementing with its "Young Professionals" group.
But even with a change in the role and skill sets of the security manager, Emde doesn't forecast immediate, profound changes to the organization or the membership. "This is a conservative profession," he says. "We will see change over time, but I don't think it will be revolutionary."
Even though the organization is not facing "revolutionary" change, Emde recognizes the diversity of the membership's needs. In his current role as the principal consultant for BMKISS Europe, an independent security consultancy and support organization based in the Netherlands, he interfaces with a number of different businesses to assess and implement security programs. It's in that capacity that he recognizes the "huge diversity of how companies deal with the subject of security."
"Some of my clients don't have a security department," he explains. "They can solve that in different ways -- they may create a risk management group, or provide a consultant to the board." Others divide the security department into different parts of organizations and effectively create a virtual security department operating across the organization. It's a difference, he says, between the typical North American "centralized" approach and a more hidden, "virtualized" approach that is common in Europe.