ASIS International recently announced that it will co-locate its 2012 ASIS International Seminars and Exhibits with (ISC)2, an international association of IT security professionals. It's the second time that ASIS has done this (the first time being in 2011 at the Orlando tradeshow), but merging IT security concerns with physical security and risk management is already the norm for 2012 ASIS International President Eduard J. Emde, CPP.
Like many in the field, Emde started in the security industry almost accidentally. While studying in Rotterdam, he picked up a side job as security officer, was inspired by security managers he met, and soon joined ASIS International as a student member in 1990. Over the years he earned his CPP (Certified Protection Professional, the association's highest certification), but he also earned his CISSP, the equivalent information security certification from (ISC)2. That ability to wade through both the information and physical security worlds has been a boon to Emde, whose security management roles at accountancy firm KPMG, security role at ABN AMRO Bank and at the European Space Agency required protection of both data and intellectual property as well as the protection of employees and physical spaces.
Emde recognizes that duality, and he says that smart security directors should see it as well: "[Information security] has always been there from the traditional side. Industrial security always entailed a certain element of information protection" – even if, as he notes, information security formerly meant data shredding.
Like Emde, ASIS International's membership and leadership is changing. It's no longer an organization of people who just think about guard force management, gates, cameras and door locks. Today, Emde notes, there are three chief information security officers (CISOs) sitting on the ASIS board, and to Emde, the security leader of today has to be adept at protecting the entire organization, from network risk to workplace violence risks. Emde and the organization are currently researching that change in the role of the membership. At the age of only 42 himself, he says the organization is also recognizing a need to support younger members – something which the organization is implementing with its "Young Professionals" group.
But even with a change in the role and skill sets of the security manager, Emde doesn't forecast immediate, profound changes to the organization or the membership. "This is a conservative profession," he says. "We will see change over time, but I don't think it will be revolutionary."
Even though the organization is not facing "revolutionary" change, Emde recognizes the diversity of the membership's needs. In his current role as the principal consultant for BMKISS Europe, an independent security consultancy and support organization based in the Netherlands, he interfaces with a number of different businesses to assess and implement security programs. It's in that capacity that he recognizes the "huge diversity of how companies deal with the subject of security."
"Some of my clients don't have a security department," he explains. "They can solve that in different ways -- they may create a risk management group, or provide a consultant to the board." Others divide the security department into different parts of organizations and effectively create a virtual security department operating across the organization. It's a difference, he says, between the typical North American "centralized" approach and a more hidden, "virtualized" approach that is common in Europe.
Emde's awareness of the variances in security around the world is key to his leadership of ASIS International. He is a native of the Netherlands and is the organization's first non-U.S. president, a role which underscores the "international" in ASIS International. The association is not "International" in name only, in fact, an ASIS chapter was established in Europe in 1959. Still, he sees that there is work to be done to broaden the membership base. One of his self-described goals -- and one that matches the organization's strategic plan -- is to expand the ASIS footprint around the world, but he's quick to point out that "this is not growth for the sake of growth." As businesses operate on more of a global scale with supply chains and offices operating internationally, he says it is key to ASIS International's role to be there to support them. Today, the organization has 230 chapters in 62 countries and members in even more countries than those 62.
Even as the association expands its support for global members like Emde, the organization has to closely watch the needs of its members, especially as they are challenged by economic and cyber-security pressures that members may not have felt in the past. "The next 2 to 3 years will be very interesting as to what it means for our jobs," Emde says. "Even if we see a return to more promising economic circumstances, I don't think companies will immediately return to their previous levels of spending."
That means heightened demands on business support functions like security. But in the end, that's nothing new to a proficient security leader like Emde, who says good security managers already recognize the 24-7 nature of their job and the need to be exceptionally efficient. "We are used to doing more with less," he says.