Real words or buzzwords?: Mobile first

April 25, 2017
Despite the rush to improve mobile capabilities, 'security first' should be the goal of product design

Editor’s note: This is the seventh article in the "Real Words or Buzzwords?" series from contributor Ray Bernard about how real words can become empty words and stifle technology progress.

At the ASIS International 2016 Annual Seminars and Exhibits Conference, and the recent ISC West 2017 conference, I had several vendors enthusiastically tell me that their software development was now "Mobile First." I asked each individual what that would mean to their customers and most answers were similar to this: "We release improvements first for mobile users, then later for PC and laptop users." I asked how long it takes them to get to the PC and laptop users. Only one company could easily answer that question, because their web-based application runs on all devices—the application just tailors itself for each device’s screen size.

Mobile First Design

Mobile first means much more than working first on applications for mobile devices, and second on applications for PCs and laptops. It’s not just about development priority. The phrase "mobile first" is short for a slightly longer phrase, "mobile first design." However, that doesn’t mean "design" in the way the security industry has generally performed design work, and we’ll get to that later on.

Why is mobile first being brought up at all? If all the relevant software development practices relating to mobile first are being applied, the sales person or sales support engineer or product demonstrator should not even be mentioning mobile first. They should be demonstrating the new capabilities that their product now offers. To a security manager desiring to improve security operations and the functionality of the security operations center (SOC), what would mobile first mean—that SOC operations are now a lower priority for product development?

As with anything, it’s possible to do a poor job at mobile first design, and then there won’t be much to show or talk about. If mobile first design is being done right, there will be plenty to talk about without ever mentioning mobile first. The customer wants to hear security first. If your product demonstrations show a security first orientation for your application development, then you and your company are relevant.

Mobile First Should Mean Security First

Mobile first is a design approach outlined in 2009 by Luke Wroblewski and explained in his 2011 book by the same name. Simply put, mobile first is designing for smaller screens first, then adding more features and content for bigger and bigger screens. But as I mentioned earlier, it’s not design as typically done in our industry—it’s a much deeper effort and a lot more work.

Mobile first requires a change in design thinking, because the way mobile users use different size devices is not the same. They want to do some things on smartphones, and some things on tablets or PCs or laptops. An integrator’s service tech is not going to install and configure 30 cameras using a smartphone. However, she might want to use her smartphone to remotely adjust the configuration of a single camera that is already installed. An end-user may prefer to look at a single camera or two using a smartphone, and may rarely want a view of all cameras. Then again, a SOC operator will almost always want both.

Security first, as I have used it, really means security tasks first. What are the typical tasks that the various categories of users need to perform on mobile devices? With mobile first design, you figure out how those tasks can be most easily performed on the smallest device, and make that as intuitive and easy as possible for that size device. For a small device it’s a minimalist design, due to the lack of screen space. Not all tasks make sense for a small-screen device. Certainly report-writing is not such a task, although report-reading probably is.

Designing for Mobile First

But mobile first also means taking the design thinking one step further. What capabilities do mobile devices have that PCs and laptops don’t? Take maximum advantage of them within the task contexts. For example, how can location be utilized? If an officer on a security patrol takes a photo of an incident taking place and sends it to the SOC, when the message is opened by the SOC operator, will the camera views for that area automatically be displayed? If a muster call is made, will the registered mobile devices of facility occupants and visitors be used to automatically locate them and track their arrivals into the designated areas? Are users’ mobile device priorities set so that the locations of smartphones are prioritized over tablets whose locations show they were left behind in the evacuation? 

Mobile first means thoroughly and completely exploring how mobile devices can be used to maximize security awareness, command, control and communication in the key risk scenarios of users. Continuing with the evacuation scenario, can a user click a button for “Where is my team?” or “Where is my boss?” Can verbal search, which is often faster than typing and can be performed one-handed while walking, be utilized to check for the status of colleagues or to request help? Can a visitor quickly locate his sponsor? Can a visitor press a button for “Where should I go?” and then have the SOC track his progress getting to the nearest safe area? Can an on-site CPR-trained individual closest to an accident location be located by the SOC?

In each of a facility’s risk scenarios, what are the ways in which a mobile device can help achieve security awareness and response objectives? These of course will vary by facility type, size and other factors.

This is security first design thinking in the mobile first context.

Achieving Security First

If we can’t significantly improve the security capabilities of a facility, its security personnel and its occupants, then what good is mobile first for customers?

About the Author:

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities ( He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.

About the Author

Ray Bernard, PSP, CHS-III

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (, a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (

Follow him on LinkedIn:

Follow him on Twitter: @RayBernardRBCS.

(Photo courtesy
Several security industry companies have asserted that network-friendly meant 'works well over a network,' but their concept of 'works well' was too shortsighted. It is one thing to work well when three devices are talking on a benchtop network. It’s completely another to work well in a corporate network environment with hundreds or thousands of active devices connected.
(Image courtesy
Manufacturers and their product development teams need to take a very close look at how the term 'open' should be applied not only in the design and development of products and systems, but in the explanations that they provide to sales people, channel partners and customers.
(Image courtesy
For an integrator, customer centricity means understanding your customers’ jobs and companies well enough to know how to add value to the manufactured items that are available from multiple sources.