In this episode, Brad and Joe are joined by Alan Saquella, Corporate Security Executive and Professor College of Business Security and Intelligence at Embry-Riddle Aeronautical University. Alan is here to discuss his work in security and how he has seen the change in technology affect both the security and health and safety landscapes of businesses.
Guest-at-a-Glance
💡 Name: Alan Saquella
💡 What he does: Corporate Security Executive and Professor College of Business Security and Intelligence
💡 Company: Embry-Riddle Aeronautical University
💡 Noteworthy: Alan is a Certified Polygraph Examiner and has been called “the human lie detector”
💡 Where to find Alan: LinkedIn
Key Insights
⚡ If your employees don’t feel safe at work, they won’t want to come in and won’t be able to perform at a high level.
⚡ Most white-collar criminals don’t have criminal records so background checks aren’t the best way to find out if they are the sort of person who can fit into your workplace.
⚡ Health and safety policies and employee safety go hand in hand. The two evolve together in the technology space.
This episode of The Front Desk was brought to you by The Little Green Button - The original on-screen panic button software designed to keep staff safe. Reassurance that a helping hand is just a click away.
In this episode, Brad and Joe are joined by Alan Saquella, Corporate Security Executive and Professor College of Business Security and Intelligence at Embry-Riddle Aeronautical University. Alan is here to discuss his work in security and how he has seen the change in technology affect both the security and health and safety landscapes of businesses.
Guest-at-a-Glance
💡 Name: Alan Saquella
💡 What he does: Corporate Security Executive and Professor College of Business Security and Intelligence
💡 Company: Embry-Riddle Aeronautical University
💡 Noteworthy: Alan is a Certified Polygraph Examiner and has been called “the human lie detector”
💡 Where to find Alan: LinkedIn
Key Insights
⚡ If your employees don’t feel safe at work, they won’t want to come in and won’t be able to perform at a high level.
⚡ Most white-collar criminals don’t have criminal records so background checks aren’t the best way to find out if they are the sort of person who can fit into your workplace.
⚡ Health and safety policies and employee safety go hand in hand. The two evolve together in the technology space.
This episode of The Front Desk was brought to you by The Little Green Button - The original on-screen panic button software designed to keep staff safe. Reassurance that a helping hand is just a click away.
[00:00:00] Brad: Hello, and welcome to another episode of the Front Desk. I'm Brad Day and I'm joined by my colleague, Joe Frary. This episode is brought to you by the Little Green Button, the original onscreen panic button software designed to keep staff safe. Today our guest is Alan Saquella, Corporate Security Executive and Professor College of Business Security and Intelligence at Embry-Riddle Aeronautical University. Alan, many thanks for joining us today.
[00:00:26] Alan: Brad and Joe, thank you so much for having me on. It's my pleasure.
[00:00:29] Joe: Thanks Alan. To give our audience some background on yourself, can you tell us about your comprehensive career in security and how today you found yourself in a role as a professor?
[00:00:40] Alan: Oh, certainly. Love to, when I was back in college, I like so many other students. I was actually going during a recession and didn't know exactly what I was going to do. So along the way I took on some security type roles in a retail setting and in that capacity, I was a store detective. That was back before CCTV was very good. Got some exposure to dealing with shoplifting and credit card fraud and those types of things and that's how I got interested in the field, although my degrees are in law enforcement, so I knew that was a path I was going to go. So I stayed in college as a graduate student because there were no jobs out there. And during that time I was able to teach college. That was one of the requirements as a graduate student.
[00:01:19] Alan: So I taught an entry level police science class. Thought, Wow, this is pretty cool. I like doing this, but I don't know anything about it. It was all based on textbook knowledge and really only what I could grab for the course came from textbooks and whatever was designed by the professor.
[00:01:36] Alan: I knew I'd want to get back into that sometime in the future, but I wanted to have a career first. So I went into law enforcement. Then I was able to move into a polygraph position. The polygraph examiner was retiring and he said, Hey, Saquella, you should think about going to polygraph school and take my position, which I did.
[00:01:54] Alan: And then ultimately I was doing some polygraphs on the side commercially and I solved a case for a company based out of Los Angeles where they lost a bank deposit and they thought I was a hero. I was just doing my job. And of course, they offered me a job, doubled my income, and I moved to Los Angeles. And fast forward, I took several positions around the country in the corporate investigations and security arena, three major corporations landed my last position at Cox Communications as a director of Security Investigations. I did that for 16 years and then the opportunity came to come back into teaching and I took it. Now I'm teaching full-time, actually preparing the next generation of security and crime fighters and intelligence analysts, and it's exciting to use the textbook plus the experience that I gained throughout my career and passing it on. These are our future protectors and I'm excited to share with them
[00:02:48] Brad: That's a super, really comprehensive career. It's amazing how you've come up from where you started as a security guard to where you are now, teaching and like you say, passing that knowledge on.
[00:02:59] Brad: I see that's gone further, you've been asked to speak at the upcoming security 500 conference. It looks like a really fantastic event. We're a bit gutted not to be there actually. What is it that you're most excited to be speaking about at the conference?
[00:03:12] Alan: The topic's already been selected, so we're talking about taking security from a cost center to beyond that. One of the things I realized early on, when you're in the public sector, you're not too concerned about budget. You're spending taxpayers dollars. Yeah, it's difficult to get money, but when you're in the corporate sector, there's a thing called return on investment. You're always conscious of fiscal responsibility that you have to the company and the shareholders. So throughout my career, I've always kept a tight budget, but beyond that, managing the budget's one thing. But beyond that, how do you show value in the corporate security arena? You have to do more than just spend your budget. You have to give something back.
[00:03:52] Alan: I learned it early on, and we're going to be talking about that at the conference. There'll be some other professionals on the panel. We're all going to be sharing our best practices for creating value beyond just spending money. And I think what prompted it is I wrote a two series article on that topic, which was published in Security magazine and then the chief editor asked if I'd be willing to speak on that topic and she arranged to put the panel together for that. So I'm excited to actually be talking with other professionals, getting their ideas on how they add value to their corporations by doing other things and certainly I have my experiences based predominantly in the telecommunications industry, so it's going to be a great time.
[00:04:35] Alan: I look forward to learning from the other professionals out there. I'm a learner. It's one of the things I never stop. When I stop learning, it's time to retire. So I'm excited to talk about and share with others how to make their security function less cost more profitable.
[00:04:51] Joe: That's really exciting to hear. We were wondering how efficient do you think those organizations are at recognizing new technologies, for example, adapting to these modern ways of working and implementing these initiatives.
[00:05:05] Alan: Some companies are better than others. Some industries are better than others. And if you look at the security arena, at least in the United States, we have what we call regulated organizations. We have critical infrastructure organizations and those particular industries, government contractors tend to have larger budgets, and that's because they have very important things to protect. Critical infrastructure is important. Government contractors, such as a company that's making aerospace, rockets, airplanes, what have you, for the government, they have to have better security systems.
[00:05:36] Alan: So those particular companies have an advantage. And they are able to embrace new technology to continually improve their physical security posture as well as their InfoSec security posture because it's required. And on the other side, the non-regulated, non-government sector, they have to be a little bit more creative.
[00:05:56] Alan: And that's where I spent a lot of my research and time looking for ways to improve the security cost structure and bring it from a cost structure to more of a profit side. And we'll be actually talking about that at the panel in DC. I think most companies are open, most security directors and professionals are open to trying new things and to embracing technology, but it's a way you have to sell it to your chief financial officer. Again, there's costs. You have to have a return on investment. And even at the company I was at, they said, You need to give me a five to one. If I give you a hundred thousand dollars, I need 500 thousand back.
[00:06:36] Alan: And so you have to be creative and you have to find ways to actually show that value. But I think technology is certainly helping this industry. I see a lot of great things coming from it, and I'm sure you're going to be asking me more about that in this interview.
[00:06:50] Brad: Yeah, exactly. You're talking there about the cost of security, seeing the return from that investment that you're given by your organizations.
[00:06:58] Brad: I would imagine the companies that give the best returns are the companies that are adapting or adopting new technologies. That must have evolved massively over the time you've been working in the field. New digital software solutions have been developed. I can imagine when you go about trying to find these new solutions, trying to find this new technology, how do you see companies succeed here? Because there's so much information out there. It can be a minefield.
[00:07:25] Alan: No, it really is. And so the way I was able to do it is that I really relied and leveraged my contractors, my integrator on the physical security side. I was always looking for prototypes. Can you tell me about this? Can you give me something to test over here?
[00:07:39] Alan: And so on the physical security side, I was always looking for something that was better, So when we talk about video analytics and also PSSMPs, which are physical security system management programs, and then linking your access control to your CCTV. I always wanted to see what else was out there that could make our businesses more safe.
[00:07:59] Alan: Number one is employee safety, you have to keep them safe. Once you've done that, then we can start working on the premise, the information, and also protecting the reputation and the brand of the company. But it starts with your people. If they don't feel safe coming to work. You have nothing. So for me, it's reaching out to the vendors, it's reaching out to the integrators and asking them and challenging them.
[00:08:20] Alan: Tell me what's out there that can improve this. I'm not going to sit status quo waiting for something else to come out. You have to physically look, you have to get out there. And that's just on the physical security side. There's other areas that also have to be improved. And so in the United States, there's a lot of change going on legislatively with background checks.
[00:08:39] Alan: They have this thing called Ban the box, where we can't ask on the application of a person that's been convicted of a crime. You can only ask that once an offer is made. Even the hiring aspect is becoming challenging for companies. So what's out there? How can we hire people that fit the behaviors? And again, we don't want anybody that has problems, even if they don't have a criminal background they might have the behaviors that could be very disruptive to an organization.
[00:09:05] Alan: Interestingly enough, white collar criminals, most of them don't have criminal backgrounds, so even doing a background check not going to help you there. So you need to look at ways from that side, from a security technology enhancement, what's out there. And there is some good stuff out there for pre-employment screening, and it's evolving.
[00:09:24] Alan: My day was in polygraph. We did a lot of interviews for police candidates and et cetera, but today they have wonderful software that can help screen out folks through clicking on a link and taking them through a questionnaire with video analytics and also algorithms, machine learning, basically doing all the things I would have to do as a polygraph examiner, but in a way that's not very offensive and it's not as time consuming, costly, and the return is huge.
[00:09:50] Alan: Going back, it's a long winded answer. You have to be out there. You have to be open, you have to look, and of course, if you find stuff, test it. It reminds me of a drone that I tested just before I left Cox. It was a drone that we used to deploy whenever we had a fence breach along the perimeter, we would dispatch it.
[00:10:07] Alan: It had talk down capability, which means we could actually have a conversation with the intruder. "Hey, hop back over the fence, leave" as we're videotaping and having a conversation with them, so a great technology. I've always loved technology. You have to have that mindset. Don't be afraid to test it, pilot it.
[00:10:26] Alan: And if it works now you have to sell it to your chief financial officer. And of course, I was pretty good at that. I learned that over time that if I give them a return five to one, they're going to sign off on it. ,
[00:10:37] Brad: Why wouldn't they? Hey, why wouldn't they?
[00:10:39] Joe: Absolutely fascinating. Alan, it answers one of the questions I was going to ask about how technology has continually played a role for you as a security specialist. Health and safety policies and employee safety, they go hand in hand. I feel that they evolve together, the technology available and health and safety policies, they limit each other in a way. So my next question would really be, what would you recommend to the companies who are looking at implementing a new technology to enhance their protocols? Where do they look first and what do you see as the biggest priority when you go walking into a company as a security specialist? What do you need to nail down first?
[00:11:21] Alan: I think even before you can nail anything down, you have to find out what the current issues are, in other words, what's challenging that organization today?
[00:11:29] Alan: And then also how does that compare to the industry? A lot of times we work in silos. If I work in telecom, I want to know what the other telecoms are doing, what's their biggest challenges that they're facing, and what are some of the solutions they've deployed that made them successful or not. As I think back to companies that have not been successful, even on the non-security areas such as Blockbuster Video, IBM many retailers even think about Blackberry. I used to love using a Blackberry. I was so disappointed when the iPhone went on and knocked Blackberry off. They just didn't keep up. Look at MySpace. You probably don't remember that. MySpace came before Facebook. And look at them. They're gone. And that goes for technology as well.
[00:12:10] Alan: You have to look at what are the pain points at the corporation. What also is looming from a legislative standpoint. What's going to be out there that's going to cause you and force you to change. Because if you think about personal safety, it's more than just keeping them safe from armed robberies or criminal activity.
[00:12:27] Alan: You have to think about back injury prevention, general liability claims, property claims. We want to keep the company safe, and it goes back again to people. You have to make sure that you're removing the risks and hazards that can cause unsafe conditions. So from a criminal standpoint, obviously if you're in a customer facing business, you need to assess the risk.
[00:12:51] Alan: And then decide what are the tools you need to keep your people safe in the public. Like a retail setting. It may be good security, physical security, and also a direct line to communications, panic buttons, et cetera, that you want to make sure that you're utilizing and deploying.
[00:13:06] Alan: But it also goes back to the culture of the company. Some companies don't like the overreaching arm of security, Big brothers watching us. So you have to understand the culture. You have to understand the pain points, you have to understand the legislation, what's coming on that may restrict what you're able to do.
[00:13:22] Alan: And then as a comparison, you need to look at what your peer companies are doing in that space. Those are the things that I did. Because as you start down a path and you don't do that research you might be stopped quickly in your tracks and you don't want that to happen.
[00:13:36] Brad: It must be quite challenging, I think from an outsider's perspective, looking in, security is so broad. It encompasses so many different aspects. We're talking. You know that hiring process, making sure you're not getting some bad eggs into your organization. Security also talks about, yeah, drones, protecting areas. It talks about panic alarms, it talks about CCTV fire alarms, your health and safety policies.
[00:14:01] Brad: It's so broad, and I find often when we're trying to educate on security, it's quite hard to pinpoint a topic because there's so much to cover. Yet you must be seen as an educator in security. Different people will have different perceptions on what security really means. What's your thoughts on that? If you are educating, what people's perceptions of what security means?
[00:14:22] Alan: Yeah, that's a good point because here at the university we have cyber intelligence and we have of course the physical security track and then also the intelligence track. And so really what I tell my students is that security starts at the front door before you even bring any contractor or an employee into the company.
[00:14:39] Alan: It starts, like I said, with that pre-employment screening, you want to make sure you bring in the right people. So the personnel side of it, the HR side of it, you have to bring the right folks in. A lot of companies are resistant to change when it comes to their standards on background investigations, we've relied too heavily on checking the backgrounds from a criminal perspective.
[00:14:58] Alan: They haven't embraced new technology, and that's going to come back to haunt them. As we have seen also in many cases where, like I said, with white-collar, criminals, they don't have a background, but there are ways to screen them. So you have to start there. So you have the InfoSec side, right? You have cyber, you have the physical security side.
[00:15:14] Alan: So you're thinking about the buildings. So security is all encompassing. When you think about a business and it overlaps with safety, safety is so critical because you have issues there that cross over to both sides. And then it also bleeds into insurance and risk management.
[00:15:32] Alan: So you have to have a collaborative approach. And one of the things I found most successful when I worked in the corporate world was we had a team. And we would meet every two weeks. It involved safety involved security involved InfoSec, and it'll also involve members of the human resource department.
[00:15:48] Alan: We talked about what is security, what are our targets? What are some of the low hanging fruits? And then we were addressing the issues as they came up to respond and react. Then look for after, some of the process investigation would be what broke? How can we prevent this in the future?
[00:16:05] Alan: If we can't prevent it, how do we mitigate it? And it was a collaborative approach. It does take a team. As a security practitioner, you don't know it all. I realize that. Pretty soon I needed to bring others into the circle. And I think if you work together as a team everyone understands it. Now. 15 years ago it was InfoSec and it was physical security and we didn't like each other.
[00:16:27] Alan: We didn't talk a lot. We realized we can do a bunch more and a much better job by working collaboratively. So it really did work. And as I'm educating students today, I'm having them break down those silos and understand that security is overreaching and one big circle involving all those aspects, and you do need to know a little bit about each, even if you specialize in one area or another, right? If you're on the HR side for, let's say, recruiting and pre-employment screening, you need to understand a little bit about physical security as well as InfoSec. We all have to work together.
[00:17:02] Brad: I can't disagree with anything you've just said, we experience it from outside as well when we're talking to organizations, often there's that barrier between the decision maker, the person holding the purse strings, the people who are maybe implementing and living by these sort of new security or safety initiatives.
[00:17:20] Brad: Quite often as well we find that people reach out to us after an incident has happened, something's happened and incidents occurred, and off the back of that they need to put a solution in place. I understand how that happens. I understand you can't prepare or you could try to prepare for every circumstance, but it's impossible.
[00:17:36] Brad: Some of the work that we are doing is trying to educate organizations to have some of these safety measures in place before an incident happens, before that scenario got out of hand. And that's certainly a message which we find really challenging and often lands on deaf ears. What would be your advice to organizations when they may be looking at their safety protocols or their security protocols? Yeah, to almost identify those before an incident happens?
[00:18:02] Alan: Oh, that's a very good question. If you think about security, a lot of times your budget increases after a major event. Think about September 11th that we had a presidential order that came down with a directive, which basically mandated that all 18 critical infrastructures had to step up their security.
[00:18:19] Alan: So security improves after a problem, but we don't want to wait for a problem because we're reactive. Security really is supposed to be prevention, whereas law enforcement in many cases is reactive. So one of the things that I do, and I recommend a class that I teach is business continuity planning. And business continuity is planned in advance of those situations.
[00:18:40] Alan: So as you are building your plan, which involves security and safety and also InfoSec, you have to do your hazard assessments, your risk assessments, and you're taking historical data. You're taking data from your incident reports. You're taking data provided by the government. And then you're going to assess a risk number to that.
[00:19:02] Alan: And once you, and there's actually great documents and Excel spreadsheets that do a lot of that for you. And you go through and you assess the risk and based on what scores you come out in different categories, whether it be from environmental issues to risks caused by humans, right?
[00:19:18] Alan: Everything from simple safety issues to potential criminal activity. All that data's going to help you prepare your plan, your security plan, and also because you're quantifying it. It's going to help you sell your program to get the funding that you need. So you have to do that. There's data out there to get the crime data, get the other data from the federal agencies and local agencies that can provide historical data on crime as well as climate issues, any type of potential threats to a particular geographic area.
[00:19:50] Alan: So if you live in an area that's tornado prone your safety protocols and your risk is higher. So you're going to have to have different plans than you might have in the middle of the desert in Phoenix, Arizona. Your problem there's going to be heat, dust storms and flash flooding, potentially power outages.
[00:20:07] Alan: But other than that from an environmental standpoint, that would be it from a criminal standpoint. Of course, you'd use other data that helps you determine your risk level, and then with all that, it comes together and it's something that you can use to sell your program.
[00:20:22] Joe: Thank you for that, Alan. So essentially what the advice would be is to use existing data and follow trends.
[00:20:30] Alan: Yeah, absolutely. Trends are very important. So you want to look at the trends, one of the things, depending on the industry you're in, you want, again, to get that information from your peer companies.
[00:20:39] Alan: What are they experiencing? So if you're a public facing company, let's say a retail outlet. They're going to have similar problems that you're going to have. So a lot of these companies will share, Security departments do share information because it's all about protection. They're not going to share their marketing plans or any confidential information, but they will share.
[00:20:57] Alan: So you have to reach out and you have to look at those trends. And then based on the trends and all the other risk assessments you do or have, you should be able to come up with a good plan to sell your program and ask for capital and operating budgets to fund whatever you're trying to do.
[00:21:13] Joe: It's great info for our listeners. I know as Brad was just saying, there are problems with identifying issues before they happen. That's sound advice for them I'm sure. We've covered so, so many topics in this short recording. That we've had together today, Alan and thanks again for that. Just wanted to ask one final question, really, what is your favorite topic?
[00:21:35] Joe: What do you get most passionate about in the field of security? Is it experience based on something that has happened or is there something that you want to explore more in your education role?
[00:21:48] Alan: Technology solves a lot of things. Certainly can help, but technology is never going to replace humans.
[00:21:55] Alan: There's always going to be human elements, so that part, if anything, keeps me up at night keeping people safe. I'm always concerned about safety. And so for me the things I like to explore further are to keep our employees and our visitors safe. And that goes to, like I said, starting at the front door and making sure we're bringing in the right people.
[00:22:15] Alan: Because there's been so many times in my career where a faulty background check resulted in hiring a criminal who killed either one of our employees or our customers. And unfortunately in a corporate order, we do have homicides. The worst thing you can do is have to go and talk to the employees' loved ones about something that went wrong and cost their life.
[00:22:35] Alan: I think everything has to be surrounding securing the premise, but from a safety perspective and keeping people safe. So the thing I'm most passionate about again, is making sure the people that we're bringing into an organization are the right people, and that goes way back to my days of running polygraphs and screening out.
[00:22:56] Alan: Undesirable candidates to have bad behaviors and fast forward today using more of the technology from a pre-employment behavioral assessment standpoint. because I, I think if you can stop that, once you have your organization and you got the right people in place, it's just a matter of working together collaboratively with the various departments to help build your program like we talked about.
[00:23:17] Alan: So technology's there, let's use it. Let's work together because we're going to be reaching across the aisle with safety and InfoSec. We need to be one team. We need to be providing the best value for the chief executive officer. Of course, the chief financial officer's going to be keeping us in check because as we know, when economies suffer as we are starting to go into a recession, now budgets are being looked at.
[00:23:42] Alan: And I can tell you I have friends at my last company that are facing layoffs right now. And so the best thing we can do is never rest. Always be aware that you need to be improving, constantly improving, looking for ways to improve your security and your safety posture. Think about who you work for and deliver.
[00:24:00] Brad: That's such great advice and a really nice way to provide a great overview for the conversation that we've had so far. I can certainly hear that passion come through. Alan, obviously you've been doing this for a while. You've got all that experience. I can still hear that passion in your voice now. It must be so nice to be able to pass all that experience on now in that kind of education role that you've taken up.
[00:24:21] Brad: We are sadly coming up on, on our time for the podcast. It would be great if there's anywhere that people can go to learn a little bit more about you, about your research and the work you've done.
[00:24:31] Alan: Yeah absolutely. So I'm very active on LinkedIn so you can find me on LinkedIn. All the articles and podcasts, interviews, all the things that I put out there, I put on LinkedIn.
[00:24:40] Alan: So please track me down if you want to connect with me. I'm always looking to expand my network on LinkedIn with professionals, others in the field. Go to my LinkedIn profile. So it's Alan, a l a n. Last name is S A Q U E L L A. There's only one out there. It's a very uncommon last name. It'll be really easy to find.
[00:25:00] Alan: Certainly connect with me there. Feel free to read some of this stuff. The articles on taking your security center from a cost center to cost neutral and beyond is out there as well as so many other things. I speak on white-collar crime pre-employment screening. But it's all out there and it's easily attainable.
[00:25:18] Brad: Alan thanks. Thanks again. We'll make sure that we put a link to your LinkedIn profile to everywhere that we post the podcast, so that is it from us. I think that's a wrap. I really appreciate you spending time with us today. It's been super having you here on The Front Desk. Thanks again.
[00:25:32] Alan: Absolutely. I appreciate it. Brad and Joe. Enjoyed it. Anytime. Great stuff.