Perspective / White Papers / Articles

A Perspective, not THE Perspective – Welcome to a collection of insights, lessons, and practical advice drawn from years of work in converged security. This section features my personal perspective, published articles, and white papers on a wide range of security topics. Each piece reflects real-world experience—what works, what doesn’t, and what often gets overlooked.

I’ve worked with public and private organizations across many sectors. Along the way, I’ve seen how policies succeed and where they fall short. These writings are meant to help others think more clearly, act more confidently, and lead more effectively in security roles. Whether you’re new to security or a seasoned professional, there’s something here for you.

You’ll find short articles on focused topics, in-depth white papers on major issues, and commentary that connects the dots. These materials are designed to be useful, not just informative. They’re based on actual challenges faced in the field—not just theories.

Scattered throughout the page, you’ll also see short “Words of Wisdom” to keep in mind.

These thoughts are simple but earned through real-world experience. Feel free to read, share, and use what helps your team stay sharp. The goal is simple: better thinking, better leadership, and stronger security.

Jim’s Security One Liners Perspective

Graphic of various security elements
  1. Safety is different than Security, you have to do BOTH to help people FEEL safe. (Mike Rowe got it right about Safety Third)
  2. All, in every language means All
  3. Enterprise(-wde) is EVERYTHING under CEO (Study the Directory of Companies)
  4. Secure is different than compliant
  5. Figure out your “Grandma Story” or Security will be very frustrating
  6. Honor the ones before you, never stop learning from them and certifications and your network
  7. Security Professional’s priority every day, when your feet hit the floor, is to operate with absolute integrity, I’ve investigated security peers, it’s miserable
  8. A brand has unbelievable power over suppliers, but treat their CSO/CISO with respect.
  9. Security will never be centralized in most organizations (Anyone remember the Who’s Who chart)
  10. There are very few true policies in an organization that are enforceable to the level of fire’able offense. If it’s not a written, signed Policy, stop calling it “policy”, it’s not the “hammer” that will help you, its relationships that fixes stuff.
  11. Before you start a security task/project/analytic/case, make sure your audience is ready for the answer.  Know when to stop.
  12. If you don’t know the size of the pie chart, enterprise-wide+”all”?, your metrics/KPIs won’t move the “more secure” needle
  13. Getting a “Seat at the Table” is hard and expensive, but is the best Security ROI.
  14. Security Teams, want a “seat-at-the-table”, become a servant to other people at the table
  15. Never ever be afraid to call the Ethics Line, they are an amazing group of people.  I had my challenges with some of their answers over 28 years of calling/writing, but I respected them more than any other group.
  16. Domestic and International culture should be the first class for all security newbies and renewed every year.
  17. The size of the pie chart for supplier risk is the number of suppliers that increase your risk, not just the number you have under contract or pay directly.
  18. Start measuring security until it scares you, I gifted you a book as a starting point, read the head fake, it was written to make your organization better.  If the senior leadership and board aren’t REALLY freaking out about security, you have failed in your metrics program.  Stop measuring by stupid business unit names, measuring by org chart names, business units NEVER funded or fixed a security problem, HUMANS did
  19. Supplier Security Questionnaires are answered with answers that:  What the Supplier BELIEVES is the answer, but hasn’t verified it OR What the Supplier wants you to hear/read to hopefully “move on”.  Stop using these things, just show up and ask GREAT questions.
  20. Risk Assessment – If you aren’t doing the ENTIRE formula a risk assessment, STOP calling it that
  21. Security vendors/suppliers/manufacturers rarely have carrier-class solutions, some barely have enterprise-class solutions.  Some will want to learn from you, some won’t and still make horrible claims and people will still buy.  Be tough on security vendor’s marketing departments!
  22. Care (Thank you Susan Menaker)
  23. Have Fun, Leave a “calling card” – TIAT, Kilroy Was Here, Lab Attack

Articles:


Real Estate Agent Safety Recommendations

If there is a basement or crawl space, don’t follow unless you have a second person with YOU

Only do Day Light Showings

Let the customer/client go in front first

If there is a screen/glass door, leave the solid door open

Trust But Verify Indentity of customer/client

Discard any collected personal information as soon as you no longer need it. If you don’t need it on or after closing, delete it before hand

Do your research on the client / house / location / crime using government and social media websites

Share your location with a co-worker/spouse

Set up and learn Emergency SOS on your phone

Equip yourself via Mace/Go Bag and firearm is that is authorized and your fancy

Meet with client / customer in public place before heading to showings

2 is one and 1 is none – two flashlights

Video a showing if allowed and needed

Make sure you phone is fully charge before showing

Set up a distress code word with several people in your contact list

PSA Alarm and know how to trigger the house alarm

Look for an Exit Strategy when you enter the home

Watch out for theft of property


Information Security for Travelers

In no particular order:

1. Assume your electronic devices (and their subsequent data) will be taken at Customs and Border Patrol or other places, in certain countries – Take one-time use/burner / wiped phone, tablet, laptops and only take what you need to know

2. Assume your hotel and transportation environment has people recording you for human intelligence, espionage, or other information-gathering goals – Watch your volume and your topics

3. Assume where you sit in a restaurant, the table/booth beside you has a nefarious interest in what you are saying – Watch your volume and your topics

4. Assume photos you are taking will be copied, reviewed, and/or deleted

5. For SOME people the more they drink adult beverages the more they leak….information – Think Before You Speak If You Drink

6. That fancy computer watch is an easy target and imagine the information on it – Go to Walmart and get yourself a Snoopy or Mickey / Minnie Mouse Watch

7. If you can afford/arrange it, internal company conference rooms should have a TSCM sweep done by a vetted professional before your meetings

8. Assume that the USB charging port and Wifi connection is “drinking your data”

9. Helpful humans that you didn’t personally arrange for, are helpful and they might help themselves….to your stuff

10. Your safety/security is WAY more important than your information

Disclaimers