Originally published on LinkedIn · June 2024. Covering what happened in May — my busiest month personally and professionally.
What I Was Up To in May
May was a full month. I deployed with Minuteman Disaster Response to assist with recovery efforts following the North Texas tornadoes. My role: sawyer. Chainsaw work in disaster zones is real, physical, and humbling. It is also exactly the kind of service I believe in.
On the technology side, I completed a significant migration from my old ISP hosting service to Cloudflare and Microsoft 365. If you have never migrated DNS, email, and hosted services simultaneously — it is quite a learning experience. Everything works now. We got there.
I also published an article on assessment scoping for The International CPTED Association, and launched the Converged Security Academy with a foundational course on entering the security field. This is a course I have taught for over ten years to military veterans and law enforcement professionals making the transition into private security. Getting it formalized and available is something I have wanted to do for a long time.
Leadership & Governance: The Industry-Specific Myth
Organizations frequently ask for “industry-specific” security solutions — healthcare security, financial services security, manufacturing security. My honest assessment: the differences between industries amount to less than 10% of the actual security work. The fundamentals of prevention, detection, and response do not change with the industry label. What changes is the regulatory environment, the specific assets at risk, and the vocabulary.
Security professionals who overcomplicate this distinction are often doing one of two things: justifying higher fees or avoiding the harder work of building a program that actually functions. Build the program. Adjust for the context. That is the formula.
Insider Threat: Still the Taboo Topic
Insider threat remains one of the most underdiscussed risks in organizational security. Leaders are reluctant to talk about it because the implication is that someone they hired, trained, and trusted is a threat vector. That discomfort is understandable. It is also dangerous.
Insider vulnerabilities and threats — whether malicious or simply negligent — have the potential to cause greater organizational damage than most natural disasters. They move at the speed of access, not the speed of a weather system. Organizations that refuse to address this topic have not solved the problem; they have simply stopped looking at it.
M&A Security: The Expanding Threat Picture
Mergers and acquisitions require comprehensive security, safety, and medical response planning from the first conversation to full integration. One area that has moved from “occasionally relevant” to “always relevant” is protest and civil unrest planning. Any transaction that is public-facing, involves workforce reductions, or touches a politically sensitive industry must include civil unrest in the threat model. This is no longer an edge case.
What I Help With
The solution areas I work in most frequently:
- Supply chain security and fraud prevention
- Physical security vulnerability discovery and assessment
- Executive protection program development and management
- Security operations center (SOC) design and oversight
- Crisis response management
- Training program development and delivery
- Gear and equipment selection for security operations
A Seat at the Table
Security professionals spend a lot of energy trying to earn organizational credibility. My argument: stop trying to justify security by connecting it to the business case alone. Connect it to the humans. The people your organization protects — employees, customers, community members — deserve to have someone in the room who is thinking about their safety and security at the leadership level.
Transparent metrics, honest resource conversations, and a clear articulation of what security actually does for the organization — that is what earns the seat. Not jargon. Not compliance theater.
People Worth Honoring
A personal note this month: I want to recognize Andy Shimberg, who mentored me in my early computer networking days. The professionals who invest in others early — before there is any professional benefit to doing so — are the ones who shape careers. Andy was that for me. Gratitude is not something to keep to yourself.