Welcome to Evidence Informed Security
Evidence Informed Security | Public Sector | Human Flourishing
What?
I didn’t know how to do security. Somedays I’m not sure if I do today. I’m a naval officer by trade, but I’ve been thrust into the world of public sector corporate security because my stomach doesn’t agree with sailing the seven seas.
A few years ago, I was appointed to my position and asked to reset and rebuild the security program. Let me straight with you. It was bumpy at first. Top-down leadership and compliance-based security worked well in the armed forces, but not in this prairie based governmental organization. When what I knew failed, here’s what I did.
I talked to everyone. Professional associations. Mentors. Government colleagues. Random people on LinkedIn. Academics. Vendors. Non-security colleagues. Especially, non-security colleagues.
These folks became my friends. They became my ‘go-to’ source when I faced a new challenge. I learned that there is great work being done across the globe. But one place where there is particularly clever work happening is the academy.
Think about it. At any given moment, there are both professionals and scholars working to provide solutions to shared problems. Yet, based purely on my experience in talking with professionals, it seems to me that there is a gap between the professionals and the academics.
For some strange reason (actually a few reasons come to mind), the work of academics sits slightly out of reach. Really unfortunate! At the same time, the entrepreneur inside of me thinks that this is really fortunate as I have found a way to give back to my friends who helped me as I built my first security program.
So what?
I’m not a PhD. Let’s be clear. My name is Shawn and I’m a researching security professional in the public sector. I have obtained a few designations from ASIS International, like the CPP and PSP, and I am a student in the Master of Science in Security and Risk Management program at the University of Leicester.
On this Substack, my goal is to mobilize what I learn in security, explore, and reflect on new ideas and challenges, and bring the clever work of the academy to professionals.
Here are a few things that I’m working on:
how does security contribute to human flourishing?
can enterprise security risk management (ESRM) work in the governmental sector?
why do business continuity plans never seem helpful?
how can we leverage crime science to reduce incidents in the corporate world?
how can we professionalize security? Do we need to?
why do we have both Chief Security Officers (CSO) and Chief Information Security Officers (CISO)?
what’s happening with cyber-physical convergence and how does ESRM fit into it?
why do security risk assessments seem so subjective?
how can we leverage SARA, PANDA, or 5 I’s in our programs? And how can they help us improve our evaluations?
We all have opinions on the above questions. But I want to take an evidence informed approach. I want to celebrate the brilliant work that academics are doing. I want to do evidence informed security.
Now what?
Every month, I will release one post. They will consist of inquiries into a given topic and structured using HSD’s Adaptive Action Framework: What? So what? Now what?1 I find this framework to be helpful in exploring a topic, understanding why we should care, and then proposing a few next steps on how to implement this in your security programs.
They will also consist of perspectives on a given topic, followed by a discussion thread. This will help create a community whereby I can hear from you. This will be structured as follows:
what is the perspective?
what do I like about this perspective?
what is my perspective?
Finally, I will include guest posts. This is an opportunity to hear directly from the academy about what they are working on in plain language.
See you in January 2025!
Shawn
Human Systems Dynamics Institute. “Adaptive Action.” Accessed December 22, 2024. https://www.hsdinstitute.org/resources/adaptive-action.html.