Your browser version is outdated. We recommend that you update your browser to the latest version.

Hikvision

SIGN UP to Defsec  eNewsletters

Fields marked with * are required.

DEFSECmedia

DEFSEC Media is New Zealand's defence, security and fire B2B/B2G publishing group. Our leading magazines, Line of DefenceNZ Security and Fire NZ are read by key business, government and military decision makers and influencers. This website is the online home of cutting-edge content from each of our titles.

Itron

C-27J Spartan

INTERVIEW: State of the industry with RISQ New Zealand

NZ Security Magazine, Feb/Mar 2018

 

In this series NZSM talks to respected figures within New Zealand’s security industry to gain their perspectives on the big themes shaping the industry and impacting on those who work within it.

 

In this instalment of State of the Industry, we are fortunate to be joined by Risq New Zealand’s Managing Director, Bruce Couper, and Director, Charlie O'Donnell. With impressive career experience and credentials, both are very highly regarded figures within the security industry.

Established in 2007, Risq provides security risk consulting, investigations and training services in robbery safety and personal safety and conflict management.

 

NZSM: What do you see are the key challenges facing the security industry in New Zealand?

RISQ: Loss of identity: in the technology side of the industry, a lot of things that have historically been managed in the security portfolio are being taken over by IT or facilities or property management, and we think that’s due to a number of factors. One of these is a lack of trust or confidence that we have the right people, the right approach, and the right coverage of skills.

Technology provides a good example of this, because what we see in terms of organisations looking to put in large security systems that require a fair bit of grunt is that it’s the very security equipment that’s being put in that’s sometimes posing the biggest security threat on the network of the company involved.

There is a really strong case for having networked security systems on their own network separate to the company’s main network because of the back-end access vulnerabilities with IP Cameras, NVRS and other traditional IT interfaces being installed.

We also believe there is lack of appropriate training and learning at the entry and graduate levels – and that’s a massive challenge. The only real training that’s going on is mandatory training and little tiny pockets of other training, such as the CPP and PSP ASIS accreditations. The most CCP/PSP holders we ever had was around 20 years ago when about 50 out of about 80 to 100 ASIS members held one of these two qualifications.

We’d probably have less than that today. We’ve got a handful of people who have the Level 6 diploma, and then a very small handful have qualifications like the M.Sc. Otherwise, people are bringing across other business qualifications – which are really important – and other tertiary education.

The licensing regime waited 30 or 40 years to change, and brought us nothing apart from a 40-hour requirement for mandatory training for door controllers and security officers, but there is no other requirement for training.

Yes, we want more people on Level 2 and 3 and through to the Level 6 diploma in the manpower sector, but what about creating some appropriate training for those who come into the industry who already have a great capacity to learn – such as graduates from school or university or from other fields?

We think it’s a huge challenge for the industry if we don’t want to be left behind over the next 5-10 years.

The other challenge for the industry is to be taken seriously across a range of areas, stakeholders and businesses – particularly those working in security management roles. One of the big challenges there is because of the lack of knowledge that people in general business have about security risk and about what skills should be required of a Chief Security Officer.

The challenge is in proving what the real risks are and what the real benefits are of having a really comprehensive approach to security, and there are relatively few organisations in New Zealand who have a cohesive approach to managing all of their security risks.

Some of the banks do it, one or two other corporates do it but a lot of it is still very silo’ed. That’s a challenge, because it means they’re not necessarily getting the right results as they don’t have an overall approach to security risk – and mitigation is more of a reactive approach rather than proactive.

Maybe it’s because the industry doesn’t have representation at a high enough level both from a political and also a corporate perspective.

Regardless of who is the government of the day, it’s important that they understand what the risks are and how inherently important it is that there is a really, really strong security industry, in part because the Police no longer perform a number of the roles they used to. If you don’t have a strong and robust security industry made up of external providers and internal security managers and the like, then that’s a major issue.

The big consulting firms have got good reach and credibility, and the audit and accounting firms have some political sway – and they do some of the things that the security industry does for those people who can afford to pay their massive fees. But what about the companies of 10 or less staff that employ 90 percent of New Zealanders? Most of our employers are sadly lacking in their capacity to know how to secure themselves.

 

Enjoying this article? Consider a subscription to the print edition of NZ Security Magazine.

 

Bruce Couper, Risq New ZealandBruce Couper, Risq New Zealand

NZSM: Are we getting the skills we need into the industry?

RISQ: In many cases, no. It’s not seen as a profession in New Zealand at all despite the fact that it is in many other jurisdictions. We know from some of my visits to the States that they’ve had good uptake in relation to security being recognised as a profession. The expectation on people in reasonably senior security roles – not just in massive corporates – is that they possess a tertiary degree as well as other ASIS-type qualifications.

ASIS is a big driver over there, but money is another big driver, and litigation is a huge one. What it means is there is an expectation that people in security senior roles have a bachelor’s and often a master’s degree in something like public policy, law, criminology or HR or whatever, and they’re encouraged to do so because it’s an expectation of those roles.

Some of them come with that already, some of them are ex-military but a lot of people aren’t. They’ll often come from other management, legal or engineering backgrounds, and then learn about security as well.

Are we getting the right skills? No. What would make a massive difference in changing that is training at a higher level to bring people in, but also encouraging in people at the security management level, and to have more of a convergence with the IT security and properties professions because they tend to operate on their own – it needs to be coming together a bit more than it is.

The security industry, if it’s going to flourish – and we see this with integrators – it needs to be bringing in people who are very, very highly skilled IT professionals. How do we attract in the IT security people? Everything depends now so much on the IT aspect – and that’s the case right through all aspects of the security industry.

They don’t need to know anything about security from the start, but they need to know IT. IT skills are going to be invaluable to the growth and success of the security industry in New Zealand in the future.

 

NZSM: How has the industry changed over the past 5, 10, 15 years?

RISQ: There’s been some really significant changes. Because of all the well-publicised changes in health and safety legislation, it’s meant that many organisations are now starting to look at their security-related risks rather than just looking to buy security products.

Clients are becoming a lot more aware because of tragedies like Ashburton, the district court finding in respect to that, and of course the release of the PSR, which is a really good baseline document. The PSR are in line with what the really big corporates have been doing for years.

We’re getting requests all the time from people looking at their security and asking “how do we stack up against that? We’re this size of business and we’d like to aspire to being at the second or third level of PSR.” It’s something to hang their hat on that they didn’t previously have in New Zealand.

It’s still in its infancy, but we think it’s a positive for the industry. The PSR may apply to 34 government agencies, but we think it’s going to go a lot further than that, and we know that a lot of people we’re dealing with are wanting to use the PSR as a benchmark for themselves in managing their security risks.

Most security purchases made in this country are still product-driven rather than solutions-driven. Anyone who gets their security license to install or sell any security equipment also becomes a security consultant, so we’re in this unique position in New Zealand where – because of our licensing regime – we have thousands and thousands of security consultants – and most of them are sales people.

Because there’s no distinction like there is in say New South Wales or Victoria, where it’s incredibly hard to get a security consulting license – as it should be – what it means is that a lot of purchases are still made around products. And there’s an incredible plethora of products with new ones coming out all the time.

Charlie O'Donnell, Risq New ZealandCharlie O'Donnell, Risq New Zealand

There’s way more selection but often a mismatch. If there’s a mismatch between what the real risks are, what their needs are, and what they buy, that means a lot of money is being wasted by people who are buying security equipment – and sometimes services as well.

If anything, it hasn’t gotten any better and it’s probably gotten worse, partly because there’s just so much stuff out there imported and being sold by so many people.

Dealing with security situations requires a risk-based approach. What’s your risk appetite? What’s your tolerance? Who’s doing the risk analysis? Is it being updated annually? Once you know what all your risks are and what you’re prepared to accept, transfer or otherwise, and what you’re looking to mitigate and how, then you go to market and try to find the solution to match.

Anyone who is selling on commission – in fact any company today – can get a license as a security consultant, and so they’re out there saying that they’re giving the best advice. It’s a nonsense.

We also think that security industry IT design skills are not adequate to provide robust systems addressing outsider threats. Some of the products out there, because of the way they’re created, are actually being used to access people’s cameras externally – not because of any fault of the installer or the importer, but in manufacturing internationally there are back doors built into a lot of the product which are there either as the result of a design mistake or something designed for another purpose.

Because devices on a network have their own IP address, people find them, get a back door in, and start watching people’s cameras and doing things externally from any part of the world.

 

Part 2 of this interview will be featured in the April/May issue of NZSM.

 

ALSO IN THE 'STATE OF THE INDUSTRY' SERIES

INTERVIEW: State of the industry with Andrew Thorburn

NZ Security Magazine, Dec 2017/Jan 2018

INTERVIEWS: State of the Industry with Michael Pepper and Tony Patmore

NZ Security Magazine, Oct/Nov 2017

 

Back to Security Industry

Share on Social Media

Follow us

f

Contact us

Phone: 022 366 3691

Email: nick@defsecmedia.co.nz   

© 2015. Defsec Media Limited. All Rights Reserved.

OUR PARTNERS

Advertise     

Subscribe 

Contribute

OUR MAGAZINES

Line of Defence     

Fire NZ     

NZ Security

OUR COMMUNITY

Linkedin

Twitter

Facebook