Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.
Issue link: http://sdi.epubxp.com/i/835749
June 2017 www.SecurityInfoWatch.com / Security Dealer & Integrator 31 SD&I;: How is the cyber awareness campaign moving along? Bozeman: e Cybersecurity Advi- sory Committee is very active and very aggressive – I am not afraid to admit that I have even had a few of our partners come up and say "enough already…you're driving me crazy, Bill! We get it!" at's how much we are pushing it, because we just feel it is so incredibly important. I don't think there are any PSA members who don't have a concern; who think that it is nonsense or that it is not going to impact them. We did surveys yesterday in some of our meet- ings, and when we asked which inte- grators were concerned about cyber- security, 100 percent said yes; so that part is finished, and we move on to the big challenge: How does PSA provide not only education, but products and services as well? at challenge is quite difficult, and actually our committee is not enough; so we are reaching out to other consultants and partners for assistance with the due diligence pro- cess – that's the next step. What makes cybersecurity product vetting different than physical security or A/V? (Cyber) is very different than the A/V market that PSA just expanded into. First of all, the A/V market is very sim- ilar to the security market, in that it is mature. ere are rules and regulations; there are channel management disci- plines. ose don't exist in the cyberse- curity market – it is still the Wild West. I saw the CEO of FireEye this morning on CNBC, and he said, "We still aren't making money, but we are doing better – we've only lost a billion." So the market needs to mature a bit. We are trying to use the same dynamics that we use for A/V and security, but we are probably going to have to loosen those standards up. You may see us partner with com- panies that haven't been in business for 20 years; that do not have a rock-solid balance sheet; that do not understand the channel. ere is no standard, which is part of the reason it has been such a challenge for us to provide products and services. ere are standards in physical secu- rity and professional A/V – we know who the solid companies are, we know who the rookies are, we know who the people who are just coming into the country and don't understand how it works…we know all that. Cybersecu- rity is not so easy. What is the goal of the vetting process? We are trying to find a play for the security integrators – not just to protect themselves and not just to protect their end-users, but to actually provide a product and service that they can profit from. at's our goal, but finding those products and services has been a bear. How exactly do you vet a cybersecurity product? It is nothing like a physical security product because the problem is, we really don't know enough ourselves to do it alone. Here's how it works: e PSA management team vets the busi- ness – and we have been kind of the deal-killers because we can't take a risk on a couple of young guys who went in the business 18 months ago, who don't have any money, can't pass a drug test, but have a real good idea. It's just too risky. We can also figure out the channel. We can say we really like the product but the way they want to go to market doesn't work with how PSA or our integrators work. So we have half of it covered – the other half is the box, or the soware, or the cloud delivery system. How does that work? Does somebody else have something twice as good at half the price? at's why we are putting this team together now of people who are in the field who can look at and test these products and potential services. What's the timeline for actually integrating the cybersecurity products and services into the PSA offering? I'm putting a lot of pressure on our internal team and the Cybersecurity Committee. We have three poten- tial partners who are all interested in working with us to help us do the vet- ting and the due diligence, so actu- ally I think we are getting pretty darn close. e problem with cybersecurity for a lot of vendors is that it's money out with nothing coming back. For the CEO of FireEye, things are great if they might be profitable next year – I don't have that luxury. at said, I am confident that we will have products and services. We have 170 vetted physical security prod- ucts and about 60 pro A/V products – we won't have that many in cyberse- curity. I'm hoping that we have five or six in different areas — we just have to find them. ■ The A/V market is very similar to the security market, in that it is mature. There are rules and regulations; there are channel management disciplines. Those don't exist in the cybersecurity market. It is still the Wild West," Bozeman says.