AU Blogspot

                  Thanks to andreashelke for permission to use this Photo. 

I’m in the middle of working on a very large security project. As a security professional, I am expected to outline a schedule (delivery of work) and a price per job or hour to my client based on their scope of work. This isn’t an easy thing to do. You can often underestimate time and end up losing money. There are several books available on security consulting and estimating—my recommended place to start is www.asisonline.org.

Some areas are restricted to members, but there are other areas open to anyone, such as the bookstore.  I will put out a realistic time schedule based on my workload and usually use an hourly rate.  You lose less money by having an hourly rates, but be very careful in documenting actual time spent on a project, section by section.  Set up an invoicing schedule, too.  I recommend setting up one for every week or every other week.  The income keeps income coming in, even if on a 30 day pay on invoice.

Now, for the actual job.  I can not detail the exact work, but it’s a complete physical security plan for IT/information systems and for physical security of buildings/holdings.  Part I is already completed and was completed early and significantly under budget. The customer loves this aspect, as the exact amount of time and money was very much unknown at the start of the project. 

How did I do it? 

I didn’t reinvent the wheel, that’s what. 

I belong to ASIS and utilized the resources available through my professional organization to see what open source material was already available.  I then added my expertise to these resources to create a viable program for the client.  This “open” approach to research and planning saved us both time and money.

The second part of this project will nearly be developed ”from scratch.”  Research has shown that this particular physical security plan has been done in small areas, but not comprehensively.  Consequently, I’ll be responsible for developing a plan on a comprehensive scale, which will require a more time intensive effort on my part.  Once again, I’ll consult ASIS is consulted for resources for this particular specialty field, contact other members for input, and embark on tours of similar facilities to gain a firsthand perspective of the unique security issues I’ll be addressing.

Just as in the security management course I teach here at Ashworth University; I utilize the criticality, vulnerability, risk assessment and LAYER security from the inside out—making sure that my goal is to protect people first, then information and property. If you are graduating and getting your first job, or starting out as a consultant, remember that experience is your number one asset.  Don’t worry if you don’t have a lot of experience right now.  You’ll build up to that over time.

For starters, I encourage you to begin developing relationships with working security professionals.  It’s also a good idea to make contacts in specialialty fields, as their knowledge and expertise will prove to be invaluable resources to you in the future.  

I’ll be sure to write a follow up blog when the second part of the project is finished. Once fielded, perhaps my client will allow me to disclose what it’s all about!

Terry Cochran, CPP, CAS 
Security Management Instructor
Ashworth University School Of Legal Studies

This entry was posted on Monday, June 2nd, 2008 at 7:30 am and is filed under Security, Security Management, Careers, Special Interest. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.