Address to Austin computer security group, DefCon 512, on June 6, 2013 to explain physical security. Talk included examples of failure points and failure modes as well as standards for good security as constant improvement.

1. Physical Security for Data Centers
By Michael E. Marotta, BS MA
Website at CSI: Flint (2011) here.
BS in Criminology Administration, Summa cum Laude, Eastern Michigan
University, 2008.
MA in Social Science, Eastern Michigan University, 2010.

2. Our society holds security guards in low esteem

3. Our society holds security guards in low esteem

4. As computer professionals, we know that nerds are funny.

5. But tech mythology has its upside
of seriousness, depth, and drama

6. Nothing like this in common culture exists for private security.

7. But was not always so. Before SWAT teams and “law and order”
politics of the Nixon Era, private security was the default mode.

8. America fought
a two-front war
involving
rockets and
atomic bombs,
and still, Roy
Rogers played
an insurance
investigator, not
a sheriff or
marshall.

9. Some of the 36 Security Guards Who Died
in the 911 Attacks on the Twin Towers
Patrick Adams – 60, Security officer, Fuji Bank
Andrew J. Bailey – 29, Security supervisor, Marsh & McLennan
Lawrence F. Boisseau – 36,, Fire safety director, OCS Security
Francisco Bourdier – 40, Security guard, Deutsche Bank
Denease Conley - 43, Summit Security
Philip Thomas Hayes - 67, Fire safety director, OCS Security
Ronald Hoerner – 58, Security manager, Summit Security Services
Mohammed Jawara - MAS Security
Barry Kirschbaum – 53, Security manager, Marsh & McLennan
Anthony Luparello Jr., 63, Security guard, American Building Maintenance
Sara Manley - 31, Senior security analyst, Fred Alger Management
John P. O'Neill – 50, Security, Silverstein Partners
Alexander Ortiz - Security guard, Grubb & Ellis Inc
Rick Rescorla - 62, head of security for Morgan Stanley Dean Witter

10. "The nine most terrifying words
in the English language are:
'I'm from the government and
I'm here to help.'”
– Ronald Reagan

11. Last fall, Mayor Bloomberg
famously bragged, ”I have
my own army in the NYPD,
which is the seventh
biggest army in the world.”

12. The US Supreme Court has ruled –
“…it is not the duty of the police
to protect
the individual citizen…”
Warren v. District of Columbia,
444 A.2d 1 (D.C. App. 1981).

13. WHAT PRIVATE SECURITY DOES
• It is an axiom of economics that
businesses anticipate the future, while
governments exist to remediate the past.
• Private security prevents problems.
• We look forward.
• We anticipate problems.
• We look for profitable outcomes.

14. Site Assessment

15. Every site is unique. Every site is multi-use.

16. Guards on Patrol Inspect Infrastructure

17. Access Control
•Curbs
•Berms
•Hedges
•Gates
•Doors
•Lights
•Locks
•Motion Detectors
•Alarms
•Cameras
•Badge Readers

19. From the movie, Sneakers.
Two penetration red hats attack the front desk.

20. Carl’s argument heats up to keep the guard distracted.

21. With cake and balloons, the academic-looking guy insists on entry.

22. Now to steal the decryption chip. Lose the balloons. Briefcase is in the box.

23. “Those things are nearly impossible!”

24. There might be a way….

26. Needing to install tile under the door,
the workman slipped his screwdriver into the lock to open the door

27. Clear Zones

28. Keep a Clear Zone
Too often, facilities workers can ignore security demands because
security very often reports to facilities management.

29. To be effective, security needs
Independence and Autonomy
Contract security remains distinct from
other employees.
Recognition of professional status
Status and title appropriate to business,
rather than to the military.
C-level representation
(a CSO to work with the CIO and CFO)

30. The American Society for Industrial Security
is rebranded
“ASIS International”

31. Certified Protection Professional (CPP)®- demonstrated
knowledge and experience in all areas of security
management
Professional Certified Investigator (PCI)®- demonstrated
education and/or experience in the fields of case
management, evidence collection, and case presentation
Physical Security Professional (PSP)®- demonstrated
experience in physical security assessment, the
application, design and integration of physical security
systems, and implementation of physical security
measures

32. Protect her from herself?

33. Or her?

34. From them?

35. Disaster

36. Enemies are Everywhere

37. They have powerful friends

38. The best defense

39. Is only defense

40. Usually, defense loses to offense

41. PROACTIVE DEFENSE WINS

42. Concierge
Like Tony Stark, Barry Allen, and
Barbara Gordon, someone else is
under the suit coat.

43. The Uniform as Symbol
… a uniform is what you put on when you are deadly serious
and role-filling. A real uniform brings honor to the person
wearing it, and it marks that person as someone who performs
important impersonal and demanding tasks for the powerful …
There is a quasi-religious aspect to uniforms, suggesting that
the wearer is one who commonly engages in self-sacrifice and
risk-taking. … With so-called "suits," the number of buttons on
the sleeve and whether the shirt is buttoned-down … has
traditionally represented either seniority on the job or a sense of
superiority to everyone else ...
THE POLICE UNIFORM
by Prof.. Mark Stevens (USMC-Ret.)
http://faculty.ncwc.edu/mstevens/default.htm

45. Anywhere

46. Whatever the cause

47. Whatever the cost

48. Someone is there

49. To protect you

50. The End