In this interview with Chuck Harold at ISC West 2023, Mohammed Shehzad of Atriade discusses the evolving role of business intelligence within the modern security sector. He explains how security consulting has shifted from simple physical guarding toward a sophisticated, engineering-based approach that leverages operational data.
By analyzing metrics like occupancy trends and equipment usage, organizations can create measurable value and significantly reduce overhead costs. Shehzad emphasizes that successful implementation requires cross-collaboration between departments to ensure data is used strategically rather than just as a massive, overwhelming output. He highlights that the most effective best practices involve identifying specific “pain points” and creating a feedback loop to verify that data insights lead to improved efficiency. Ultimately, the discussion underscores how emerging technologies and diverse data sources are transforming security into a vital, intelligence-driven business operation.
The following is the full transcript of the interview between Chuck Harold of securitytv.com and Mohammed Shehzad from Atriade, conducted at ISC West 2023.
Hi everybody, welcome back to ISC West 2023. Chuck Harold of securitytv.com at the Atriade security booth. All right, now today’s topic is the role of business intelligence in today’s security portfolio. Tell us what you do.
We are a security consulting firm. We provide security master planning, programming, system design assessment, managed services, and project management services.
And this is high-end stuff. This is not “you need five guards over here.” It’s kind of an intellectual property analysis, really.
Yeah, you know, you’re looking at an entire program portfolio as governance—that’s operations, that’s how to manage and run your entire security technical assets program, physical assets program. So we look at everything very—it reminds me of engineering, almost an engineering firm, right? In a way, yeah.
With layers, operational layers added. Yeah, very good. All right, now let’s talk about how data can help manage security programs more effectively. I remember we talked a couple of years ago; this wasn’t a new thing. But now, all of a sudden, everybody will come and say, “Oh, you mean if I know how many people it takes to open up a door and how much it costs, I can save money?” Why were we not doing that 20 years ago?
We could have. It wasn’t automated; it was hard work. Right? It was hard work; it was manual. It’s also: how do you create the right business drivers behind it? You know, data is available; it’s on all the systems that we have, but it has to make sense for your business operation. I think that’s where the biggest struggle was: how do I take this data, how do I take all the information that I have—not just from security, but from operational data, lighting, occupancy movement, traffic?
Things we really hadn’t thought about.
Exactly. And how do I start putting that together to create an operational model? Because security, at the end of it, is an operational [model]. That’s right. And I think that’s what was missing also. It was not around in most industries—the way we’re starting to analyze data and operationalize data wasn’t really the norm. Security has always had the most of the data problems in a lot of ways because we touch all the aspects of the business.
Yeah, I’ll tell you a funny story. I used to do this back in the day at Fox 20 years ago. I’d add up everything in spreadsheets and I found out by dividing and multiplying, blah blah blah, it cost me $125 every time a guard opened up a door. So the CFO calls me up and says, “What?” and Mr. Murdoch said, “If you lose your keys and don’t bring them to work, we’re not opening the door,” and I saved hundreds of thousands of dollars.
Exactly. And that’s the benefit here, right?
Are we finding—and you’re the guy to know—that the industry is catching on to this and running to you now saying, “Wow, I wish I did this 10 years ago”? Are they more self-aware of the value?
I think it’s definitely getting there. It’s on both sides of the equation. It’s: when I’m developing a program, how can data help me create the right businesses and a right value driver? But on the back end, how can it help me run the operation better? The opportunity is there in order to be able to utilize a lot of different data points and to collaborate with other functional groups to say, “Okay, this is A plus B equals C, therefore I’m going to either lock doors, open doors when you’re scheduling, whether it’s lighting, whether it’s HVAC data.” How am I going to handle my alarms if, you know, temperature spikes are happening in one area? That means that there is going to be a bigger concern, so I need to either have to be stationed there or look at something.
All those factors start to play in, but there’s still challenges behind it because it still requires a pretty high level of cross-collaboration. It also requires, from a security industry standpoint, how am I providing the data as a vendor, or what it looks like in the output that people understand.
Yeah, you can use—or can use effectively.
So those are some of the… we can speak about a little bit more detail. Those are some of the challenges that, you know, end users and practitioners have to kind of come over. It still requires people’s touch, and it still requires: what type of data am I getting? Am I getting inundated by it? Am I getting overwhelmed by it? Is it relevant to my particular use case? And that’s another answer to the earlier question—that if you just give a large amount of data and don’t know what to do with it, and there are multiple use cases behind it that don’t apply to you, people are going to tend to stop using it.
That’s right. I don’t understand it; not sustainable.
That’s right.
You made an interesting comment about the cross—what was the word you used? Cross-collaboration?
Collaboration.
And I’m going to use the studio as a model because that’s something I was familiar with. It’s a city under itself. And if I took my security data from the broadcast center and I went to the lighting department and I said, “I need to know how many people come in and out of here,” they’d say, “Nope, because we’re a union shop and you can’t use my door controls for access.” It was daunting to try and get people to cooperate. Do you help drive that process as a concern? Can you kind of break through some of those barriers?
Because we’re a third party, not only are we third parties, the approach has to be different, right? If you try to do this at a tactical level, it can work, but it has to be organized and collaborated both at the tactical and strategic level. Right? So what my business case driver is, why am I using this data to operationalize what I have to be sensitive to. There’s a certain reason I have to be sensitive to some other security or operational need as to why they’re doing it.
So it has to be understood at the executive or leadership level as to why we’re embarking on this journey, and then also tactical relationships have to be developed in order to gain the trust that I am not after your card access data. I’m after anonymized traffic movement, right? So I can train certain aspects of the building operation, security operation.
So I think that a lot of that gets lost in translation because I’m showing up as security and just saying, “Give me your security data.” You’d get pushed back. But if I have articulated the business case as to how it’s a business [decision] and also it’s not about an individual but about a generalized pattern, then it really becomes a more effective [conversation].
Well, and the output—it’s brilliant when they see the output. They go, “Let’s do it again.”
Yeah, exactly, because if you hit it right, they’re going to keep coming back.
Exactly. Now, what are the best practices we can use to provide the correct business intelligence tools? Business intelligence is a little different from data analysis.
Yes, exactly. So, you know, for me it is really looking at the functional operational use cases. What is it that we’re trying to solve? Not just “I’m going to give you a massive amount of data on the back end,” but also a business intelligence tool: “If you do this, this pattern arises, this action can happen.” That’s nice, but if you don’t do a functional discovery as to what are the specific pain points of your customer—or if the customer doesn’t do that functional discovery—then they are overwhelmed by that business. Either it’s going to create a sense of false security like it’s just automated, just happening at the back end, or it’s just not going to give you the right information.
So the challenge to overcoming—the best practices—is to go specifically purpose-driven. These are the use cases we’re trying to solve, these are the functional pain points we’re trying to solve. Now let’s figure out which data is going to help us.
That could be card access data; that could be a business intelligence tool that’s deciding and learning in the back end the behavior patterns of movements or actions or alarms that are coming in. So that combination really has to be not just “I have just deployed this mass intelligent system that’s going to do everything for me,” because it won’t give you the desired results.
Everybody’s pain point is different, everybody’s requirements are different. So really, one of the best practices is, first of all, identify what you’re looking for. That may not be 55 things; that may be three things. Let’s start there. Once you’ve started there, now let’s analyze that. So once the business intelligence tool is in place, how’s it… now let’s use that on the back end with data metrics. Is it actually achieving what we thought it was going to achieve? Is it actually creating a more efficient environment or not, or whatever the end goal objective is? So set the goal, set the objective, create a feedback loop, make sure that the data correlates that this business intelligence tool is actually helping us do what we want to do.
And then also drive from it: what are the benefits, and now what can we do with it? Can we take that to the next level? Can we add more use cases to it? Can we bring additional stakeholders into it? So that would be the common best practice: to be able to kind of start systematically, start specifically, address the pain point, show success factors, and then create a very robust feedback loop.
The only reason—one reason I like talking to you—is because you pair these two words together, three words that I never heard put together before, and they make brilliant sense. Describe what you’re talking about… here’s a challenge for you, challenge question: are you finding as a practitioner that you’re surprised by some new data sources that you hadn’t thought about before?
Here’s an example: had a power company down here, does most of the power supplies, right? They’re taking power and translating it into data. How long has that door lock been on? With the power, it means the guy could be dead in the bathroom. Right? Are you finding new things? “Oh hey, there’s a new data source for us.”
You’re finding data sources in the number of tire movements across the asphalt, yeah, a number of unbelievable numbers of raindrops that are falling on a glass pane. It’s incredible what you can drive from it. And you know, that’s where IoT and all those things are just incredible.
Every now and then there is a unique application behind it where they’re using interesting data points on our phones and the amount of data that’s collected and pattern [data]. And you know, like really, it’s not just even location but number of clicks, number of touches, number of frequency, keystroke patterns. So there’s all kinds of interesting things that are happening. And once again, once ChatGPT takes over and analyzes that in three seconds, we’re going to go, “What the hell’s going on…”
Exactly right. I’m reminded of when I was a police officer. One thing that most people don’t realize is that you need evidence to convict people, right, beyond a reasonable doubt? But guess what? Lack of evidence is evidence.
Yep.
You mean there were no records on your phone, but you use it 24 hours a day? That means something. Right. Do you find that lack of evidence sometimes comes into play?
Lack of data? Oh, absolutely. In your analysis, that’s interesting. And again, it goes back to functional use cases, right? If some activity is supposed to happen and it’s no longer happening there, now—whatever that use case is, occupancy versus if people are there or whether they’re supposed to be there or not—it could also be just a fault. Very simple: the system broke.
So now the business intelligence tool is analyzing that, saying, “Hey, wait a minute, there’s supposed to be traffic. The scheduling system is indicating this is what’s going to happen in this particular hall, but none of that has happened. What’s happening?” Maybe there is a change in your schedule, maybe a manual override, maybe the event didn’t happen, maybe everything is going on, and then there’s the senses—maybe ChatGPT took over.
Yeah, exactly. Well, Mohammed, always good talking to you. Super smart guy. I know that because I’ve interviewed hundreds of thousands of people in my career. He’s the real deal. Give them a call, give us your website one more time.
What data can be used to operationalize security?
Operationalizing security can involve data from security systems as well as operational data such as lighting, occupancy movement, traffic, HVAC data, alarm activity, and scheduling-related information. The key is that the data must make sense for the business operation. The goal is not simply to collect information, but to put it together in a way that helps create an operational model.
Why is collaboration important when using business intelligence in security?
Using business intelligence in security requires collaboration with other functional groups and must be organized at both the tactical and strategic level. It also needs to be understood at the executive or leadership level why the organization is using the data to operationalize the business. Tactical relationships are needed so teams understand the effort is focused on business use and generalized patterns, not individual data requests.
What are the best practices for using business intelligence tools in security?
Best practices begin with identifying the functional operational use cases and the specific pain points being addressed. From there, the organization should determine which data will help solve those issues, set the goal and objective, and create a feedback loop. The feedback loop is used to confirm whether the business intelligence tool is achieving the intended result and creating a more efficient environment.
Why can too much data reduce the effectiveness of a business intelligence effort?
A large amount of data can become ineffective when people do not know what to do with it or when the use cases behind it do not apply to the organization. In that situation, people tend to stop using it. A business intelligence effort works better when it is purpose-driven, tied to specific use cases, and focused on the data that is relevant to the particular business need.
About Atriade
Atriade is a trusted security consulting firm with decades of experience delivering tailored security solutions. We specialize in security system design for access control, perimeter protection, video surveillance, visitor management, and other advanced physical security technologies.
Our expertise also extends beyond system design to include security master planning, program development, risk assessments, professional services, and end-to-end project management.
For more than 20 years, we have partnered with Fortune 50 companies, Ivy League universities, and leading technology firms in Silicon Valley to help them navigate complex security challenges with a strategic, forward-thinking approach.
Visit us online at Atriade.com
Connect with us on LinkedIn
Subscribe to our LinkedIn Newsletter Take A Risk
- Categories:
- Security Operations
- Professional Services