In this interview with Chuck Harold at ISC West 2022, Mohammed Shehzad of Atriade discusses a fundamental shift in the physical security industry toward identity-based protection and situational awareness. Modern security must move beyond traditional perimeters to create frictionless user experiences that align with corporate culture.
They discuss the need for security professionals to speak the language of business to secure c-suite approval for sophisticated investments. Shehzad notes that the COVID-19 pandemic served as a catalyst, elevating the profile of security departments by linking their operations to employee wellness and data-driven risk mitigation. Integrating security with operational efficiency ensures that safety measures support rather than hinder the modern workspace.
The following is the full transcript of the interview between Chuck Harold of securitytv.com and Mohammed Shehzad from Atriade, conducted at ISC West 2022.
Hi everybody, welcome back to ISC West 2022, securityitv.com at the Atriade security booth. My next guest is Mohammed Shehzad with atriade.com. Mohammed, welcome to the show, my friend. Tell our audience what do you guys do?
We’re a security consulting firm. System design, risk assessments, project management, construction administration, professional services—all of the above.
Security is really kind of owned by the IT guys. Can you distinguish between physical and logical security for me? Are you doing both?
We are mostly focused on physical security and electronic security, not logical.
: Let’s talk about disruption. It’s my favorite word in the business because innovation and disruption kind of go hand in hand. You might have something that’s innovative, but it won’t be disruptive because people say they’re not going to do that. 20 years ago, if you said you’re going to have robots, people would say you’re crazy, and now they’re here. Tell me what disruption means to you on the consulting side.
From our lens, the industry is due for a fundamental shift in thinking and rethinking how it approaches risk. Disruption is a different way of approaching physical spaces—not so much focused on the door and the perimeter (though those are part of it) but focusing on the identity and the situational awareness of that identity. That is the best way to think about it and the real disruptive way of changing things the way we do today.
What are the catalysts behind trends? What are the driving trends? What are your customers saying?
One of the biggest trends is: how can I create a frictionless, seamless experience around my workspace? I am not so much focused on vulnerable identities. How can I create real situational awareness of where my high-value assets are and if certain people are supposed to be in a certain area? I want to have a general level of security, but I want to focus on where my high-risk areas and operational risks are. The conversation around identity tied to operational risk is where people are driving that trend.
We got the old 3D model from the 70s: detect, deter, delay (sometimes people put in deny). Are we getting back to basics now? Are people saying, “All that fancy stuff, let’s just make something that works and is sustainable”?
I think that still applies, but you can change the mentality around identity. You’re not getting rid of the perimeter, but if you start really focusing on who is supposed to be where—because at the end of the day, that’s what we’re all in the business of. Somebody who shouldn’t be in my space shouldn’t be in my space. If we’re able to focus on that, I would add proactive awareness to detect, deter, and delay. Before that person gets there, or as they start approaching an area that I don’t want them around, that’s when I really start to have intelligence and say: “Who is there? What are they doing? What’s their purpose?” Adding that level of intelligence around that identity. The other principles remain, but now you’re adding a layer of sophistication.
It’s intelligence detection. It’s not just a bell going off; what does it mean?
Exactly. If it means the guy is in my house, that’s different than if it means he is outside.
Very interesting. What are some of the risks in these challenges? Security’s always been driven by budgets. Even people that have money don’t want to spend the money. If they do spend the money, they want to do it their way, not your way, because they think they know better. I’ve done surveys where I say if you don’t do something, there’s going to be a shooter here, and they don’t listen. There wasn’t a shooter there, but there was one down the street. How do you drive this message home that it’s not about me guessing what’s going to happen, but giving you best practice so you can function and sustain safety?
That’s a really important aspect of our industry. The key is that you have to speak and understand the language of business. We have discovered that the C-suite is not going to say no to something if there is a thought-out, researched, identified solution that addresses their operational risk. That’s where I talk about disruption because that’s an operational business disruption we need to do.
Instead of simply saying, “I want to have this security solution because it makes things better,” why does it make things better? What does it do in your environment from a data standpoint? A data-driven analysis that speaks that business language. Our experience has been that we’ve been able to have the C-suite sign off on sophisticated, pricey solutions when other cheaper alternatives are available because they understood that it actually mitigates their risk. If you speak their language and understand their priorities, you will have a lot more success. They will know you’re doing the right things and your value proposition increases.
I was fortunate to work for two big studios and I got to present before C-suites a couple times. It’s a whole different game. Those guys—give me 30 seconds and I’ll make a decision. There’s always been a disconnect between security and the C-suite. The C-suite would say, “HR, you’re in charge of security,” or “Facilities, you’re in charge”. I don’t know why a C-level guy wouldn’t want to pull security in to be one of the most important data centers to make decisions. It’s still that disconnect, isn’t it?
Exactly. I don’t take the argument that it’s a cost center; that’s old. Is it because there’s not an understanding of what we do as security practitioners? It’s unique, but it’s not magic.
It’s not the business. They’re not making widgets, but we help you make widgets.
I think it’s a little bit of both ways. They don’t understand the value proposition. They treat it as an operational unit, but it actually generates value from a risk standpoint. I also think that we as an industry don’t do a good job of speaking the language of business. If we’re not able to articulate what we bring to the table—how access control, video messaging, mass notification, and security officers reduce their specific risk and what it does to bring better customers, better employee experience, and better visitor experience—that’s where the disconnect comes in. Organizations where the two sit together and engage in what is the organization’s culture from an Executive Suite level… let me align myself with that culture. If they are an open, welcoming organization, let me find solutions that adapt to that. If they are a risk-averse organization, let me find solutions to that. Engaging with them and educating them where the security perspective comes in and how security can help them reduce that risk—once you start having that conversation, you end up having a seat at the C-suite.
I see a call before the CFO about my budgets because of the big security budgets. I used to write everything down in a spreadsheet: “Area is under live monitoring”. I feel safe; do you feel safer? One day I got a report from a meeting and I asked for help. He said, “What’s going on?” I said, “Of our 250,000 calls for service, 65 to 75 percent are for opening doors”. He says, “How much does it cost every time a guard opens the door?” I knew the answer: 125 dollars. He had Murdoch’s office send out a memo that says: “If you forget your keys, we’re not letting you in. You go home and if you’re late, you’re going to have a problem”. I didn’t have to open any doors anymore. I understood their language, which was cost. They understood my language, which was efficient, because those guys not getting into work on time is not good for broadcasting. It was a win-win. That was 20 years ago. Why aren’t we doing that now in an automated way where we just keep track of all this stuff? I guess it’s a different discipline that the security guys don’t have, but we’re getting better.
We’re getting there. That conversation has increased over the last two to three years. Even in this conference, I’ve seen people start to talk about how we really engage with the C-suite. The pandemic has allowed security organizations around all different companies to raise their profile from temperature checks, and people started seeing that value. One driving factor for this disruption and innovation is user experience. Corporate real estate is reimagining how to build buildings because it’s all about user experience for app developers and people returning to work.
The pandemic allowed security organizations to showcase to the C-suite that we are about health and wellness and not just locking floors down. It was a user experience-driven effort. Now there’s an opportunity to focus on how we develop, deploy, manage, and run security solutions that incorporate that user experience because that’s not going away. If we are in the process of locking things down in a way that’s going to disrupt that user experience, that’s once again going to create headwinds. But if we incorporate that, understand what it means, engage with the users, and still have proper security, there’s an opportunity for us to have a real presence in organizations.
Good stuff, Mohammed. At ISC West 2022 in beautiful Las Vegas. Thanks, my friend. Good to see you again.
What is changing in physical security strategy?
Physical security strategy is shifting from a primary focus on doors and perimeters toward identity and situational awareness. The focus is on understanding who is supposed to be where, what they are doing, and what their purpose is. This adds a layer of intelligence and sophistication while still keeping traditional principles such as detect, deter, and delay in place.
How does identity-based protection improve physical security?
Identity-based protection improves physical security by focusing on whether certain people are supposed to be in certain areas and by creating situational awareness around high-value assets, high-risk areas, and operational risks. It supports proactive awareness by helping organizations identify who is approaching an area, what they are doing, and whether they should be there before they reach that space.
How do you get c-suite approval for physical security investments?
C-suite approval depends on speaking the language of business and presenting a thought-out, researched, identified solution that addresses operational risk. A data-driven analysis helps explain why a security solution makes things better in a specific environment. When the solution is tied to risk mitigation and business priorities, organizations are more likely to approve sophisticated investments, even when cheaper alternatives are available.
Why is user experience important in physical security planning?
User experience is important because organizations want frictionless, seamless experiences around the workspace while still maintaining proper security. Security measures that disrupt that experience can create headwinds. Security planning is more effective when it aligns with organizational culture, supports employee and visitor experience, and incorporates user experience into how solutions are developed, deployed, managed, and run.
How did the pandemic change the role of security in organizations?
The pandemic raised the profile of security organizations by connecting security operations to health and wellness rather than only locking spaces down. It gave security teams an opportunity to show value to the c-suite through efforts such as temperature checks and broader workplace support. That shift created more opportunity to show how security can contribute to user experience and organizational presence.
About Atriade
Atriade is a trusted security consulting firm with decades of experience delivering tailored security solutions. We specialize in security system design for access control, perimeter protection, video surveillance, visitor management, and other advanced physical security technologies.
Our expertise also extends beyond system design to include security master planning, program development, risk assessments, professional services, and end-to-end project management.
For more than 20 years, we have partnered with Fortune 50 companies, Ivy League universities, and leading technology firms in Silicon Valley to help them navigate complex security challenges with a strategic, forward-thinking approach.
Visit us online at Atriade.com
Connect with us on LinkedIn
Subscribe to our LinkedIn Newsletter Take A Risk
- Categories:
- Security Operations
- Professional Services