Specifically Speaking with Mark M. Hankewycz, CPP

What's your title and role at the company?

I'm the president and principal of M2H Protection, a small security and technology consulting firm located in Frederick, Md. I manage the day-to-day security and technology consulting activities. M2H is a service disabled veteran owned small business and our business is mainly focused on working with architects and engineers on new construction and renovations. While our core business is in the mid-Atlantic, our customers take us all over the globe.

What kinds of systems do you design/specify and what services does the company provide?

In terms of technical security, our background stems from government and military security applications, which are broad and deep in terms of security. Every day we design and specify access controls, video management, intercommunications, interior intrusion detection, and electrified door hardware. Often, we also design and specify perimeter intrusion detection systems, programmable logic controls, physical security management systems, cyber controls and command and control centers.

Since my technical background started as an integrator, we are also involved in developing special systems such as notification systems and developing new telecommunications infrastructure. So, we like to think we cover a broad and deep area of design and specification in security consulting. While our firm specializes in technical security, we commonly start our projects with some type of assessment. The assessment will be much more broad than technical security focusing on the general security environment (CPTED, planned operations and those threats and hazards, etc.), which often helps us hone-in the customer and project needs. Often these needs spread to other team members to help solve (blast, ballistics, force entry protection, CPTED, etc.). That element of our services is perhaps different, where we look at the security needs as a multi-disciplinary problem vs. simply technology.

Lastly, at certain times we are asked by customers to write publications and standards, perform audits, and develop master plans for their organization.

What vertical markets does the company specialize in?

M2H Protection's verticals are really focused on our specialty of high-end security projects that require a security consultant who is able to look at security risks and understand the security needs. So, our offering runs across various verticals, and is not really limited. However, we do seem to focus on federal, municipal, high-end commercial, cultural properties, public safety and financial projects.

How did you get started in security and designing/specifying?

I started my security career in the U.S. Army as an MP. When coming back from a deployment, I was given an opportunity to go to a specialized school. My choices were traffic investigations or physical security. My mentor, a sergeant major, strongly encouraged me to pursue physical security. I attended the course and learned a considerable amount, everything from proactive physical security vs. police work, how conventional physical security is based on the 4 D's, and CPTED; how to conduct risk assessments, differences between codes, regulations, standards, policies and procedures. This really hooked me on the profession.

I worked as a physical security inspector for a couple years. When I decided to leave the U.S. Army, I was given opportunities pursuing police and security careers. I decided the security field was right for me. The next stop for me was security force management. I worked at various security sites (Fannie Mae, International Monetary Fund) as an officer to site manager. While at the IMF, I ran into an Army friend, Mark Laude, managing a technical security upgrade for one of the facilities I inspected while in the Army. Mark decided to transition from the IMF to a system integration company working directly with the Center of Excellence for Electronic Security at the U.S. Army Corps of Engineers in Huntsville, Ala. Mark gave me an opportunity to join him and I did.

For the next four years, I traveled to CONUS and OCONUS locations implementing electronic security systems. Most of my technical security systems expertise was gained during this period. I owe this to Mark and others who helped me gain the knowledge I have today. In 2002, I was looking to slow down a bit and found a consulting opportunity working for a renowned consulting firm, Gage Babcock & Associates. There, my consulting career started.

In my later years, as a senior manager I found myself involved more in business dealings and getting further away from the actual security practice. It was then I decided to open M2H Protection (Mark Michael Hankewycz). Current day, I still deal with business operations, but I also manage and put my personal mark on every project we do. I simply love what I do! 

Can you talk about what new or emerging technologies you are seeing or specifying today?

For 30 years now, we've seen a lot in terms of technology development, from analog to IP cameras, VCRs to cloud, and so on. For me, it's the careful evaluation of technologies before they are used. That evaluation is a risky decision for every project. In terms of new and emerging technologies, here is my short list:

Analytics: Use of data across multiple platforms can serve many purposes in security. Crunching that data is perhaps the toughest piece separating good data from junk. In the coming years, analytics through artificial intelligence will help refine how we use data and come to solve challenging security problems. Many of us don't see this in action, but look closely at incidents today, and you'll see analytics, and even AI is a crucial part in solving the who, what, where, when, how and sometimes why.

SaaS: We've seen a lot of development in the SaaS environment. Where systems across an enterprise are becoming difficult to manage (software, firmware, configurations, resiliency, cyber security, etc.), owners are moving to a service for managing their infrastructure. We've seen just about every vertical market deal with this challenge and today see them moving to the SaaS. I'm always weary about handing the keys of the kingdom to a third party. It goes without saying that the SaaS may be a good solution for some, but there is always the need to understand junk-in-junk-out, and the need for internal and third-party audits.

Cybersecurity: Understanding risks of security system exposure, particularly on high-risk facilities (museums, financial institutions, etc.). I talk more on this subject below.

What is your view on the industry moving forward?

When entering security in the 1990s it was fairly broad and deep. Today, it's even broader and deeper. Moving forward, it will become more complex. New developments like SaaS, Cloud, and Virtualizing or just simple convergence; security professionals (consultants, integrators and manufacturers) need to constantly stay up on technology and work together as resources for each to conquer challenges.

Perhaps the biggest challenge (blessing as well) we see today is convergence. While it solves many issues (costs, simpler integration, etc.), it also increased concerns relating to cybersecurity. The converged system today requires a team of savvy technology folks to become involved. As we learn of a cyber vulnerability then fix it, the next day there is new one. No matter what measures are developed, a converged system is perhaps the greatest vulnerability today and for the near future.

Security of infrastructure continues to be challenging and will be challenging until strong software and systems engineering has mastered cybersecurity. Before then (perhaps 10-20 years from now), cybersecurity will be a constant issue for us all. Because of that, I, as with other consultants, have those customers that still operate in an un-converged environment or have minimized their converged footprint to manage the cyber exposure. These customers have high-risk assets (high value, mission essential, etc.). They found that the risk is too extreme and will not converge. They will only converge when absolutely necessary. When they do converge, they apply strict features and manage and audit them regularly.

Beyond convergence, we will, as currently demonstrated, see new technologies catch the bad guy (or gal) and provide huge benefits for the costs of ownership. These technologies will be integrated with other systems (networks, social media, etc.) and use those data points to correlate and connect the dots that were not there or obvious to us before. Artificial intelligence and advancing analytics will help solve a variety of security concerns. For instance, we are finding and apprehending terrorists before their acts of violence, and if not before the act, we find them quickly in-the-act or directly after. Hopefully, the near future will thwart the most devastating acts we face, the active shooter. How? Well, a converged and complex system likely using analytics and AI will—it's already helping on these fronts. Of course, there is a lot of development in front of us.