Specifically Speaking with Wael Lahoud

Director and principal consultant, Goldmark Security Consulting Inc. in Mississauga, Ontario
 - 
Wednesday, October 17, 2018

What kinds of systems do you design/specify and what services does the company provide?

At Goldmark Security Consulting Inc. we specialize in multi-domain security consulting and risk management advisory services. The domains include physical security, information security including cybersecurity, the convergence of physical and logical security and security management.

A few of the services we offer include:
•    Converged security assessments, planning and development services.
•    Security threat, risk, vulnerability assessment and analysis
•    Security master planning and design services
•    Security procurement, guidance and implementation services
•    Security project management
•    Best practice gap analysis
•    Advanced electronic and physical security technology consultancy services

What vertical markets does the company specialize in?

Our team of independent security consultants specialize in enterprise and large-scale security projects across several vertical markets including transportation, education, government, technology, insurance, energy, entertainment and retail to name a few.

Over the past few years, we had the privilege of working on various exciting and challenging projects for public and private organizations across Canada, and some of the most exciting projects we’ve been involved in are focused on the convergence of physical and information security, particularly cybersecurity.

We’ve been the driving force behind organizations embracing a modern approach to security and its convergence, helping them with bridging their security gaps, establishing current security programs, and managing their cross-functional security risks.

How did you get started in security and designing/specifying?

My curiosity to learn about computers, how they operate, and their potential led me to graduate with a bachelor of engineering in computer and communications engineering. After graduation, I’ve specialized in networks, information security and database design and administration. I then had the privilege of working on large organizations and government client projects designing their resilient, secure and critical enterprise networks and information security solutions.

I have made the shift to the security industry by pure luck where I’ve worked on the security integration side. I was tasked and tested to leverage my engineering background, networking, information technology and information security skills to provide unique and modern technical and physical security solutions that meet with the clients’ challenging security requirements. It all started by capturing, understanding and analyzing the various security needs and requirements for clients in high-risk environments. A challenge I took on and gained invaluable practical experience from was in designing, implementing, maintaining and supporting IP-based integrated and converged electronic security and physical security solutions. This included solutions covering diverse verticals, not limited to critical-infrastructure, transportation, entertainment, energy (oil and gas), education, finance, telecommunication, hospitality and others.

Whether working with physical barriers, baggage and passenger screening equipment, explosive detection equipment, integrated and converged electronic systems, security solutions, or developing programs processes and procedures, I remained aware of and current with the many operational, technical and business gaps between the physical and information security worlds, their potential risks to clients and their overall security programs.

After having served in numerous PS, IS, IT and security consulting positions working with physical and information security integrators, manufacturers, an A&E firm and one of the largest security firms in the world, and consulting on security technology, security management, risk and compliance, I continued to realize the continued trend of growing gaps in the approach to security programs and their convergence.

Particularly with the advancement of IP security technology, there are increasing risks of cybersecurity, social engineering, information sharing, and the disconnect between the various stages of identifying the needs, designing, selecting, specifying, procuring, implementing and managing security systems. These gaps when left uncovered and unaddressed, may negatively impact organizations and increase their exposure to security risks.

As a result, I established an independent cross-functional security consulting firm addressing security in a holistic approach. What distinguishes Goldmark Security Consulting is our ability to translate the many risk languages of cybersecurity, information security, physical security, and security management into one unified language, the bottom line, business risk.

Our design and specification approach to security is not solely an engineering approach but rather a holistic perspective to security risk management and organizational security needs. Our team of experts bring in their extensive and current knowledge, years of diverse hands-on experience in physical security, security management, IT, IS, OT, IoT and IIoT to provide effective solutions and mitigate security risks with the right converged security programs covering people, processes and technology.

Can you talk about what new or emerging technologies you are seeing or specifying today?

We see an increased level of maturity in areas of technologies that are not new. We are also excited to see AI moving from the cloud with accelerated machine learning technologies and programmable performance hardware providing the potential for effective security solutions and deep learning AI potential at the edge.

IoT, cloud computing, AI, 3D printing, robotics, AR and VR, and other technologies have been around for years and some are now mature and enterprise-ready. The higher adoption rates of cloud computing and its security offerings related to IoT, cybersecurity and even physical security is a great example. While some of the emerging technologies are adding value, others are revealing a new spectrum of security risks to organizations small or large.

Typically, emerging technologies are first seen on the IT/IS side, such as with technology companies like Microsoft, Google, Cisco, Amazon and others. Forward-thinking physical security manufacturers or physical security technology companies such as Genetec, Feenics, S2 Security, Axis and others are leveraging the maturity of various IT platforms such as cloud delivery for new products and services offerings. This approach not only provides certain benefits to clients such as mitigating some of the risks that come with traditional physical security deployments but can also help with an agile solution to unifying systems, deploying security controls and transitioning to a converged security program.

At Goldmark Security Consulting, we do not follow a one-solution-fits-all approach to specifying equipment for information, cyber- or physical security. On the contrary, we work closely with clients through a strategic business and security risk management approach to the selection, design, specification, deployment and life-cycle management of technologies. Accordingly, we specify the right technology to the right client for the right solution.

What is your view on the industry moving forward?

Over the past few years the security industry has been evolving and shifting from the traditional siloed approach to the converged approach for PS, IT (including IS and cybersecurity), their operations and management. However, this transition has been moving at a slow pace and has not reached an acceptable maturity level for many organizations. With its current pace, it falls behind the advancement of bad actors in the cyber-arena and the advancement of technologies and their new risks.

Senior business leaders and executives are now aware of the significance of cybersecurity’s impact on the business. With that in mind, a holistic risk-based approach to security is going to be the norm for organizations to adopt.

Also, the geopolitical factors and their related risks have impacted security manufacturers, security providers and organizations. Business leaders are re-thinking the traditional buying methods and are taking the supply chain security seriously. While some manufacturers were proactive on this process, others will have to follow suit in the months and years to come. They will also be further pressed to be part of the process by embracing similar security programs as part of the supply chain enforcement process.

Cloud and cognitive technologies are going to continue to add value to security further impacting the traditional approach to physical security. Moreover, with the increased advancement in technologies, the disruption of how businesses operate, and the driving centralization of information and computing assets are going to enhance the shift toward logical security further. I also foresee electronic security devices being limited soon to cognitive edge devices that can learn, understand, and act when blasted with meta-data. Such devices will form part of an overall converged security program driven by organizational security risk.