ISC West session interview: PSLA VP Gary Hoffner
By Ken Showers, Managing Editor
Updated 11:16 PM CDT, Mon March 27, 2023
This week Security Systems News is live at ISC West. In keeping with that theme, the editorial staff has interviewed different key speakers from education sessions at this year's show. Read on to see our interview with Gary Hoffner, vice president of PSLA Security on his presentation for Increasing Cyber Awareness for Security Integrators.
SSN: Could you tell me a little about yourself and PSLA Security Systems Mr. Hoffner?
Hoffner: I started in the security industry in sales at 20 years old in 1980. I have only worked at three companies since. I moved to the C-Suite in 2003, vice president at PSLA since 2013. I served as Chairperson of PSA Cybersecurity Committee 2019-2022, Co-Chairman, Commercial Sector - InfraGard INMA, Electronic Security Industry Cross Sector Council (current). I was schooled at the Phoenix Institute of Technology and most recently Harvard Cybersecurity short course. Passion for cybersecurity and educating others on the threat and protection has me the most energized and enthusiastic than I have been in 30 years. Photo-Scan of Los Angeles, Inc. is a 50-year system integrator, and was one of three founding companies of PSA. It specializes in video, IDS, access control, and software integration. We’re currently rolling out a managed detection and response offering that brings physical and cybersecurity into the SOC for deeper assessment.
SSN: You’re participating in a panel called Increasing Cyber Awareness for Security Integrators, can you give me a little preview about what you’ll be discussing?
Hoffner: Most small/medium size security companies remain very immature in terms of their own cyber hygiene and the systems they install. Integrators often double or triple the cyber threat surface on customer networks with IoT and IP devices without much consideration for providing protection for the expanded surface. Technicians connect to and work in the customer networks for 90% of the contemporary security deployment with little understanding or guidance on hardening their installations and protecting the network from infiltrate on including by way of their own connections into the network for programming and troubleshooting. It’s fair to say that an installation performed by an immature security company on a small company network can exacerbate the threat potential of an already vulnerable environment.
SSN: Can you talk briefly about your work in introducing cybersecurity to a physical security environment?
Hoffner: NIST 800-171 includes physical and cyber controls to protect the environment from bad actors. At PSLA, we have employed the cyber and physical controls in our environment to protect yourself and the data and networks of the customers we serve. It is my passion to implore security organizations of all size to embrace the well-defined protection architecture drafted in NIST and other mandates. As insurance actuaries mount and compliance for cybersecurity becomes more commonplace for our customers there will certainly be greater mandates pushed down to tech companies working on their networks, including physical security apparatus, to protect the network and the customer data. We have been seeing language that we must agree to on how we will protect the customer’s data and what controls will need to be implemented in customer service agreements and purchase orders for some time now. We even see these requirements in NDAs we sign before the customer is just a prospect and prior to having a solid agreement in place with exculpatory language providing some degree of protection.
(Hoffner added in conclusion to the interview):
Security companies will need to up their cybersecurity game to stay in the game. Companies of all sizes have mandates to protect their data and will only be able to work with security companies that prove they have the controls in place to qualify as a provider. While the opportunities are expanding for security companies that embrace cyber, the prospect are evaporating for those that do not.
Increasing Cyber Awareness for Security Integrators will be held on Thursday, March 30 from 10:00 AM - 11:00 AM at the Venetian 202.
Comments