October 23-26, 2021
Hyatt Regency Riverwalk | San Antonio, TX

Approved for 15.75 CPE's

Approved for 6 CEC's

Keynote Session

sponsored by


State of the Cyber Threat Landscape

Regency East Sunday 8:00 – 9:00 AM

Presenter:Shawn Henry, CrowdStrike Services

President of CrowdStrike Services and former FBI executive Shawn Henry will discuss the state of the cyber threat landscape and the importance of viewing cybersecurity as an enterprise business risk. He will address topics including: supply chain threats and ransomware; adversaries and their motivations with focus on nation-state actors; examples of recent high-profile attacks and real-world incidents; getting your leadership on board with understanding their cyber risk; rise in Internet of Things devices and what that means for security; and the convergence of IT and OT, particularly during the global pandemic.

CrowdStrike engages in significant proactive and incident response operations across every major commercial sector and critical infrastructure, protecting organizations' and governments' sensitive data and networks around the world. Hear expert perspectives on the current state of cyber threats to critical and election infrastructure…and what is being done about those.


sponsored by


Security's Impact on Intelligent Buildings

Regency East Monday 8:00 – 9:00 AM

Moderator:Brandon Reich, SecureBI
Panelists:John Deskurakis, Carrier
 Jason Ouellette, Johnson Controls
 David Stolerow, Siemens Smart Infrastructure

Hear from representatives of three of the largest players in Intelligent Buildings discussing current state of implementation and future trends, including:

  • Who owns the building system?
  • What does an intelligent building mean? How do we move from the "Intelligent Buildings" catch phrase to a clearer definition so customers set appropriate expectations?
  • How deeply is security woven into the building control fabric and what are the security and operational vulnerabilities of Intelligent Buildings? What interfaces to other smart building systems exist today versus what is on the roadmap?
  • How do different operating and service departments interact?
  • What is the current state of implementation?
  • What's coming? What are the most promising opportunities, e.g., AI, not currently being explored or utilized?
  • What tools and strategies contribute to success and how is success measured?
  • How are security consultants likely going to be affected?
  • Is there a potential sacrifice regarding "openness" of the technology or does the implementation of an intelligent building lock in the Owner for life?

Emerging Technology Presentations

Regency East Tuesday 8:30 – 9:45 AM

Moderator:Paul Boucherle, Matterhorn Consulting
Panelists:Srinath Kalluri, Oyla (3D Sensor Fusion)
 Sean Kelley, ProveID (Proximity-based Authentication)
 Lance Kelson, Tiger Technologies (Edge to Cloud Information Transfer)
 Mary-Lou Smulders, Dedrone (Airspace Security)

Four exciting next generation technology companies have been selected and invited to provide brief individual presentations. They will review their underlying product technologies, security applications, and success stories. Companies such as these are typically too small to have A&E program budgets and are quite likely off the radar of most security consultants. The objective is to stimulate awareness of technologies that have the potential for significant future impact in the industry.

Projects – From Design through Operation

sponsored by

Salient Systems

Why Integrators May Not Bid Your Project

Pecan Monday 9:15 - 10:30 AM

Moderator:John Nemerofsky, Sage Integration
Panelists:Phil Aronson, ADT
 Mike Thomas, Integrated Security & Communications
 Brad Wilson, RFI

Why do many very qualified security integrators pass on pursuing bid projects. Has the qualification bar been set too low to prohibit unqualified, low-bid contractors? Are the technical requirements too onerous…or too nebulous? Perhaps, it's the need to install and support multiple locations in different locales. Administrative requirements, such as reporting, may be perceived as onerous. Hear the perspectives of several from top systems integrators about what makes a project undesirable from a bidding standpoint.

Scenario Based Testing/System Validation

Pecan Monday 10:45 AM - 12:00 Noon

Moderator:Jim Henry, Independent Consultant
Panelists:Pierre Bourgeix, ESI Convergent
 Jeff Bransfield, RS2 Technologies
 Jerrod Johnson. Ferguson Enterprises
 Joe Lynch, Minuteman Security Technologies

Following a system installation, but prior to acceptance and sign-off, what is the most effective way to reasonably assure that the system works as intended. Is it through a checklist of functional criteria? Through an evaluation of pre-designed scenarios? Should 100% of devices be tested or random sampling be employed based on pre-determined criteria? When is it practical for Client operators to be involved? How might such testing/validation impact completion of the construction project? This session will discuss these issues and the approaches security consultants should take throughout the project to improve the end result and Client satisfaction, whether or not they are involved in the actual system commissioning.

Planning for the Operational Phase of the Life Cycle

Pecan Monday 1:30 - 2:45 PM

Moderator:James Francis, LFJ Consulting Services
Panelists:Todd Davis, Valero Energy Corp.
 James Elder, Secured Design
 Phil Lake, Knight Security

Operational issues associated with achieving the risk reducing goals of the original system procurement may be obscured because the Client is not a security expert. What is the consultant/integrator responsibility to the Client post-commissioning when the contractual agreements have been concluded? Partially driven by the pandemic, remote managed services, including cloud-based video and access control and network monitoring, have become an important component of some systems integrators' offerings, but value-add services, extended warranty, all-inclusive support contracts, and upgrades have often been overlooked or rejected. As "trusted advisors" to the Client, consultants have the opportunity to both shape and meet Client expectations for reliable system operation, particularly in today's post-pandemic environment.

Human Success Factors in Security Design Projects

Pecan Monday 3:00 - 4:15 PM

Moderator:Frank Pisciotta, Business Protection Specialists
Panelists:Lorna Chandler, Security by Design
 Michael Ramstack, Froedtert Hospital
 Brad Wilson, RFI

The integrator/consultant team should work together bring about a successful project outcome – which includes a profit for the integrator, an effective security system for the end-user, and a satisfied reference for the consultant. However, integrators and consultants often find themselves at odds during a project for a variety of reasons. It doesn't have to be this way if everyone stays focused on what is in the best interest of the client. Harmony in security projects between the consultant and the integrator can be achieved with the proper coordination, communication and commitment.

Products and Technology

sponsored by


Is Cloud Video Ready to Specify?

Live Oak Monday 9:15 - 10:30 AM

Moderator:Benjamin Butchko, Butchko, Inc.
Panelists:Tim Coon, Eagle Eye Networks
 Joshua Cummings, VTI Security
 Lance Kelson, Tiger Technology

On the surface, moving a client to cloud-based video surveillance would appear to have many benefits. It eliminates the expense of purchasing and maintaining on-premises hardware; it increases availability by allowing someone else to manage redundant power and fiber connections; and costs are fixed and predictable via a monthly subscription model. At the same time, issues exist which leads to reluctance, or at least hesitancy, to move in this direction. Will available, reliable bandwidth limit the system’s ability to effectively and economically transmit video streams to cloud servers? What about the cost of cloud storage for significant amounts of video data? Will the video be available when the client wants to view it. And what about the security of it all? This panel will discuss these issues, and more, calibrating attendees on the current states of technology and implementation, and provide insight on what is likely to come.

Sensing Beyond the Perimeter with Non-visible Technologies

Live Oak Monday 10:45 AM - 12:00 Noon

Moderator:Charles LeBlanc, IMEG Corp.
Panelists:Kimberli Meyer, Optex
 Aaron Saks, Hanwha Techwin
 Mike Stokes, Observation Without Limits (OWL)

IP video is deployed on most perimeter systems of consequence and is supported by an array of interfaces and analytic tools. However, other technologies can work hand in hand with video to extend surveillance reach out as far as 15 km (10 miles). This session will deal with three important technologies in this regard – thermal cameras, LIDAR, and ground-based radar. Each has their sweet spot in terms of application and coverage area, but, as with any technology, each has its limitations. Questions arise such as what prompts false alarms, the impact of ground clutter and weather, and what might defeat the system or make it less reliable. This session is designed to provide deeper insight into these technologies by offering perspectives from manufacturers with significant experience in their deployment. Better understand what, where and how to deploy products when the requirement is to provide area coverage beyond the perimeter.

AI - Today's Reality in Security

Live Oak Monday 1:30 - 2:45 PM

Moderator:Brian Coulombe, Ross & Baruzzini
Panelists:Srinath Kalluri, Oyla
 Aaron Saks, Hanwha Techwin
 Quang Trinh, Axis Communications

Artificial Intelligence is getting a lot of air time these days. But what is AI, really? How does it differ from machine learning and deep learning, if at all? Where is the data coming from to train AI models? Hear from those who are developing the technology from chip to applications software to understand the ins and outs of this transformative technology and deployment scenarios – edge, VMS server, cloud. What do developers think AI will ultimately be capable of in security and related applications? Further, is today's AI in security a replay of the video analytics experience? For all of the discussion, what true AI applications are being deployed in security? What has been the benefit derived? Have there been deployment issues? Hear from several who claim AI deployments and the benefits derived. Understand what the near future holds in products to be introduced.

Secure Device Management

Live Oak Monday 3:00 - 4:15 PM

Moderator:Rodney Thayer, Smithee Solutions
Panelists:Jim Cooper, Integrated Security & Communications
 Richard Focke, Johnson Controls
 Wayne Smith, Tech Systems

Who takes care of the security equipment and manages device updates? How is this handled at scale? What pre-planning can be accomplished so that end users really do not need to suffer through a truck roll for equipment firmware updates not designed to be addressed remotely or automatically? Does the end user pay for the manual update or is included in the maintenance package? This panel is intended to explore these topics and discuss what changes should be advocated and specified going forward.

Cyber Security

sponsored by

Milestone Systems

Pen Testing – Tales from the Trenches

Blanco/Llano Monday 9:15 - 10:30 AM

Presenter:Michael Glasser, Glasser Security Consulting

Physical security is an important element of cyber security, and physical security penetration testing (red team) work is often misunderstood. This presentation will provide real-life stories of past pen test engagements as well as insight into the techniques used, challenges faces, skills required and all that goes into a proper physical pen test. Note: This session is all about locks, doors and physical issues – not software or social engineering.

Introducing the Security Industry Cyber Certification (SICC)

Blanco/Llano Monday 10:45 AM - 12:00 Noon

Moderator:Ray Coulombe, SecuritySpecifiers
Panelists:Michael Bendis, Syska Hennessy
 Chris Peckham, Ollivier Corporation
 Elli Voorhees, Security Industry Association

Most project specifications incorporating cyber security elements put the onus for implementing a cyber secure system on the integrator. But what is reasonable to require of an integrator and how can integrators be evaluated on their ability to perform what is expected of them? For example, how many people within a designer or an integrator's organization should aspire to get this certification? How can people obtain the knowledge to pass? This is the premise behind SIA's new Security Industry Cyber Certification for integrator technicians. This session will embody a discussion of tasks and areas of competence which should underlie both this certification and specifications incorporating cybersecurity. Learn more about this certification, timeline, requirements, process, and relevance to security consultants.

CMMC - An Integrator Qualification with Teeth

Blanco/Llano Monday 1:30 - 2:45 PM

Presenter:Andrew Lanning, Integrated Security Technologies

The Department of Defense ("DoD") recently announced the development of the "Cybersecurity Maturity Model Certification" ("CMMC"), a framework aimed at assessing and enhancing the cybersecurity posture of the Defense Industrial Base ("DIB"), particularly as it relates to controlled unclassified information ("CUI") within the supply chain. The CMMC is expected to designate maturity levels ranging from "Basic Cybersecurity Hygiene" to "Advanced." For a given CMMC level, the associated controls and processes, when implemented, are intended to reduce risk against a specific set of cyber threats. While initially targeted at DOD, this will expand to the entire Federal Government and into critical infrastructure. Learn the importance and details of this program as it applies to integrator/contractor qualifications and ability to work on specific types of projects.

Evaluating Cyber Preparedness for Integrated Systems

Blanco/Llano Monday 3:00 - 4:15 PM

Moderator:Min Kyriannis, EMD | JMK
Panelists:Bryan Arce, Valero Energy Corp.,
 John Deskurakis, Carrier
 Antoinette King, Credo Cyber Consulting

With cybersecurity becoming an increasingly critical component of enterprise networks, an effective means to evaluate integrated systems and devices for cyber safety is essential. Often these products are not vetted, resulting in many questions and concerns about their cybersecurity posture and how they integrate holistically into the network ecosystem. A group of manufacturers, consultants, integrators, and end-users have formed the Global Cyber Consortium (GCC) to collaborate on a methodology which will offer a streamlined and simplified method of validating products and services, thus establishing uniformity to the cyber common criteria. The GCC is initially focusing on the commercial real estate vertical market to establish a baseline, with plans to expand to a number of other key vertical markets. [Note that this session is intended as a follow-on to the General Session "Security's Impact on Intelligent Buildings", with specific focus on cyber-related issues.]

Special Topics

sponsored by


Tools for Protecting our Schools

Nueces/Frio Monday 9:15 - 10:30 AM

Presenters:Chuck Wilson, Partner Alliance for Safer Schools (PASS)
 Mike Garcia, Partner Alliance for Safer Schools (PASS)

FEMA, in December 2003, published FEMA 428, a Primer to Design Safe School Projects in Case of Terrorist Attacks, addressing a variety of terrorist threats to our schools. We now regard Active Shooter as by far the top security threat to our students. First established in 2014, PASS brings together expertise from the education, public safety and industry communities to develop and support a coordinated approach to making effective use of proven security practices specific to K-12 environments, and informed decisions on security investments. Its mission is to provide information, tools and insight needed to implement a tiered approach to securing and enhancing the safety of school environments based on their individual needs, nationwide best practices, and making the most effective use of resources available. Learn about PASS Guidelines and Resources, tools for objective analysis by school officials, community stakeholders, and solutions providers for assessing and prioritizing of school safety and security needs. Hear about how these principles may be leveraged and applied to the broader security environment.

Towards a More Secure Identity

Nueces/Frio Monday 10:45 AM - 12:00 Noon

Presenters:Ed Chandler, Security By Design
 Jason Ouellette, Johnson Controls

This session will discuss asymmetric FIPS (Federal Information Processing Standard) PIV (Personal Identity Verification) and CIV (Commercial Identity Verification), the FIDO ("Fast Identity Online") structure, and the very exciting, emerging PKOC (said like the bird peacock) (Public Key Open Credential) that the PSIA (Physical Security Interoperability Alliance) is supporting. A short historical perspective for symmetric card technologies will be included. The security of access control keys is often regarded as only marginally important, but key cloning is often just a store kiosk away. We all know that most access control systems today suffer from two basic vulnerabilities: Wiegand communication and older technology symmetric key cards. OSDP Secure Channel is gaining traction over Wiegand designs, leaving card technology as the big remaining security challenge.

The Impact of Privacy Laws on Access Control

Nueces/Frio Monday 1:30 - 2:45 PM

Moderator:Forrest Gist, Jacobs
Panelists:Kathleen Carroll, Seven Seas Strategic Communications
 Sal D'Agostino, IDmachines
 Robert Prostko, Allegion

Protection of cardholders' personal data, photo, DOB, license number, work and vacation schedule, etc, contained in access control systems is often overlooked – and can easily be violated. Those with appropriate privilege levels may theoretically abuse their privileges and view the access control transactions and personal information of cardholders for non-security-related purposes. Further, how is cardholder data entered, managed, stored, and secured? Video also plays a role in access control by providing verification and, in some cases, recognition. How is cardholder consent to the use of their data being obtained? Can privacy laws work to diminish security? With the prevalence of GDPR, CPPA, NY-Shield Act, and many others coming forward in the future, how would these privacy laws impact access control? Requirements are broad and wide and many fail to understand that these privacy laws also include any digital signature in these systems. How do you fuzz, encrypt and otherwise protect this data so it still falls under these requirements, yet maintain security?

Verifying Network Readiness

Nueces/Frio Monday 3:00 - 4:15 PM

Moderator:Phil Aronson, ADT
Panelists:Josh Cummings, VTI Security
 Steven DeArruda, Business Protection Specialists
 Darren Giacomini, BCD International

Clients networks are, more often than not, owned by IT for whom security may be an internal client. As new equipment is connected to a network, new or existing, how does one know if the network (a) has adequate performance to support the security requirement; (b) is secure prior to the security connection; (c) may be compromised by the addition of the security equipment; (d) has appropriate power back-up to support the security requirement? Who should be tasked with the responsibility to answer these concerns? What are some appropriate questions to ask in advance? How can you judge or confirm the capabilities of the integrator to comply with these requirements in advance? Simply placing that on the integrator's shoulders may be inadequate. These questions, and more, should be in the head of the security consultant from the outset.

Questions or comments? Contact us at info@AttendConsult.com.

About Us

CONSULT is a security industry event sponsored by SecuritySpecifiers. SecuritySpecifiers is an online community and network of security professionals established to address the need for the physical security industry to more effectively engage with designers and consultants.

Contacts Details