October 25-28, 2024
Hyatt Regency Tamaya | Santa Ana Pueblo, NM

Approved for 13.25 CPE's



Approved for 6 CEC's

Keynote Session

sponsored by


The Chinese Government Threat

Regency Ballroom Saturday, October 14, 8:00 - 9:00 AM

Presenter:William R. Evanina

As former, Director of the National Counterintelligence and Security Center (NCSC), William Evanina lived with the myriad dimensions of the threat posed by the Chinese government and its surrogates on a daily basis. From the theft of government, corporate and private information to ultra-sophisticated hacks to electronic components and equipment that is installed throughout our country and its products, Mr. Evanina is one of the few people who truly understands the magnitude and scope of the peril. In his address, he will illuminate this threat with his knowledge and experiences. Further, he will offer guidance specific to our audience on measures we should all be taking to reduce the impact of the Chinese mal intent. Finally, he will share some optimistic notes that the United States is not powerless in this situation.


sponsored by

Barrier 1

Developing Your Next Gen Security Consultant

Regency Ballroom Saturday, October 14, 1:15 - 2:15 PM

Moderator:Chrissy McCutcheon, Security by Design
Panelists:Adam Parlane, SaferCities
 Breanna Sieferman, TEECOM
 Sean Stratford, Paladin Technologies
 Joey Thode, Business Protection Specialists

Most seasoned security consultants arrived in the profession from different vectors. Some came from a technical path, some from law enforcement, some from system integration, operations, and corporate security roles. Along those paths, many lessons were learned - lots of wisdom, lessons from the school of hard knocks, methods for solving security issues and probably a few biases picked up along the way. Often, it is challenging to transfer thinking and skills to our next generation of consultants.
The next generation of security consultants did not have the same set of life experiences. They grew up with thinking differently, approaching problem solving in new ways, not locked into traditional approaches, have easy familiarity with evolving technology tools, they learn faster and do not have a problem finding their voice. So how do we best motivate and develop the next generation to embrace security consulting as a profession and find their own “sweet spot” in terms of present and future role in their organization.
Hear from three younger security consultants and a young integrator who will share their thoughts on the opportunities that motivate them, aspirations for career progression, and advice for those who manage them.


sponsored by



Regency Ballroom Sunday, October 15, 8:00 - 9:00 AM

Moderator:Maria Gonzalez, TEECOM
Panelists:Lisa Corte, HID
 John Harvey, Legic
 Mike Zercher, Secure Element Solutions

NFC (near-field communication) is a technology that allows devices like phones and smartwatches to exchange small bits of data with other devices and read NFC-equipped cards over relatively short distances. BLE (Bluetooth Low Energy) is a wireless, low-power personal area network that operates in the 2.4 GHz ISM band. Its goal is to connect devices over a relatively short range. BLE was created with IoT applications in mind. UWB (Ultra-wideband) is a short-range wireless communication protocol. It uses radio waves to enable devices to talk to each other. UWB uses very low power, and the high bandwidth (500MHz) is ideal for delivering a great deal of data from a transmitter to other devices. These technologies differ in security, distance, power, and RF implementation. Attendees of this session will better appreciate the relative advantages and disadvantages of these and gain a greater appreciation of best application areas. Determine if one of these will likely be the dominant short range communications technology in security.

Specifications & Projects

sponsored by

Lenel S2

Specifying in Division 25

Gulfstream-Hialeah Sunday, October 15, 9:15 - 10:30 AM

Moderator:Drew Deatherage, Crux Solutions
Panelists:Charles Buscarino, The Clarient Group
 James Cooper, Integrated Security & Communications
 Tom Shepherd, Honeywell BSI

As buildings become more intelligent Division 25 (Integrated Automation) is emerging as a key specification area that security systems designers should be familiar with. Specifically, CSI MasterFormat specifically includes security under the following numbers:
- 25 38 00: Integrated Automation Instrumentation and Terminal Devices for Electronic Safety and Security Systems
- 25 58 00: Integrated Automation Control of Electronic Safety and Security Systems
- 25 98 00: Integrated Automation Control Sequences for Electronic Safety and Security Systems
This lack of familiarity can lead to confusion in the areas of design and installation responsibility, coordination, and effective integration and supervision of disparate systems. Also, Division 25 is an appropriate place to outline expectations for service as part of a “day 2” strategy in these smart building projects. The moderator of this panel works for a company heavily involved in Division 25 projects and will lead a discussion among experts from different stakeholder areas to bring added clarity, awareness of issues, and recommendations for working within Division 25.

Perspectives on Managed Security Services – Client, Consultant and Integrator

Gulfstream-Hialeah Sunday, October 15, 10:45 AM - 12:00 PM

Moderator:Dan O'Neill, ADRM
Panelists:Matt Isgur, ADRM
 Jim Muncey, Pavion
 John W. O’Connor, Harvard Business School

If your firm is providing, or considering providing managed security services, then you SHOULD attend this session. If your firm is NOT considering managed services, then you MUST attend this session. Hear perspectives on managed services from John O’Connor at Harvard Business School, Dan O’Neill and Matt Isgur from ADRM and Jim Muncey from Pavion. Learn how designs are impacted, how services are offered and delivered, the value of building a cohesive team and the benefits to customers of the systems. ADRM was the recipient of the 2022 Elliot A. Boxerbaum Design Award. Elliot helped Dan O’Neill grow his business and he is “paying it forward” and wants to share Managed Services lessons learned that will help you grow and sustain your consulting practice.

Bid vs. RFP – Impact on System Design

Gulfstream-Hialeah Sunday, October 15, 1:15 - 2:30 PM

Moderator:Jim Krile, Heapy
Panelists:Phil Aronson, Independent Consultant
 Brian Coulombe, Amazon
 Forrest Gist, Jacobs

Many projects, including the majority of Government contracts, are based on a sealed bid. While appearing to provide the lowest price, experience shows that the Bid process can lead to sub-standard workmanship, incomplete work, rampant change orders, schedule delays, and aggravated clients. Further, qualified integrators may be disinclined to bid or maintain a policy of not participating in bid work. The Request for Proposal (RFP) is a mechanism for qualified respondents to propose design alternatives and product options which may represent better solutions. These projects often require a high degree of technical expertise. As a result, experience and approach are considered in addition to the price. Evaluation may be based on overall responsiveness to proposal and criteria provided in RFP for evaluation. Each method has its strengths and weaknesses. The ease of evaluating bids on price alone needs to be balanced against the risk that price alone may not be all that distinguishes one product or service from another. Hear from a panel whose industry experiences cover both types of procurement over a wide range of projects.


sponsored by


Identity in the Mobile Wallet

Keeneland Sunday, October 15, 9:15 - 10:30 AM

Moderator:Josh Cummings, Paladin Technologies
Panelists:Brandon Arcement, SwiftConnect
 Stephen Cornett, University of Kentucky

A mobile wallet stores credit card or debit card information on a mobile device like your phone, a tablet, or smartwatch. The smart phone works with an encrypted connection to communicate via Near Field Communications (NFC) with a terminal to provide credentials and, in payment situations, credit card information. The wallet may contain other documents, such as tickets, driver’s license or vaccination card. The support of the smartphone manufacturers and the broad array of potential applications has led to rapidly increasing adoption in the user population. Will this mirror past experiences of consumer technology driving security technology (think HDTV) and become the dominant form of identity verification? Hear why smartphone manufacturers and others in the security industry think that this will be the case and where the most popular early applications are happening.

Will PKOC Disrupt Identity?

Keeneland Sunday, October 15, 10:45 AM - 12:00 PM

Moderator:Jason Ouellette, JCI
Panelists:Ed Chandler, Security by Design
 Mike Zercher, Secure Element Solutions

PKOC (Public Key Open Credential) is a standards-based mobile credential that is essentially free, vendor-agnostic, and interoperable across multiple devices and systems. It is a highly secure access credential that can live on a mobile phone, in a plastic access card, or in any device capable of generating a public-private key pair. PKOC employs the well-established PKI (public key infrastructure), a two-key asymmetrical system used to ensure confidentiality and encryption, used in protocols such as HTTPS for secure transactions over the web. PKOC can be used with smart cards as well as with smartphones. While it now primarily employs BLE (Bluetooth Low Energy), it can be employed with multiple communications protocols, including NFC and UWB. It does not involve a transactional cost as do wallet-based technologies. This session is designed to offer a balanced perspective on the approaches to identity credentials moving into the future, leading to a frank discussion of the choices facing the security designer.

The Rise of the New Stakeholder: The End User

Keeneland Sunday, October 15, 1:15 - 2:30 PM

Moderator:Lee Odess, Access Control Executive Brief
Panelists:Sanjit Bardhan, HID
 Rob Lydic, Wavelynx Technologies
 Michael Wong, Genea

Is access control moving from cottage to mainstream industry? Assuming the answer is “yes”, the companies who are most successful will pay particular attention to the “experience” and satisfaction of the credential holder. Likely, credential verification will become more seamless, more secure, and multi-functional. Will the access control manufacturers march in lockstep to offer end users a consistent set of choices, or will disparate visions result in widely varying solutions? Will the consumer market dictate the eventual most likely scenario?
Join us as industry experts present and discuss what got us to this point, the short term and long-term impacts, how this will drive new specifications, and what to design going forward.

Cyber Security

sponsored by

Life Safety Power

Emerging Issues in Port Security

Kentucky Suite Sunday, October 15, 9:15 - 10:30 AM

Moderator:William Evanina, The Evanina Group
Panelists:Jeff Brown, Live Oak Consultants
 Pam Everitt, Soteria LLC

Ports and port equipment have become more reliant upon network technology and foreign suppliers to maintain their efficient operations. Worldwide shipping and the processing of seaborne cargo represents a major vulnerability to supply chain and the free flow of goods and material. In 2017, one of the most widespread and devastating cyberattacks was perpetrated against worldwide shipping giant Maersk. a global shipping titan, responsible for 76 ports around the globe, more than 800 vessels carrying all manner of goods and about one-fifth of global trade. This entire enterprise was brought to its knees by a mystery malware that had spread to every Maersk location across the globe. More recently, it has come to light that the Pentagon sees giant cargo cranes as possible Chinese spying tools. The cranes in question are made by Shanghai Zhenhua Heavy Industries (ZPMC), which became a major player in the US market by offering high-quality cranes at cheaper prices than Western suppliers. ZPMC has worked with Microsoft and other companies to offer automated systems that can analyze data in real time. However, the US Defense Intelligence Agency has reportedly said that China could potentially disrupt port traffic or gather data on military equipment being shipped.
Moderated by our Keynote speaker, William Evanina, this panel of port security experts will discuss threats, vulnerabilities, and potential countermeasures to address this critical part of our infrastructure.

Supply Chain Vulnerability

Kentucky Suite Sunday, October 15, 10:45 AM - 12:00 PM

Moderator:Jerrod Johnson, Ferguson Enterprises
Panelists:Paul Ihme, Soteria LLC
 Clayton MacCrindle, Allegion
 Ewa Pigna, LenelS2
 J. Kelly Stewart, Newcastle Consulting, LLC

Threats to the “supply chain” come from several vectors. The infamous Target hack was the result of cyber loopholes traced back to an HVAC supplier. Suppliers of various types, knowingly or unwittingly, pose an ongoing threat to any operation. A critical vector is that of physical components and sub-systems employed in the manufacture of a product. This concern can be extended to embedded or system software. A special concern arises out of acquired companies as the acquiring company is assuming added vulnerabilities, known and unknown. Hear from a moderator and several speakers who are intimately familiar with these threat sources and past and ongoing exploit attempts. They will illuminate the threat and what their companies are doing to mitigate them and to keep their products and operations secure.

The Insider Threat

Kentucky Suite Sunday, October 15, 1:15 - 2:30 PM

Presenters:Andrew Lanning, Integrated Security Technologies
 Shaun Moye, Targeted Solutions

There is perhaps no more dangerous cyber vulnerability than the insider threat. Motivations and reasons can be various – including disgruntlement, revenge, money, alternative loyalties, and psychiatric. Standard vulnerability assessment tools are not equipped to identify malicious insiders. Efforts to mitigate the insider risk include data and traffic monitoring, access control exception monitoring, partitioning responsibilities, maintaining robust least privilege policies, training, and regular employee communication. The presenters in this session have extensive experience in both the commercial and government environments and will provide valuable insight into this silent threat.

Special Topics

sponsored by

Milestone Systems

Designing for Networked Door Locks

Park Suite Sunday, October 15, 9:15 - 10:30 AM

Moderator:Bret Emerson, CommTech Design
Panelists:Justin McKee, Allegion
 Derek Ommert, Assa Abloy
 Ronnie Pennington, Altronix

Clients want to secure more of their doors electronically while working within a budget. In the Physical Access Control System (PACS) world, much of that decision making involves electronic door hardware and its connectivity. Where a separate card reader and door locking hardware has been the standard in our industry, recent years have seen the addition of wirelessly attached, battery operated door hardware. Some manufacturers are offering direct network attached electronic hardware that is powered from an Ethernet Network switch with Power over Ethernet (PoE).
Join this discussion for a status of the options and discussion with industry leaders on the path forward on such questions as:
• Are card readers and centralized panels the most secure and manageable solution today and tomorrow?
• Where does wireless/battery operated door locking hardware belong in your buildings?
• Will door hardware and card readers move to direct Ethernet network attachment?
• If door hardware is attached to the network directly what does that cable look like as it transitions to the door and lock. What other network and cabling standards will need to be factored into Ethernet Locks.
Bring your thoughts and experience to this dynamic discussion!

CPTED - Think Outside the Box

Park Suite Sunday, October 15, 10:45 AM - 12:00 PM

Moderator:Mark Schreiber, Safeguards Consulting
Panelists:Dan Keller, American Crime Prevention Institute
 Phil Santore, Introba
 Robert Summers, Summers Associates

Beyond the traditional physical security technology designs and common facility hardening measures, experienced consultants seek to provide greater value to their clients with additional services. But how can consultants think outside of the ‘Box’ of traditional design? One successful methodology employed by experienced consultants is the application of Crime Prevention Through Environmental Design (CPTED). We have assembled a panel of highly experienced consultants and educators who have applied and taught the concepts of CPTED with great success and are willing to share how that success has helped their clients and organizations.
Drawing heavily on behavioral science rather than target-hardening strategies, CPTED uses environmental design concepts to dissuade criminal conduct and support legitimate use by utilizing resources such as architecture, engineering, landscaping, facility operations, signage, and lighting to reduce the necessity of traditional technical and operational security elements. The goal of CPTED is the creation of an environment in which legitimate users feel safe and secure, while the criminal element feels exposed and vulnerable. This condition is achieved primarily by manipulating the following four key areas of the natural and manmade environment: Natural Surveillance: Natural Access Control; Territorial Reinforcement; and Maintenance / Management.

AI – Understanding, Applications & Design

Park Suite Sunday, October 15, 1:15 - 2:30 PM

Presenter:Nick Heitzman, Allegion

Artificial Intelligence (AI) technology is coming on fast. However, it’s often difficult to separate fact from fiction and dreams from reality. This session is being offered to enlighten and to provoke critical thinking around this transformative technology. Starting with offering a basic explanation of what’s behind AI and how “intelligence” is developed, basic terms such as machine learning, deep learning, and neural networks will be reviewed. Understand how learning models and data sets can distinguish between truly usable AI and likely inferior offerings. Beyond the obvious area of video analysis, you’ll be challenged to think about other areas of security that might be likely candidates for improvement via AI. Finally, the session will deal with the question of how AI can be planned for and incorporated into design.

Hands on Technology

sponsored by


Discovering Device Cyber Characteristics and Weaknesses

Gulfstream-Hialeah Sunday, October 15, 2:45 - 4:15 PM

Presenters:Rodney Thayer, Smithee Solutions

In this session, participants will work through a specific set of exercises to show device weaknesses and actions to secure a network, given some criteria that should be in a Division 28 specification.
The goals of this session are:
• Relate recommended network policy to specified actions
• Observe cyber-sourced event telemetry
• Relate the observed telemetry configuration to system behavior
• “Stress test” an IIOT target device
• Put all these into context of a specification
Work through these exercises with Rodney to get a first-hand feeling for what is involved in discovery the weakness of a device and its configuration.

Bluebeam Studio Sessions for Collaboration

Keeneland Sunday, October 15, 2:45 - 4:15 PM

Presenter:Dan Coppinger, ZenTek Consultants

Collaboration is the key to success in the construction industry, but it can be difficult to manage when working with complex documents like PDFs. Bluebeam Studio Sessions allow multiple users to collaborate on a single PDF document in real-time. Think of it as a virtual meeting room, where users can join a session to discuss a particular document or topic. All users have access to the same document simultaneously and can make edits, annotations, or comments all at the same time, from anywhere in the world, 24/7/365. Users can save their changes, export the document to their local device, and keep track of when, where, why, how each person made a change or comment on the construction documents.

Streamlining Quantity Take-Offs (QTO) with Bluebeam Revu

Kentucky Suite Sunday, October 15, 2:45 - 4:15 PM

Presenter:Dave Mills, ZenTek Consultants

Bluebeam Revu offers a suite of powerful, highly customizable document management, markup and automation tools. For example, it has a powerful array of tools to help designers handle QTO/Estimating that many probably unaware of. In this 90 min. class, ZenTek Consultants, will let attendees follow along with a live instructor, using common demo PDFs to gain a fuller understanding of how to:
• Scale and Calibrate PDFs
• Use Linear Measurement Tools
• Use Area and Volume Tools
• Use Item Counts and Search Tools
• Create Re-Usable QTO Tools

ChatGPT and Similar Tools to Know .. Tools to Use?

Park Suite Sunday, October 15, 2:45 - 4:15 PM

Moderator:Nick Heitzman, Allegion
Presenters:Jim Elder, Secured Design
 Mark Schreiber, Safeguards Security Consulting

Artificial Intelligence (AI) has barreled its way from a nifty acronym into the world of research, document creation, audio, and video in ways that both astound and frighten. On the positive side, tools like ChatGPT can jumpstart brainstorming, get a head start on a written piece, and provide research on sources of information. Conversely, over-reliance on these tools can lead down false paths and arrival at false conclusions. Maliciously, they can be used to fake identity, create spear phishing attacks, and spoof audio and video content. Participants in this lab will gain first-hand experience with ChatGPT in a series of instructor-led exercise. See how other consultants have used it in their own work. Discuss some of the implications for security and security consulting.

Questions or comments? Contact us at admin@securityspecifiers.com.

About Us

CONSULT is a security industry event sponsored by SecuritySpecifiers. SecuritySpecifiers is an online community and network of security professionals established to address the need for the physical security industry to more effectively engage with designers and consultants.

Contacts Details


SecuritySpecifiers, CONSULT, and CONSULT Technical Security Symposium are registered trademark of Gilwell Technology Services, LLC.