People and plans: training's role in homeland and workplace security: is your business secure? Here's how some organizations and training functions are preparing for the unexpected

T+D, Sept, 2003 by Eva Kaplan-Leiserson

Joseph Kinney, security consultant and a former Marine who developed a Website of security resources * www. safespaces.com, says that training goals should be different depending on a worker's level. Training for lower-level employees, he says, should be clear and simple and reinforced in manuals, Websites, and employee communications. Training for front-line managers and supervisors should include how to respond to employee needs in an emergency. Senior managers should have guidance in "developing the skills and resources to help the company deal cohesively with security issues."

Kinney emphasizes the importance of common sense and intuition, calling them crucial skills in survival situations, especially those involving the threat of violence. Many security professionals, he says, denigrate those qualities, but he has seen many situations in which they were ignored and people were hurt because of it. Kinney's advice on trusting intuition saved the life of his nephew, who worked in the second tower of the World Trade Center. When emergency personnel told people it was safe to stay in the building, the nephew got out. He followed his gut, and the advice of his uncle to always do so, and is alive as a result.

Get buy-in, and change the culture gradually. Implementing new security policies and procedures can be a change management issue, so it's important to make sure workers are on board. CEI recommends not bombarding people with tons of information at once. Effective awareness programs are gradual and long-term, Bianchi says. Taking six to 24 months to work through changing the culture will be more effective than giving people a checklist of 25 things that must be done next week. Bianchi suggests integrating security into corporate, department, and team goals. Some managers have security goals included in their performance evaluations, he says. Their pay is tied partially to whether their staff is following security protocols.

What you're hoping for, Bianchi says, is an aha! moment when people say, "I understand why this is important." That happens by training managers to explain to their staff the security vision, the company's security goals, and the reasons behind them. Set milestones, CEI suggests, so people can measure their progress and celebrate when they achieve various targets.

Consider enlisting experts. Many companies bring in outside security consultants to contribute best practices and shorten the learning curve. Even large companies with CSOs, Hershman says, often bring in consultants to help them with the many demands on the security function. A consultant can also be someone with a big-picture view that CSOs or security managers can bounce ideas off of. However, an outside supplier may not be as quick to understand industry-specific concerns.

Kinney says simple is best, so if a consultant draws up a complex plan, it may be hard to implement. He also suggests caution. Experts are cropping up all over the place, looking at homeland security as a cash cow. Look for more than a slick sales pitch, Kinney advises. A good consultant should be able to change the values of the organization and the way it functions overall. That's challenging, he says, but necessary. Also make sure that the expert is a member of a recognized organization such as the International Association of Professional Security Consultants * www.iapsc.org