End users’ expectations of the security integrator are changing dramatically, from the services integrators offer to how they offer them and how they are priced. Integrators discussed this trend, including topics such as the greatest changes affecting their businesses, how they continue to differentiate themselves, and how they envision the integrator of tomorrow — when they came together as part of a panel discussion at the Security Industry Association’s recent Securing New Ground conference, held in October 2014 in New York.
Panelists at this special session titled, “Redefining Systems Integration: From System Integrator to Solution Innovator,” included:
Carey Boethel, president and CEO, Securadyne Systems LLC.
Paul Thomas, president and COO, Northland Control Systems Inc.
Eric Yunag, president and CEO, Dakota Security Systems Inc.
The panel was moderated by Ray Dean, president, Security Oversight Group LLC.
The following article includes lengthy excerpts from the panel session.
Ray Dean: Can you give us a little detail on how you go to market?
Carey Boethel: We tend to focus on facets of industry that view security as mission-critical, specifically those that face regulatory requirements and dynamic risk environments. We take the solution all the way from conception, early needs analysis, threat vulnerability assessment, and master planning; through installation, service and maintenance after the sale, and also record our strategy as hosted/managed services. If we do it right, we’re there for many years with the customer, helping them manage, administer, and then optimize that system over time.
Paul Thomas: We’ve been around about 30 years. Seven or eight years ago, we went through a reinvention process and totally reinvented our strategy. We actually refer to our firm as a program management engineering firm versus a security integrator. Although we do the traditional security integrator functions, it’s not really a key component of our growth strategy.
We also changed our strategy on our customer base and became very, very narrow. We focused on just high-tech enterprise companies that are global. We are a global company. We have offices in Shanghai, Singapore, London; we’re opening one right now in India. We have another one in D.C. and one in California. We were in 60 countries last year with our customers. Working with these high-tech companies, it’s very difficult to integrate yourself into them quickly. We really only bring on one to two customers a year. We also have embedded staff at those customers. We have anywhere from two to six people that are on board, integrated in the security departments of our customers.
Our main customers are companies like Apple, Facebook, Google. We realized there was another group of customers like Twitter, Uber — that type of customer — that just doesn’t have the security staff on board yet, because they’re $1 billion, $2 billion, over 1,000 employees, but yet they need everything that we offer to our big customers. So we recently opened up an operations center at our own facility, 24/7, and started a managed service division. We’re trying to change that model and say we’re a virtual operations center versus just a managed service center.
n Eric Yunag: We host security systems as a traditional systems integrator. Our company is 35 years old. We focus heavily on what we refer to as economically insensitive verticals with unique security challenges. We’re looking to find relationships with clients that have very unique problems to solve and business issues that they’d like us to deal with. For us that manifested itself primarily in financial, industrial, healthcare and education. Inside of those verticals, the strategy is if we can’t find one of three Rs to address — in terms of risk, regulation, or producing return — we really don’t have any business being there.
Our geography is not global; we’re predominantly in what we refer to as “the fly-over states” of the upper Midwest — from Montana east to Chicago and from the Canadian border, south through Kansas.
GREATEST CHANGES IN THE INDUSTRY
Ray Dean: What are you seeing that’s changing our industry?
Paul Thomas: We deal with high-tech customers that are in the social media space, and they’re growing faster than I’ve ever seen companies grow in my life. So these customers want change, drive change, need change. They’re almost always trying to evolve.
Our customers are coming to us now, because they don’t know where else to go, asking us about big data, about data correlation, about software as a service, about much more wireless than we see today. How do we do much bigger mesh networks? How do we get rid of cable? How do we get rid of panels? They see it as an unnecessary evil in the middle of this solution to have access at a door, but yet at a panel having to make some of those decisions. They talk about the Internet of Things. Why isn’t the door part of the Internet of Things? Why isn’t the camera part of the Internet of Things? Do we need all of that other stuff?
I think we’re going to see other people enter this space very, very quickly because other industries are going to drive this change.
Cyber security is another great thing that’s popping up right now. We’re getting asked tons of questions about cyber security, which we know very little about. I refer to our learning curve right now as just-in-time learning. We get a question today and we’re supposed to be experts tomorrow. We’re spending a lot of time just learning about all this stuff.
We have customers that are monitoring social media around virtual spaces around their corporate campuses, and they’re asking us for that solution. They want to know all the social media that’s happening within one mile of their campus: Who’s sending videos from their phone? Who’s sending pictures from their phone? Yes, there are people that deliver those solutions. We have found we can do it, but that’s not our core business. We do readers, cameras — now we find ourselves in this other space.
Eric Yunag: Paul has a different view of it, of course, with the type of clients he deals with. I think that manifests itself for all of us in a sense that what our customers perceive as value and what is valuable is really changing under our feet right now. The ability to procure a product and install a set of products is just not perceived as valuable anymore and increasingly less so.
What our clients are really looking for is the ability to address risk overall. The problem is, how do we address risk? Risk takes different shapes in different industries with different types of clients. The onus is on us to be able to adapt to that and to be able to bring the solutions that comprehensively start to deal with risk overall.
For us, as security practitioners, to be dogmatic about it and say, “Here’s what we’re going to do relative to the risk that you have,” I don’t think is going to cut it in the future. I think a lot of people, manufacturers in particular, are starting to think about that a little bit differently.
The Internet of Things introduces potentially more risk into situations — not less. What is it that brings business value to our clients? And how do we help mitigate risk across a broad spectrum, and not just look at it in a traditional vein of the products that we sell?
Carey Boethel: You have this interesting dichotomy that is occurring. On the supply side, there is commoditization. IP cameras are for sale on the Internet with full price transparency and, essentially, unrestricted access to the product. On the other side, you’ve got an increasingly difficult risk environment to deal with. End users look to a variety of different players in the supply chain, including the systems integrator that helps them solve those problems. It’s not done anymore with product or the installation of product. We have to find new ways to create value.
We’re focusing at Securadyne on doing that on the very front end of the customer relationship and on the back end of the relationship. What that means is being much more consultative in our dealings with customers early in the sales cycle; looking to solve real problems, enterprise risk problems.
Then at the back end of the life cycle, improving the value proposition beyond just service and maintenance and getting into a more intimate relationship with the customer, where we’re hosting and managing systems, where we’re administering the systems and functioning essentially as an outsource component of that end user’s corporate security and public safety function.
In the middle part of that life cycle, there is the consulting and design, the deployment of technology, and the use and optimization of it. The middle part of that equation is seeing margin pressure, and the commoditization of sensors is driving that margin pressure. It’s forcing us to get out of what, historically, has been our comfort zone and get more serious about the front end of the relationship and the back end of the relationship.
Professional services and consulting services embedded deeper within the customer’s organization will drive more value that really transcends the product. I think that’s the future for integrators.
WHAT DIFFERENTIATES YOU FROMOTHER INTEGRATORS?
Ray Dean:?In the marketplace, potential clients will frequently seek information amongst their peers during the system integrator selection process. They check references. They dig deeply into some completed projects that you have. What they learn usually weighs very heavily, in terms of how they make that selection. What would your clients say differentiates you from your competitors?
Eric Yunag: When we dig deep into that, the thing that comes out most often is the concept of partnership. When you ask our best clients how we engage with them, it really is a business partnership in the sense that we operate at a business level with stakeholders all across an organization. In our best relationships, we find ways to help bring business value beyond just the core security functions of our clients’ organizations.
As an example, we have a manufacturing client who we work with. The initial entry to the client, of course, there was a lot of interaction with facilities and security and the CSO type people within the organization. But as the relationship developed and we found more opportunities to speak with people inside the organization in operations and safety and that kind of thing, we started to leverage systems for quality assurance with products, being able to extend the manufacturing process, demonstrations and safety things. And we just found different ways all throughout the organization to bring business value to the investment they were making in systems.
Carey Boethel: The thing we hear more than anything else is our domain knowledge — our knowledge of our customers’ business environment and operating environment. We don’t try to be all things to all people. We tend to invest pretty heavily in understanding and penetrating markets where we can become a subject matter expert. As we do that, as we learn about our customer and our customer’s customer, we’re able to have a different level of dialogue, and the solution tends to take a different form. It’s more business-oriented and ROI-based than it is subjective and loss-prevention based.
Paul Thomas: For us it’s a couple things. One is customer service. I know that sounds pretty old-fashioned, but we preach customer service through every touch for the customer. We are always letting our employees know how we’re touching them, because it’s not just the customer-facing people. It’s everything from the quality of our invoicing, through our collections, through our purchasing department, through our shipping and receiving, to the driver that’s just delivering material to the customer.
I think they would talk a lot about our ability of being transparent with them. A customer wants to know anything about us, anything about our pricing — we’re open. We sit down with procurement and show them the costs of our employees. We show them the burdens of our employees. We show our markups. We show markups on material. We show cost of material. We agree that what we’re trying to do is get a fair margin for what we do — and we do. So if we have the conversation around that area, it goes extremely well.
I think the other thing they would talk about is our ability to deliver extremely elegant, nimble solutions. We work very, very hard to not deliver status quo solutions — to really look at everything from the cost to just truly how lightweight is that solution across their systems, as we’re touching IT and those sort of things.
INVESTMENT IN PROJECT MANAGERS
Ray Dean:For integrators whose reputations depend on delivering projects on time, on budget, and within scope, skillful project management is a major differentiator between you and your competitors. What investments do you make in your workforce — specifically, security project managers — to ensure you meet or exceed your client’s expectations? What does tomorrow’s security project manager look like?
Eric Yunag: Our primary mechanism for project management is the Security Industry Association’s Certified Security Project Management (CSPM) credential. Of the 300-some-odd CSPMs, I think, that SIA has produced in the 10 years that the program has been in existence, we have, I believe, eight or nine of those as an organization.
For us, it normalizes the expectations for what it means to be a project manager in the security industry and helps us credential those guys in a way that is meaningful for our customers. What is most meaningful for our clients is the consistency of delivery. At the end of the day, for our customers of any significance, consistently delivering a solution across whatever their footprint looks like is one of the most important things they expect us to bring to the table.
The other part of it, in terms of what changes in the future, is the increasing focus on truly limiting the risk in personal security outcomes, and not just delivering a technology solution. While that falls on us as an organization as a whole, that touch point of the project manager or the person who’s on the ground while a solution is delivered and interfacing with all the stakeholders inside an organization is, in my mind, a critical pivot point.
Are the solutions that we’re delivering truly accomplishing a security outcome? What is the point of buying all this technology if we’re not actually producing a security outcome of some kind? Of course, it’s incumbent upon our organization as a whole to deliver that. That’s the thing we’re stressing most with our project managers now, not just taking what’s on paper here and ensuring that it gets delivered in a consistent and timely basis and efficiently, but are we really accomplishing something that is meaningful to our clients?
Carey Boethel: It’s a major area of investment for us. The project manager is probably the most important role in our organization. They touch the customer more than anybody else. They are essentially our profit managers. We all want to please our customers, and we go to great lengths to do so, but there’s an art to doing that while, at the same time, managing scope. If you don’t manage scope well, you’re not going to be able to please your customers over the long term because you’re not going to make any money, and you’re not going to be healthy. We have to do that.
So we spend a lot of money here. This year alone we put 25 project managers through the CSPM course. Our program managers have the Project Management Institute, PMP, certification. We have a program management office that functions a little like Paul’s company, in that they manage large-scale local deployments.
So these are certifications that are really table stakes for our organization, and that’s the first line of investment.
The second line of investment focuses on how to create a better customer experience. You can’t take a project manager, say, from the construction industry, with all the requisite certifications, and put them in an end user board room and expect them to create a positive customer experience. At least, my experience has been it doesn’t work that way. There’s an approach that has to be taken. You have to manage the profits of the company while, at the same time, managing the expectations of the customer — and that’s the project manager.
Paul Thomas: We’ve changed the word “project manager” to “program manager,” again, probably due to the marketplace, where we’ve managed hundreds of projects across any one customer and that belongs to a program manager. So we have program managers and project managers.
We used to get these guys from our industry. We used to search long and hard. We would want a guy with 15 years, 18 years in his pocket, so he could just come in and start working day one.
About five years ago, through QBRs, our customers came back to us and said, “That’s great, but that’s not what we need. We need guys that work with our real estate group, our M&A group. We need guys that work with our IT group. We need guys that actually can sit down with our facilities group when we’re doing an M&A and help plan this stuff out.”
So we switched and started hiring folks out of two different college programs: the construction management program, somebody with a CM degree, and an IT management degree. We found that those guys could learn our industry extremely fast.
So we’re looking for credentials after a degree program in PMI because that means something to facilities, or that means something to the real estate group. Then we’re also looking for credentials in the security space. For us, it’s the most important position that we have.
INTEGRATOR OF TOMORROW
Ray Dean: Since 9/11, we have seen rapid growth in our industry. By all accounts, we anticipate that growth will continue well into the future. As businessmen running successful organizations, part of the strategic view is to project and, hopefully, accurately predict the future of our industry. Can you give us some insight into what you think the integrator of tomorrow and the future is going to look like?
Paul Thomas: I’m not sure where security fits right now. If you look at it as a global structure, if you look at our customers and look at their security departments, where do they report to? They used to report to facilities. That was kind of traditional, back maybe 10 years ago. That moved a little bit over time and sometimes went to finance.
Now, 100 percent of our customers report in to IT at some level. They’re reporting up to some leg of that stool. So I would see in the future that our industry probably belongs in that IT space, either underneath the information security or squarely next to the information security leg of that stool.
I do believe that our stuff is becoming much more IT-based. There are appliances that sit at the end of wireless or the end of cable, somewhere out there. It really is an IT product that we’re selling, and it is IT that we’re affecting. So I think we’ll get brought into that space whether we want to or not, but I think it’s healthy for our business to do that. I think it’s a great space to be in, but I do think it’ll be kind of a third leg of the IT stool in the future.
Eric Yunag: What is valuable for our clients? I think it’s rooted in that. To Paul’s point, the ability to deliver an IP device on a network is not something that is perceived as valuable. The value we all bring to the table…is the fact that we bring security expertise to the table, or we should be bringing security expertise to the table. We should have disciplines of physical security and the concepts of limiting risk and this kind of thing.
I think the expectations for us and our industry are evolving rapidly. What people expect is different than it was a number of years ago. We have these high-profile, national tragedies — Sandy Hook and Boston bombing. We have continual school shootings. People who have nothing to do with this industry ask me all the time, “Why in the world can’t you use systems and cameras to limit the loss of life in these instances, rather than just have great pictures of bodies on the floor?”
That’s a very interesting question. To me, it’s rooted in a lot of the fundamental challenges our industry has. We all know, technically, as security practitioners, why it’s so difficult to extend video to first responders and law enforcement, and privacy issues that are there, and versions of clients and video platforms, and all the kinds of things that are out there.
In my mind, the challenge that exists is the fact that we don’t have an industry coalescing set of standards that truly meets what our clients need in the coming years, which is ubiquitous exchange of security information, regardless of platform, to produce security outcomes.
I think there are a couple of really big issues that are at play, that we have the chance to either rise up and fulfill our destiny as believers in this industry or forfeit some of that to people who are going to bring innovative solutions to those challenges.
Carey Boethel: I believe the integrator of tomorrow will go one of two ways. It’ll either go down market and be relegated to a contractor, or it’ll go up market and look more like a professional services organization. We talk about IT, IQ, and we’ve been talking about that for years. If you don’t have that today, you’re not a player in this space. That’s table stakes, and that’s going to continue.
We employ people with Ph.Ds in information technology. You have to do that to compete in the enterprise space. I think we’re going to continue to see more and more of the lower level, undifferentiated IT infrastructure, bar cable sensors, appliances, subcontracted to companies that can really eek out efficiencies in the field and become very, very good at the installation — not necessarily the provisioning but the installation of that equipment.
You’re going to see the integrator focus much more on the head end and much more on the upper end, the more sophisticated end of the value proposition. So the deployment model will change, and the profit formula will change. It’ll take time, but it’ll change one way or the other, in my opinion. n
Is the Trend to Embed?
Ray Dean:Are you finding that more and more of yourcustomers are looking to have you embed people [in their facilities]? Or are they looking for you to come in and manage their services?
Paul Thomas: Our customers all want us to be embedded. They’re using us as kind of a labor pool, so if we can’t deliver what they want, they will go find it and then they will ask us to hire that person. There’s no real advantage to us to do that in the short term.
If it works into our strategy and they actually become one of our employees, and we grow by it, then it makes sense. We’re seeing it across multiple customers right now, where they say, “You know what? I got a person. I don’t have head count. We’d like you to hire them. Here’s what we’ll pay.” They kind of do the whole deal, and all they do is say, “Just hire them and put a shirt on them.”
Ray Dean: So some of it is not really profitable, but it’s for the sake of the customer.
Paul Thomas: We make it profitable. That’s the hard part. Because of our transparency, our customers understand our burdens. If we hire somebody at $50,000 a year, there is also another $40,000 that goes into his pay. They understand our margin. So we get to a point where it makes dollars and sense for us, but it doesn’t make long-term strategy. Just to sell one person for one job is a one-to-one ratio. It can’t bring value to our company.
Eric Yunag: I agree with what Carey said earlier about consistency in deployment. That’s definitely an expectation for our customers and one of the things I think is very important in delivery. But the challenge that creates for us is the ability to be nimble and react to circumstances that are very different from one client to the next or one industry to the next.
We’ve had customers that want us to embed a number of people. It just completely depends on the circumstance of the client, how we believe that we can add value in a circumstance like that. We see more and more clients looking for that solution because the amount of time that we spend engaging across all these different functional parts of organizations is time-consuming. They see it largely as an efficiency play in a lot of cases.
Carey Boethel: I have one subtle change in that we try to become functionally embedded, rather than the description that Paul gave where you have a one-to-one relationship. It’s hard to get any economies out of that kind of assignment. So to the extent that we can have what we call “putting people in the cloud,” maybe they’re geographically remote, but functionally embedded within the customer’s organization.
About Securing New Ground
Securing New Ground is scheduled to take place October 28-29, 2015, at the Millennium Broadway Hotel in New York. Securing New Ground (SNG) is about the business of security. At SNG, C-level executives, new entrants, investors and security practitioners discuss and map the state of the security industry. For more information, visit www.siaonline.org/Pages/IndustryEvents/Securing-New-Ground.aspx.