Guidepost Solutions has always provided much more than just security & technology consulting services, but did you know they also provide cybersecurity-related services? They have, for years, enjoyed a reputation as a world-class provider of global investigations, compliance, monitoring, and security and technology consulting solutions for clients in a wide range of industries. Many close to the world of physical security & technology consulting, however, are likely unaware that Guidepost Solutions is also a respected provider of cyber threat mitigation services.
Brilliance Security Magazine recently had the opportunity to sit down with Julie Myers Wood, Guidepost’s CEO and John Torres, their COO of security & technology consulting. You would be hard-pressed to find two more delightful and knowledgeable executives in the security industry. The significant takeaway from this interview was that Guidepost Solutions is a real player in the world of cybersecurity.
Both Julie’s and John’s backgrounds are in cyber investigations. Forensic analysis is a big part of what they do. They employ investigators with backgrounds as federal and local prosecutors and law enforcement agents; digital forensic experts and reverse malware engineers; forensic accountants; data and intelligence analysts; and former federal agents from the U.S. Department of Homeland Security, the Federal Bureau of Investigation, the Internal Revenue Service, the U.S. Secret Service, and the U.S. Marshal Service who have extensive experience testifying as experts in federal and state courts.
Users of enterprise security systems, particularly surveillance cameras, are keenly aware of the cyber shortcomings of many security devices and systems. Julie said, “given the Internet of Things, if you don’t think about the cyber vulnerabilities in the camera that you are recommending you are failing as a consultant. For us, we are always thinking about cyber vulnerabilities and weaknesses on every project.”
Whether it is cameras or access control or visitor management systems they are all points of entry into the client’s network. Every client is different. Some are more concerned with overall system cost than they are the cyber risks. Security consultants often try to quantify this preference using terms to describe a client’s risk appetite. Addressing this, Julie states, “we are vendor agnostic so our job, during the design process, becomes one of assessing our client’s risk appetite and then pairing them with the appropriate physical security systems; all the while, trying to determine the best balance between cost and risk.” Helping the client understand the real risk, as well as the real cost, is the perennial challenge of consultants. Sometimes the shiny new bauble seems attractive until you realize that integration into your existing system may require a forklift upgrade. John points out, “ultimately we work with the client to see what is going to be best for them. It seems that everyone is attracted to the newest technologies but you have to consider the client’s legacy systems and what will or what won’t integrate into their existing systems and infrastructure.”
Julie talked about how they are cross-training their existing physical security and cybersecurity specialists to know both domains and how when hiring new people they look for folks with both skill sets. “When we are hiring at guidepost now we are looking for people that come equipped with the required cybersecurity background,” she said.
In February of 2017 Guidepost Solutions and Revolutionary Security announced a strategic partnership with a financial investment into Revolutionary Security by Guidepost Solutions. Addressing this, Julie said, “we think that everyone in the security business needs to know cybersecurity, but further than that, we know what we know and we know what we don’t. So when the cybersecurity requirements run deeper than our in-house capabilities is when we bring in our partners at Revolutionary Security.” Adding, “these are some former Lockheed Martin guys that stood up the cybersecurity practice there. These guys are very deep in some specific verticals like utilities.”
John discussed a law firm client of theirs that was concerned about knowing where all of their people are when an incident happens. Specifically terror attacks around the globe. “They asked us to come in and provide crisis management training as well as either help them build a global security operation center or help them decide if they should hire someone to come in and provide managed services. Guidepost provides GSOC design and can provide those managed services through their partner, Revolutionary Security,” he said.
Julie indicated that, while they are not concentrated in any one market segment, they do significant work in schools and often times there is money available for a technology refresh in schools but not ongoing funding for maintenance of the new systems. “So when we are making recommendations, we have to think about how this entity is going to maintain these systems after the design and deployment are complete. Do they have the required knowledge? Understanding the clients ability to manage and maintain a system should always be a part of the product selection process.” she stated.
A challenge for security consultants that can provide physical as well as cyber threat assessment and mitigation is helping the client see the wisdom in breaking down existing silos between internal physical and cyber security teams. Often even funding will be siloed between these departments and this can create a challenge for addressing cross-vector threats.
Julie Myers Wood is the chief executive officer of Guidepost Solutions. She joined the firm in 2012, as president of its Compliance, Federal Practice and Software Solutions division. Prior to joining Guidepost Solutions, Ms. Wood was the former founder and president of ICS Consulting, LLC, a firm specializing in compliance, risk assessments, immigration and customs investigations. Prior to joining the private sector, Ms. Wood served as Head of Immigration and Customs Enforcement for the Department of Homeland Security (DHS) leading its largest investigative component and the second largest investigative agency in the federal government with a budget of nearly $6 billion and 15,000 employees.
John P. Torres heads the firm’s Federal Practice, and as Chief Operating Officer he provides managerial leadership for the national and international footprint of the Security and Technology Consulting Practice. He works closely with individuals and businesses on matters related to risk mitigation, anti-money laundering, security assessments, due diligence, investigations, crisis management planning, cross-border security, event security management, federal consulting and government compliance. Prior to joining Guidepost Solutions in 2013, Mr. Torres served as the Special Agent in Charge for Homeland Security Investigation in the District of Columbia and the Commonwealth of Virginia.
Steven Bowcut, CPP, PSP is the Editor-in-Chief for Brilliance Security Magazine.