Things are getting worse"
"It's every other week now"
"We live in interesting times"
A state of uncertainty hangs over the general public like so many dark clouds. In the UK, a sustained period of harrowing terrorist attacks and high-profile disasters have been conflated with beleaguered and underfunded emergency services and political uncertainty. In the wider World, population projections spiral in concordance with relentless urbanisation, put simply, humans will not only find themselves in harms way because of societal pressures.....they will find themselves in harms way because they will live in the pathways of natural disaster out of necessity. Yet in all cases, business must continue as usual. So how, or perhaps more correctly who, will facilitate this?
Well, some groups and individuals hold a great deal of expertise in this inevitably expanding field. Likewise a number of enterprising people from diverse backgrounds wish to improve their comprehension of risk and its mitigation. Enter 'Frontier Risks', an organisation that first entered my radar on LinkedIn. It just so happened that I had some free time between work and continuing my bachelor's in war and security during the summer, and I was in the market for adding another string to my bow, so to speak. The Security Risk Management Course they offer seriously piqued my interest.
I had something of a checklist for any course I was about to entertain, it had to be short and intensive so I could conveniently fit it in between other responsibilities, it had to offer me a recognisable and respected qualification. The course would have to have interesting subject matter and as a bonus, give me a chance to network and spend time with motivated professionals in security and related industries.
Tentatively I sent a few e-mails probing for a bit more information and was soon communicating with company director Pete Lawrence who was more than happy to further explain the nature of the course, its relevance to my areas of interest and study and how it could increase my confidence in something I felt I needed to improve upon: specifically applying theory to real world practical scenarios and approaching companies with proposals. Frankly, I was convinced that I was dealing with conscientious and serious training provider.
So here I am, writing a daily blog about what I experience and learn on this thirteen day residential course. This chimera of a blog will review subject matter and lectures, it will explore the facilities at the Emergency Planning College where the course takes place and it will contain my thoughts about the theoretical perspectives on security and risk management. Hopefully those looking to add to their skill-set in the field will find it useful. Feel free to send me any questions regarding the course, I will answer to the best of my ability or pass the question on to the course leaders!
Day one : Orientation/ Best Practice ISO31000/ Country and Regional Risk Assessments.
The long road leading to the re-purposed country manor, which houses the Emergency Planning College is atmospheric to say the least, similarly the barriers and intercoms that have to be negotiated prime the mind in a certain frame.....useful for considering threat and vulnerability. A cursory glance at the history of the place reveals it to have been home to various government agencies, in the late 1930's it was re-purposed as the anti-gas and chemical warfare school. Local conspiracies abound as to what actually went on within its grounds. Today the Home Office uses the idyllic setting to host numerous classes and courses relating to security in the public and private sectors. It truly seems a wonderful place to study, one-part meditative retreat, one-part Professor Xavier's School for Gifted Youngsters. Accommodation is on-site, but at the risk of turning this into a Tripadvisor review, I will surreptitiously filter information on this fascinating place throughout the remainder of the blog posts. Perhaps fittingly, as upon arrival I quickly received my ID pass from reception and proceeded to the large presentation room where most of the trainees were seated with various Frontier Risk issued notepads, handbooks and paperwork before them.
After a brief introduction, which outlined the learning programme for the thirteen days, I must say I was impressed, if not a bit excited at the quality of guest lecturers that would be attending. We would be taught by luminaries in their respective specialisations from top selling authors like Tim Marshall to noted experts such as cyber-security leader Sharif Gardner.
The unenviable task of instilling good practice within our cohort fell to David Tait, co-founder of pioneering risk management consultancy 'Athena Risk'. David immediately struck me as a hard-nosed ex-marine, it turned out that he was.....a hard nosed ex-marine. But with a good sense of humour he quickly formed a comfortable atmosphere whereby the class introduced themselves. Those who have worked in security will no doubt have done the classroom introduction thing many times over on first aid courses and the like, but for me this was the most fascinating I had ever been involved in. Professionals from all around the world working in NGOs, military intelligence, hospital trusts and the fire service mingled with those taking an entirely new direction in their career or seeking to take new found expertise back to private organisations. Some would be using the course as credit towards MBAs or level 5 qualifications, others were there purely to get to grips with security risk management.
The teaching moved at a steady pace, outlining the principles of ISO 31000. David clearly had an intrinsic real world knowledge of how many organisations treat risk mitigation and contingency planning, pointing out that once contingency plans are written they are forgotten and left to gather dust, the original creator often having left the company years ago. This immediately struck a note with me, having first become interested in risk management when I was a security guard, rifling through file folders containing ISO documents in control rooms in my down time.
David was also very mindful to instil the idea that consultants must be aware of the commercial nature of the businesses that hire security risk consultants, that justifications must not only be given but be well explained when treating risk. We were then given an idea of the tools available to security risk managers in the form of tables and threat matrices useful in analysing risk.
The day passed quickly and despite the fairly relentless nature of information dissemination the whole class seem attentive and in full concentration, interspersed was discourse on the many definitions used in risk management, it was great to hear many different perspectives on the nature of threats such as terrorism.
The day was capped off by a look at risk analysis pertinent to country and region. This gives a general idea of potential issues a company might encounter when operating away from their usual home, here David explained the importance of understanding the bespoke nature of consultancy in this field. What might paralyse a risk averse engineering company might not deter a charitable organisation which has a larger appetite for it. A quick team based exercise in generating country relevant strategic intelligence followed, which we shall be presenting tomorrow. Follow this blog to see how it goes!