Security Risks with William Sako

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   William Sako is a security and risk expert. Justin and William address issues such as how security tech makes buildings smarter and safer, examples of the risk tech used in these buildings, and mistakes that risk leaders might make today. They discuss how COVID-19 has facilitated change in enhancing security measures that will be with us forever. They talk about the important role of the risk manager when designing a security plan for a building. They dig into how risk managers can lead the charge, going above and beyond check-the-box compliance. Listen to William’s perspectives on risk technology, communication within an organization, and the future of building security. Key Takeaways: [:01] About RIMS and RIMScast. [:15] Public registration is open for RISKWORLD 2025! Engage Today and Embrace Tomorrow with RIMS at RISKWORLD from May 4th through May 7th in Chicago, Illinois. Register at RIMS.org/RISKWORLD. [:31] About this episode of RIMScast. We will be joined by Bill Sako of Telgian Engineering to discuss security risk management in 2025. [:58] RIMS-CRMP Workshops! As part of RIMS’s continuing strategic partnership with Purima, we have a two-day course coming up on April 22nd and 23rd. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:15] Virtual Workshops! On March 26th, Pat Saporito will host “Generative AI for Risk Management”. The next course will be on June 26th. [1:29] On April 16th and 17th, Chris Hansen will lead “Managing Worker Compensation, Employer’s Liability, and Employment Practices in the U.S.” [1:42] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [1:53] RISKWORLD registration is open. Engage Today and Embrace Tomorrow, May 4th through 7th in Chicago. Register at RIMS.org/RISKWORLD. Also, remember that there will be lots of pre-conference workshops being held in Chicago just ahead of RISKWORLD. [2:12] These courses include “Applying and Integrating ERM,” “Captives as an Alternate Risk Financing Technique,” “Contractual Risk Transfer,” “Fundamentals of Insurance,” “Fundamentals of Risk Management,” RIMS-CRMP Exam Prep, and more! The links are in the show notes. [2:35] Our guest today, Bill Sako, is the Vice President and Senior Security Consultant at Telgian Engineering and Consulting. He has 50 years of experience in security risk management. [2:49] Bill will tell us what’s keeping him up at night in security, risk management, visitor management, and workplace safety in 2025. We’ll also provide tips for risk managers on how to be more of a leading voice in finding a new location, renovating it, and installing security tech. [3:15] Interview! Bill Sako, welcome back to RIMScast! [3:33] Bill got into the business of security in 1974 by starting Sako & Associates, a security consulting firm. It became the second largest in the U.S. with 28 engineers and support staff, doing every kind of security project in buildings and venues. [3:54] Sako & Associates did security projects at U.S. Embassies, F.B.I. Headquarters, super highrise buildings all over the world, large mixed-use projects, and developing multiple security programs that have to meld together in a large, complicated building. [4:20] These projects include large medical centers and college campuses around the world. A lot of its work was done with architects in corporate America when they were developing office buildings. [4:39] Sako & Associates developed over $2.2 billion in security plans over many projects. [5:33] Today’s security tech is transforming buildings into smarter and safer environments through advanced sensors, AI, and connectivity. AI-powered surveillance cameras detect unusual behavior, recognize faces, and track movement in real-time. [5:58] That technology was in its infancy 10 years ago. It’s come a long way and the technology is becoming rock-solid. The systems can differentiate between threats and harmless activities to reduce false alarms and help the person monitoring the system understand them. [6:18] Access control to the building and tenant spaces within the building is provided through biometric scanners, mobile-based apps, and smart card readers, with logs for digital security auditing.  [6:37] Smart IoT sensors monitor temperature and air quality. They trigger alarms very quickly in case of fire, gas leak, or unauthorized entry, to keep the building occupants safe. [6:54] Automated threat response is provided through automatically locking doors, alerting authorities, and activating emergency lighting, in response to hazards and breaches. We’ve had this capability for 20 years, but it is being used more now. [7:27] Cloud-based surveillance allows remote monitoring by management and first responders through web access and smartphones to see the cameras in the building in real time. It’s becoming a trend. [7:59] Cyber security measures, with increased connectivity, can provide solutions to protect networks from threats like hacking and data breaches to ensure physical security systems are uncompromised. [8:12] Fire response systems have been hardwired for years. Engineers are starting to implement connected capabilities for them. [8:39] Bill talks about companies paying to install cameras, but when a camera fails, not paying to replace them, leaving black monitor screens. That gave birth to predictive maintenance plans with established lifelines for any piece of equipment and budgets for replacement as needed. [9:49] All the functions of emergency management are being automated. These innovations collectively create smarter buildings that are more secure, efficient, and responsive to any potential threat. [10:40] Many times, the technology that’s put into a building is assumed to be static. That’s true until you make changes to the building. Then you have to update the system. [11:02] Security is a different ball game. Security is based on behaviors. The threat environment can change from hour to hour or day to day, depending on who’s visiting the building and what’s going on down the street. You have to have flexibility and people to operate the equipment. [11:28] The technology needs a human operator to interpret the signals and determine the right response in real time. AI and machine learning are great technologies and we’re using them virtually in every piece of equipment going in. [12:09] You still need a human to be able to assess what’s happening and how they’re supposed to respond when multiple sensors are going off. Bill tells of a break-in when the right response was to send three armed security officers to the asset vault. The suspects were apprehended. [13:46] Bill explains some of the changes in security technology that have been incorporated as a result of COVID-19. Increased reliance on technology led to changes in security practices.  Touchless access control came about as a result of COVID-19. [14:28] Occupancy management lets building owners know who is in the building and allows for the building to be evacuated safely. [14:48] With people working from home, COVID-19 led to an expansion in remote monitoring. [15:02] Visitor management is important. Healthcare facilities realize today that they have to protect their staff and patients in the building. They need screening in the lobby and must use visitor management. Automated systems make it easy. [16:28] Touchless and mobile access control will be with us forever. Bill also includes hybrid security management, AI-powered surveillance and analytics, and moving security and surveillance to the cloud provides greater capability. Your command center can be your laptop. [17:35] As security moved more into the digital domain, we figured out how to operate across networks and maintain security for all the data we have. Bill says it’s rock-solid today. [17:55] Bill believes cloud-based services are the way to go for most buildings today. It gives you the capability to do everything remotely. [18:04] Data-driven decision-making will stay with us for a long time. It allows you to predict and mitigate risk on the fly. You have to train people well to know how to respond to the data. [18:26] Zero trust is a practice where no one coming into the network is trusted without proof through multi-factor identification. Even the Chairman of the Board must be verified. [19:01] Bill continues with crisis management and business continuity planning. A bullet list is not a business continuity plan. With crisis management and business continuity, you have to train people so they understand the plans. [19:24] The pandemic introduced new security practices and accelerated the modernization of legacy systems. Security includes integrating legacy systems with new systems. Command centers may have multiple disparate systems in one security management enterprise system. [20:14] Plug Time! RIMS Webinars! On Wednesday, March 26th at 2:00 p.m. Eastern Time, members of the RIMS Strategic and Enterprise Risk Management Council will extend the dialog that began in the recent RIMS Executive Report “Understanding Interconnected Risks”. [20:33] On Thursday, March 27th, Descartes Underwriting will make its RIMS Webinar debut with a session about parametric insurance. On April 3rd, join Zurich for “Understanding Third-Party Litigation Funding”. [20:47] On April 10th, Audit Board will present “What CISOs Want Risk Executives to Know About Cyber Risk in 2025”. [20:54] Following the success of their recent webinar, HUB International returns for the next installment of their Ready for Tomorrow Series, “From Defense to Prevention: Strengthening Your Liability Risk Management Approach”. That session will be on April 17th. [21:10] On April 24th, RiskConnect returns to deliver “Better Together: The Marriage of Insurable Risk and Business Continuity”. [21:18 More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [21:30] Let’s Resume Our Dialogue about Security Risks with Bill Sako! [22:10] In 50 years of security work, Bill did not encounter many leaders with Risk in their titles. While all insurance is about risk, in the corporate world, only very large companies have risk officers. Everything is in its silo. Getting the silos to talk together can be a nightmare. [22:48] Typical buildings don’t have risk managers. Corporate campuses may have a risk manager to manage 50 or 60 buildings. That person is strained. [23:02] When Telgian Engineering & Consulting is brought in for an audit or to develop a new system design for a client, they identify who the risk leader is, whatever title they may have. They team with the people who know the vulnerabilities and the threats of the organization. [23:47] Telgian has recommended to several clients that they should hire a risk management person on staff. In a lot of cases, they say they don’t have the budget but they’ll think about it for the future. At that organization, who is evaluating risk for them? [24:07] Telgian, as a consultant, takes that role for the organization while they’re doing the assessment, creating detailed risk models. Then they educate the client to the extent that the client understands what the risks are and the risk mitigation techniques they could use. [24:47] Bill says the hard thing is to dig into organizations internally to find who that risk leader might be. Someone is doing it, even without the title. It might be the CEO. [25:36] In organizations with a titled risk officer, they may be siloed, in a lot of cases. That risk manager needs to understand whom to work with within the organization to address all the organization’s security concerns. The siloes need to be taken down. [26:17] Telgian Engineering & Consulting has always had the responsibility to educate its clients. The clients may think they understand what security is and what the risks are, but they often have a very narrow view without seeing the big picture. [27:06] The person at the lobby reception desk of an office building is often the first line of defense. There may be security officers there. What happens when the visitor goes up the elevator? [27:38] The organization should provide security training for the lobby receptionist. They can see if a visitor is acting agitated. They can attempt to de-escalate an angry visitor. They need to be briefed on the organization’s security practices, especially when they identify a threat. [29:23] When Telgian does an assessment, they don’t want one point person to show them around. They want to talk to everybody who is in touch with what’s going on in the organization. Receptionists are one of the primary sources of information for Telgian. [30:13] Bill says that risk leaders and officers need to find a way to become embedded in the organization and the things that are going on. The risk manager needs to be part of the security team, the facilities team, the legal team, and the IT team. [30:32] Bill has recommended to risk managers that they should set up monthly or bi-monthly meetings with the leaders of the siloes to discuss concerns and risks and how to solve those problems together. The risk manager is usually the right person to pull that team together. [31:42] Bill says identifying risks through AI on video cameras and following a visitor through the building is happening in many organizations now. This is critical for post-incident analysis. [33:07] One thing the government is great at is doing a full-blown report after an incident. That incident report winds up informing security of the risks to watch for. [33:19] On every consultation project, Bill got past reports upfront from the organization to see what the issues have been with the organization. They design security systems to meet those threats. Organizations have to do that to manage their risks properly. [33:42] Special thanks again to William Saco for joining us here on RIMScast. In this episode’s show notes, I have links to more RIMS Risk Management magazine and RIMScast coverage on security risks and workplace violence preparedness and prevention.  [33:59] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [34:27] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information. [34:46] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [35:03] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [35:20] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [35:34] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:41] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Links: RISKWORLD 2025 — May 4‒7. | Register today! Nominations for the Donald M. Stuart Award [Canada] Spencer Educational Foundation — General Grants 2026 — Application Dates Spencer’s RISKWORLD Events — Register or Sponsor! RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Risk Management magazine RIMS Now RIMS Webinars: RIMS.org/Webinars “Understanding Interconnected Risks” | Presented by RIMS and the Strategic and Enterprise Risk Management Council | March 26, 2025 “Parametric Insurance and Climate Risk: An Innovative Tool for CAT Risk Management” | Sponsored by Descartes Underwriting | March 27, 2025 “Understanding Third-Party Litigation Funding” | Sponsored by Zurich | April 3, 2025 “What CISOs Want Risk Executives to Know About Cyber Risk in 2025” | Sponsored by Auditboard | April 10, 2025 “Ready for Tomorrow? From Defense to Prevention: Strengthening Your Liability Risk Management Approach” | Sponsored by Hub International | April 17, 2025 “Better Together: The Marriage of Insurable Risk and Business Continuity” | Sponsored by Riskonnect | April 24, 2025   Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Exam Prep with PARIMA | April 22‒23 Full RIMS-CRMP Prep Course Schedule   Upcoming Virtual Workshops: “Generative AI for Risk Management” | March 26 and June 26 | Instructor: Pat Saporito “Managing Worker Compensation, Employer's Liability and Employment Practices in the U.S.” | April 16‒17 | Instructor: Chris Hansen See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes: “Evolving Fire Risks with Ralph Bless” “Public Violence and Workplace Safety with Lauris Freidenfelds” “E-Commerce’s Impact on Fire Safety in Supply Chains with Leonard Ramo” “Data Privacy and Protection with CISA Chief Privacy Officer James Burd” “Solving Wicked Problems with Dr. Gav Schneider”   Sponsored RIMScast Episodes: “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog (New!) “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring Walmart ERM Director Michelle Black!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: William Sako, Vice President, Senior Security Consultant at Telgian Engineering & Consulting, LLC   Production and engineering provided by Podfly.