printer friendly version

Leaders in risk & security: Assessing threat, risk and vulnerability

After serving a 27-year ‘life sentence’ in the military, Andy Lawler has spent over ten years in the private security industry as a risk specialist. He left the defence force in 2007 and spent two years as chief operating officer of a company in Roodepoort.

He was then approached to join Sentinel Risk Management in 2009, which he did, and he eventually purchased the company outright in 2013.

Lawler says his time in the military gave him a good grounding for running Sentinel as he was able to attend numerous courses that not only gave him a broad range of skills, but also direction in terms of what he wanted to do after his service. Among the various positions he held, in 1999 he was appointed as security manager and adjutant at 1 Military Hospital. In this position he was required to oversee a number of security projects, which piqued his interest in the physical security industry.

Due to his legal and analytical talents, he was head-hunted by the Chief of Defence Legal Services and was transferred to the headquarters of the Minister of Defence. Here he was sent on a number of courses including military law, law of armed conflict, law of war, international humanitarian law and the conventions of the Red Cross and Red Crescent.

More pertinent to his future life as a civilian, Lawler was also sent on training in strategic planning and management, security risk management, information security, corporate governance, business continuity, enterprise risk management and cyber forensics.

Civilian life

Lawler was initially hired at Sentinel to provide training on risk management and this evolved into him combining security and risk management, which is where his specialist knowledge stood out. He began encouraging people to think about what steps they could or should take to secure their homes, estates and businesses by starting at the beginning – in other words, first assessing the risks they faced before looking for solutions.

His cybersecurity training also introduced him to the concept of penetration testing, and he evolved this into his risk management process for the physical security industry. He adapted the generic Threat, Risk and Vulnerability Assessment (TRVA), into a unique Security Threat Risk and Vulnerability Assessment (S-TRVA).

Over the course of the past decade, Lawler has been invited to speak on a variety of risk-related matters and explain and implement his S-TRVA process throughout Africa, while also providing assessments for large and small clients in the region. And it seems the S-TRVA risk assessment process is expanding as a company in Japan has also adopted it.

Lessons in security

Lawler has learned many lessons from his time in the security industry, but he says the most important is the ability to communicate with people. Effective communication allows for faster problem resolution, but it also prevents many problems from appearing in the first place.

One of the most common failures of communication with customers in the industry is the inability to avoid the ‘grudge purchase’ mentality. This occurs when people feel they have to pay for some form of security because the police force is not doing its job in protecting them. This grudge attitude leads to people cutting corners and opting for cheap security solutions or services that don’t actually keep them safe. “If you pay a second-rate price you get a second-rate service,” states Lawler.

He has explained to many customers and potential customers that the police are not there to keep people safe. The police force is there to respond to crime, investigate it and ensure evidence is collected that can lead to a successful prosecution of the criminal. People must realise they are responsible for their own safety and security and therefore need to secure their own environment. We must all remember the unpleasant reality that crime in South Africa is a case of when, not if.

“You can’t absolve yourself of responsibility by blaming the police for your insecurity,” he says. “Putting your head in the sand and hoping it will go away only serves to expose the lower part of your anatomy as a target to be kicked.”

He says it’s therefore critical for everyone to understand that security begins in their own heads, by creating a security mindset. Every person and organisation must focus on what they do and how to secure themselves. Alarms, cameras and armed response services don’t make you secure. Once you understand your own security, or lack thereof, and where you are vulnerable, then you can make use of the technology and services available as add-ons to mitigate the risks. If you don’t know what and where the risks are, simply spending money is not going to ensure the safety of your person or the people in your environment.

Andy Lawler.

Starting out in security

The police force and the military are no longer feeder organisations for a career in the private security industry as they once were. Lawler says that the training and education a police or military officer receives today no longer makes them an authority on security matters. He suggests that young people wanting a career in the security industry take matters into their own hands to ensure they are trained properly and gain the experience required to reach their goals. He offers some suggestions as to a career path.

A first step could be to join an armed response company and receive training to become an officer. However, the individual should not make this their final career, but once they have two or three years’ experience they need to look for the next step. People in response cars don’t understand the ‘big picture’ of running a company, for example, so they would need to look at moving in a management direction. This could mean moving into sales where you learn to sell armed response services and help clients or potential clients understand where their risks and vulnerabilities lie.

Another path could perhaps be a job at an installation company where the individual learns the ins and outs of security technology and how to install it. Again, moving into a sales position after a while will also allow one to learn how to identify risks and so forth.

Finally, one can also look at studying security at legitimate institutions that offer recognised certificates, diplomas or degrees. However, it may be wise to take this route only after gaining some experience ‘on the ground’ as the ability to translate theory into practical advice and solutions is critical. Some of the larger security companies also have training academies that offer good training and a clear career path, so these should not be ignored as worthwhile ways to establish your career in security.

“There are different options for young people entering the security industry today,” Lawler explains. “My advice is to look at where your interest lies and then enter the industry and move up the ranks in a logical way that builds on the skills you have already gained. Then look at how you can use the skills you have gained to make a real contribution to the security field in South Africa.”

Share this article:

Further reading: