IT and Security

Convergence of Physical and Digital Security: Interview With Global Security Expert Shaun Thivierge

Shaun Thivierge

Security industry expert and thought leader Shaun Thivierge has spent the past 10 years gaining physical security knowledge, skills, and real-world experience in a variety of operational and technical roles. Thivierge is currently the Global Security Systems Manager at Oportun, a fintech company that brings affordable loans to low-to-moderate income communities who have been left out of mainstream financial services. Passionate about security industry education, training, and mentorship, Thivierge is also highly involved with the ASIS SF Chapter as the Vice Chair and Young Professionals Committee Chair. ASIS is a global security organization that hosts four certifications: CPP, PCI, APP, and PSP.

In this interview we ask Thivierge about the changes he’s seen in the security industry in the past couple years, how COVID is changing the threat landscape, and what new technologies will rise as innovative leaders in the industry.

In this interview we ask Thivierge about the changes he’s seen in the security industry in the past couple years, how COVID-19 is changing the threat landscape, and what new technologies will rise as innovative leaders in the industry.

What changes have you seen in the security industry in the past couple years?

Convergence has been the catchphrase for the last number of years. The merging of cybersecurity and physical security and what that looks like. Pre-COVID it was very organizationally and operationally dependent, they would choose to merge or not merge those functions based on business needs and culture development. Now in the world of COVID-19 and beyond, it’s really going to expedite that transition. So, that will be a challenge for a lot of organizations to understand what the new threat landscape looks like and respond accordingly. Cybersecurity and physical security professionals tackle problems differently and there is still a lot to be learned that can benefit both teams.

What are the biggest issues in the security industry?

Threat assessment methodologies. Cybersecurity has matured incredibly quickly because of the sheer volume of cyber attacks out there, and by virtue of a methodical approach to security threats. There are organized ways to catalog the constant onslaught of cyber attacks. Physical security, because the way the threat landscape develops, has historically been harder to predict and track. That’s where the giant meeting of the minds needs to happen in convergence. If an organization approaches physical security threats from a black and white perspective, it’s easy to set unrealistic expectations. Acknowledging where cyber and physical methodologies and practices complement each other rather than competing can accelerate convergence and organizational development.

Another factor is the education level of the consumers of security. Today, people are much more aware of vulnerabilities in general. Employees and the general consumer are more aware of cyber threats in their own homes as the internet and IoT continue to grow. In turn, this is leading to a general increased awareness of personal safety holistically. Threats that seemed so detached before are potentially in our homes and workplaces. This has and will continue to challenge successful security organizations to pivot from being the “no” team to a trusted advisory team, focused on education and safety.

Since COVID, do you think there is higher awareness on how to understand the threat landscape in physical security? Is there still friction?

There will always be some kind of friction. Environments are constantly changing, architecture is changing, people’s design tastes are changing. For example, the open office concept was huge six years ago, and now everyone is second guessing it because of COVID. This is one example of the evolving landscape that challenges physical security. I think that because of COVID, security and safety teams should be seeking to partner closer with facility and design teams so risks can be commonly assessed, addressed, mitigated, or accepted up front. And in case of another black swan event, those teams have the ability to start from a common understanding to address the unplanned threat.

Do you think company executives are now placing a higher value on physical security? Is there a shifting mindset of security vs. safety?

I’ve always viewed security and safety as hand in hand. If you’re enhancing security you should be enhancing safety. They need to function together. However the general perspective on this is really organizationally dependent. I think executives are continuing to value their safety and security professionals and advisors at a higher level, and that’s important in today’s landscape. As security and safety professionals continue to prove their value as an overall risk mitigator, this will only continue to grow.

How is Oportun preparing to return to the workplace?

We have offices in different states, so we are paying close attention to each jurisdiction and municipality in our response, while remaining sensitive to our employees’ abilities and willingness to return. We may officially open offices, but based on spacing and employee comfort level, it might be up to individual employees on when they prefer to return to the office. It’s important to make sure employees are functional and safe to work from the office or home. Not everyone has a home office and six months of working from your kitchen table or in an adverse environment can create unforeseen risks. So we are doing as much as we can to educate and support employees on safe work practices in either environment as return to work opportunities become available.

What does the return to work planning process look like at Oportun?

Like most large corporations, it’s a huge team effort. We are bringing in our executives, legal, HR, safety, business continuity, and incident management teams. When you’re running a retail operation there are a lot more details to keep track of at a granular level, so we are working closely throughout the entire organization to maintain awareness of all the local changes. Being able to approach it from all perspectives with stakeholders is important, and transparent communication has been key. With the constantly changing landscape of legal and personal information, on the security side, a lot of the technology is focused around health screening. Now we could potentially be dealing with health related information and how to protect privacy. It requires a lot of teamwork to make sure organizations have policies in place to properly control and keep that information as limited and private as possible.

What does the convergence of physical and digital security look like?

There has always been a high emphasis on securing digital credentials and multifactor authentication. I think those things are going to become standard moving forward. You may have a corporate machine going through a VPN, but in a post-COVID world you’re still connecting through thousands of employees’ home computers or networks, and from a cybersecurity standpoint that’s creating a larger risk. And the physical side of that turns into credential management, especially if you’re using tokens or badges, and if that’s tying into your physical access system then you either end up with several credential devices per employee, or a multi-use credential that various teams are required to manage. There will be more physical assets to manage in order to basically supplement or make cyber access more robust moving forward.

How is access control going to innovate and change with COVID-19?

A lot of things are already in the works. You have touchless solutions like Swiftlane. Post COVID, people are going to be more aware of how many access points they are allowing into their buildings and users are going to be more aware of how many devices they interact with. With IoT, the limits are endless. New applications are being developed every day. I have met several individuals like Saurabh Bajaj with backgrounds outside of the traditional physical security space, innovating practices that have been “good enough” for a long time. That’s the kind of thing I enjoy seeing because that’s what brings innovation to security technology. Outsiders coming in. People bring different perspectives to change the industry moving forward.

What value do you think Swiftlane offers to the security industry?

Frictionless. The number one thing that people frown at with security is that they think: “I have to stop or do something or carry a credential.” What Swiftlane is offering is a huge step in frictionless entry. That’s the big thing: reducing friction. I view my role as more of a facilitator. I want to help the company meet their goals, but I would like to facilitate it in a secure way. Tools like Swiftlane are definitely promising ways of doing that.