It’s no secret that security is (or should be) top of mind in every industry, no matter the size of the organization. With AV on the network, audiovisual systems integration firms and their employees are under increased pressure to demonstrate that the technology they install won’t expose their clients to risk. Coupled with this is the fact that, more and more, the AV integrator’s client is an IT professional, who is typically well versed in all things security. While some AV firms may choose to develop the necessary security skills from within the confines of the industry, or even their own organization, to address all of this, others are looking beyond AV to acquire this knowledge.
The main challenge with recruiting IT security professionals is the same one that is often associated with hiring talented techs: there are fewer of them than can satisfy marketplace demand. This requires AV firms to get creative in where they seek out talent. Chuck Espinoza, senior staff instructor at AVIXA, noted that active duty military is a good place to start. “There are active duty military, not just all over the country, but all over the world, that deal with this stuff on a daily basis,” he said. When these individuals begin the process of transitioning back into civilian life, they are often unaware of the opportunities available to them, and he encourages AV integrators to connect with the Department of Defense’s Transition Assistance Program (TAP) to inquire about presenting at one of the classes designed to inform retiring military about how—and where—to find work. “When these people get out [of the service], they already have a lot of the certifications; some of them are CompTIA certified, some of them are CISM certified.”
While IT security is not necessarily an AV integrator’s core business, Espinoza urges hiring managers at these firms to familiarize themselves with some of the basic security-related jargon so they can conduct effective recruiting interviews. He urges recruiters to learn about the main information security certifications: CISSP (Certified Information Systems Security Professional); CISM (Certified Information Security Manager); CompTIA Security+; GIAC GSEC; and the Certified Ethical Hacker (CEH) Certification. “Just like if you’re a hiring manager and you’re not a CTS-I or CTS-D, but you know what [these certifications] are about,” he said. “You don’t have to have one, you just have to know what they are and if that’s going to fit within your organization.”
Certifications can be a good measurement of a candidate’s security knowledge; however, they only go so far in demonstrating how suitable a hire that person would be for an AV firm. “Because the certifications that are available now are great, but as we know, there will be new things tomorrow,” said Kevin Kelly, president and COO at Stampede Presentation Products. “You want to have someone on the team that has a yearning and a thirst for additional knowledge, and a natural curiosity—they are excited and enthusiastic about learning something new.” The AV industry is based on the constant introduction of new technologies, he said, “and you want somebody that welcomes it, they embrace it, they’re excited by it.”
Espinoza also advised AV firms to seek out individuals who have experience with more than one security platform. “I would want somebody who is agile in their strategy on network security—who doesn’t just think about one type of attack, or one type of breach,” he said. It’s also important that the candidate can protect the network not just inside the facility, but at the ISP or server level. “I would want someone who can speak about what happens once you get on my firewall. I could make it so no one can get in, and pick and choose little ports to open, but once that information is outside on its lonesome, how are we going to protect it?”
While the main goal is to recruit someone with IT security skills, anyone seeking a job with an audiovisual firm should know a little bit about AV. “They should understand the kinds of network issues that we specifically deal with in AV, such as what is VLAN, and what is QoS, and tagging, and [what are the] bandwidth issues,” said David Danto, director of emerging technology at IMCCA, an industry association focused on unified communications and collaboration. Candidates should also be knowledgeable on how to detect malware, and they should be able to discuss what program scripts they are familiar with. “I wouldn’t expect them to know our stuff, I would want them to understand the difference between Dante and AVB, and if they didn’t, it would be the AV integrator’s responsibility to send them out and teach them.”
This is important, Espinoza underlined, because it will determine how well the IT security facet of an AV firm works with AV designers and integrators. “I would like them to know about the CTS, about AV standards, about processes that involve AV,” he said, noting that oftentimes networking professionals want to lock down systems to the point where they become difficult to navigate. “We have to meet in the middle. I want somebody in that cybersecurity realm to be able to work with me and realize: this has to be easy and accessible to as many people as possible. I realize it has to be secure, but I want them to realize it has to be functional and user-friendly. So having that fundamental understanding of the idea of AV and the idea of network security—how can we meet in the middle and not just lock it down? We have to really work together to find that balance. Them knowing AV and us knowing cybersecurity is going to help out a lot in making our systems not just user-friendly, but secure.”
Carolyn Heinze is a freelance writer/editor.
Where the Physical Meets the Virtual
Nadim Sawaya is principal at Enterprise Performance Consulting, a business consulting firm based in Pittsburg, CA, that works with traditional security and systems integrators. He noted that traditional security firms—those specialized in integrating access control and CCTV systems—are increasingly on the lookout for people with IT security skills. “Physical security firms are hiring MSPs—they’re basically outsourcing—because of the specialized training certifications that they don’t have. They use MSPs to fulfill that need,” he said. Some firms are hiring certified security professionals outright, or they’re putting existing employees through certification programs, such as Comptia’s Security+. “IT has the most power in any project—they control the bandwidth, they control the communication. And if you, as an AV integrator or physical security integrator, don’t really understand the language of how to work with IT, you have problems. [These companies] need to look at the IT world and start getting into the specific certifications that they have.”