Security Industry Association (SIA) member Glasser Security Group LLC is a boutique security consulting firm with vast experience in physical, electronic and information security. The company – led by security industry veterans Alan Glasser and son Michael Glasser – deliver custom solutions tailored to customers’ industries, cultures and challenges. Glasser Security Group is based in Brooklyn, New York, and provides services throughout the United States and internationally, having successfully completed services on five continents to date.
SIA spoke with Michael Glasser about the company, the security industry and working with SIA.
SIA: Tell us the story of your company.
Michael Glasser: Glasser Security Group (GSG) is a company 50 years in the making but has only recently taken the next step of formalization. My father, Alan Glasser, has been in the alarm and security industry since 1966 and was recently inducted into Security Sales & Integration’s Security Industry Hall of Fame. In his acceptance, he said “I would like to thank the three burglars who made three burglary attempts on my home in 1965 while I was a senior at Lafayette High School in Brooklyn – the third time while I was home doing my homework!” That was the start of it. From there, his career grew, and he brought me along with it.
I started in the industry while a child and recently celebrated my 20th year in the industry. I spent several years focusing on locks, alarms and security systems but in 2005 went to work for an international security and risk consulting firm, which allowed me to expand from systems to a more holistic view of security. Along the way, I not only actively focused on the typical defensive strategy but also developed a deep focus on offensive techniques. Speaking at offensive security conferences such as BlackHat on the topics of physical security and security system hacking, I found myself in a niche of expertise in both offensive and defensive techniques.
Throughout the years, we have provided training to those wishing to increase their knowledge in the security industry. Each year, we receive requests and referrals from students and others to provide consulting services. In 2018, Glasser Security Group developed a web presence and began to establish a formal brand. The same services and expertise that have been offered for years are still offered, but now with the backing of a formally established consulting firm. GSG is primarily staffed by Alan and me but also teams with other specialists for projects as required. All partners are fully vetted and managed by GSG.
What solutions/services does your business offer in the security industry? And what makes your offerings/company unique?
MG: GSG offers three primary service categories:
- Physical security penetration testing (red teaming or pen testing): We “sneak in” to end user locations to demonstrate security vulnerabilities. Most people are familiar with the expression “a picture is worth a thousand words.” At GSG, we believe a pen test is worth a thousand words. Present a chief financial officer (CFO) with a 200-page threat vulnerability and risk assessment filled with detailed facts and findings, and what will they do? They’ll read the executive summary and ask the security director which of these “theoretical risks” are real before denying the funding for the recommended improvements. Now try the pen test approach: show the CFO the results of a pen test – not a report, but real results! A key logger installed on their computer; The contents of their shred bin, which has now been removed and handed back to them; An introduction to what appears to be an employee but has been a pen tester sitting with all the other employees for a week; Video recorded on a covert camera that has been installed in the board room; The impact is apparent and dramatic: they quickly understand what a 200-page report could never provide. The physical security industry needs to embrace this approach and stop being fearful of it.
- Security consulting and design: While GSG is proud to provide exceptional quality and detail in security consulting and design services, this is not a unique set of services. Included in this category are site assessments, risk assessments, facility security design, master planning and other services, which are offered to end users, property owners, chief security officers, directors of security and similar. At times, GSG will partner with architects or participate in architectural design teams where security is extremely valued.
- Expert witness: When legal and insurance issues require an independent subject matter expert, GSG is available to step in. The GSG service of expert witness is designed to provide a source of expertise to explain the truth, regardless of who the client is (defendant/plaintiff/insurance company/victim). GSG does not offer legal advice (there are plenty of lawyers in this world to do that); we focus on the relevant facts surrounding the security-related issues of the case. At times, this may concern an electronic security system that wasn’t installed properly and didn’t work, an operational issue where security officers did not follow standard operating procedures or any number of other types of matters. The expert witness will testify in layman’s terms regarding his/her special knowledge or proficiency in the particular field that is relevant to the subject and thus add value to the case.
What’s something we might not know about your company – or something new you’re doing in security?
MG: Most security consulting firms are focused on theoretical defense exclusively. It is rare to find a consulting firm or engineering firm that has experience with any offensive work. They’ve seen the YouTube videos demonstrating card cloning and lock picking but haven’t tried it. Our team offers both offensive and defensive services, allowing our consultants to be a client’s best partner. Other firms that offer these services rarely bring the subject matter expertise needed to provide proper guidance to clients. In our opinion, other firms may be more interested in simply getting the “win” and not interested in offering the client value to help improve their real world security posture.
SIA: What is your company’s vision, and what are your goals for the security industry?
MG: Our vision is threefold:
- Never offer “me too” services. Always provide best-in-breed services to improve clients’ overall security postures.
- Never offer “good enough” services. We will only accept clients who are serious about security and not simply trying to check a box on a report. There are plenty of other consulting firms and engineers who are happy to provide any service that a client desires. GSG is extremely selective in the services provided and the clients to whom that these services are provided. If a client would be happy with a lower level of service, there is nothing wrong with that. GSG will happily refer those clients to other firms that fit well with that model. Often, these other firms offer many services or are part of a MEP firm. GSG specializes in what we offer and only provides exceptional concierge level of service.
- Expose the industry to security vulnerabilities and our type of services, encouraging other service providers to increase their quality of service and improve the industry overall.
SIA: What are the biggest challenges facing your company and/or others in the security industry?
MG: The majority of the physical and electronic security industry is focused exclusively on defensive strategy. Bringing up the idea of offensive testing and training has resulted in a significant amount of resistance. Conversely, the cybersecurity industry actively embraces the offensive security model. Penetration tests, red teams, and hackers are part of almost all significant security projects. Certain governmental physical and electronic security groups fully incorporate this modality, but it is very rare to find it in the private sector. GSG is attempting to bring this approach to the common commercial/corporate security environment and actively attempting to work with industry associations to provide education on this topic and hopefully standards in the future. Our physical security penetration testing (pen testing) division is attempting to simplify this to help others accept it. “We Sneak In” is the GSG physical security penetration testing sub-brand. Our slogan of “Stop guessing. Start testing.” is a real attempt to help those in the industry to recognize that pen testing their security program will only help to make it better. The fear of failure that many security directors have is an unhealthy and ineffective trait. Embracing testing and the associated failures that come with it is the best way for them to improve their programs and demonstrate their value.
SIA: What do you enjoy most about being at your company – and in the security industry?
MG: Helping to enable business success through exceptional security strategy. Security’s role in every company is often misunderstood and is, therefore, often improperly implemented into the environmental and architectural design. A proper security program should be designed in full alignment with business goals, to enable efficient execution of those goals, while aligning with the company’s culture. When done properly, this will often result in security enabling business growth. Watching a business thrive while its assets and employees are safely enabled to be successful is most rewarding to our team.
SIA: What does SIA offer that is most important to you/your company? And what do you most hope to get out of your membership?
MG: SIA’s ability to drive technical standards and allow interaction with other security industry firms is incredibly appealing to GSG. SIA has helped to drive technology interoperability and increased security. GSG believes strongly in giving back to the industry and in helping the industry progress. SIA seems to be a great forum to help drive progress and innovation. In recent years, SIA has demonstrated partnership with not only the traditional members, but also influential end users. That transition to involvement of customers and not only service providers has made SIA even more attractive for GSG. We are hoping to grow via word of mouth from security manufacturers and integrators that want to recommend GSG’s services to their end user customers. The service providers will gain trust from their clients by providing a solid recommendation and the clients will improve their security program, resulting in a win for all involved.
SIA: How does your organization engage with SIA? What are your plans for involvement in the next year?
MG: I am involved with SIA’s Certified Security Project Manager (CSPM) Education Committee and Open Supervised Device Protocol (OSDP) Working Group and an ISC New Product Showcase judge. Alan is the executive director of the Metropolitan Burglar and Fire Alarm Association, a regional alarm association in the New York City metropolitan area, and is an adjunct professor at New York City College of Technology (CUNY).