So, you want to be a security consultant in Australia!

Every week I receive numerous approaches from people that want to work as security consultants, so I thought it was time I gave a few pointers on what’s required to work in this very specialised industry.

First off, what is a security consultant?

If you look up the Australian ASIAL website and search for a security consultant, then you will quickly come to the realisation that almost every company that provides any kind of security in Australia is listed as offering “Security Consultant” services, from locksmiths, to security guards to CCTV sales companies. Unfortunately, ASIAL does not have a category of “Independent Security Consultant” which is a completely different thing altogether. I’ll be discussing what an Independent Security Consultant is from now.

Just as an architect designs buildings but doesn’t lay bricks to build them, an independent security consultant doesn’t supply (or benefit or take commissions from) security services such as guards, equipment sales or installation services. In this way, their advice has no pecuniary interests and can be trusted.

On applicants for security consulting employment:

One of the biggest mistakes I see that security consultant applicants make is to send me an email that has been addressed to “undisclosed recipients”. I delete these mass emails without reading them as the applicant hasn’t gone to the trouble of finding the name of the person that will be the recipient of the email. I also usually treat these emails as a cyber security threat as I never open attachments (their attached CV) from people I don’t know. Most of these email approaches are from people who display no qualifications or experience in the area of security consulting.

Qualifications and experience

Qualifications and experience are two essential items that a potential security consultant must possess. It doesn’t matter in what order these were obtained. Of course, there are other essential items and I’ll discuss them later.

If you are going to consult in technical security matters such as CCTV, access control and alarms, then your qualifications should reflect expertise in these areas. The same applies to other areas of consultancy such as security risk management, security strategy development, cyber security, physical architectural security and so on. If you apply for work with a consultancy that provides technical advice and you have no technical qualifications in the areas where they offer consultancy services, then don’t be surprised if you don’t get a response to your application.

Your experience will also need to be reflected in the areas you want to consult in. For example, nobody is going to a security consultant to design a CCTV system for a prison if they haven’t done it before.

So, what are the qualifications that are needed?

For security risk assessments, security strategies and guarding, a Certificate IV in Security and Risk Management is the baseline entry point and the minimum requirement to get a security consultant’s licence in most states.  A Diploma in Security and Risk Management is also common as is the Degree offered by Edith Cowan University. The quality of these qualifications will very much depend on what additional research and activities the student has carried out.

For physical security measures the ASIO SCEC Endorsed Security Zone Consultants’ course is an acceptable qualification. Other qualifications in areas such as building construction and architecture may also be appropriate depending on the project.

For technical security consulting, a degree in electrical, communications or IT engineering is generally accepted. Extensive industry experience may be seen as being equivalent to this.

What about experience?

The qualifications are straight forward to obtain, not necessarily easy, but they can be obtained. The experience is always going to be the difficult part. The level of experience that you have will determine at what level that you enter security consulting.

There are several pathways to obtain the practical experience necessary.  Some may involve installing electronic security systems, working in the military, working in the police or working for a security consulting firm under the guidance of a mentor. Experience in military and police are very specialised and may not suit the general requirements of Australian security consultancy firms.

Security consulting firms may take you on as a graduate if you have the requisite qualifications and provide you with the necessary experience.

What is needed to be a general independent security consultant working for yourself?

You will need qualifications, knowledge of and deep experience in (among other things):

  • Electronic security technology (CCTV, security alarm systems, electronic access control systems, intercoms, electronic key safes, biometrics etc.).
  • Physical security (strength of walls, doors, locks, keying systems, vehicle barriers, fences etc.).
  • Security risk assessment methodologies.
  • Standards and guidelines (PSPF, Australian and International Standards, IWA, PAS, FEMA, NCC etc.).
  • Security strategies, policy and procedure development.
  • Architectural and CPTED security.
  • An individual security licence in each state that you want to operate in.
  • Security staffing models.

The market in Australia is very small, so in order to survive you need to provide all of these services.

If you decide to go it alone you will need:

  • A large number of potential clients where you know them personally.
  • Identified projects that you can bid on. Only knowing of potential projects will send you broke at this stage.
  • Enough cash to survive at least 6 months with no income after you have paid all your setup costs. When you identify a project that a client has it may take 1-2 months before they ask you to provide a quotation – usually longer. It will then often take another month for them to decide if you are to be awarded the work. Then another month before you give the client your first invoice, then another month before they pay it (if you are lucky – allow two months as they will need to set you up as a new vendor).
  • A master security licence in each state that you want to operate in.
  • Templates for security technology specifications, risk assessments etc. These take a long time to develop.
  • A knowledge of how much to charge your clients. A suitable resource to determine this is to look up contracts that have been awarded on government procurement websites.
  • You will need a strategy to present to potential clients when they realise that your company has no project experience. You will therefore need to sell your own, rather than the company’s experience.
  • Public Liability, Professional indemnity and WorkCover insurances. Yes, you need WorkCover even if you are the sole employee.

Good luck and best wishes!

Are you up to date on unfair contracts legislation for small business?

New Australian Consumer Law came into effect from 12 November 2016 that makes unfair contract terms forced upon small businesses by larger organisations void. What it means is that if a small business is handed a standard form contract from a large organisation with clauses that are unfair to them and they are given no opportunity to negotiate them, then these clauses may be unenforceable. This legislation is aimed at providing small businesses protection against standard “take it or leave it” contracts when the size and negotiating power of the two companies is out of balance.

The criteria as detailed by the ACCC for the types of contracts that the legislation is applicable to are:

  1. The contract must be meet the following conditions to be considered:
  • it is for the supply of goods or services or the sale or grant of an interest in land
  • at least one of the parties is a small business (employs less than 20 people, including casual employees employed on a regular and systematic basis)
  • the upfront price payable under the contract is no more than $300 000 or $1 million if the contract is for more than 12 months.
  1. The contract is entered into or varied on or after 12 November 2016.
  2. The contract is offered to the small business as a “take it or leave it” contract with no negotiation of contract terms.

Unfair clauses may include:

  • terms that enable one party (but not another) to avoid or limit their obligations under the contract.
  • terms that enable one party (but not another) to terminate the contract.
  • terms that penalise one party (but not another) for breaching or terminating the contract.
  • terms that enable one party (but not another) to vary the terms of the contract.

If a contract meets the above criteria, then any unfair clauses within it, as determined by a court or tribunal, will be void.

Unfortunately, many “take it or leave it” contracts with unfair clauses are still being commonly offered.

For further information:

https://www.accc.gov.au/system/files/Unfair%20contract%20terms%20-%20A%20guide%20for%20businesses%20and%20legal%20practitioners.pdf

Are your security systems ready for power blackouts this summer?

There have been many warnings about the possibility of power blackouts in Australia this coming summer so now is a good time to check that your security systems won’t fail if blackouts occur.

These are a few things to consider:

  1. When is the last time that the batteries were changed in field control equipment? If the security systems are being maintained in accordance with Australian Standard AS/NZS 2201.1:2007 Intruder alarm systems, then each battery will be legibly and durably marked with the month and year of installation.
  2. When is the last time that access control and security alarm systems were tested on battery power alone for an extended period? If the batteries are to maintain power to their associated equipment for eight hours, then the test should be for this period. When batteries fail, access control doors unlock.
  3. When is the last time the UPS was tested? The only true test is to shut off power to the building in a controlled manner and see that everything still operates. Switching off the input power to the UPS alone will not identify if any equipment has been incorrectly connected to non-UPS power.
  4. When is the last time that generator power was tested and refueled? Generators often fail when they have insufficient fuel.
  5. If a power outage extends for a longer period than batteries, UPS and /or generators have been designed for, what are the contingency plans for events such as electrically locked doors unlocking, camera surveillance turning off, alarm systems failing etc.? How are the assets and information within the facility to be protected? Providing security guards may be a response, but if an extended power blackout is widespread, then the demand for guards may be higher than the available supply.