Every week I receive numerous approaches from people that want to work as security consultants, so I thought it was time I gave a few pointers on what's required to work in this very specialised industry.
First off, what is a security consultant?
If you look up the Australian ASIAL website and search for a security consultant, then you will quickly come to the realisation that almost every company that provides any kind of security in Australia is listed as offering Security Consultant services, from locksmiths, to security guards to CCTV sales companies. Unfortunately, ASIAL does not have a category of Independent Security Consultant which is a completely different thing altogether. I'll be discussing what an Independent Security Consultant is from now.
Just as an architect designs buildings but doesn't lay bricks to build them, an independent security consultant doesn't supply (or benefit or take commissions from) security services such as guards, equipment sales or installation services. In this way, their advice has no pecuniary interests and can be trusted.
On applicants for security consulting employment:
One of the biggest mistakes I see that security consultant applicants make is to send me an email that has been addressed to undisclosed recipients. I delete these mass emails without reading them as the applicant hasn't gone to the trouble of finding the name of the person that will be the recipient of the email. I also usually treat these emails as a cyber security threat as I never open attachments (their attached CV) from people I don't know. Most of these email approaches are from people who display no qualifications or experience in the area of security consulting.
Qualifications and experience
Qualifications and experience are two essential items that a potential security consultant must possess. It doesn't matter in what order these were obtained. Of course, there are other essential items and I'll discuss them later.
If you are going to consult in technical security matters such as CCTV, access control and alarms, then your qualifications should reflect expertise in these areas. The same applies to other areas of consultancy such as security risk management, security strategy development, cyber security, physical architectural security and so on. If you apply for work with a consultancy that provides technical advice and you have no technical qualifications in the areas where they offer consultancy services, then don't be surprised if you don't get a response to your application.
Your experience will also need to be reflected in the areas you want to consult in. For example, nobody is going to a security consultant to design a CCTV system for a prison if they haven't done it before.
So, what are the qualifications that are needed?
For security risk assessments, security strategies and guarding, a Certificate IV in Security and Risk Management is the baseline entry point and the minimum requirement to get a security consultant's licence in most states. A Diploma in Security and Risk Management is also common as is the Degree offered by Edith Cowan University. The quality of these qualifications will very much depend on what additional research and activities the student has carried out.
For physical security measures the ASIO SCEC Endorsed Security Zone Consultants course is an acceptable qualification. Other qualifications in areas such as building construction and architecture may also be appropriate depending on the project.
For technical security consulting, a degree in electrical, communications or IT engineering is generally accepted. Extensive industry experience may be seen as being equivalent to this.
What about experience?
The qualifications are straight forward to obtain, not necessarily easy, but they can be obtained. The experience is always going to be the difficult part. The level of experience that you have will determine at what level that you enter security consulting.
There are several pathways to obtain the practical experience necessary. Some may involve installing electronic security systems, working in the military, working in the police or working for a security consulting firm under the guidance of a mentor. Experience in military and police are very specialised and may not suit the general requirements of Australian security consultancy firms.
Security consulting firms may take you on as a graduate if you have the requisite qualifications and provide you with the necessary experience.
What is needed to be a general independent security consultant working for yourself?
You will need qualifications, knowledge of and deep experience in (among other things):
- Electronic security technology (CCTV, security alarm systems, electronic access control systems, intercoms, electronic key safes, biometrics etc.).
- Physical security (strength of walls, doors, locks, keying systems, vehicle barriers, fences etc.).
- Security risk assessment methodologies.
- Standards and guidelines (PSPF, Australian and International Standards, IWA, PAS, FEMA, NCC etc.).
- Security strategies, policy and procedure development.
- Architectural and CPTED security.
- An individual security licence in each state that you want to operate in.
- Security staffing models.
The market in Australia is very small, so in order to survive you need to provide all of these services.
If you decide to go it alone you will need:
- A large number of potential clients where you know them personally.
- Identified projects that you can bid on. Only knowing of potential projects will send you broke at this stage.
- Enough cash to survive at least 6 months with no income after you have paid all your setup costs. When you identify a project that a client has it may take 1-2 months before they ask you to provide a quotation - usually longer. It will then often take another month for them to decide if you are to be awarded the work. Then another month before you give the client your first invoice, then another month before they pay it (if you are lucky allow two months as they will need to set you up as a new vendor).
- A master security licence in each state that you want to operate in.
- Templates for security technology specifications, risk assessments etc. These take a long time to develop.
- A knowledge of how much to charge your clients. A suitable resource to determine this is to look up contracts that have been awarded on government procurement websites.
- You will need a strategy to present to potential clients when they realise that your company has no project experience. You will therefore need to sell your own, rather than the company's experience.
- Public Liability, Professional indemnity and WorkCover insurances. Yes, you need WorkCover even if you are the sole employee.