What is the most important thing we have learned in the last 20 years of study and practice of security?

"Been there – done that" is an anachronism.

The industry has gone through radical transformation over the past two decades in technology. In the early 1990s, computers were in use through-out the physical security process. Computers were being used to run the alarm systems and the access control systems. Reports were being entered into the computers through word processing and the like. Just think back using ASIS as the example. The first chapter newsletters being produced by publishing software started in 1988. The first fax-based distribution started around 1992. The email newsletter made its debut in 1996 around the same time as chapter websites. We take all of these communication conveniences for granted now, but think how much the paradigm has shifted.

Speaking of websites – let us discuss the Internet. The Internet has not only spawned the growth of communication and knowledge transfer, but has also facilitated the rapid growth of global criminal victimization of consumers, businesses and organizations. How has this affected the security industry? We now have thousands of computer forensic experts and cyber crime investigators globally. They investigate and reconstruct everything from the exponential growth of crimes against children to global intellectual property theft in the form of file trading/sharing piracy.

Maybe in 1986, one had an outside chance of holding a domain expertize or base of skills that facilitated the ability to act as a security professional "island". Today in 2006, the reality that we face is that there is more information and knowledge than we could ever hope to hold in our human brains. The only way to effectively survive in an environment that constantly changes and evolves is to forge effective networks of like-minded professionals for the purpose of information exchange.

What are the most important trends or innovations that are influencing, have influenced, or will influence the future of the study and practice of security?

The Internet is the great enabler for both protection/detection and crime/victimization. What an innovation! You could make a career out of understanding, analyzing and identifying the criminals utilizing it for all forms of skullduggery. (Admittedly, I already have...). Crime and fraud have been adapted to the Internet like the proverbial fish to water. They are not new crimes; every form of crime that the Internet facilitates, has been around as long as there has been intellectual property protections and currency.

The most important and alarming trend is the scope change. The range and breadth of victimization has grown exponentially. A Nigerian 419 scam can victimize (and have victimized) persons on every continent – all from origination in a cyber café in Laos. Crimes against children have grown as access to pedophilic content has fostered and facilitated the availability of criminal behaviors. Access to broadband Internet and readily available entertainment content (movies, music and software games) have generated an entire generation of copyright violators that border on criminal activities in their ever unquenchable desire for "pre-release content" (content that has not been made commercially available).

Developing the measures and counter measures to these growing trends will be a major challenge as we move forward. The challenge still to be met involves the creation, evolution and design of educational programs to mentor, challenge and encourage individuals to take up the career path to face these new crime paradigms both from the public and private sector.

If you were setting the research agenda for the next 10 years, what would be your priority and why?

To study the appropriate application of education curricula against the emerging threats. As we sit today, we are woefully lacking the appropriately trained persons to deal with the crime and fraud issues that have evolved over the last 10 years. At the pace that technology marches forward, we have to be training and educating for tomorrow's threats today.