Construction Leaders Podcast: Converged Security – Protecting People, Projects, and Data
Presented by the Construction Management Association of America (CMAA)
Release Date: May 1, 2025
Host: Carly Trout
Guest: Jim McConnell, Principal at Ask McConnell
Introduction to Converged Security
In the latest episode of the Construction Leaders Podcast, Carly Trout, alongside Evan Hendershot, CMAA's Director of Content, delves into the critical topic of converged security within the construction industry. Unlike the commonly emphasized safety measures, security encompasses a broader spectrum, integrating physical security, cybersecurity, fraud prevention, and more to safeguard people, projects, and data.
Guest Profile: Jim McConnell
Jim McConnell brings over three decades of experience in corporate security, having recently served as a fellow in a Fortune 25 corporate security organization. As the principal at Ask McConnell, he specializes in addressing security challenges from a converged security perspective, particularly within the construction sector. Jim is also a volunteer first responder, an adjunct professor at Texas A&M, holds 15 US patents, and is an author of books on converged security and safety metrics.
Understanding Converged Security
Jim McConnell opens the discussion by differentiating between safety and security:
"Safety is the prevention, detection, and response to accidents... Security is the prevention, detection, and response to a crime or a violation of organizational rules."
(04:39)
Converged security adopts a holistic approach, ensuring that all facets of an organization are protected. This includes not just traditional physical security measures like cameras but also cybersecurity protocols, protection of confidential project data, and securing the supply chain against fraud and compliance breaches.
Assigning Responsibility for Security
A pivotal question raised is: Who is responsible for converged security within an organization? Jim emphasizes the importance of clearly defining roles:
"Either ask the CEO who their security person is and whoever they name is probably the first person that's responsible... sometimes the biggest challenge is some people are doing security, but it's so decentralized or disorganized that we don't know who the owner is."
(06:33)
He suggests starting with identifiable security functions such as locks and keys management, IDs and passwords, and accounts payable to determine who within the organization holds responsibility for each area.
Security Functions Often Overlooked in Construction
Jim identifies key security functions that the construction industry might not fully consider:
-
Cybersecurity Resilience:
"What happens if all the laptops and tablets and computers related to that project are no longer available?... How fast could you recover?"
(09:50) -
Supply Chain Fraud Prevention:
Ensuring subcontractors and suppliers adhere to security and compliance standards to prevent fraudulent activities within the supply chain. -
Financial Fraud Detection:
Addressing risks such as invoice fraud, where payments might be rerouted illegitimately.
These areas highlight vulnerabilities that, if unaddressed, can lead to significant disruptions and financial losses.
Risks of Inadequate Security Measures
Jim elaborates on the potential consequences of neglecting converged security:
-
Cyber Incidents:
Disruptions in critical computing resources can derail project timelines, especially during critical phases like bidding. -
Supply Chain Compliance Failures:
Violations by subcontractors can lead to contractual penalties and damage relationships with clients. -
Financial Fraud:
Fraudulent activities can result in substantial financial losses and tarnish the organization's reputation, especially when dealing with government contracts.
"If you don't have a backup all the things that would be related to it and security there. That's scary."
(11:55)
Role of Construction Managers in Security
Carly Trout inquires about the specific responsibilities of Construction Managers (CMs) concerning security. Jim advocates for empowering CMs with practical tools and knowledge:
"Can I give them a number that they can call?... some of that checklist may not just be physical security things, there may be some cyber elements."
(14:33)
He recommends integrating security checklists into existing management plans and conducting regular security briefings akin to safety briefings. This proactive approach ensures that CMs remain vigilant and responsive to potential security threats on-site.
Future of Converged Security in Construction
The integration of physical and cybersecurity requires a nuanced skill set from on-site construction staff. Jim discusses the necessity for increased awareness and training:
"There's more training than just the checklists need to happen... If you see something, say something. It works here in the security at a construction site."
(18:32)
He highlights the growing intersection of technology and construction operations, such as the use of GPS and telematics in fleet management, which necessitates a heightened awareness of potential cyber threats alongside traditional security measures.
Resources for Implementing Converged Security
For organizations looking to assess and enhance their security posture, Jim recommends utilizing self-assessment tools available on his website:
"I have a checklist area there. There's a self-assessment that's not specific to construction... it really steps through a number of key security functions."
(20:45)
He advises involving multiple stakeholders in the assessment process to gain a comprehensive understanding of the organization's security strengths and gaps.
Key Takeaways
- Converged Security is essential for protecting all aspects of construction operations, blending physical security with cybersecurity and fraud prevention.
- Clear Responsibility: Organizations must designate specific individuals or teams to oversee various security functions to avoid decentralization and confusion.
- Proactive Measures: Implementing security checklists, conducting regular briefings, and integrating security into management plans empower Construction Managers to maintain vigilant oversight.
- Continuous Learning: Staying informed about emerging security threats and equipping staff with the necessary training ensures resilience against potential disruptions.
Notable Quotes
"Safety is the prevention, detection and response to accidents... Security is the prevention, detection and response to a crime or a violation of organizational rules."
— Jim McConnell (04:39)
"Either ask the CEO who their security person is and whoever they name is probably the first person that's responsible..."
— Jim McConnell (06:33)
"If you see something, say something. It works here in the security at a construction site."
— Jim McConnell (18:32)
Conclusion
Jim McConnell's insights underscore the indispensable role of converged security in the construction industry. By adopting a unified approach to security, organizations can better protect their people, projects, and data, ensuring sustained success in an increasingly complex landscape.
For more information and resources, visit askmcconnell.com.