Writing the Future History of Security Research

It’s tempting to file the term “security research” with the likes of “jumbo shrimp” and “somewhat unique” under the heading of oxymorons. Compared to such business disciplines as law, economics, marketing, engineering, data science — and, now, even cybersecurity — business and corporate security lag behind.

While large management firms dabble in corporate security research at a high level, most attention is elsewhere. Government agencies, national laboratories, university centers of excellence, and NGOs produce literature on national and international security issues such as terrorism and espionage. Forecasting firms study and project sales data. Security manufacturers and service providers frequently survey their audiences on specific issues. But business security lacks a rich research tradition such as prestigious law review articles, well-funded medical institutions and journals, or robustly endowed university psychology departments and student labor that drive practice in those fields.

We need more leaders in corporate security research.

That’s not to disparage the excellent work of the stalwarts. A few institutions and publications have held the mantle of security research: Security Journal, Perpetuity Research Group, the ASIS Foundation, Edith Cowan University, the Loss Prevention Research Council, and a handful of others.

Names of specific researchers continually resurface: Karim Vellani, Roger Johnston, Alison Wakefield, Joshua Bamfield, James Calder, Read Hayes, and Mahesh Nalla, are among the most notable.

But the godfather of security research is undoubtedly Dr. Martin Gill, who operates Perpetuity Group, manages Security Journal, chairs the Research Committee of the ASIS Foundation, and edits the renowned Handbook of Security, a new version of which is expected this year.

Gill says that plenty of colleges and universities offer programs in security studies, homeland security, criminology, and related fields. But are we developing tomorrow’s researchers? And is today’s research keeping up with the lightning speed of change in the profession? I put those questions to him.

He points to the sheer number of contributors to the handbook as evidence of the breadth and health of security research. When asked if we are on the right path and are developing new leaders, he replies simply, “With research there’s always more that can be done.”

And more is getting done.

The ASIS Foundation has been driving the narrative in recent years. In 2018, it identified seven change drivers that are transforming the profession, such as predictive analytics and the rise of artificial intelligence. It has followed up by announcing a digital transformation series of research reports. The first, covering blockchain, came out in 2020, and studies of artificial intelligence and social media monitoring should appear later this year, among others. Wisely, it has farmed out these projects to a range of researchers to broaden and enrich the field.

The ASIS Foundation is not alone. The International Foundation for Protection Officers and Perpetuity Group have joined forces to explore the roles, responsibilities and training of security officers. These critical personnel have long been neglected in the research. In the increasingly important insider-threat space, the trilogy of the U.S. DoD Counter-Insider Threat Program, the National Insider Threat Task Force, and the Threat Lab have announced a new peer-reviewed journal on that topic.

In addition, this very magazine aims to benchmark enterprise security programs, collecting data on budgets, roles, responsibilities and critical issues of security organizations across all sectors for Security’s annual The Security Benchmark Report.

This progress is auspicious. After all, security research isn’t moronic. It shouldn’t be oxymoronic, either.