by Heather Livingston
Contributing Editor

Summary: David Baty is chief operating officer and president of International Operations for Applied Risk Management, a security consulting firm that provides services to protect four key assets: people, property, information, and credibility. Founded in 1997, ARM offers full service consulting and engineering for critical infrastructure including physical security and IT infrastructure. With offices in Stoneham, Mass.; Manassas, Va.; and Abu Dhabi, UAE, ARM supports both national and international clients and has completed projects that range from focused efforts addressing a particular technology concern to campus master planning for security. ARM recently completed a study on college campus protection measures entitled Campus Violence Prevention and Response: Best Practices for Massachusetts Higher Education.

Education
I have a liberal arts life. I joined the military at 17, Army Special Forces. I spent 21 years in the military. Although I went to college, the education and experience that I have in this field was through military schooling and practical experience.

Career path
After leaving the Army, I took a training contact with the company that worked with the then Immigration and Naturalization Service. That was my foray into corporate America, so that was also a learning experience for me there. We did the outsource training for all the systems that they were deploying for the modernization effort at INS, which taught me systems because I was working with systems designers from an IT standpoint. We got a contract extension, and I moved into business infrastructure management. That’s where I learned configuration management because I was doing all the coordination of deliverables to the client.

From that position, I moved to a company called iSky. They did outsourced customer care. I took over an account, rapidly moved into the director position, and then moved into the vice president of that company…After that, I started my own company, DB&V Partners. We did security consulting and emergency preparedness. This was post 9/11, and there was a need in the industry. When I was in the military, we had done embassy surveys and physical security surveys of facilities such as nuclear weapons storage sites and other critical facilities to the military. After 9/11, there was obviously concern, I won’t call it panic, but there was great concern on what the next thing was going to be.

The Department of Homeland Security was trying to get their ducks in a row. There were smaller companies that needed services, so our target market was the small to midsize company that wasn’t going to get federal funding. We worked through the emergency management planning for them, not from a terrorist incident, because the likelihood of any one company being the specific target of a terrorist is very, very small even today. However, the principles of emergency preparedness work for weather incidents, too. For instance, the City of Baltimore had a major flooding incident in four square blocks of the city. There were a bunch of people who had their server rooms in the basement. Everybody’s basements got flooded, so we worked on ensuring continuity of operations and that sort of stuff.

From DB&V Partners, I was a supplier to Applied Risk Management. I spent 15 months overseas with them in support of one of their projects in the Middle East and then upon conclusion of that, came back to my current position as their COO and president of international operations.

What do you think is the biggest challenge to security in the built environment?
Security by its nature is prohibitive. If you put up a fence, you impede somebody’s movement. If you put in access control, you’re slowing the flow. Generally, in the United States, we’re an open society and we’re used to being able to go where and when we want, so I think that the balance between security needs and the implementation of those needs is probably the greatest challenge.

The most difficult thing that we do with our clients is the initial phase, which is requirements definition. It’s very easy for somebody to say “I want security,” but to define what that security is, what the appropriate level is, and how you’re going to do that in a way that is unobtrusive but effective is one of the things that makes this an interesting and challenging business. It’s very easy to put up a prison with fences, walls, locks, sirens, and all that. That doesn’t work in mainstream American building—it wouldn’t be accepted. Right now, we’re doing an awful lot of business with institutes of higher education and it’s a delicate balance between campus life and the desire for an open campus and security and safety needs. Careful evaluation of the requirements early in the process helps you design a well-balanced security system that will achieve what you need without going over the top.

What passive security measures should all public buildings employ?
I think the principles of CPTED, Crime Prevention through Environmental Design, are basically passive measures. You have to plan for them. You have to build them, but it’s proven to be very effective. As you lay out your facility structure, you identify the potential area for criminal activity or threats to the safety environment of your people and you modify the traffic flow so that you take away that risk. I think that’s probably the first thing that I would say is to control the flow because, for instance, dark stairwells, dark parking lots, and alleyways that people use as cut-throughs are common situations you can avoid.

I think that most buildings in America could benefit from some level of access control. If you’re in a public access building, which could be a library or a courthouse, there are different levels of security requirements. Normally, courthouses have some level of security; libraries don’t. However the understanding of who is an employee at the library is important, as well as clearly stating how you’re going to control access to the facility. I think that’s a very important first step to understanding the use of the facility—the traffic flow and who comes to the facility—and then as you move up the scale you determine what access those people should have. In public-access facilities, there are normally areas that are not open to the public, but if you don’t build that into the system, you have no way of knowing who’s in there or controlling access.

What were you working on in Abu Dhabi?
I can tell you in general terms, but I can’t tell you any of the specifics. Basically, we were providing security architecture, requirements definition, and trained support to indigenous efforts.

When you say security architecture, do you mean designing for security?
When I use the term security architecture, I’m talking about the employment of systems that are designed for detection, assessment, deterrence, and delay. For instance, if you have radar, you know somebody’s approaching the shore. That would be detection. Assessment would be your cameras or a person going out there doing assessment. Deterrence is your ability to put in barriers, whether it’s a card access on a door or a camera that’s monitoring a hallway with intelligent software so that if someone comes in that hallway the camera gives you an enunciation: some audible or visible notification that something’s in that area.

How is architectural security different in the UAE than the U.S.?
In many ways, I would say that in the UAE it is much more of an international event. While we have our preferred vendors in the U.S., the UAE has a tendency to draw from across the spectrum. I think that in some ways, the architectural security in the UAE is based on the fact that they have the money. They spend the money on the technology to do this sort of things. The government buildings are much more prohibitive than you would find in the U.S., just by the nature of how their government is set up. But I think that they’re working through this. There’s an awful lot of real estate development, big name projects that everybody knows. There’s a lot of focus—and I would say this is true in the U.S. as well—on the architectural design of the building, and then, unfortunately, security is often an afterthought.

I think that the opportunities to have someone looking at security during the design phase is very important because as we talk about the flow and the use of the building, you can build in things that will maintain the architectural integrity of the building. The UAE has incredible vision, as reflected by the structures they’re putting up over there. Architecturally, Abu Dhabi is an amazing city. Dubai is obviously out in front but Abu Dhabi certainly is catching up. You look at the models and where there vision is and it’s just amazing that they can support that level of construction and architectural design.

What do you wish that all architects knew about designing for security?
First, I think that it’s as important an aspect of overall building design as is electrical and plumbing. My experience is that when security is involved early in the process and we start to understand the space plan and usage, we can make recommendations that will help achieve an architectural vision, as opposed to considering security after the architect has designed the building or, more challenging, after the building is in place. When you layer security over the design it can easily detract from the architect’s vision and never seem to work as well as if we were to integrate it completely from the outset.

Certainly, security integrated into the workflow of the design becomes less innocuous and in your. It also saves money.