Wrong thread. Sorry.

From my experience, you would be providing a security survey. You could sub-contract to a trusted vendor to provide the installation services if that is within the scope of proposal. Obviously, document your trustworthiness determination policy in the proposal. But, you can claim that you completed the audit, recommended procedural and technical changes, and then outlined those changes for a vendor to complete. You were (in this situation's future), in deed, contracted to provide that consultancy work, don't sell yourself short on your resume.

Don't stick security systems on the client's WAN. You don't want people like me noticing a bunch of Toshiba, AXIS, or other cameras on the hotel's LAN. I'm the sort of evil bastard who starts up Ethereal in Promiscious mode when connecting to a foreign LAN to see what's going on, and to determine if its safe to engage in secure shell or other encrypted transactions.

The LAN should be dedicated to the premise security equipment. The WAN aspects should be on a different channel, use WPA security (Perferably RADIUS/FreeRADIUS controlled), and have their SSIDs masked. You won't stop people from trying to connect to the WiFi IP Cameras, or the IP cameras with the Wireless Access Point connected to them, but you will slow them down. WEP Security is breakable, as documented, all it takes is a laptop with a Orinoco/Prism based card and a copy of WEPCRACK for Linux. The LAN should also not be connected to the internet. For information on how easy it is to sniff out various cameras, see Johnny Long's book on "Google Hacking," which is the art and science of using the Google Search Engine as the ultimate data and resource sniffer. I used to find IP cameras all the time using Google search strings. I've also found much, much, worse.

You may also want to discuss technical security aspects about having the WAN, including threat of rogue users engaging in illegal or infowar operations using the open WAN, WEP/WPA security measures, packet logging for accountability, and virus mitigation at the firewall and gateway levels.

Wow ...

Thank you for sharing from what is clearly a great depth of experience. You gave me a lot of things to consider that I hadn't previously. Would you happen to have a sample proposal for a security system consult? As I've mentioned, I'm pretty green (very green, actually), and I'd like to present as professional a document as possible.

Unfortunately, my experience in those areas comes not from physical security, but from the IT world. Which means I don't have (and am looking for) a sample proposal myself.

From what I understand, a good proposal is basically a trimmed down business plan. I do know where you can find resources for good proposal writing, though. http://www.score.org, which is the SBA's SCORE program. Find a counselor that is good at writing proposals, and send that counselor an email. As long as your over 13 (heh), a US Citizen, and abide by their terms of service, its free to seek SCORE help.

I cannot stress enough, also, that the SBA is a good resource, in alot of ways.

My SCORE counselor helped me get a handle on the myriad of data I collected for market research, boiling it down to something a banker would actually care about.

DaveD,

There are a ton of security consultants out there. And competition is tough. As I posted before, after 20+ years in the Army, your military experience and 25 cents will not buy you a cup of coffee or put food on your table.

I realize you want to get into consulting right away and I do not wish to discourage you, but I would suggest you gain some 'real life' experience, outside of the government, before jumping right into a security consulting carreer. Start earning a weekly paycheck in a corporate security level job and begin growing a consulting business part time, one engagement at a time.

While you have an excellent work history, things are done much differently in the 'civilian world' than they are in the Air Force. Right now, you deal in black and white (regulations, written policies, and procedures). Out here it's often shades of gray where things are not so clearly defined. It's a challenge to learn to deal with the business world and many businesses hesitate to dump a ton of money into security programs if they do not add to the bottom line.

Good luck in your future endeavors.

As a security consultant, I'll second that. For me, my most valuable clients started out with a simple recommendation that was inexpensive and allowed me to build a rapport with the facility manager. Once we had a good working relationship established, the facility managers would start giving me business w/o me even asking. Sometimes, I couldn't even keep up with it all.

Getting your foot in the door is the key. People generally are NOT proactive when it comes to safety and security. Many of these same people are in charge of facilities that you want to do business with. Offer a very small, inexpensive proposal that will give you a chance to prove that you are worthy of more complex contracts. If the facility manager likes you and your work, it will be easier to get more work from that company.

Regarding the network for the security cameras/devices, I highly recommend a 'home run' to each camera, preferably fiber. A 100baseT ethernet can handle about 50 cameras at 30 FPS before slowing down to a halt! Adding them to an existing network is just more bandwidth than the network can handle! If your wireless network runs near that speed, beware, in addition to the previous posts about intrusions.
Fiber home runs to a dedicated server, prevent intrusions, and you can control access easier that way.
MY 2 Cents, your mileage may vary.

DaveD,

First off-a big Thank You for your service. That is a lot of time spanning all kinds of history.

Second-May I kindly suggest that is you want to get into the security consulting work, that you get your start from a large security firm. Add to your knowledge and also get a sense of the industry and then do what you want.

There are many types of firms that deal with security. A very good friend of mine (a Navy Force Protection guy) is working with an Architectural and Engineering firm as a security assessment and design specialist, for example.

My company, works with all manner of manufacturer's, distributors and integrators who all do their part.

If you need help, shoot me a PM or email and I will be glad to put you in contact with companies that are looking to hire.

Great information

Again, thank you all so much for your valuable input and advice. I definitely feel I have found the right forum to help me prepare for my future in the civilian sector.

From what you're all saying, it sounds as though opportunities are many and varied. I'm really looking forward to broadening my experience.

Mr. Security, your advice sounds right. I'm currently developing two proposals - one basic and inexpensive, the other pretty comprehensive and pricier.

mdb, this may sound a bit strange, but after twenty years of black and white, I'm actually looking forward to those grey areas. That blind, lockstepping adherence to AFI's and DoD standards gets pretty frustrating after awhile.

DaveD,

There is nothing strange about looking forward to gray areas. But, in the corporate security world, either the company is doing it, or they are not. You will find endless cases of just spinning your wheels and management thinking you are some kind of paranoid. It is a constant challenge for security managers to sell security to the business units and at times frustrating when you are an after thougt and only relevant when something happens. In todays litigious society, all it takes is one incident on your property (or worse your watch) and the company will have wished like heck they had followed your advice. I come from a school of thought that an ounce of prevention is worth a pound of cure.

Management comes from the school of hard knocks.