Kevin Whalen

President, Diversified Management Systems, Lincolnton, GA, USA

Kevin Whalen entered the United States Army following the events of September 11, 2001 and volunteered to try out for US Army Special Forces – the Green Berets.

After completing the grueling Special Forces Qualification Course, Kevin was assigned to the 5th Special Forces Group at Ft Campbell, KY. In the 10 years he was with 5th Group, Kevin completed seven combat deployments across the Middle East where he trained and led local forces in a variety of counter-terror and counter narcotics operations. Kevin also worked with civilian agencies and allied governments to conduct joint combat and intelligence operations.Kevin left the Army in 2014.

He has since served as a civilian instructor providing advanced skills instruction to the full spectrum of United States Special Operations Forces. When not working for the government, Kevin has provided training to civilians on situational awareness, personal self-defense, emergency preparedness and survival.

He has also been a guest speaker at local colleges talking about morality and ethics in combat. Kevin joined the Pinkerton’s Agency in 2018 where he has performed assignments related to corporate risk management and threat mitigation.

He has prepared and delivered numerous training seminars on workplace violence, active shooter response and situational awareness – including a specialized training program for television news crews preparing to operate in dangerous environments. Kevin formed Whalen Strategic Services, LLC in 2018 in order to provide an array of leadership and security related consulting services. This includes a partnership with Diversified Management Systems to provide ISO related services.

He is a certified lead auditor for ISO standards 9001 and 27001. As a consultant, he has helped multiple companies achieve certification in both standards.Kevin lives in Lincolnton, GA with his wife and two rambunctious dogs.

More Than Just IT - ISO 27001 and Non-Technical Threats

The ISO 27001 standard is focused on information security. Because of our highly digitized world, there is a tendency to think that security in this area is solely in the hands of the IT department.

But information exists on more than just digital media. It exists on the printed documents that we still use. It exists in the layout of offices and assembly lines. It exists in the physical prototypes and the labs that we test them. Most importantly, it exists in the minds and habits of our people. It is what gets passed from old employees to new ones. It is what gets talked about in breakrooms. It gets discussed with clients and suppliers. It gets gossiped over in bars. It is also what walks out the door when someone leaves our organizations. Security policy is the responsibility of senior management. Information technology is an important tool in implementing that policy, but it is just a tool and one that may not be suitable for every threat that an organization may face.

We’ll begin by discussing how to determine what information needs to be protected within the context of the organization and how that information can be threatened through non-technical means. Then we will discuss what controls exist within ISO 27001 to help an organization deal with non-technical threats that arise. The success of any security policy ultimately rests on the commitment of the people dealing with it in their day-to-day jobs. If they see the policy or controls as unnecessary or burdensome, the policy can create the very security holes it seeks to address.

We will then discuss how to embed the security policy and ISO 27001 controls into the organizational culture to encourage employee cooperation and feedback. This is especially important in the realm of non-technical threats where employee reporting is the primary source of information. Finally, we look at how the concepts of ISO 27001 complement or address other security concerns that an organization may have. Organizations in todays world can face a variety of threats.

One of the best ways to convince employees to commit to the organization is for the organization to make an explicit commitment to the protection of their health and wellbeing. Many of the controls provided in ISO 27001 can do just that and we will discuss how to incorporate them into other emergency and security planning.