With over two decades of experience, Julian Tan excels in leading security and safety teams. He is known for managing vital relationships with government agencies and developing effective risk mitigation strategies. Julian's expertise extends to creating and implementing essential policies, including vendor management, crisis response, and supply chain security.

D-Ron: As the head of Physical Security at Dyson overseeing global security operations, what are your insights on the evolving security landscape, technological advances and the future trajectory of security strategies and preparedness across multiple regions and industries for 2024 and 2025?

Julian: For the evolving security landscape, I think first, we should look at it from a very macro perspective globally. The type of risk that we are seeing is slowly becoming a poly crisis and even more. That means it's a mix of so many things all embedded into one. There are multiple ways to actually go about this. So, you look at what is preventive, reactive and post. When we look at all these, globally, the teams need to first understand specifically what the risk entails for an organization. After that, you start to bring the technology that's required for you to function because a lot of times, what organisations do is that they bring the technology in first, and then start to adjust to their needs. Why don't they do it the other way around? Understand their needs first, then bring in a product that suits their needs. After that, it is scalable as and when they require it. So, that gives them the trajectory of their strategies. So, as they start to evolve and grow, so does their technology. For example, look at Artificial Intelligence (AI) — how you embrace AI, how you now embrace machine learning, and what it looks like for us. So, the future of security strategies now is that one day, technology will be embedded very deeply into security systems. And with that, people would think that the manpower will be reduced. However, in reality, it will not be reduced. What happens is that you take your manpower, you upskill them and you make them a little bit more productive. And now, that falls into their preparedness piece — how you are preparing your people to take on the threats and risks within the different regions. And I must add that risk is very nuanced. So, you cannot take risks with a broad brushstroke globally, that is, you cannot say that if one election happens, then it affects the whole world. It does not. It is also hard to predict what may happen in future, for example, looking at the 2024/2025 trends, we would notice that five years ago, we did not imagine that war would happen. But look at it today, you have Ukraine-Russia, and you have Israel-Hamas. What next? So, instead of trying to look at what the next war is, prepare and harden the organization to start protecting itself from all that, not only on the front of security but also from business in every single aspect as the company starts to scale and grow into each region.

D-Ron: Could you recommend certain ways that companies could prepare and harden themselves?

Julian: I think one way is that we need to be realistic with the way we do our risk assessments. Realistic in the sense that when you look at your business, you do so holistically. As security professionals, one of the downsides of doing a risk assessment is this: we do not understand the business holistically. We only understand parts. And when we start to put plans in place, we build the risk assessment in parts. So, for example, if you have a supply chain, you may only build for the supply chain, not understanding where the raw materials are coming from and so forth. So, when we can do that, we can understand the risk, and we then bring in partners from various functions to sit down and discuss the risk and build plans. With those plans, you can test them over time and then, the next phase is resilience because you can't build resilience immediately without understanding your business properly.

D-Ron: How do you perceive the role of surveillance technology including CCTVs and access control systems in the broader context of Dyson's global security strategy? Is it something that is very important?

Julian: Technology is always important, but technology should never supersede what the human can do. I'll give you an example. We have one facility of ours where we have no security presence. But what we did was we have AI embedded into our security access control systems. With that, we were able to identify and kind of ‘catch’ an individual who brought external parties into the office after office hours and started to take pictures of confidential items. So, is that important? Yes, it is important. So, we put technology where we feel that we have a gap. So, that's how we utilize technology for surveillance. It is an expensive affair. Every time, like what your question was about access control and CCTVs, we need to be able to project for 2 or 3 years, looking at the company strategy, potential expansion plans, and then you start to bring that strategy out into each market to see the risk around the location you're in before you implement all your technology. You look at things like: How big or small is the office? Is it part of a co-shared space? Is your own space? There are so many permutations for you before you decide, but the end aim is to address the cost factor and use technology to help reduce the cost but increase your surveillance and productivity.

D-Ron: Actually, that ties in very perfectly with the next few questions. So, just to summarize this one here, am I right to say your view is that while CCTVs, access control systems, and all of these surveillance technologies are still important, the most important is still the human element of it because even with all these, humans still have to do something.

Julian: Yes. And humans have got a lot to do because they are the ones that determine how you want to use that technology and where you should put that technology.

D-Ron: So, based on that, to even select this technology, what do you or your team look for specifically in vendors when selecting things like CCTVs, access control and any general security and surveillance equipment? Are there any specific things you look at?

Julian: I do. So, when we look at a supplier, we need to look at the supplier's experience and the type of equipment that they are offering. Because as a supplier, they will offer a range of products. When they understand our industry as a supplier, they are able to help us scope out what equipment may potentially suit that industry or the business. So, it may not be the best cameras in the world that we require. It could be a simple setup for a manufacturing hub that has got a car park that we want to see. You don't need the best technology but the software is required. So, when we get the supplier, the consultant that comes on board to help build some of those projects must be an individual that has industry knowledge. Because without industry knowledge, what the supplier will do is they would develop security systems or surveillance equipment with a broad brushstroke, without understanding what exactly we want to look out for.

D-Ron: So, if they don't have the industry knowledge, they will just kind of give you a whole chunk of things and then you have to sift through which will actually waste your time as well.

Julian: Yeah.

D-Ron: How do you feel companies can manage between costs versus performance?

Balancing the cost of deploying and maintaining these kinds of systems with the desired performance and functionality is really an ongoing challenge. So, budget constraints sometimes limit this adoption.

Julian: I think from my past experience, the question to be asked is “What performance are we looking at? What is it that we want to pick up? Are we a government agency that requires very specific surveillance of people coming in and out depending on the criticality of your assets?” So, if you are running a sensitive research and development hub, yes, you will need some of those. That's how you balance out costs and performance. When I say that, this is what I mean: you have critical areas in your organization, you invest equipment for that particular space and with the investment of that equipment, you don't need to put it across all your assets because you don't need that same level of equipment across your premises. Hence, once again, it involves nuance to the sites, the industry, the risk and the level of confidentiality some companies need. I'll give an example of pharmaceutical companies. When they do research and development, their space is highly critical because they are developing new products. So, you do need to know what is going in and what is going out. And when we take that, do we need to put it in the corporate offices that they have? You may not, it may be a notch or two notches lower. So, that's how you balance it out. So, in the end, you don't see a single hardware brand, and so far, across the whole company. But they are all integrated. So, that’s how I look at it regarding cost versus performance.

D-Ron: With the ever-evolving technological landscape, what emerging technologies or innovations do you believe will significantly impact the future of security and surveillance in multinational corporations like Dyson?

Julian: How I would address this is that technology will always evolve, and it will come to a point where your technology becomes sharper and a lot more focus-specific to your industry. I always fall back from the security standpoint to “What if we don't have that technology, what do we do?” Because you're going to advance so much that we forget the core fundamentals of security. But having said that, the future is always going to be AI. They are going to be faster, with better storage facilities, and so on and so forth. Then comes a compliance piece to manage the technology that's growing. So, AI, machine learning, all these are going to be key. How’s it going to be developed? How’s it going to be used? For example, today, we use blueprints. They are embedded into the software so that when we take the CCTVs, it shows your space with an overlay of the floor plans. So, specifically, we are a lot quicker to respond to incidents. So, this question is quite unique in a sense where the technology is going to grow. For all you know, in future, the technology of CCTVs is going to be 10 times smaller than it is now, with very sharp focus and vision. Storage capacities are also going to be reduced so much that we may not even require cloud storage. It could be very different. Again, I think that's where we're headed towards. And I think the technology is something that I am actually afraid of, to be honest. I'm afraid of it because it's going to go so fast that we will be so focused on trying to catch up with technology that we will forget the core fundamentals of security.

ABOUT JULIAN TAN

Julian is a seasoned security, risk assessment and mitigation expert who has an impressive military background. His involvement in counter-terrorism, peace-keeping and security during his time in the military became the launching pad for his career in security and risk assessment.

For close to 15 years, he has held leading security positions in various outfits where his unique skillsets were fully harnessed. Among the organisations he has worked for are Twitter, Amazon and Grab. He currently serves as the Global Head of Physical Security Operations at Dyson where he leads other security professionals in providing comprehensive protection to Dyson’s assets, personnel and operations across multiple regions.

Julian has a steadfast commitment to excellence, and with his wealth of experience, seeks to contribute his skills and knowledge to new challenges and opportunities in the realm of security. You can visit his LinkedIn page to obtain more valuable information.