You’re Not a Cop or Firefighter…but You Still May Be in a High-risk Profession

One of my audiences is real estate agents. I present programs on personal security and how they can avoid and remove themselves from dangerous situations. You see, as crazy as it seems, real estate agents are targeted by criminals every day. Rape, robbery and murder are some of the issues they face.

1SLeighvalleylive reports that a man approached a model home asking if he could see it. The agent, a woman, quickly felt odd in this man’s company and told him to go inside by himself. The man returned 45 minutes later and said the home had a water leak and insisted the agent come with him to look at it, but she chose not to. When the agent’s male coworker entered the room where they were talking, the man abruptly left. When the saleswoman went into the home, she could not find a leak—but she did notice the bedroom’s curtains had been shut and the lights turned off.

The police were called. They researched the man’s truck registration, found the truck and, they report, uncovered a knapsack containing matches, duct tape, two handguns, ammunition, rope, a ski mask, metal chains and padlocks, among other items.


It’s not just real estate agents: cab drivers, late-night store clerks and other professionals are considered at risk, too. When dealing with the public, it can lead to troublesome behaviors by select weirdoes.

If you are in a high-risk profession, you need to think about security both on and off the job.

On the job, always be suspect of everyone you encounter. Trust your gut, ask inquisitive questions and seek out their motivations. If something seems wrong, it is wrong. Due to the nature of your job, there will be situations unique to you. Investigate what the proper safety/security procedures are, and exercise them daily. Always stay on your toes and never let your guard down.

Off the job, your home is your haven and should be treated as such. Invest in a home security system and sleep peacefully after a crazy day dealing with the public.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

10 Holiday Security Tips

Christmas trees, mistletoe, candy canes, turkey and stuffing bring out scammers, phishers, burglars and identity thieves. I’m not purposefully trying to be a Grinch here, but I’m just reminding you that good times, unfortunately, bring out the worst in bad people. This time of the year is prime season for criminals to seek out victims and separate them from their money and stuff.

Stay merry. Here’s how:

  1. Lock up. No matter how long you are gone, lock your home’s doors and use quality locks from Schlage.
  2. Don’t forget car locks. Don’t leave your keys in the ignition; lock your car doors, even when you are at the gas station and filling up.
  3. Be aware. When in parking lots or garages, at malls or festivals, watch your back, be aware of your surroundings and look for red flags.
  4. Free up your hands. Don’t weigh yourself down with lots of bags and packages. Use a carriage.
  5. Get delivery notices. Package theft is big. Most shippers offer email notifications for tracking packages, so you have the tools with which to become acutely aware of when your stuff is supposed to arrive and be there to accept it.
  6. Set up security cameras. Inside and outside your home, you should have cameras to allow you to peek in on all home activity. They also act as a deterrent to burglars and thieves.
  7. Put your jewels away. When home or away, and even when you are entertaining, lock up your stuff in a bolted safe.
  8. Update your browser. Viruses often end up on a PC because the browser is out of date.
  9. Update your operating system. It’s not enough to have antivirus; you must also update the critical security patches in your computer’s operating system.

10. Check your statements. Every week around the holidays, pay close(r) attention to your credit card statements and reconcile your charges.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Robert’s FREE eBook text- SECURE Your@emailaddress -to 411247.

High-tech vs. Low-tech Locks

High technology doesn’t necessarily mean better, stronger or faster. It does usually mean more convenient, as the word technology is defined as “including the use of materials, tools, techniques, and sources of power to make life easier or more pleasant and work more productive.”


This is the opposite of low-tech, which is essentially utilizing equipment and production techniques that are relatively unsophisticated—but unsophisticated doesn’t necessarily mean insecure. For example, all Schlage Grade 1 deadbolts, keys or touchscreen locks endure 300,000 cycles of testing in the company’s state-of-the-art testing facility…which is 50,000 more than required for Grade 1 certification. A bad guy with intent is going to have a hard time compromising even a low-tech lock

And then there are high-tech locks, such as Schlage’s Touchscreen Deadbolt, which is the best keyless lock out there. It’s a motorized bolt that automatically locks and unlocks when a four-digit user code is entered, and its lock-and-leave functionality requires only one touch to instantly safeguard the home. The Touchscreen Deadbolt can hold up to 30 unique access codes and is designed to support temporary codes when used with Nexia Home Intelligence for homeowner convenience. For example, codes can be tailored to specific days and times of the week to provide home access only when scheduled, such as for cleaning service personnel – a benefit of having an easy to use keyless lock with a built in alarm.

The biggest difference between high-tech and low-tech locks is the ability to remotely manage a high-tech lock. Nexia Home Intelligence makes it high-tech. This is a home automation system that allows you to control locks, thermostats, lights, cameras and more from wherever you and the internet happen to be. Lock or unlock your door from anywhere with your cell phone, or schedule lock codes to be active only on certain days at specific times. You can also receive text alerts when an alarm triggers or when specific codes provided to your kids are entered at the lock.

Robert Siciliano home security expert to Schlage discussinghome security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Seminar to Feature ISECOM’s OSSTMM v3

Pete Herzog, Founder of ISECOM, will be discussing the revised Open Source Security Testing Methodology Manual (OSSTMM v3) and how it applies to web application security today (10-13-2010) in Raleigh, NC.

Pete rarely gets to the US, so this is a unique opportunity for security professionals to have an open discussion with him about trust-based security models and how to apply sound logic to securing and testing web applications.

“About 5 years ago, while searching for any existing methodologies, I stumbled across ISECOM and the Open Source Security Testing Methodology Manual. It changed the way my company and I engaged with clients at every angle,” Michael Menefee of WireHead Security recently wrote.

“As a security consultant, I’ve always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client’s network or business,” Menefee stated. “This would, of course, require both a data collection methodology as well as a reporting methodology in order to work properly.”

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics, and the test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

On the origins of the OSSTMM, Pete Herzog wrote that, “in the research for factual security metrics, factual trust metrics and reliable, repeatable ways for verifying security, including concretely defining security, we found that the practice of guessing forecasting risk was not only non-factual but also backwards. Risk stuck us into a never-ending game of cat and mouse with the threats.”

“Beginning with version 3, the OSSTMM is no longer just about security testing. The break-throughs we’ve had in security had us re-visit how we work with security. This includes risk assessments.”

Christoph Baumgartner, CEO of OneConsult GmbH in Switzerland – whose firm has been using the OSSTMM methodology since its inception – recently commented on the value proposition the methodology standard offers, stating that, “the most important aspect is that we have an easier time keeping our clients. Most of the companies and organizations which order security audits on a regularly basis are fairly well organized and have a strong interest in gaining and keeping an adequate level of security.”

“Having the attack surface metrics, the ravs, means that they can watch trends and keep a close eye on how changes in operations affect their security directly. I can definitely confirm that many of our clients who have to change the supplier for security policy reasons expect their future suppliers to apply the OSSTMM.”

OSSTMM was developed by the Institute for Security and Open Methodologies (ISECOM), a non-profit collaborative community established in January 2001.

ISECOM is dedicated to providing practical security awareness, research, certification and project support services for non-partisan and vendor-neutral projects to assure their training programs, standards, and best practices are truly neutral of national or commercial influence.