How IST Is Thriving by Deploying Both Video Surveillance and Cybersecurity
Having rolled physical security into its IT business 16 years ago, Integrated Security Technologies is leading a new wave of network-centric integrators.
As surf music’s most famous group the Beach Boys once sang, “Catch a wave and you’re sitting on top of the world.” While that does not always pan out in business it typically beats remaining on the shore and not at least sticking a toe in the water.
Ultimately, diving in, finding balance and establishing sure footing is the way to growing a company. Whether it’s the swells of the Pacific Ocean or the seas of security, it’s about staying ahead of the curve. And where it comes to the rising tide of converged physical and logical technologies, few have ridden the crest more assuredly than Integrated Security Technologies (IST).
IST came into existence after electronic security veteran and current company President Jon Langhorst approached an IT-centric government contractor called Net Transforms — founded in Herndon, Va., in 1997 by Alec Oppenhimer, Michael Margolis, TC Chang and Robert Carson — about adding a security division.
That was in 2002 and after reuniting with colleague Michael Ruddo three years later in 2005 the pair instigated merging the physical security and IT divisions into a unified provider with offices in Virginia Beach and Roanoke, Va., and soon opening a branch in Richmond, Va.
IST’s plunge into cybersecurity came well before the electronic security industry began to acknowledge let alone embrace the symbiotic relationship. Today, IST is 100 associates strong including representatives located throughout the Mid-Atlantic region covering a footprint that spans from New Jersey and Pennsylvania down to North Carolina and surrounding areas.
Focused primarily on the government, education and healthcare markets, IST designs, integrates, installs and maintains a full range of electronic security, IT and cybersecurity solutions, and saw its revenues top $25 million in 2017. With annual growth that has hovered in the 12%-15% range, the firm was among last year’s SSI Top 75 Market Leaders.
In the interview that follows, Langhorst and Ruddo address how IST has successfully brought physical and logical security under one umbrella. The conversation digs into the details of network engineering, cybersecurity, working with IT managers, internal and external training, recurring revenue streams and more. It’s time to wade in.
When you brought it all together in 2002 that was before cybersecurity started to become a hot topic in physical security. How did you approach that, and how has that posture changed, if at all, from then to today?
MICHAEL RUDDO: The cybersecurity element really has always existed within our organization because of a government agency client we have been doing a lot of work for since 1997. A piece of that work was on the cyber end. We’ve always kind of inherently had that experience or that knowledge base in-house, but it flows very nicely with enterprise-wide systems as well.
You’ve got to know your network. You’ve got to know firewalls, VPNs, and things that are very cyber-based. That’s always been part of our culture, but it has changed drastically over the past few years. On the federal side, we have team members who are experts in FIPS 201-2 related work. That’s always been a part of our scope. We never really looked at it as a separate scope, mostly because we had the knowledge base and experience on staff to be able to handle it.
JON LANGHORST: The other thing that falls into that is back in 2002 IP cameras and security devices were just starting to come out. We looked at it and said these two industries are going to converge quickly. We saw that coming. That was where I decided to align with a smart, established and accomplished IT-centric company. That’s worked quite well. Like Mike said, cybersecurity has always been in our DNA.
RUDDO: We like to recognize we saw IT convergence back in 2002. Some people still haven’t caught on, but we were definitely out in the front of that. We have learned a lot, some painful, some not, but it’s been a great ride.
Do you typically run separate networks, or do you use the existing?
LANGHORST: A lot of times it’s client dependent. We push as hard as we can for a separate network just for security. That works quite well in government applications. Obviously, they don’t want things to cross under their corporate network, and they don’t want any hooks to the outside world.
But in corporate settings, schools, universities, etc., it can definitely run on the corporate network because they want to be able to see it all over, from their workstation in the principal’s office to housing and dining; they want to be able to see these things, add people, delete people, etc. We push to VPN the networks as much as possible to stove-pipe things, but the world we live in is connected. We must deal with that, and that’s where the cybersecurity piece comes in heavily.
RUDDO: I usually tie that question back to funding as that drives a lot of the answer. The type of existing infrastructure that’s there also is a direct correlation to the answer to that question. We’ve got a school system where they had a very robust network. Duplicating the dedicated security network didn’t make sense from an operational standpoint, from a cost standpoint. Fortunately, we have the expertise to sit down with their department of technology and work through the cyber piece functionally, operationally and architecturally how that was going to work.
On the flipside, we do a large university locally here in D.C. and the whole access control piece of their security management system was on their network. But they didn’t want any video on their network. They didn’t feel they could manage it. They didn’t feel their infrastructure would support it without impacting the day-to-day operations of the other things on the network. In that case, we installed a dedicated security network for the video. We’ve bridged the two, and we have VPN access from our office maintaining that cyber structure to everybody’s liking. So, it really depends. We have expertise to talk both games.
In interacting with IT managers, you want to put them at ease, show them you understand networking, but also that you understand their business and aren’t going to cause them problems. What do you see as being key?
LANGHORST: You hit it, understanding their business and their business model. You’ve got to dig into the organization and figure out they function. Also, they’re worried about cyber threats, intrusion, and about bandwidth utilization and throttling, and so forth. A lot of times to them it’s more important for the boss to get his email than for the security system to work properly! It’s a tough, very fine balance. But they’re very concerned about cyber intrusion; especially schools are very worried about images showing up on YouTube. You hear horror stories about that.
RUDDO: In the end, a lot of it is just having a good, solid understanding of their network infrastructure and architecture, and then mapping the enterprise security management system to it. With the experience of knowing where the impacts are going to be, or potential impacts would be, typically there’s a way to architect a solution to consider that existing infrastructure, and not overburden it. I think that’s where a lot of people make a mistake. Because they don’t understand the network piece and they’re not able to communicate the impact to existing infrastructure to that IT manager, there’s a miscommunication that occurs. We’ve seen it on the backend where we’ve come in after something has gone quite horribly wrong. The fact that the integrator didn’t architect the solution to take into account that the network infrastructure couldn’t support it. It was literally that simple. Yet that security manufacturer got a bad name because its system was trashed. In the end, it had nothing to do with the software or system. It had to do with the way it was architected to lay on the existing infrastructure. Having that know-how in-house has been a godsend for what we’ve been able to do.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.