Today in the Best Advice Q&A series, we talk to Steve Lucas, vice president of sales at Mercury Security, part of HID Global. He shares the best advice he’s ever heard, how he mentors industry newcomers and who has helped him most in advancing his career.
Security Sales & Integration: What’s the best piece of advice you’ve ever received?
Steve Lucas: Build for trust before you build for scale. Every decision in this business — technical, commercial or operational — is a trust decision first. That’s how I lead teams and how I evaluate roadmaps. It’s tempting to chase the next feature or the next big logo and assume trust will follow if you execute well enough.
In reality, trust is the precondition for everything else to work over time.
In access control, we safeguard identity and movement. If integrators, end users and partners don’t trust how we design controllers, protect credentials or communicate about vulnerabilities, nothing else matters. Trust shows up in quiet places like release notes, user guides, lifecycle discipline, patching, and clear communication. Those choices compound.
Practically, that advice pushes me to champion open standards, predictable roadmaps and rigorous security processes. It also makes me slower to add complexity and faster to remove it. When we simplify controller setup or make APIs easier to adopt, we are reinforcing trust that systems behave the way people expect, today and years from now. That’s the foundation customers remember long after a project closes.
SSI: What advice would you give to those looking to achieve success in the security industry?
Lucas: Learn the whole stack and speak both languages. By “whole stack,” I mean door hardware, power, controllers, networks, identity platforms and cloud. By “both languages,” I mean physical security and IT. The best people I’ve worked with have hands on field experience, understand ecosystems and partnerships and explain cyber hardening at depth with a CIO.
Pair that breadth with discipline: document your work, version everything and build repeatable playbooks. Relationships matter as much as technical depth; treat every job like a reference job and your reputation will open the next door.
SSI: If you could point to one person in the security industry and tell up-and-comers, “Make sure to listen to what they have to say,” whom would you pick and why?
Lucas: I’ll highlight two archetypes because both shaped how I think about the future of access control.
First is the standards-builder, the leader who invests in interoperable ecosystems even when it’s harder in the short term. They remind us that the most durable innovations are the ones many companies can build on, not just what a single vendor ships. Listening to standards-builders teaches patience, clarity of definitions and the discipline to design interfaces that outlive product cycles.
Second is the practitioner who never lost their field sensibility after moving into leadership. They still ask, “How does this impact the end customer’s operations?” and “Are we maximizing our partner’s opportunity to be successful?”
Practitioners force elegant ideas to pass the reality test — legacy panels, mixed reader fleets, constrained budgets. Their perspective keeps roadmaps grounded in the lived experience of integrators and end users.
If you internalize both voices — the ecosystem mindset of the standards-builder and the accountability of the practitioner — you’ll make better decisions, design more resilient systems and earn the trust that ultimately defines a career in this industry.
Click here to check out the entire Best Advice series!
