For physical security leaders, artificial intelligence represents a paradox. While the promise of AI-driven efficiency and proactive threat detection is immense, an even bigger problem blocks the path to harnessing it. For most organizations, the real challenge isn't adopting new tools. It's modernizing the archaic data foundations and analog mindsets on which the entire security apparatus currently depends. Before the AI revolution, physical security must first undergo a data and infrastructure reformation.

Jason Veiock, Founder and CEO of corporate physical security company Bearing, has seen this problem from every angle. Having first served as a Special Agent for the U.S. Department of State and the Department of Homeland Security, Veiock later became the Senior Director of Safety, Security, and Resilience at GoDaddy. He's also a Member of the AI Advisory Board at the Security Industry Association, where he engages regulators on emerging AI issues. Now, he builds the tools he wishes he'd had on the front lines of national security. "We see ourselves as security practitioners building software for our own community. I was the Chief Security Officer at GoDaddy, so I was an end user living with these exact problems right up until last year."

At the heart of Veiock's central thesis is a powerful historical analogy: to understand the current state of physical security, one must look back two decades. Before 2008, IT security was a low-visibility function struggling for budget and influence, he explains. But that all changed with a series of high-profile crises. Catalyst events like the devastating Conficker worm outbreak and the massive Heartland Payment Systems data breach were the "wake-up calls" that forced the C-suite to invest, he continues. Physical security has yet to experience its equivalent transformative crisis.

• A relic of the past: For Veiock, the issue is most evident in the industry’s foundational technology and business model. While the rest of the enterprise operates on modern, cloud-native platforms, many corporate security teams remain stuck in the past. "You can be intransigent, but that just makes you a dinosaur that goes extinct."

• The spreadsheet foundation: Rather than a matter of preference, however, Veiock says the issue is systemic. "The entire industry is talking about AI, but no one is talking about the real work: infrastructure and data. My message to every corporate security leader is that step one, the only step one, is getting that foundation right. Right now, they're managing thousands of devices like cameras, badge readers, and biometric systems in spreadsheets. If they're lucky."

To escape the spreadsheet trap, leaders can focus on a more immediate, practical goal instead. Here, Veiock recommends a straightforward approach. Otherwise, a significant knowledge gap can prevent leadership from understanding the difference between what's possible and what's realistic.

• Automation before agency: The path forward is not a giant leap but a calculated first step, Veiock says. "My advice is simple: before you even think about AI, just focus on workflow automation. I say this as someone who is also on this journey. I was ignorant myself until recently. I thought ‘agentic’ was just about a software agent, but it’s about agency: having a system that can work unilaterally based on a framework, not just a simple ‘if-this-then-that’ command."

But like any technological evolution, this one also demands commensurate human capital. With automation handling rote workflows, a security professional's value will be defined by their innate curiosity and fluency with modern tools, not their ability to perform manual tasks.

• Hiring for curiosity: For Veiock, the most essential skill is a demonstrated habit of inspired thinking. "I hire for AI-native people. That doesn't mean you need a PhD. It means that when you come to an interview, I'm going to ask you to describe three ways you use AI in your private life every single day. The guard with experience and curiosity is going to win over the one who doesn't. If people don't want to change, they won't. And they will be replaced. This reality hits every single level of the stack, from the front line to the C-suite."

However, this shift also creates a new kind of value, Veiock concludes. As AI commoditizes basic technical skills, human judgment and deep domain expertise get increasingly important. Now, an experienced leader with an ethical framework is more critical than ever to guide the technology itself. But that value proposition is one that technical ability simply cannot match alone.

Ultimately, Veiock framed the challenge for security leaders as a strategic balancing act. The goal isn't just to implement new technology, but to align security investments with the unique risk tolerance and business objectives of their organization. For the modern CSO, navigating this intersection is the entire job. "A modern CSO has a team to handle the technical security work. Their real job is to be a diplomat. To go talk to the leadership team, take their temperature, and then craft mitigations that are perfectly aligned with true risk tolerance."