Against that scale, the main security management association reports a comparatively small number of certified practitioners. The 2024 annual report from ASIS International states that the organization had 12,760 active and lifetime certificants across all four of its flagship designations. Certification counts grew 1.3 percent from 2023 to 2024, indicating gradual rather than rapid expansion.
This numerical gap does not mean that guards and security managers lack experience. It does mean that employers, insurers, and courts often have limited access to standardized, third party markers of physical security expertise. That absence has become more visible as enterprises integrate physical and cyber security functions and look for consistent signals of competence across domains.
Key Findings on Physical Security Credentialing
- ASIS International reported 12,760 active and lifetime certificants in 2024, a small pool relative to the U.S. guard workforce.
- The CISSP has more than 175,000 holders worldwide, giving cybersecurity a clearer credential benchmark than physical security.
- Converged physical and cyber roles leave boards and CISOs with asymmetric signals of competence across the two domains.
- Executive compensation data show rising CEO personal and home security benefits, increasing scrutiny of guard qualifications.
- ASIS is rolling out new certificate programs and ANSI standards, while fraudulent imitators point to growing demand for credentials.
A Narrow Pool of Certified Practitioners
ASIS International describes its four board certifications as a global benchmark for security professionals. The organization’s 2024 report notes that 12,760 individuals held active or lifetime certifications across the Certified Protection Professional (CPP), Physical Security Professional (PSP), Professional Certified Investigator (PCI), and Associate Protection Professional (APP) designations. This figure is worldwide and therefore covers more than just U.S. roles.
Even without a precise one to one comparison to U.S. employment statistics, the proportions are clear. A guard workforce measured in hundreds of thousands in the United States alone sits alongside a global certification pool under 13,000 across all four programs. For large employers trying to staff security operations centers, corporate security departments, and executive protection teams, certified candidates remain a small subset of the overall labor market.
The ASIS annual report characterizes certification as an important tool for codifying professional standards. It also notes continued interest in exam preparation, chapter scholarship programs, and learning hours. At the same time, the modest growth rate suggests that certification remains optional in most hiring decisions rather than a widely adopted baseline requirement.
More Business Articles
CPP: Structure and Requirements
The Certified Protection Professional is positioned by ASIS as its most advanced credential for security managers. Current eligibility criteria on the CPP program page require several years of paid, full time security experience. This duration is adjusted based on education level and prior APP certification.
Candidates must have at least three years in responsible charge of a security function. ASIS defines this as having decision making authority for a security program or component. The CPP examination includes 200 scored and 25 unscored multiple choice questions. ASIS lists seven domains for the test blueprint: security principles and practices, business principles and practices, investigations, personnel security, physical security, information security, and crisis management.
Applicants must agree to the ASIS Certification Code of Conduct. They must also attest that they have no disqualifying criminal history that would reflect negatively on the profession.
These requirements mean that the CPP functions as a capstone credential for mid to senior level professionals rather than an entry credential for line guards. As a result, the designation validates depth for a relatively small group of practitioners. It does not operate as a universal license to practice in the way that a state bar or accountancy license does in other professions.
Cybersecurity’s Credential Advantage
Information security has moved toward more standardized credentialing. The Certified Information Systems Security Professional (CISSP), administered by ISC2, is widely recognized in cybersecurity recruitment. In a 2025 insights article, ISC2 notes that the CISSP celebrated its thirtieth year in 2024 and had more than 175,000 holders across the globe.
Beyond the CISSP, other certifications such as the Certified Information Security Manager from ISACA contribute to a credentialing ladder. Entry level or intermediate badges from providers like CompTIA and ISC2 also add to the available options. Employers frequently reference these designations directly in job advertisements, and some senior roles list them as requirements rather than preferences. This creates a clearer relationship between roles, pay bands, and certifications than is common in physical security.
The net effect is that, in many organizations, the cyber side of a converged security program has a visible credential infrastructure while the physical side does not. A chief information security officer or risk committee may see CISSP or similar acronyms repeated in résumés and organizational charts. They may struggle to find an equivalent shorthand for physical security capability.
Convergence, Executive Protection, and Board Scrutiny
Many large companies have reorganized security under an enterprise risk or chief security officer model, which combines physical and cyber responsibilities. This convergence increases the pressure to establish consistent expectations about training, professional development, and certification across different teams reporting to the same leadership structure.
Executive compensation research also points to rising visibility for physical security decisions. A 2025 report summarized by the Harvard Law School Forum on Corporate Governance finds that approximately 25 percent of S&P 500 chief executives received personal and home security benefits in the most recently analyzed period, drawing on work by The Conference Board and other partners.
The same report notes that security related perquisites remain a small share of total pay but receive disproportional scrutiny in proxy statements. A related press release from The Conference Board highlights that a growing share of Russell 3000 companies also report CEO security packages.
When these benefits appear in public filings, directors, investors, and proxy advisers gain more visibility into how much companies spend on personal protection. They also become more likely to ask how providers are selected, what standards they follow, and whether guard forces and supervisors meet any formal credential expectations.
Liability, Foreseeability, and Industry Standards
Civil courts use concepts such as foreseeability and industry standards when evaluating negligent security claims. A 2022 article in ASIS Security Management, titled "Behind the Façade: Negligent Security and Premises Liability," reviews a Georgia premises liability case. In it, an appellate court allowed a jury verdict for negligent security to stand.
The article explains that courts look at what precautions would have been reasonable in light of prior incidents and available security measures. In such cases, expert witnesses play a central role in describing typical security practices, risk assessments, and responses to prior incidents. Standards and guidelines from recognized organizations can help inform those opinions.
However, when relatively few practitioners hold widely recognized credentials, it becomes harder to point to a shared educational baseline. This baseline is what courts might treat as evidence of what a "reasonable" security professional should know.
State licensing frameworks do establish minimum requirements for guards and, in some cases, private patrol operators or security agencies. These often include background checks, basic training hours, and firearms qualification for armed roles. The details vary by jurisdiction and tend to focus on entry level competencies rather than advanced management skills. This leaves room for professional certifications to define a higher voluntary standard.
New Certificates and ANSI Standards from ASIS
ASIS International has expanded its offerings beyond the four board certifications. The 2024 annual report notes that the association launched three certificate programs that year focused on fundamental knowledge. These included Essentials of Crime Prevention through Environmental Design, Essentials of Convergence, and Essentials of Crisis Management.
The Essentials of Convergence certificate is described as bridging physical security and cybersecurity concepts at an introductory level. In its role as a standards development organization, ASIS also maintains a catalogue of formal standards and guidelines. The same 2024 report states that the group had sixteen such documents in place and that additional standards were expected in 2025 in executive protection, investigations, and school security.
Subsequent announcements confirm the release of several of these texts. A June 2025 press release from ASIS International introduces an ANSI approved Investigations Standard. This standard sets out requirements and recommendations for planning, conducting, and documenting investigations.
Separate pages on the ASIS site describe an Executive Protection Standard and a School Security Standard. These provide structured frameworks for protection programs and educational environments, respectively. These documents give organizations reference points for program design even when individual practitioners do not hold certifications.
Fraudulent Look‑Alike Credentials and Market Signals
Evidence from chapter level communications suggests that the market is responding to the perceived value of security credentials. ASIS International has documented warnings, including through chapter communications, that some private security companies have created misleading alternatives such as CxM, CxS, CxI, and CxA.
According to the ASIS Qatar Chapter, these entities use wording like "International" and "Triple Crown" to imply legitimacy. They do so even though their programs are not accredited by recognized bodies. The chapter frames these offerings as misrepresentations that trade on the reputation of established certifications such as CPP, PSP, PCI, and APP.
While the warning focuses on the risk of confusion for clients and professionals, the underlying dynamic is notable. Fraudulent use of credential like branding suggests that employers and individuals see value in being associated with initials that resemble ASIS designations.
From a labor market perspective, this pattern indicates that a signaling function is emerging even where formal standards are not yet universal. Legitimate ASIS credentials, backed by a code of conduct and structured eligibility requirements, coexist with unaccredited alternatives. These alternatives seek to fill the same signaling role without comparable oversight.
Implications for Careers and Converged Security Teams
For individual practitioners, low certification penetration can create both constraints and advantages. On one hand, the lack of a widely recognized baseline makes it harder for hiring managers outside the security field to compare candidates. On the other hand, professionals who do hold ASIS certifications stand out in a crowded market. This is particularly true if they can also demonstrate familiarity with cybersecurity frameworks and risk management concepts.
Organizations building converged security teams often need staff who can discuss physical access control and video surveillance in the same conversation as network segmentation or incident response procedures. Formal cross domain certifications remain rare, so employers frequently assemble this capability through experience and internal training.
In this environment, a combination of a CPP or related credential with basic cyber qualifications or documented coursework offers a clear differentiator. The presence of new ASIS certificates and ANSI standards may also give employers more tools to structure job descriptions and development plans.
For example, a company might encourage early career staff to pursue an Essentials certificate. Mid career professionals could work toward the APP or PSP, and senior managers could consider the CPP. Assignments in investigations or executive protection could be aligned with the relevant standards. Over time, such patterns could bring physical security credentialing closer to the tiered structures seen in cybersecurity.
A Gradual Shift Toward Clearer Benchmarks
There is little indication that physical security will adopt a single mandatory license across all jurisdictions in the near term. Guard licensing will likely remain a state level function in the United States. Employers will continue to rely on a mix of experience, internal training, and voluntary certifications. However, several forces are pushing the field toward clearer benchmarks.
First, convergence means that physical security leaders now sit beside cybersecurity leaders who can point to credentials like CISSP with well defined bodies of knowledge and holder counts. Second, executive compensation disclosures are drawing greater attention to personal protection budgets and, by extension, to the qualifications of those tasked with implementing them.
Third, litigation and standards development are highlighting the importance of documenting what is considered reasonable practice in different settings. ASIS International’s move to expand certificate programs and publish ANSI approved standards suggests an effort to build scaffolding that can support more consistent expectations.
At the same time, the emergence of look alike credentials, as documented by ASIS Qatar, underscores that demand for recognizable signals already exists. How quickly that demand translates into higher certification uptake will depend on decisions by employers, insurers, and public sector regulators. They will reassess how they define competence in physical security roles.
Until that happens, the credentialing gap between physical and cyber security will continue to shape hiring, compensation, and liability discussions. Professionals and organizations that invest early in structured physical security credentials and related standards are likely to have a clearer story to tell. This is critical when boards, investors, or courts ask how they define and verify expertise.
Sources
- ASIS International. "2024 ASIS International Annual Report." ASIS International, 2025.
- Bureau of Labor Statistics. "Occupational Employment and Wage Statistics: Security Guards." U.S. Department of Labor, 2024.
- ISC2. "Calling All CISSP Certification Holders - Help Shape the CISSP Exam." ISC2, 2025.
- ASIS International. "Certified Protection Professional (CPP) Certification Requirements." ASIS International, 2026.
- Harvard Law School Forum on Corporate Governance. "CEO and Executive Compensation Practices in the Russell 3000 and S&P 500." Harvard Law School, 2025.
- The Conference Board. "Report: Women CEOs Outearn Men, and Companies Increase CEO Security Packages." The Conference Board, 2025.
- ASIS International. "ASIS Introduces New Investigations Standard." ASIS International, 2025.
- ASIS International. "Executive Protection Standard." ASIS International, 2025.
- ASIS International. "School Security Standard." ASIS International, 2025.
- Security Management. "Behind the Façade: Negligent Security and Premises Liability." ASIS International, 2022.
- ASIS Qatar Chapter. "Certifications Information." ASIS Qatar Chapter, 2025.
Article Credits
