<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=159683641205248&amp;ev=PageView&amp;noscript=1">

System Modernization - Replacing Aging Infrastructure with Future-Ready Security at the 2025 Security Technology Forum

October 23, 2025

Click for article narration

System Modernization - Replacing Aging Infrastructure with Future-Ready Security at the 2025 Security Technology Forum
8:47
MidChes Logo

System Modernization - Replacing Aging Infrastructure with Future-Ready Security at STF25

Modernizing security isn’t about shiny gadgets—it’s about shrinking risk, speeding response, and building systems that won’t age out next budget cycle. At Security Technology Forum 2025, moderator Jeff Drews (Southwest Microwave) led a frank, practical conversation with Tino Urbina (Commend), Eric Moreau (Theseus Professional Systems), and Jeff Fields (Gallagher) on replacing aging infrastructure with future-ready security. They cut through buzzwords to show how physical security, IT, and cybersecurity now function as one ecosystem—and why AI, zero-trust, and open-by-design integrations are the levers that actually move the needle.

Below, you’ll watch and learn where to start (risk assessments that map to real incidents), how to prioritize funding (shared with IT and Facilities), and what “open vs. proprietary” really means in 2025. You’ll get field-tested advice on phasing upgrades without disruption, making AI work on day one, and using standards and compliance to justify decisions. If you’re wrestling with end-of-life devices, firmware sprawl, or siloed platforms, keep reading—this is the roadmap to a safer, faster, and future-ready operation.

Insights from the Security Technology Forum 2025 panel moderated by Jeff Drews (Southwest Microwave) with panelists Tino Urbina (Commend), Eric Moreau (Theseus Professional Systems), and Jeff Fields (Gallagher).

Why modernization matters right now

Aging infrastructure isn’t just inconvenient—it’s risky. As moderator Jeff Drews framed it, modernization today sits at the intersection of physical security, IT, and cybersecurity. The panel agreed: the days of “install it and leave it” are over.

 

“Cybersecurity is driving modernization on the physical side. You can’t leave systems untouched for years anymore.” — Eric Moreau, Theseus

 

End-of-life devices, unpatched firmware, and siloed platforms expand the attack surface and slow response when seconds matter.

 

The convergence of physical and cyber: what changes

Jeff Fields highlighted a shift from traditional, siloed SOCs to environments where security operations and cybersecurity are inseparable:

 

“We’re moving from an operational approach to a policy approach—where the integrity of data across physical and cyber systems is foundational.” — Jeff Fields, Gallagher

 

Cloud adoption and hyperscale data centers accelerate that change. Expect more rigorous zero-trust requirements, tighter governance, and cross-team processes that unify physical and cyber playbooks.

Takeaway: Treat cyber and physical as one ecosystem. Align policy, telemetry, and workflows across both.

 

AI isn’t optional—it’s an operations multiplier

The panel drew a clear line from machine learning → generative/agentic AI in just five years.

 

“If you’re not thinking about AI, you’re going to get left behind.” — Eric Moreau

 

What AI looks like in practice:

  • Investigation acceleration: natural-language or voice queries (e.g., “show the gray SUV entering Dock 3 between 2–3 pm”) to traverse video and access logs.

  • Policy-driven automation: agentic AI enforcing rules (after-hours door activity, tailgating patterns, anomalous credential use).

  • Ops efficiency: triage alerts, summarize incidents, and route tasks—freeing humans for higher-value decisions.

 

“We need to be bilingual—physical and IT. The dialogue between teams is as important as the tech.” — Tino Urbina, Commend

 

Takeaway: Pair AI adoption with training and shared language between security and IT.

 

Open vs. “proprietary”—use the right definition

The panel deprecated the old either/or framing.

 

“Open architecture means we can ingest and share data via APIs. Proprietary means we own our software. Those can coexist.” — Jeff Fields

 

Eric noted a market trend: even vendors with proprietary elements now publish interoperability bridges to preserve customer flexibility. Urbina advised seeking “evergreen” components that remain compatible through multiple upgrade cycles.

 

“We’ve passed the threshold. The industry can’t go back to silos—even if it wanted to.” — Tino Urbina

 

Takeaway: Prioritize platforms with robust APIs, proven integrations, and a roadmap for backward compatibility and phased upgrades.

 

Regulation & standards: constraints that help

From FIPS and NIST to CMMC, FAR/DFARS, and sector-specific rules, compliance is evolving—and increasingly cascading into the commercial world.

 

“Federal compliance patterns are flowing into commercial data centers and enterprise security. Use them as a baseline even if your industry lacks a formal standard.” — Jeff Fields

 

“Assessments give you a reasoned baseline. Tie modernization to gaps, incidents, and standards—so it’s not just ‘a cool feature,’ it’s a requirement.” — Eric Moreau

 

Takeaway: Use recognized standards to justify design choices, vendor selection, and maintenance cadence.

 

The business case: how to prioritize and fund

Modernization is a journey; phasing is essential. The panel’s playbook:

  1. Start with a risk-based assessment.
    Inventory devices, firmware, end-of-life status, and known incidents. Map vulnerabilities to business impact.

  2. Define a common operating environment.
    Build an ecosystem of interoperable tools—video, access, intrusion, perimeter, analytics—connected by APIs and governed by shared policy.

  3. Create an evergreen, phased roadmap.
    Sequence upgrades to minimize downtime and spread cost (edge first? core first? network first?). Keep “evergreen” compatibility front-and-center.

  4. Share costs across stakeholders.
    Security doesn’t have to fund the network alone. IT (fiber, PoE switches) and Facilities often co-own outcomes and budgets.

  5. Quantify with incidents and compliance gaps.
    Link requests to real events (“this door failed due to a bad closer and outdated controller”) and to standards. Third-party assessments add weight.

  6.  

“Once you can attach risk and incidents to the upgrades, people listen.” — Eric Moreau

 

“Mission first. Align stakeholders around risk and liability, then phasing and funding become easier.” — Tino Urbina

 

Design to be “future-ready”

  • Zero-trust at the edge: harden devices, credentials, and comms; enforce minimum firmware levels and certificate management.

  • Lifecycle hygiene: schedule firmware updates 2–4 times per year; track vendor end-of-life notices and deprecations.

  • Telemetry as a product: design for searchable metadata across systems; plan for AI agents that act on policy.

  • Change management & training: modernization succeeds when operators are confident, not just when tech is installed.

 

 

“Ultimately we’re protecting lives. Unified comms, access, and video save minutes more than meetings.” — Tino Urbina

 

Quick Q&A 

What is “system modernization” in security?
A phased upgrade of legacy physical security (video, access, intrusion, perimeter) and the supporting network/cyber posture to a policy-driven, interoperable, AI-ready ecosystem.

How should organizations prioritize upgrades?
Start with a risk assessment, map gaps to incidents and standards, then phase upgrades to address highest risk and end-of-life first.

Is “open” better than “proprietary”?
Don’t choose by label. Select platforms with documented APIs and integrations, plus an evergreen roadmap for backward compatibility. Proprietary software can still be integration-friendly.

Where does AI help first?
Investigations, alert triage, and policy automation (e.g., after-hours door events, tailgating detection, anomalous credential use).

Who funds this?
Treat it as a multi-department investment. Security, IT/Network, and Facilities share benefits—and budgets.

 

A practical first-90-days action plan

  1. Commission a third-party assessment of devices, firmware, incidents, and compliance posture.

  2. Stand up an interoperability map (what talks to what today, via which APIs/protocols).

  3. Publish a 12–24 month roadmap with phased milestones, costs, and risk-reduction metrics.

  4. Institute update hygiene (quarterly firmware checks, EOL watch list, vulnerability tracking).

  5. Pilot an AI-assisted investigation workflow on one high-value use case.

  6. Form a cross-functional council (Security, IT, Facilities, Compliance) to govern policy and budget.

 

Modernization isn’t a one-time project—it’s a discipline. Build for interoperability, govern by policy, measure by risk reduction, and train people to use the tech well.

 

“We’re equally yoked now to build the best solution we can—no going back to silos.” — Jeff Fields

 

“Find the expert. If your team isn’t equipped to take the next step, bring in the help you need.” — Tino Urbina

 

Contact our team for advice

Quote-mark

 

 

 

 

 

Topics: MidChes Value Add, Security Technology Forum 2025

Medium Narrow Orange Line - horizontal
Need Help Icon orange
Medium Narrow Orange Line - horizontal
Search Keyword banner-2
    Medium Narrow Orange Line - vertical-1
    Subscribe Now Icon

    Search Keyword banner-2
      Need Help Icon orange

      RESOURCES

      CONTACT

      PA, DE, So NJ Office

      117 Commons Ct, Chadds Ford, PA 19317

      610-361-0500

      support@midches.com

      Contact List


      MD, VA, DC Office

      1401 Abingdon Rd, Abingdon, MD 21009

      410-612-9640

      support@midches.com

      Contact List

      SOCIAL

      HOME

      MidChes 30th Anniversary Golf Towel Artwork

      © Copyright 2024 Chesapeake Marketing & Midlantic Marketing (MidChes) -  All Rights Reserved.