Here, I'm not talking about a security guard post where you wear some faux cop uniform and a tin badge. You don't need pounds of skill to work that kind of beat. I'm talking about the upscale security work, where you get to wear a suit and your biggest concern won't be handing out parking passes. Corporate business parks, hotels and casinos, entertainment establishments, private estate security, and the like.

Based on my experience in the field and some good and bad examples I've observed, a few pointers:

Be in reasonable physical shape
You're playing a hard enough game already by being a private security figure, which some scoffers already discredit as being a "rent-a-cop" or "hired goon". The last thing you want to do is make yourself appear even more ineffective by being rotund, flabby, or looking like the high school geek.

In a situation where you're trying to get a better look at somebody across a lot or trying to gain a couple of paces on a car so you can see the license number, nothing's worse than running out of breath. So it should go without saying that you should not smoke, should cut back on the diet, and try to show up at a gym at least once a week. It can only help.

Look professional
Whatever your uniform requirements, you above all have to present the appearance of authority. A spotless, conservative appearance will be like a magic spell, instantly adding to your command presence. We're talking crew cut hair, ditch the beard and sideburns, and have polished shoes. It can make the difference between "Yes, sir." and "Why should I listen to you?"

Any job where you have contact with the general public, your presence is high-profile. If you like to have freedom to wear a ponytail and earrings to work, corporate security is just not for you. Private security already works at a disadvantage – you have to function as private citizen-level law enforcement to maintain control of every situation with little more to back it up than your word. Chances are you're working unarmed or with limited backup. So psychology is one of your most important assets.

Be well-read and well-spoken
The well-read part is the reports which you'll be writing. As is always emphasized in training, the incident reports that you take may become court evidence. For hand-written reports, again, if your printing is sloppy or your writing is not up to par, you are simply in the wrong line of work. Spelling, grammar, and a good vocabulary will lend credibility to the incidents you've witnessed. Should your report become evidence in a court case, don't think that your writing quality won't be under scrutiny; it will be. A carelessly written report indicates that you could be careless about other things, and that's all that's needed to create reasonable doubt in the minds of a jury. Lawyers just on stuff like this.

The well-spoken part is of course applied to dealing with the public. Private security relies heavily on public contact, and every good security professional is just a little bit good at being an actor. Assume an attitude of confidence, but not arrogance. Speak plainly and clearly, but directly. If you have to raise your voice, bluff, or escalate a confrontation, you've already lost.

Be prepared to hear a lie
This is not to say that you should be unreasonably paranoid. But if you work with public contact, you might as well take it for granted that you're going to have people trying to bluff their way past you or around you with every fairy tale they can think of. Interview your subject, and get good at reading body language. Be suspicious of motive.

Be unpredictable
Nothing is worse, if you're on a patrol, than to do the same things in the same order every day. Anybody who wanted to penetrate your property would of course be looking for you, and it would be simple to track and time your movements. For this reason, be careful to vary your routine on a daily basis. Even changing your methods is necessary sometimes.

Hopefully your business understands this. The worst case is where you are required to hit some kind of key system at regular intervals; this does nothing but make management think that you look busy, and you should make some kind of effort to let it be known that you are unable to do your job effectively under this condition. Security work is a variable. Infiltrators already have an advantage in that they know what they are going to do. You don't; all you can do is be ready.

Be extra paranoid about computers
Hopefully you have your own IT technician on site who deals with security from the computer end, or you have other specialist assigned to this. Even then, computers make your job about a hundred times more complicated. No matter how careful you are, information security at the average corporation is a losing game, simply because of the people factor. People download viruses, write down their passwords and stick them on monitors, carry laptops home and lose them, drop their ID badges, answer the phone and supply everybody who asks with their personal identity data, respond to phishing scams, and a hundred other things besides.

It is a complete myth that computer security crackers gain access by mere technical know-how. A solid 90% of a cracker's work involves either 'social engineering' (exploiting the people factor like the methods described above) or dumpster diving or gaining access to the property.

Sadly, there is no way to fix this, as educating users has been shown to be ineffective. Everybody who is willing to learn has already learned, and the remainder may certainly try to convince you that they don't know any better, but in reality they are harboring a backlash effect where they resent technology because they feel intimidated by it. So yes, a percentage of employees really are giving their user name and password to the person on the phone claiming to be the repair person on purpose! And some users really do know that they're downloading viruses but they don't care, because they know the sysadmin will just wipe their drive and re-install their system for them.

Maintaining a program of computer security education will of course be necessary and will address part of the problem, but just take it for a fact that your network is vulnerable at all times, from all kinds of passive-aggressive sloppiness. No matter how many times the MSCE assures you that there is no wireless access into the company network, that kid in the parking lot at two AM playing with the laptop has found a hot spot. Count on it.