This week I was lucky enough to have the opportunity to learn about how due diligence investigations are conducted outside of the United States. I got to interview Björn Wahlström from Current Consulting Group, a supply chain and risk management firm with a presense in Hong Kong, Shanghai, and Shenzhen. Originally from Europe, Björn has over 15 years’ experience working in China. He initially got started out by specializing in supply chain, then later he was able to use his extensive knowledge of supply chain to support due diligence and intellectual property investigations in China.
In this short article I will present those big ideas from risk management that are highly relevant to security professionals like ourselves. (Admittedly, I am no expert! This is something that I am studying, and I wanted to share what might be most useful with you). As defined by ISC2, “risk management is a detailed process of identifying factors that could damage or disclose data, evaluating those factors in light of data value and countermeasure cost, and implementing cost-effective solutions for mitigating or reducing risk”...
Here is the second half of my conversation about key components of successful security programs with Sean A. Ahrens, M.A., CPP, FSyl, BSCP and Ilya Umanskiy M.A., PSP, RAMCAP. If you have not yet listened to Part I, you can listen to it here. In Part I, we discussed security metrics, policies & procedures, and continual learning. In this second part, we discussed leadership, data driven organizations, and how to get the most out of trade shows & conferences.
I had a great opportunity recently to speak with two highly experienced security consultants to get their thoughts on a range of topics relating to key components of successful security programs. Our dialogue covered much more than I anticipated, so we broke our full conversation into two segments. The first part focuses on security metrics, policies & procedures, and continual learning, while the second part focuses on leadership, aligning security with data driven organizations, and tips for getting the most out of conferences (and trade shows). Below is part one, we hope you enjoy!
I created a digital calendar with over 65 of the most notable terrorist attack anniversaries in world history and recent memory, which you can import into your personal calendar (iCal, Outlook, Gmail, Etc.). This simple tool–the first of it’s kind, allows the executive protection specialist to overlay terrorist attack anniversaries with the the principal's travel plans.
Given that these are the primary physical tasks of an executive protection specialist, what should their strength & conditioning goals look like and how should they go about achieving them?
Since a day in the life of an executive protection specialist is unlikely to resemble a “Taken” film, it’s safe to say the majority of your time is spent performing the first four tasks listed above: standing, sitting in vehicles, lifting and carrying heavy things, and retrieving items for your principal. Now, that’s not to say the ability to perform explosive movements such as sprinting, jumping, and striking aren’t important to your role as an executive protection specialist−because they ABSO- LUTELY are−but you need to first consider your not-so-sexy day to day tasks when designing a training program.
Recently, I had the opportunity to speak with the Vice President of a recruiting firm involved in recruiting security consultants for the architecture & engineering industry. Like many of our readers, prior to this dialogue I could not give quality answers about what recruiters look for in asset protection professionals, how they support candidates throughout the interview process, or how candidates can evaluate recruiters who approach them–All of which (and more) is answered in this 60-minute dialogue.
There I was at an ATAP gathering, listening to the owner of a boutique security consulting firm present a threat assessment case they worked on back in 2017. As I was chatting with the highly-credentialed HR professional seated next to me, they asked me what I wanted to do professionally. I explained to them that…
My latest conversation with Ilya Umanskiy was even more insightful than the first, especially as it relates to topics concerning aspiring professionals. We discussed some big topics to include the following:
Personal branding for security professionals, social media use, and Gary Vee
Perspectives on certification & long term professional development
The role of applied psychology
How Ilya and his asset protection peers evaluate talent
And much more!
From a security perspective, drones have the potential to nullify many of the protective measures long relied upon to deter and stop ground-based threats. Walls, vehicle barriers, and officers currently offer limited resistance to even a poorly skilled drone operator with a desire to attack or conduct surveillance against a target. Since World War II, the western private sector has largely not faced a serious threat from the air. The notable exception being 9/11, which was unfathomable to most people on 9/10. Who would y an airliner into a building?
I studied for about 6 weeks total and passed the ASIS CPP Exam with score of 729 out of 800 (650 is passing). I would consider my security background balanced, but by my own standards I am not as proficient as I'd like to be in all of the subjects/domains of the CPP exam, especially physical or information security. Below is my summary of information that you should take in if you're considering getting the CPP certification, followed by my approach to studying for the exam efficiently.
Ilya Umanskiy has nearly 20 years experience in working with global security teams and working as a security consultant. In interviewing Ilya, he showed us his insight into several key areas: career advice, mentorship, challenges facing aspiring professionals (including transitioning military & law enforcement), and more.
When the term “Physical Security” is brought up in our industry, it is usually accompanied by a smirk or an eye roll. It is often deemed an “entry level” task that conjures images of Paul Blart the Mall Cop. No experienced professional would hang their hat on such a rudimentary function, would they? It has been our experience that physical security is often misunderstood and performed poorly. Yet, if the principles and concepts of physical security are understood fully and incorporated into the overall protection strategy appropriately (technology, intelligence, etc.), it can be just as critical a component as any other facet of protective operations.
"Defined loosely, red teaming is the practice of viewing a problem from an adversary or competitor’s perspective. The goal of most red teams is to enhance decision making, by challenging assumptions, specifying the adversary’s preferences and strategies, or by simply acting as a devil’s advocate." (Source: Red Team Journal)
In 2016, there were 439 reported bombing incidents in the US, and “residential structures” were targeted more than any other location.
There are a range of crimes directed at estates, which are unique to residential targets (as illustrated previously in this graphic). Obviously burglary, and you have plenty of measures to mitigate that risk, already in place.
One of the biggest challenges for the individual estate security officer is the unknown visitor. You (likely) already have a plan in place if someone shows up unannounced. But what is your plan for screening them...
What questions do you ask them?
What signs do you look for to detect deception?
How do you elicit information from them?
Don't take my word for it, that practicing customer service is an important aspect of executive protection. As reported by themselves, two of the most notable executive protection companies in Los Angeles have incorporated customer service type training into their training programs.
Because estate security is multifaceted, executive protection professions will have ample opportunities to make mistakes. It is inevitable that you will have to navigate communicating with an angry vendor, principal, or other types of employees—even if you never make a mistake...
OSINT feeds protective intelligence programs a steady diet of information, 24 hours per day. Most of this is empty calories, some of it is red meat, but we don’t know until it’s collected and evaluated.
Real-time social media monitoring (by geographic location) is the single most practical and effective practice that any estate security program can implement...
This is the introductory article for my new series about estate security: Estate Security Hacks. In the last issue of “Executive Protection Hacks,” I provided a simplified framework for approaching the topic of travel intelligence, highlighting ideas and tools for the reader to use in his or her role as an executive protection analyst.
My intention is to highlight factors that I think are especially relevant for the individual security professionals that staff those estate security programs. This is written with them in mind, less so their managers or their manager's managers (although they'd still get something out of it!).
Yes, I’m putting the executive protection/Travel Intelligence topic to rest, but only after one final overview. Below is a short summary of relevant ideas from the Travel Intelligence Masterclass held recently. Plus, I have included two important links below.
First, you need to check out the travel intelligence reading list. Any novice could knock out this list in a month, and then they’d have a great reservoir of information to pull from when they’re supporting the executive protection team with travel intelligence...
After attending the ATAP Annual Conference, I decided that I needed to share with you, all of the great resources that the speakers mentioned—all relating to threat assessment, workplace violence, insider threat, executive protection, and more.
I was recently trying to make sense of all of the professional organizations that I consider especially relevant to executive protection. And then I thought, “how are all of these organizations connected and interconnected?”
I needed a graphic to answer this question, so I mapped out how the following (executive protection related) professional organizations are connected to other organizations.
I'm guilty of using the phrase "common sense security practices," and I imagine that many executive protection professionals throw around that term periodically too. Every time I've used that phrase, I've thought "what a cop out" ...there's no phrase in security that's more lazy and vacuous than "common sense security practices." Is there even such a thing?
Did you know that 80% of our success in producing valuable travel intelligence rests on us internalizing only a handful of patterns? What do I mean?
Patterns begin to emerge once we've read enough briefings from the US State Department, UK/MI5, iJET, Stratfor, etc...
This article highlights 15 patterns that consistently appear in travel security briefings and related literature. Once these patterns are identified, our work as executive protection analysts becomes much easier.
This is one of the few instances where the Instagram-bodyguards (or "hot bodyguards" as the news media characterizes them) posting gym selfies and pictures of their clients, are in the right. They may know nothing about executive protection, but they do know that healthy habits keep them mentally sharp.
As an analyst collecting and producing travel intelligence for executive protection programs, you will undoubtedly come across alerts from iJET, The Center for Disease Control (CDC), The US State Department, and others about a range of ridiculous viruses and illnesses you’ve never heard of.
As an exercise for myself and the reader, I have created a simple chart breaking down the most common and notable illnesses that we should be aware of. You’re going to see alerts for these, so you might as well know if they’re fatal, if there’s a vaccine, and how to prevent becoming affected.
Travel intelligence in executive protection means many different things to many different people. I am going to outline how I prefer to structure and curate my travel intelligence reports. What to include, what is assumed, what’s irrelevant, and so on. The structure of my travel intelligence reports share similarities with reports of iJet, OSAC, and the US State Department. (USE WHAT WORKS!)
“Intelligence deals with all the things which should be known in advance of initiating a course of action.” The following are several short and meaningful statements followed by my interpretation as it relates to our role in executive protection, from the book Communicating With Intelligence: Writing and Briefing in the Intelligence and National Security Communities (2nd Edition) by James S. Major.
The Travel Intelligence Mind Map is a framework for the executive protection analyst. It gives them a systematic process to tackle the ambiguous task of producing travel intelligence. I have broken down the mind map into three sections: General, Macro-Level, and Micro-Level. General encompasses the most basic information about the location, such as entry requirements, immunizations, infrastructure, and crime & safety...
Suppose you only had 10 minutes to initiate your travel intelligence research, and and then you had to provide an initial report to your principal / executive protection manager. Where would you start?
10-Minute Travel Intelligence will not fulfill all of your travel intelligence needs in 10 minutes. Rather, it is a proven framework for the analyst to conduct their initial assessment of a particular domestic or international travel destination.
Increase Your Security IQ >> Sign Up Here
Join 1,000+ Active Members of the EP Nexus Community
Success! Now check your email to confirm your subscription.