Today we are going to venture a little bit into the realm of corporate security. I realize that many readers may not be as interested in this area and are focused more on individual protection. No need to worry as two of the skillsets we are going to discuss are also very applicable to personal security and the third is tangentially related.
The three neglected skillsets or activities that are often underappreciated and underutilized in the corporate security world are:
- Surveillance Detection & Counter Surveillance
- Behavioral Analysis / Behavioral Profiling
- Red Teaming
These three areas – properly applied – can be huge force multipliers in the corporate security world and can pay great dividends with a minimal expenditure of money (although a little expenditure of time). Why then are they so rarely seen being employed in private sector security and why is it so difficult to get funding and support from senior management for these types of initiatives? Are they too unconventional or exotic? Do they force us to confront vulnerabilities we don’t want to face? Is there not sufficient benchmarking from other organizations and industries? All of these methodologies can be very valuable but they are rarely used and often difficult to introduce. Let’s look at each one individually:
Surveillance Detection: For our purposes we’ll use the term surveillance detection or surveillance recognition. Counter surveillance has different definitions depending on who you speak to and their particular background. Simply put surveillance detection is the method of recognizing when you, your facility or a person in your care is being watched or observed by a third party. The purpose of this observation may be to plan an attack, to gather compromising information of some sort, etc. We know that most attacks a preceded by some form of surveillance and we also know that this surveillance generally follows certain patterns that can usually be detected if the targeted person or staff at the facility or protective unit are watching for it and know what to watch for. Surveillance detection can be passive or active. It can be a dedicated duty or an ancillary responsibility. Consider the value that training security staff and even other personnel such as maintenance and cleaning staff at your company’s facilities could have. This takes some time and effort to both train and to maintain but it can go a long way to preventing a criminal or terrorist incident.
Behavioral Analysis & Profiling: We know that studying and interpreting human behavior can be an effective way to identify people who might pose a threat before they can act. Training personnel to key in on what we will call for lack of a better term “suspicious behavior” can allow us to better avoid or when necessary even confront a potential threat before an incident occurs. Much as with surveillance detection this type of training can be a force multiplier making our guard force and even other staff more aware and more effective at countering threats.
Red Teaming: Red teaming is adopting an adversarial viewpoint to look at a person, people or a facility to detect vulnerabilities and to simulate an attack against this target. Red teaming can be done either analytically through desktop scenarios and table top exercises or in a “live” mode using aggressor forces to conduct penetration exercises or even force-on-force simulations. Properly done red teaming can help us identify vulnerabilities and take corrective action and can also provide security personnel with stimulation and engagement that will help them stay focused on what can often be a tiresome, monotonous job. Red teaming has yet to gain widespread acceptance in the private sector however due to liability concerns (with live exercises or with identified vulnerabilities that are not corrected), a perception of exoticness and the simple fact that at some fundamental level we often don’t want to be shown where problems exist. Interesting red teaming has been more widely accepted within the IT realm than within the physical security realm.
When you consider how much money is typically invested in physical security projects such as access control and camera systems, barriers and lighting and guard force operations it’s a wonder these neglected elements which cost demonstrably less are not utilized more widely. They will not fully replace physical security systems and technology but they can go a long way to making them more effective.
How can these be applied to personal security? With the first two it’s a pretty direct application. Detecting when you are being observed and recognizing behavior that may indicate a threat to you are pretty key components of any personal security program and probably more important than the combatives and shooting skills that so many people spend time developing. Red teaming is less direct an application but is probably best applied as part of your personal risk assessment. You could hire a consulting firm to do a red team exercise to help you to identify vulnerabilities in your routine and lifestyle but this is probably not economically feasible or particularly desirable for most people. What you can do is to adopt an adversarial perspective and look at your daily routine and activities to determine locations and times where you are most vulnerable and consider what corrections or alterations you could implement to reduce your risk.