Are You Buying A Security Solution Or A Professional Witness?

By David L. Johnson, DABCHS, CHS-V

Having been in the profession of providing personal protective services for various individuals for nearly 31 years now, I’ve seen a wide range of approaches used by various individuals or organizations when it comes to identifying their security package requirements for protecting their at-risk human resource of concern.

I plied this trade in the US Army for about 14 of those years and it was a bit easier there than it has been in the private sector experience I’ve encountered during the rest of the time. When I tell folks that, there is usually an assumption made that because it was the Army and therefore government funded, resources limitations were non-existent and cost issues are irrelevant. Let me assure you, that was not the case then nor is it the case now. In the Army, it starts like this: Congress sets the strength limit of the military forces. Sure, there are a lot of soldiers but like any business who wants to put most of their human resources into their main line of business, the Army must do the same analysis with the finite human resource pool it has. At ABC Widget Company, most of ABC Widget’s human resources will be focused on the manufacturing process associated with the making of widgets, with some important attention paid to Sales and Marketing, a bit to administration. Security at ABC Widget Company can be viewed as a cost center which will generally mean it will be staffed more towards the lean end than the plump one. Same dynamics apply within the Army, only the Army’s main line of business is somewhat different: It is fighting our nation’s wars. So the Army C level staff, if you will pardon the analogy, wants to put most of its soldiers into the US Army Infantry and other combat arms specialties. Next up are what are termed Combat Support and Combat Service Support entities. So there is a definite need, just like in the private sector business case, to make sure you have the human resource mix distributed in the manner that makes sense to make your business successful.

Remember that there is a fixed number of soldier’s in the pie and that if you want to do something else with even one of them, that commander must rob Peter to pay Paul from that human resources pool that he or she has to draw from. For example, in 1981 when the Army responded to the attempted Red Army assassination attempt on General Fredrick Kroesen in Heidelberg, West Germany, they decided to create a 16 man element dedicated to providing security to the three top generals and visiting officials who worked at that headquarters. The United States Army Europe, which General Kroesen commanded, had a fixed number of people in it and he was most likely focused on keeping the 11th Armored Cavalry Regiment (ACR) and other combat units up to strength as the western world was worried about the Russians coming through the Fulda gap during the Cold War at the time – somehow I feel I’m giving my age away here... I digress, Bottom line: we’re not going to take 16 soldiers from the 11th ACR’s authorized troop strength. So the General was keenly aware that in order to create a protective team, which was believed needed due to the direct and recent assassination attempt, he had to take those 16 bodies from some other place. Sound familiar to those of you currently working in the corporate sector? Whenever you allocate resources, no matter what sector you are in, they must come from somewhere and be funded.

Now we did have another challenge and one benefit in the Army. I believe that the same, or a similar, challenge exists in the corporate sector as well and sometimes the same benefit applies as well but not always. Let me get the easy one out of the way first: The benefit was that the principals receiving protective services in the Army are either very senior war-fighting commanders or the most senior civilian leadership within the Department of Defense. The benefit is that they most all understand tactics, war fighting and can readily understand the small unit tactics employed by their protective teams. Anti-ambush responses are something they grow up understanding from the military perspective. It is easy to speak to Attack on Principal issues in Anti-ambush terminology: in essence an Attack on Principal is an ambush. Because of that conceptual confluence, it was pretty easy to make them understand that there were a minimum number of personnel that was needed in order to have a reasonably good fighting chance to make it all work well. 

Now the challenge: Precisely because they are war fighters, leaders and managers responsible for a much bigger picture, you had to justify everything. Heck anyone who needed a new pencil in those days had to fill out a supply requisition form, in carbon paper triplicate and have two supervisors sign it verifying you needed it for duty purposes before you could turn it into the Supply Sergeant and get a new one. AND you better have that used-up stubby pencil to turn in at the same time or a duly executed Memorandum for Record attached to the supply requisition form, endorsed by those same supervisors attesting to the truth of your memorandum, explaining how it got lost or destroyed in the line of duty. If you didn’t have all of that, you might have been held pecunniarily liable and forced to buy that new pencil as a replacement! So staff studies are done, white papers are written, staff advisors chime in with recommendations, matrixes are developed and a process called the Personal Security Vulnerability Assessment was created. That assessment process mandated that a threat assessment be conducted so that if a team was established it could be configured in a make sense, provide deterrent, and mitigate the threat type of configuration that was cost effective. Besides, General Kroesen was a warrior. He landed in Normandy during WWII as a Sergeant. He commanded soldiers in Korea and Viet Nam. He got interviewed by the international news media and told the world that had the Red Army Faction shot at him with an American made weapon instead of a Russian made one, he’d be dead. He was not afraid of what he called “cowardly back-shooters.” 

As we got the Personal Security Detachment set up, began to train those soldiers assigned these duties and began active protective operations some other aspects emerged during that protective assignment that are relevant to the issue I’m about to speak to: General Kroesen understood the need for security while working in the uncontrolled, unscreened public environment but he did not see the need to be protected from the soldiers he commanded nor the people who worked in his headquarters building. They were not part of the threat forces matrix he was concerned about. So we ended up a lot of times providing chase car services and support between the various bases he visited but not on the base itself. The chase car would leave the headquarters building with him as we all used the same secure parking lot, and then drop him off as he entered the gate of the base he was visiting. The only folks that went inside with him were his security driver and his Personal Security Officer, commonly referred to as the PSO. The Chase Car would then conduct area sweeps looking for potential attack recognition factors, indicators of surveillance activities or stage at a pre-planned pick up point near that base’s road network departure choke point. When it came time to leave, the PSO would radio the chase car and give them a heads up so that the motorcade could be put back together for the travel through the vulnerable areas in the General’s environment. 

Now that may seem like a long, rambling, lead in to what I want to speak about in this article but if you’ll bear with me, I hope you will see the relevance.

The benefit I mention about the protectee understanding tactics is encountered in the private sector but not always. There are some who develop or encounter the need to start having protective security efforts conducted for themselves on one day when they did not have that need the day before. Some of these people are very competent people in their own professions but who are not security or military professionals who already understand most of the dynamics they are now encountering. That is not to say they do not possess good judgment, most of the folks who use these services do – otherwise they would not have risen to the positions they occupy. It is to say, though, that sometimes we need to endeavor to educate some of these people, who have never encountered this requirement before, on what it takes to really provide a level of deterrence or mitigation to the security solution they are seeking. It is this frequently encountered effort that I hope to contribute to with this article. 

The challenges can be identical here: There are many of the same concerns and as a consultant and aservice provider I have encountered them frequently over the past 17 years of private sector service provision. There is always a finite, fixed level of resources available for anything and whether the corporation is publicly traded or privately held, cost effectiveness of the operation is of paramount concern. The CEO is often not threatened by the employees of the corporation; it is most often from an external entity or person. Granted, sometimes the issue is a disgruntled former employee but most often the employment termination has already happened and that person is now an external threat albeit sometimes with some very valuable and concerning knowledge of internal working and security mechanisms. But the CEO rightly questions the need for security escorts within the corporate environment, the need for security at the residence, whether or not the corporation is spending these funds wisely, does the right security mix exist and whether or not all this is really needed. Compound that with an economy that is giving the corporation trouble in the profit margin area and the pressures become greater.

Hopefully, their principal advisors on personal security issues are trained and experienced enough to answer that mail and provide the education to those within the support staff who need to address those answers as well.

But here’s where the problem lies at times:

• When it is decided that what is needed is a security driver / security agent; or
  
  
• A chauffeur that is not trained in security driving is used and “augmented” with a personal security agent. The problems associated with this option are frequently exacerbated when the driver doesn’t work for the Director of Security or the security agent; or
  
  
• When official guidance is given that sounds like: Protect him but don’t let him see you; or
  
  
• Anytime a single protective agent is used in the main areas of concern as regards the threat / risk assessment; or
  
  
• Anytime a protective effort is put together without conducting a valid threat and/or risk assessment
  
  

The fair question the reader could be asking at this time is: “Why?”

Why? Because NO RESOURCES should be expended by anyone without a valid reason unless they just want to dispose of disposable financial resources. Does anyone have any of that? 

The other, and the main answer to this question is: Because should that worst case scenario that caused the concern driving the expenditure of security dollars in the first place actually manifest itself, the team configurations described above don’t work.

Let’s go one by one and discuss the pros and cons:

• When using a security driver/security agent, you do have some benefits in that a fully trained security driver can get you out of many of the potential attack scenarios you may encounter while driving. No 100% guarantees anywhere in this field of endeavor but case studies abound where this has actually worked during the “crunch time.” Where the rub comes in for this security configuration is when you get to where you are going to. Especially if that location is something that is time and place predictable in your world. At that point, your security driver / security agent is faced with a dilemma: Does he or she put the car in park and escort you from the car to the entrance or do they stay in the car? In the first case, if you let them get the door for you, there is a bit of a deterrent effect and it is known that mounting and dismounting modes of transportation is among the most likely vulnerable areas that are exploited by attackers from at least the empirical experience point of view. But if they do that and something happens you don’t have the ability to get back in a car that has a driver behind the wheel who can evacuate you from the affected area immediately. If that driver/security agent does get you out of the vehicle and actually interdicts the potential assailant I hope you have talked about what happens next. Even if nothing happens and he or she gets you inside the building they will likely have to leave you alone at some point and go outside to park the car. The range of vulnerabilities that can be identified by even the most rudimentary surveillance effort that can be exploited by adversaries from this time frame in the sequence of events are too numerous from this point on to articulate in this article.
  
  
• Using an untrained driver and a single security agent creates a problem you didn’t have above while providing some increased benefit to the problem articulated in the above scenario. Now you have a driver that likely will not recognize factors that indicate bad things are about to happen unless they are routine traffic hazards. That means your security agent, if he or she sees it developing (and that is one of the shames here because they are only half the eyes in the vehicle available to do this task) they will have to try and get the driver focused on that developing problem and attempt to tell them what to do (read try to train them) on the fly in the heat of the moment. That doesn’t work out well for a myriad of reasons including the potential for shock to set in with the assigned chauffer, especially if they have never received attack recognition training or any other training to help them with a mindset approach to countering the effects of the fight or flight syndrome. If that attack contains people that are shooting at your car, the security agent, assuming he or she is well trained, now has another dilemma: Whether to come over the seat and make sure that the effects of shock, caused by the fight or flight syndrome hasn’t caused you to freeze up and not get down out of the line of fire or stay in the right front seat of your car in case your driver gets shot and can no longer drive. This allows that security agent to have the potential of driving the car out of the kill zone from the right front seat. Assuming that is, you ride in a car that is configured in such a manner as to make that possible. The improvement you get is at the mount and dismount point, you do have a driver that can operate the car if your security agent interdicts the potential attacker and you guys have talked about this beforehand insuring you know to get back into the car and leave and your driver is still with us in this world or not locked up by the previously described shock affect. For those that aren’t initiated, perhaps it is a good point to define this effect. The psychological and psychiatrist professionals of the world identified that when a human being comes into the experience of facing a life threatening situation various physiological processes immediately come into play: Endorphins, adrenaline and such are pumped into the blood stream, blood vessels in your extremities shut down and other physiological processes automatically kick in preparing your body to either fight or flee and to better survive injury that may come about. A part of that process, especially if you are caught in this situation unawares, puts you into shock for about 4 seconds on average. If you have ever been scared and have the experience of remembering telling your body to do something that it just didn’t do, you were there.
  
  
• No matter how many people you are paying for, if you give them guidance that sounds anything like: protect him but don’t let him see you. You aren’t paying for security you are paying for what we in the field term: professional witness(es). If you have a valid threat / risk condition and your security staff is not in your immediate proximity should something happen, they will not be in a position to interdict these things as or when they develop. Understand that. If your tolerance for risk is such that you can live with it, then don’t waste your money on professional witnesses who will only be able to provide sworn statements to law enforcement authorities in the post incident investigation phase. Recognize that if any kind of attack develops, even if it is only a pie in the face, these things happen quickly! It only took John Hinckley, not quite a military professional or SWAT Team member, 1.64 seconds to fire six shots from his revolver at President Reagan. Bottom line: if the security team isn’t with you, they can’t interdict it and can only tell others what they saw after it is all over. Is that really worth paying money for? Likely as not, there will be plenty of free witnesses for the police to interview afterward anyway. So why pay for something that you’ll get for free anyway. Not to mention that there may be some vicarious or direct liability issues left behind for the corporation to deal with should a surviving family member take issues with the fact that perhaps we didn’t exercise due diligence and care in this issue…
  
  
• The use of a single agent only configuration in any place that is of concern takes exactly half of the response capability away from your security solution. The generally accepted, best business practice solution to an attacker from the personal security role is known as the Cover & Evacuate doctrine during which something called the Arm’s Reach Principle is utilized. If your security team isn’t using that doctrine then should something happen that brings your team into court you will have legal liability issues here in the United States because the people providing “Expert Testimony” during that trial will be using it. What does this mean? In the short answer, this means should an attacker manifest themselves on you as a target while you are out of your vehicle and on foot, the best response is two fold: one security agent interdicts the attack and buys you time and distance factors while the other gets you to evacuate the area and insures your safety and well being. That security agent, whom the fickle finger of fate has chosen to do the interdiction, should understand that the Arm’s Reach Principle doesn’t mean that all security agents must be within Arm’s Reach of their Principal at all times, it means that if an attacker manifests themselves within arm’s reach of the agent at this time, it is quicker and more effective to counter that attack with your bare hands, even if the attacker is already firing a gun at you. If you use a single agent and haven’t talked about this, then that agent has two choices: 1) do the cover and evacuate part – which will result in two casualtities and not one because there is nothing to keep the assailant in this case to stop aiming or pulling the trigger; or 2) do the interdiction part and leave you on your own. If this is all your security budget can stand, then so be it, there is a way but you and your security agent, who should be armed at this point in time, need to talk about what to do and you need the mindset that will help you counter the shock that comes with the fight or flight syndrome because this physiological response will raise its head should this happen to you. Oh, and note I advocate that the single agent be armed and that brings with it some additional liabiity issues that some corporations do not want to bring upon themselves… Also, keep this in mind: if you are threated by someone who wants to murder you and you use only one agent: that agent cannot be of any assistance to you if they get killed in the event.
  
  
• And last, but not least, if you are employing personal security and you haven’t done a threat assessement based approach to program and policy design, you will never know whether or not you are expending your security resources wisely in this regard. Though, at best, the provision of personal security services and team configuration design is an art and not a science, at least this puts you on the track of being able to justify your expenditures. Whether it is to the IRS who may call these personal security services additional compensation and tax you acccordingly in absence of a valid, articulated, security driven reason for this resource expenditure, to the board of directors or shareholders of the corporation or to yourself matters not. What does matter to all: Are we spending our scarce resources wisely? Is this particular cost center required? Are we doing this thing in a cost effective manner?
  
  

These are all circumstances that any long term practitioner in this field of endeavor has encountered. To be sure, I’m not the only consultant in the field that has provided assessment, advice and consultative activities surrounding these issues. To me, there are just a couple of things that makes one personal security program effective and another not. Especially as it pertains to the private sector and here’s where the art comes into play: We protect people, every individual on the face of this earth is somewhat different and we all have a different tolerance for risk. What is a comfortable security package for me is too obtrusive and invasive for another and not nearly enough for the third fellow to sleep comfortably through the night. Finding that “right” mix is the art.

In the private sector, a personal security program cannot be imposed upon a protectee, it must be introduced and for it to be effective, it must be accepted and supported no matter what configuration the comfort, risk tolerance levels, threat assessment and human factors point towards. The only thing I ask as a practitioner is that if the protectee wants to go towards the lower end of the scale, then please recognize that your security agent is tagging along for that ride and is assuming your risk and threat factors that they didn’t have in their own lives the moment they sign up for the job. As long as you understand the threat and risk factors, and their likely impact should they actually manifest themselves and are not making uninformed judgments, then all is normally well. But make sure you have an open dialog with your security leadership and that you know and understand what is to happen should the worst case scenario that is influencing you to spend those security dollars manifests itself. What your security agents will do and what you need to do will be of paramount and critical importance to the survivability of all concerned at that point.

The other thing is this: does the program actually provide deterrence factors and/or mitigation capability when weighed against the perceived threat and risk factors? There’s more than one way to skin a cat in this line of work but if you aren’t addressing this through a threat assessment based security program design approach, you’re not hitting that mark unless it is by pure happenstance and accident. And if you’re concerned enough about some potential for the negative impact something might have on your personal safety and security then who wants to trust in luck?

If this thing is either in your world or should come into it, please do yourself at least one favor at the end of the day: Please make sure you have a security solution and aren’t just employing a professional witness or worse yet, buying into a false sense of security that may not have a chance to be successful when the time comes for them to earn their pay. 

By David L. Johnson, DABCHS, CHS-V

The efforts of the members of the board for the American Board for Certification in Dignitary and Executive Protection (ABCDEP) are bringing us closer to the first credible certification for this profession ever offered in the United States.  On August 4^th, 2011 the 16 member board approved a formally prepared Job Task Analysis that defines the approved doctrine and essential elements of knowledge that will be used to craft the remaining components of the certification process.  The board, comprised of 16 unpaid, volunteering professionals who possess an incredible cumulative total of over 324 years of relevant experience in dignitary and executive protection skills, comes from all of the major government and private vertical sectors performing these kind of protective operations within the United States today.  Former members of the US Secret Service, the State Department’s Bureau of Diplomatic Security Services, the US Army’s Protective Services Unit, who are all current and active practitioners in the private sector today, along with members from the corporate security, private and law enforcement training organizations, other corporate and private sector entities are all working together to make this vision a reality.

Why do we believe that this will be the credible certification process so long needed within and for this field of endeavor?  That’s an easy answer with multiple justifying criterion:

• All of the board members are unpaid volunteers and are credible professionals with a history of conducting successful protective operations.  Not one person associated with this board is doing so with the view of obtaining economic benefits directly for themselves through this endeavor.
• The certification process is sponsored by The American Board for Certification in Homeland Security.  This is a non-biased broad based professional association that is not a provider of training services.  Under their auspices, ABCDEP will be only an independent testing organization verifying and validating your professional knowledge in the realm of providing dignitary and executive protection services.
• The process is being established under the established and credible professional certification guidelines already adhered to under the standards of the American National Standards Institute (ANSI) for the ABCHS CHS-V level certification.  International Standard ANSI/ISO/IEC 27024 is the standard we are following.
• The examination WILL BE developed and structured based upon the foundation of the formally prepared and approved Job Task Analysis and application for test accreditation through the Institute for Credentialing Excellence (ICE) under standard (IS)/IEC  17024. 
• An examination test content outline will be derived from the Job Task Analysis.  This is an academically professional process driven approach.
• Test Item construction will be accomplished in accordance with the Item Developers Guide from the Professional Testing Corporation®.  Each test item is edited and validated by ABCDEP Board Members serving as Subject Matter Experts (SMEs) for clarity, content and conformity with the Job Task Analysis.
• The cut score (passing point) used for all ABCHS certification exams including the one being developed for the ABCDEP program is the Angoff Modified Technique, the popular criterion-referenced approach to establishing cut scores for certification exams. The ABCDEP Examination Development Committee uses the Angoff Modified Technique under the direct supervision of a fully qualified psychometrician. Committee members’ pooled judgment is used to establish final cut scores.

Another issue of note is this:  In the professional certification world anyone who provides training and conducts a follow-on examination provides a “certificate” course and this is not considered to be the same level of a “certification” program.  In order to meet the generally accepted standards of a professional certification program, the candidate must obtain their training prior to going to the independent testing agency that will provide an examination process that independently verifies that the candidate actually possesses the knowledge necessary to meet whatever standard is established for that certification.

As previously stated, neither ABCHS nor ABCDEP will become a provider of dignitary or executive protection training programs in order to maintain their objective separation and avoid conflict of interest issues degrading the ability to provide certification.  In order to achieve and support that objective, three committees have been established to develop and support the professional processes that will be used to provide the final certification.  They are:

• The Training and Education Committee will look at various training entities available to practitioners in government, military and private sectors and will create a method and procedure for evaluating and approving qualified training providers and to evaluate and approve those providers as feeder programs providing training to prospective ABCDEP certification candidates.  The main criteria is based upon adherence to generally accepted US protective doctrine as articulated in the approved Job Task Analysis
• The Candidate Evaluation Committee will produce a method and standard for determining how an applicant’s experience will be measured and to perform evaluations of actual applicants’ experience to determine if they meet qualifications to take the examination.
• The Examination Committee will develop the academic evaluation based upon the standards and processes articulated earlier in this article.

This is not a single entity, single person process developed from a narrow perspective.  This is a comprehensive and professional process following accepted and formal standards meeting the litmus test that all professional certifications should meet.

The process is not completed and both the process and the website (click here to visit the website) being established for this program are currently under development.  If you’d like to see who the various board members are and to see the thumbnail biographical sketch of their careers you can click on the individual board member names on the home page of that website.

If you ply this profession and are interested in obtaining the professional certification that will set you apart from the rest of that labor market, please stay tuned for further announcements as the program matures.

This is a follow up to the post: Warnings of Domestic Terrorist Threats 

The Chicago Tribune also published an article today about Daniel Patrick Boyd, the North
Carolina man who is accused of leading a terrorist group, pleaded guilty on Wednesday to
charges of conspiring to provide support to terrorists and engaging in a conspiracy to
murder, kidnap, maim, and injure people.  Daniel is, in police parlance AKA (also known
as) Saifullah (meaning Sword of God).  This guy made it a family affair and is a good
example of US Citizens jumping on the Jihad bandwagon.  The Tribune doesn't exactly say
what this fellow plead guilty to conspiring of in this article:
http://www.chicagotribune.com/news/nationworld/la-na-terror-plea-20110210,0,533607.story
but a copy of his indictment can be found and downloaded at
http://graphics8.nytimes.com/packages/pdf/national/20090728_terror_indictment.pdf.  If you
read that indictment, you'll note that other people including four other US citizens, two
naturalized citizens and a legal permanent resident are also identified under this Grand
Jury indictment...

To quote a former boss of mine:  "Oh joy, oh rapture..."