Are You Buying A Security Solution Or A Professional Witness?

By David L. Johnson, DABCHS, CHS-V

Having been in the profession of providing personal protective services for various individuals for nearly 31 years now, I’ve seen a wide range of approaches used by various individuals or organizations when it comes to identifying their security package requirements for protecting their at-risk human resource of concern.

I plied this trade in the US Army for about 14 of those years and it was a bit easier there than it has been in the private sector experience I’ve encountered during the rest of the time. When I tell folks that, there is usually an assumption made that because it was the Army and therefore government funded, resources limitations were non-existent and cost issues are irrelevant. Let me assure you, that was not the case then nor is it the case now. In the Army, it starts like this: Congress sets the strength limit of the military forces. Sure, there are a lot of soldiers but like any business who wants to put most of their human resources into their main line of business, the Army must do the same analysis with the finite human resource pool it has. At ABC Widget Company, most of ABC Widget’s human resources will be focused on the manufacturing process associated with the making of widgets, with some important attention paid to Sales and Marketing, a bit to administration. Security at ABC Widget Company can be viewed as a cost center which will generally mean it will be staffed more towards the lean end than the plump one. Same dynamics apply within the Army, only the Army’s main line of business is somewhat different: It is fighting our nation’s wars. So the Army C level staff, if you will pardon the analogy, wants to put most of its soldiers into the US Army Infantry and other combat arms specialties. Next up are what are termed Combat Support and Combat Service Support entities. So there is a definite need, just like in the private sector business case, to make sure you have the human resource mix distributed in the manner that makes sense to make your business successful.

Remember that there is a fixed number of soldier’s in the pie and that if you want to do something else with even one of them, that commander must rob Peter to pay Paul from that human resources pool that he or she has to draw from. For example, in 1981 when the Army responded to the attempted Red Army assassination attempt on General Fredrick Kroesen in Heidelberg, West Germany, they decided to create a 16 man element dedicated to providing security to the three top generals and visiting officials who worked at that headquarters. The United States Army Europe, which General Kroesen commanded, had a fixed number of people in it and he was most likely focused on keeping the 11th Armored Cavalry Regiment (ACR) and other combat units up to strength as the western world was worried about the Russians coming through the Fulda gap during the Cold War at the time – somehow I feel I’m giving my age away here... I digress, Bottom line: we’re not going to take 16 soldiers from the 11th ACR’s authorized troop strength. So the General was keenly aware that in order to create a protective team, which was believed needed due to the direct and recent assassination attempt, he had to take those 16 bodies from some other place. Sound familiar to those of you currently working in the corporate sector? Whenever you allocate resources, no matter what sector you are in, they must come from somewhere and be funded.

Now we did have another challenge and one benefit in the Army. I believe that the same, or a similar, challenge exists in the corporate sector as well and sometimes the same benefit applies as well but not always. Let me get the easy one out of the way first: The benefit was that the principals receiving protective services in the Army are either very senior war-fighting commanders or the most senior civilian leadership within the Department of Defense. The benefit is that they most all understand tactics, war fighting and can readily understand the small unit tactics employed by their protective teams. Anti-ambush responses are something they grow up understanding from the military perspective. It is easy to speak to Attack on Principal issues in Anti-ambush terminology: in essence an Attack on Principal is an ambush. Because of that conceptual confluence, it was pretty easy to make them understand that there were a minimum number of personnel that was needed in order to have a reasonably good fighting chance to make it all work well. 

Now the challenge: Precisely because they are war fighters, leaders and managers responsible for a much bigger picture, you had to justify everything. Heck anyone who needed a new pencil in those days had to fill out a supply requisition form, in carbon paper triplicate and have two supervisors sign it verifying you needed it for duty purposes before you could turn it into the Supply Sergeant and get a new one. AND you better have that used-up stubby pencil to turn in at the same time or a duly executed Memorandum for Record attached to the supply requisition form, endorsed by those same supervisors attesting to the truth of your memorandum, explaining how it got lost or destroyed in the line of duty. If you didn’t have all of that, you might have been held pecunniarily liable and forced to buy that new pencil as a replacement! So staff studies are done, white papers are written, staff advisors chime in with recommendations, matrixes are developed and a process called the Personal Security Vulnerability Assessment was created. That assessment process mandated that a threat assessment be conducted so that if a team was established it could be configured in a make sense, provide deterrent, and mitigate the threat type of configuration that was cost effective. Besides, General Kroesen was a warrior. He landed in Normandy during WWII as a Sergeant. He commanded soldiers in Korea and Viet Nam. He got interviewed by the international news media and told the world that had the Red Army Faction shot at him with an American made weapon instead of a Russian made one, he’d be dead. He was not afraid of what he called “cowardly back-shooters.” 

As we got the Personal Security Detachment set up, began to train those soldiers assigned these duties and began active protective operations some other aspects emerged during that protective assignment that are relevant to the issue I’m about to speak to: General Kroesen understood the need for security while working in the uncontrolled, unscreened public environment but he did not see the need to be protected from the soldiers he commanded nor the people who worked in his headquarters building. They were not part of the threat forces matrix he was concerned about. So we ended up a lot of times providing chase car services and support between the various bases he visited but not on the base itself. The chase car would leave the headquarters building with him as we all used the same secure parking lot, and then drop him off as he entered the gate of the base he was visiting. The only folks that went inside with him were his security driver and his Personal Security Officer, commonly referred to as the PSO. The Chase Car would then conduct area sweeps looking for potential attack recognition factors, indicators of surveillance activities or stage at a pre-planned pick up point near that base’s road network departure choke point. When it came time to leave, the PSO would radio the chase car and give them a heads up so that the motorcade could be put back together for the travel through the vulnerable areas in the General’s environment. 

Now that may seem like a long, rambling, lead in to what I want to speak about in this article but if you’ll bear with me, I hope you will see the relevance.

The benefit I mention about the protectee understanding tactics is encountered in the private sector but not always. There are some who develop or encounter the need to start having protective security efforts conducted for themselves on one day when they did not have that need the day before. Some of these people are very competent people in their own professions but who are not security or military professionals who already understand most of the dynamics they are now encountering. That is not to say they do not possess good judgment, most of the folks who use these services do – otherwise they would not have risen to the positions they occupy. It is to say, though, that sometimes we need to endeavor to educate some of these people, who have never encountered this requirement before, on what it takes to really provide a level of deterrence or mitigation to the security solution they are seeking. It is this frequently encountered effort that I hope to contribute to with this article. 

The challenges can be identical here: There are many of the same concerns and as a consultant and aservice provider I have encountered them frequently over the past 17 years of private sector service provision. There is always a finite, fixed level of resources available for anything and whether the corporation is publicly traded or privately held, cost effectiveness of the operation is of paramount concern. The CEO is often not threatened by the employees of the corporation; it is most often from an external entity or person. Granted, sometimes the issue is a disgruntled former employee but most often the employment termination has already happened and that person is now an external threat albeit sometimes with some very valuable and concerning knowledge of internal working and security mechanisms. But the CEO rightly questions the need for security escorts within the corporate environment, the need for security at the residence, whether or not the corporation is spending these funds wisely, does the right security mix exist and whether or not all this is really needed. Compound that with an economy that is giving the corporation trouble in the profit margin area and the pressures become greater.

Hopefully, their principal advisors on personal security issues are trained and experienced enough to answer that mail and provide the education to those within the support staff who need to address those answers as well.

But here’s where the problem lies at times:

• When it is decided that what is needed is a security driver / security agent; or
  
  
• A chauffeur that is not trained in security driving is used and “augmented” with a personal security agent. The problems associated with this option are frequently exacerbated when the driver doesn’t work for the Director of Security or the security agent; or
  
  
• When official guidance is given that sounds like: Protect him but don’t let him see you; or
  
  
• Anytime a single protective agent is used in the main areas of concern as regards the threat / risk assessment; or
  
  
• Anytime a protective effort is put together without conducting a valid threat and/or risk assessment
  
  

The fair question the reader could be asking at this time is: “Why?”

Why? Because NO RESOURCES should be expended by anyone without a valid reason unless they just want to dispose of disposable financial resources. Does anyone have any of that? 

The other, and the main answer to this question is: Because should that worst case scenario that caused the concern driving the expenditure of security dollars in the first place actually manifest itself, the team configurations described above don’t work.

Let’s go one by one and discuss the pros and cons:

• When using a security driver/security agent, you do have some benefits in that a fully trained security driver can get you out of many of the potential attack scenarios you may encounter while driving. No 100% guarantees anywhere in this field of endeavor but case studies abound where this has actually worked during the “crunch time.” Where the rub comes in for this security configuration is when you get to where you are going to. Especially if that location is something that is time and place predictable in your world. At that point, your security driver / security agent is faced with a dilemma: Does he or she put the car in park and escort you from the car to the entrance or do they stay in the car? In the first case, if you let them get the door for you, there is a bit of a deterrent effect and it is known that mounting and dismounting modes of transportation is among the most likely vulnerable areas that are exploited by attackers from at least the empirical experience point of view. But if they do that and something happens you don’t have the ability to get back in a car that has a driver behind the wheel who can evacuate you from the affected area immediately. If that driver/security agent does get you out of the vehicle and actually interdicts the potential assailant I hope you have talked about what happens next. Even if nothing happens and he or she gets you inside the building they will likely have to leave you alone at some point and go outside to park the car. The range of vulnerabilities that can be identified by even the most rudimentary surveillance effort that can be exploited by adversaries from this time frame in the sequence of events are too numerous from this point on to articulate in this article.
  
  
• Using an untrained driver and a single security agent creates a problem you didn’t have above while providing some increased benefit to the problem articulated in the above scenario. Now you have a driver that likely will not recognize factors that indicate bad things are about to happen unless they are routine traffic hazards. That means your security agent, if he or she sees it developing (and that is one of the shames here because they are only half the eyes in the vehicle available to do this task) they will have to try and get the driver focused on that developing problem and attempt to tell them what to do (read try to train them) on the fly in the heat of the moment. That doesn’t work out well for a myriad of reasons including the potential for shock to set in with the assigned chauffer, especially if they have never received attack recognition training or any other training to help them with a mindset approach to countering the effects of the fight or flight syndrome. If that attack contains people that are shooting at your car, the security agent, assuming he or she is well trained, now has another dilemma: Whether to come over the seat and make sure that the effects of shock, caused by the fight or flight syndrome hasn’t caused you to freeze up and not get down out of the line of fire or stay in the right front seat of your car in case your driver gets shot and can no longer drive. This allows that security agent to have the potential of driving the car out of the kill zone from the right front seat. Assuming that is, you ride in a car that is configured in such a manner as to make that possible. The improvement you get is at the mount and dismount point, you do have a driver that can operate the car if your security agent interdicts the potential attacker and you guys have talked about this beforehand insuring you know to get back into the car and leave and your driver is still with us in this world or not locked up by the previously described shock affect. For those that aren’t initiated, perhaps it is a good point to define this effect. The psychological and psychiatrist professionals of the world identified that when a human being comes into the experience of facing a life threatening situation various physiological processes immediately come into play: Endorphins, adrenaline and such are pumped into the blood stream, blood vessels in your extremities shut down and other physiological processes automatically kick in preparing your body to either fight or flee and to better survive injury that may come about. A part of that process, especially if you are caught in this situation unawares, puts you into shock for about 4 seconds on average. If you have ever been scared and have the experience of remembering telling your body to do something that it just didn’t do, you were there.
  
  
• No matter how many people you are paying for, if you give them guidance that sounds anything like: protect him but don’t let him see you. You aren’t paying for security you are paying for what we in the field term: professional witness(es). If you have a valid threat / risk condition and your security staff is not in your immediate proximity should something happen, they will not be in a position to interdict these things as or when they develop. Understand that. If your tolerance for risk is such that you can live with it, then don’t waste your money on professional witnesses who will only be able to provide sworn statements to law enforcement authorities in the post incident investigation phase. Recognize that if any kind of attack develops, even if it is only a pie in the face, these things happen quickly! It only took John Hinckley, not quite a military professional or SWAT Team member, 1.64 seconds to fire six shots from his revolver at President Reagan. Bottom line: if the security team isn’t with you, they can’t interdict it and can only tell others what they saw after it is all over. Is that really worth paying money for? Likely as not, there will be plenty of free witnesses for the police to interview afterward anyway. So why pay for something that you’ll get for free anyway. Not to mention that there may be some vicarious or direct liability issues left behind for the corporation to deal with should a surviving family member take issues with the fact that perhaps we didn’t exercise due diligence and care in this issue…
  
  
• The use of a single agent only configuration in any place that is of concern takes exactly half of the response capability away from your security solution. The generally accepted, best business practice solution to an attacker from the personal security role is known as the Cover & Evacuate doctrine during which something called the Arm’s Reach Principle is utilized. If your security team isn’t using that doctrine then should something happen that brings your team into court you will have legal liability issues here in the United States because the people providing “Expert Testimony” during that trial will be using it. What does this mean? In the short answer, this means should an attacker manifest themselves on you as a target while you are out of your vehicle and on foot, the best response is two fold: one security agent interdicts the attack and buys you time and distance factors while the other gets you to evacuate the area and insures your safety and well being. That security agent, whom the fickle finger of fate has chosen to do the interdiction, should understand that the Arm’s Reach Principle doesn’t mean that all security agents must be within Arm’s Reach of their Principal at all times, it means that if an attacker manifests themselves within arm’s reach of the agent at this time, it is quicker and more effective to counter that attack with your bare hands, even if the attacker is already firing a gun at you. If you use a single agent and haven’t talked about this, then that agent has two choices: 1) do the cover and evacuate part – which will result in two casualtities and not one because there is nothing to keep the assailant in this case to stop aiming or pulling the trigger; or 2) do the interdiction part and leave you on your own. If this is all your security budget can stand, then so be it, there is a way but you and your security agent, who should be armed at this point in time, need to talk about what to do and you need the mindset that will help you counter the shock that comes with the fight or flight syndrome because this physiological response will raise its head should this happen to you. Oh, and note I advocate that the single agent be armed and that brings with it some additional liabiity issues that some corporations do not want to bring upon themselves… Also, keep this in mind: if you are threated by someone who wants to murder you and you use only one agent: that agent cannot be of any assistance to you if they get killed in the event.
  
  
• And last, but not least, if you are employing personal security and you haven’t done a threat assessement based approach to program and policy design, you will never know whether or not you are expending your security resources wisely in this regard. Though, at best, the provision of personal security services and team configuration design is an art and not a science, at least this puts you on the track of being able to justify your expenditures. Whether it is to the IRS who may call these personal security services additional compensation and tax you acccordingly in absence of a valid, articulated, security driven reason for this resource expenditure, to the board of directors or shareholders of the corporation or to yourself matters not. What does matter to all: Are we spending our scarce resources wisely? Is this particular cost center required? Are we doing this thing in a cost effective manner?
  
  

These are all circumstances that any long term practitioner in this field of endeavor has encountered. To be sure, I’m not the only consultant in the field that has provided assessment, advice and consultative activities surrounding these issues. To me, there are just a couple of things that makes one personal security program effective and another not. Especially as it pertains to the private sector and here’s where the art comes into play: We protect people, every individual on the face of this earth is somewhat different and we all have a different tolerance for risk. What is a comfortable security package for me is too obtrusive and invasive for another and not nearly enough for the third fellow to sleep comfortably through the night. Finding that “right” mix is the art.

In the private sector, a personal security program cannot be imposed upon a protectee, it must be introduced and for it to be effective, it must be accepted and supported no matter what configuration the comfort, risk tolerance levels, threat assessment and human factors point towards. The only thing I ask as a practitioner is that if the protectee wants to go towards the lower end of the scale, then please recognize that your security agent is tagging along for that ride and is assuming your risk and threat factors that they didn’t have in their own lives the moment they sign up for the job. As long as you understand the threat and risk factors, and their likely impact should they actually manifest themselves and are not making uninformed judgments, then all is normally well. But make sure you have an open dialog with your security leadership and that you know and understand what is to happen should the worst case scenario that is influencing you to spend those security dollars manifests itself. What your security agents will do and what you need to do will be of paramount and critical importance to the survivability of all concerned at that point.

The other thing is this: does the program actually provide deterrence factors and/or mitigation capability when weighed against the perceived threat and risk factors? There’s more than one way to skin a cat in this line of work but if you aren’t addressing this through a threat assessment based security program design approach, you’re not hitting that mark unless it is by pure happenstance and accident. And if you’re concerned enough about some potential for the negative impact something might have on your personal safety and security then who wants to trust in luck?

If this thing is either in your world or should come into it, please do yourself at least one favor at the end of the day: Please make sure you have a security solution and aren’t just employing a professional witness or worse yet, buying into a false sense of security that may not have a chance to be successful when the time comes for them to earn their pay. 

By: David L. Johnson, DABCHS, CHS-V 

 

Posted with permission of Inside Homeland Security Magazine

 

For a guy who has spent the last 30 years providing dignitary and executive protection and training others to ply that trade, I’m just about as excited as I can be. Before I tell you what I’m excited about, let me provide you with some perspective. My profession is filled with people from all walks of life, and, like every profession, there are some very high quality professionals. And there are some folks who, for whatever reason, just don’t rise to that level. It is very difficult to tell the players apart without some kind of guide. I’ll share some statistics that I developed to illustrate the dilemma that employers and professionals in this field encounter. 

I once managed a contracted protective detail for the head of state in foreign country, and employees. Job vacancies had to be filled from time to time, and I began experiencing challenges in finding quality people, so I started keeping some statistics with my stubby pencil. Here’s what I found: I had to contact 32 people who had provided résumés expressing a desire to work overseas before I found one candidate who actually possessed a valid passport, was currently available, and was willing to take on the risk for the compensation that was being offered. Given that I desired to find at least three quality candidates for each open position, my search averaged out to 96 people being contacted for each one who was hired.

Then something else began to emerge: The skill level of some new hires wasn’t where we desired it to be. I was also getting indications that some resumes contained what might be politely called “embellishment.”

There had to be a way to streamline this process and find people with the right skill base. So my colleagues and I wrote an examination to screen candidates. The test was based upon the protective doctrine of the US State and Defense departments and contained 100 questions. We used a 70% score as the standard for successful candidates. My stubby pencil went back to work, and I again kept track of some statistics for this new process. For every 20 people I sent that exam to, one returned it. For every 20 tests that were returned, one passed it. That works out to about a 0.25% passing rate if my California public school math is in the ballpark.

This problem apparently became noted by the US State Department’s Bureau of Diplomatic Security, with the advent of its Worldwide Personal Protective Services (WPPS) contract. Minimum training standards and requirements to “certify” both instructors and operators under their requirements were established under that vehicle.

I have witnessed other related phenomena in this field: various “bodyguard certifications” have come and gone. One arose in 2008 when a group started advertising that they would provide “certification” for the reported fee of $500. A former employee used me as a reference and I received an e-mail from this group. It asked me five questions:

1. How do you know the above listed applicant?

2. Do you know the above listed applicant to be of strong character?

3. Are you willing to work with the above listed applicant again?

4. Would you consider allowing above listed applicant to be in a position of trust?

5. Can you think of any reason applicant should not be awarded certification as a Protective Detail Specialist?

I’m not sure about you, but that doesn’t seem to rise to the level of a professional certification to me.

So why am I excited? Because I’m working with The American Board for Certification in Homeland Security (ABCHS). We we are setting up a new board that will establish a credible certification process. We have been recruiting members who will form The American Board for Certification in Dignitary and Executive Protection. The response has been very enthusiastic!

We will be announcing the board membership soon. They have amassed an amazing 284 years of collective experience serving with a number of agencies, such as the United States Secret Service, the State Department’s Bureau of Diplomatic Security Services, The US Capitol Police, The US Army’s CID Protective Services Unit, private sector entities and non-governmental organizations! That mix of organization perspective and doctrinal approaches has never been achieved in this industry. It will lead to credible certification from a sound doctrinal approach! So stay tuned for more news on this very worthwhile endeavor!

Why am I so excited? Because for the first time in my career, this credible certification will solve the dilemma and provide both employers and professionals with a differentiating factor that can be relied upon!

Oh, there’s one more thing I can promise: There will be more than five questions on this examination!

References

In the January 2008 issue of US Airways Magazine Save My Career section author Donald Asher indicates his research into this topic “…finds that 10 (and in some fields 70!) percent or more of resumes contain substantive misstatements (that is lies).”

United Press International Freedom of Information Act Request, Document Number SAQMPDOFR1016 extract, Statement of Work Section C.4.3.2.1 Personal Protective Security Training (http://r.m.upi.com/other/12216818791223.pdf) 

Author Bio
 

David L. Johnson, DABCHS, CHS-V, is President of ITG Consultants, Inc., providing consulting, training and protective services. In 30 years of providing protective services, hehas coordinated presidential, Cabinet, ambassadorial, and senior executive level protective programs in threat environments including Somalia, Haiti, Bosnia-Herzegovina. He has managed contracts in Afghanistan and Iraq. He is a member of the ABCHS Executive Advisory Board and chairman of The American Board for Certification in Dignitary and Executive Protection.

 

 

Inside-Homeland-Security-David-Johnson-Article.pdf (90.81 kb)

AMERICAN BOARD FOR CERTIFICATION IN HOMELAND SECURITY HAS FORMED A NEW BOARD FOR CERTIFICATION OF DIGNITARY AND EXECUTIVE PROTECTION PROFESSIONALS

Meeting in Orlando on September 22, the Board of Directors of the American Board for Certification in Dignitary and Executive Protection (ABCDEP) began the task of developing a U.S. standard and process for professional certification of dignitary and executive protection practitioners. 

The ABCDEP was formed earlier this year under the auspices of the American Board for Certification in Homeland Security (ABCHS), a 7,000 member organization, founded in 2003, that has developed a nationally recognized standard and administers the process for certification of professionals involved in homeland security. 

The purpose of the ADCDEP is to establish a professional standard, and an independent, third-party process for certification in protective security similar to that used to certify homeland security professionals; one that is nationally recognized and accepted by both the professional community, and consumers of protective security services.  The requirements for certification will include education, experience, and successfully passing an academic examination. 

Members of the Board of Directors of the American Board for Certification in Dignitary and Executive Protection (ABCDEP) are:

David L. Johnson, CHS-V, President, ITG Consultants, Inc., Chairman

Edward L.A. Bailor, CHS-III, President, Bailor Security Consultants, Inc.

Michael C. Cava, MCJ, CPP, PCI, CHS-V, Director, Corporate Security, CVS Caremark Corporation.

Gerald A. Cavis, Managing Director of Security, NASCAR

Rick Colliver, Corporate Security, Eaton Corporation

Jim U. Floyd, Protective Operations Manager, Global Security Team, Bill & Melinda Gates Foundation.

Marc Glasser, MS, CHS-V, CPP, CEM, MCAS, Principal, PRM Global, LLC

Mark Garver, CHS-V, CEO, Specialty Intelligence Group.

Michael S. LoFaso, Sergeant Major, US Army CID Liaison Officer, FBI Threat Review Unit, National Capitol Region Intelligence Cell.

Mark K. Moore, Vice President, ITG Consultants, Inc.

Michael Nossaman, President, Varro Press, Inc., and Protective Security Council, Secretary

Tony Scotti, President, Tony Scotti Vehicle Dynamics Institute, and Security Driver.com.

The American Board for Certification in Homeland Security (ABCHS), as described on its website (www.abchs.com), “…serves a diverse membership of professionals including active and retired military, law enforcement and security experts, first responders, and others dedicated to the important mission of protecting our nation. The ABCHS is comprised of some of the world's leading professionals who have significant experience in homeland security and emergency response.”

According to the ABCHS Mission Statement, the organization, “…was created to promote, support, and sustain knowledge and leadership to the homeland security industry.  Built upon a foundation of innovative leadership that is dedicated and committed to providing superior education, training, and resources, ABCHS’s goal is to enhance national security through the professional development, enrichment, and fulfillment of the practitioners and professionals that work within the homeland security arena.”

In addition to the ABCDEP, ABCHS has developed five other additional boards that revolve around homeland security, and is currently developing requirements for certification in each of the following specialties:
American Board of Intelligence Analysts (ABIA)
American Board of Information Security and Computer Forensics (ABISCF)
American Board of Law Enforcement Experts (ABLEE)
American Board for Certified Master Chaplains (ABCMC)
American Board for Certification in Infrastructure Protection (ABCIP)

Information about the ABCHS, is at:  www.abchs.com.  The ABCDEP area of the ABCHS website is currently under development.