Defense in Depth; Starts in the Shallow End

By Rick Colliver

When we speak of the “concentric rings” of protection, we are referring to the need to place as many physical and procedural barriers as possible between the Protectee and any potential adversary. In military circles, this concept is known as “defense in depth”.  However, as we all know, there are two critical components to establishing these concentric rings: 1) what does a threat assessment indicate is necessary and 2) what security intervention strategies will the Protectee accept?

This has served as a frustrating plateau for many security managers throughout history, who, exercising due diligence, have reason to believe the executive (or dignitary or celebrity) is at risk , but are unable to persuade said executive to consider security enhancements.  Often, the concept of protection is new to the affected parties and requires patient explanation – as well as introduction in stages or phases.

Phases of Protection

* Awareness Phase

Somewhat like the case of a substance abuser, the first hurdle that must be overcome with a Protectee is getting them to realize they have a problem. Depending on how they earn their living, they may or may not be open to discussing their private lives with a “security” person. Further, they haven’t the innate wisdom or tactical expertise at this stage to identify or understand potential security problems. We would consider a Protectee at this stage to be naïve to security issues and therefore need a sales pitch to raise their interest.

Such a pitch would include discussion of current news events about other executives or dignitaries experiencing security problems, a summation of suspicious incidents occurring within their own organization, or the protective intelligence reports published by government and private organizations around the world that illustrate upward trends in violence.  Your initial audience may have to include human resources, operations or financial managers as well, in order to avoid conflict further down the road.

* Perimeter Phase

Usually the first actionable opportunity that presents is the recognition of a need to site-harden work or residential venues. This is sometimes due to direct threats or could even be as simple as media reports of an increase in crime in the Protectee’s neighborhood.

Keep in mind, that security enhancements made to personal residences or property may be seen as a perquisite or “perk” in the US and may subject the referenced executive to increased tax liability, unless the security professional can demonstrate a “bona fide business-oriented security concern” and the specified recommendations are made by a qualified (but objective) third party assessor [US IRC Section 132(a)(3)]. Security managers are encouraged to work with their tax department or competent CPA’s to negotiate around this IRS rule.

* Involvement Phase

Once a level of trust has been reached, the Protectee may direct members of his/her administrative staff to share schedules and itineraries with the security department and allow security input for public or high-profile appearances or for travel into high-threat regions.

This is where the argument for advance work is made and used to persuade the Protectee that one of the essential functions of protection is the facilitation of their daily schedule. Through the implementation of thorough security advances we are better positioned to understand the true threat profile of our Protectee and to make prudent recommendations for necessary security enhancements.

* Enhanced Phase

If the threat assessment indicates escalated concern, and as the Protectee becomes better educated, s/he may agree to itinerant protection (or “indirect” as FLETC refers to it) during high-profile events or travel to the high risk geographic regions and venues. In this phase, an active protective intelligence process is necessary to keep a current log of specific threats under investigation, as well as particular regions of the globe that present a higher risk.

The Protectee (or their organization) may also be considered at higher risk due to their nationality or the organization’s symbolic value to adversarial groups. Such temporary security details require coordination with local contract EP/CP providers and indigenous government agencies, and must be managed with a keen eye on both the threats extant and the budget available.

* Direct Phase

The pinnacle of any protection program is the provision of full-time protective details for the Protectee (and immediate family); direct coverage 24 hours a day. This facet will be the most invasive and annoying type of protection that any human being can countenance. Protective agents will be close to the Protectee at home, at work, at play and in transit.

Aside from the personal invasion of space and time, this will be seen by financial planners as being extremely costly, and in publicly traded corporations, will be “reportable”. In other words, your expenditures for executive security will find their way into the company’s annual report and the public domain. Thus, unless a protection manager can demonstrate a specific omnipresent threat of lethal value, security plans will be challenged at every step and will be seen as “expendable” whenever budgets are under the knife.  Consequently, most of the world’s business leaders do not have full-time protective details.

Our Value

For the corporate security professional, the security service provider, and even for the public agency security program director – we need to remember that protection is not an “all-or-nothing” business, but rather one that is fluid and relational to the customer’s needs.

It is an intangible product that is difficult to value unless we are seen narrowly avoiding catastrophe on a regular basis. On the other hand, too many dramatic “saves” should caution us that our protection strategy may be flawed. Our goal is to avoid danger; not to stage rescues. Thus, the unfortunate resultant dichotomy (that should be our bumper sticker) created is, “If nothing happens, we don’t need you. If something happens, you’re not doing your job”.

Build your value to your client organizations by constantly upgrading your skill-sets. Learn more about your customer’s business, learn more about innovative security systems and processes, and prepare yourself to make a business case for appropriate levels of protection.

And perhaps most importantly, become an educator. Educate potential protectees, their respective staff and others in the supply chain pipeline so that they know when to call you and how you can be of service to them. Never assume that because you’re not standing a post outside someone’s door, that you’re not protecting them!
Rick Colliver is the program developer and lead instructor in the Principal Protection program at the Ohio Peace Officer Training Academy and is an adjunct instructor in protective operations in several police, military and academic organizations. He is also the global security director for a multi-national corporation with operations in 24 time zones, and has managed protection details in Europe, Africa, Asia and the Americas.