Important Security Precepts

Physical Security Vulnerability

The concept of total security is fraught with problems. Perfect or absolute security is always the goal of security practitioners responsible for the protection of a facility or activity, but such a state of absolute security can never be fully obtained. The permutations to consider are in constant flux and calibrations and recalibrations are necessary. There is no asset so well protected that it can never be stolen, damaged, destroyed, or undermined by unauthorized individuals. For that reason a balanced, multilayered security program, informed and design after a thorough security vulnerability assessment provides protection against defined set of threats by informing the user of attempted intrusions and providing resistance to the would-be intruder’s attack paths. This resistance must be consistent around the intended asset protected perimeter area.

Surveillance mega camera's concept with a sky background

There are four main security elements that should be properly integrated in order to achieve a proper balance of physical security. They are:

  • This is the process of detecting and locating intruders as far from the protected areas as feasible. Early detection gives the user more time for effective alarm assessment and execution of pre-planned response.
  • Assessment is determining the cause of the alarm or recognizing the activity. This must be done as soon as possible after detection to prevent the intruder’s position from being lost.
  • Intruders must be delayed long enough to prevent them from achieving their objectives before the response force can interdict them.
  • A response force must be available, equipped, and trained to prevent the intruders from achieving their objective. The response time must be less than the delay time if the response force is to intercept the intruders before they achieve their objective.

Country Risks Influence Security Levels

Aon Interactive Country Risk Map_2014


Being exposed to different countries with varying risk levels, I’ developed a keen sense of the proper security layers that should be implemented. The most often asked question by company executives is as follows: Why are more resources invested in essentially identical business operations in different geographical locations?

The short answer is this, a country’s risk level is a fundamental external catalyst which added to the risk analysis enables decision making on the proper security layers to implement in the protection of people, assets and the well-being of all stakeholders. A number of different strategies are intertwined forming an effective protective fabric.  For instance, depending on your business activities (considering the difference between transporting valuables and commodities which require different mitigation strategies) in terms of duty of care for a broader geographical spectrum, few resources are allocated to staff protection in Alberta, Canada where the country risk level for violent criminal activities is relatively low, as opposed to Cairo, Egypt where political instability may trigger violent criminal acts (also considering the absence of or overreaction by state authorities), thus requiring more resources to assure the integrity of staff for on-going business operations. Even more resources would need to be invested if the risk levels reach a climax forcing business operations to be either temporarily or permanently interrupted.

Think of it as the layers and various fabrics that should be worn to protect yourself against the climatic elements. For instance, you’d be ill advised to don a heavy wool sweater or goose down jacket to the hot desert climate of Cairo for a business trip; just the same as you would not be fitted in a fashionable light linen shirt for a similar trip to Alberta at the height of the winter season. If traveling back and forth between these regions, care would be taken to wear the right clothing based on the prevailing climate. Equal permutations should be considered when tailoring the proper security strategies for these regions respectably and as mentioned before, based on your particular business operation.


Deviant Flash Mobs: Manifestation of Social Ills to Come

By Francisco Mateo, CPP

Police Investigate Germantown Flash Mob

Flash mobs, a phenomenon that has evolved from the ubiquitous communication networks and the advent of social media, has lately been adopted by deviant mobs. It’s small wonder that the randomness and anonymity of flash mobs would be repurposed for criminal means. In fact, deviant youths have been late adopters, as flash mobs are the means by which many social related events are married to guerilla tactics for maximum impact. Criminal innovations in the social sphere are nothing new. Most criminal trends have their genesis in observed social behavior applied from a deviant perspective.

To understand the root causes at play here we ought to remember that with each new technological innovation (Coupled with the challenges of a growing global population and dwindling resources to sustain social order) we tend to relieve an episode of the Luddite rebellion. The main distinguishing factors is that in its original version the revolt had a marked character tied to a leader; in its latest reincarnation we see a hydra-like leaderless meta-groups leveraging the social communication networks to achieve their aims. These aims often times could not be separated from the deeply rooted issues of social inequality and deprivation which plague many communities in the developed world. The results are similar (As an expert on the subject would say “The internet’s output is data, but its product is freedom, lots and lots of freedom.”), a break from the social norms with roots based on perceived or real social inequality made manifest by a prolonged global recession.

The same technology that empowers an individual also creates malice, anti-social behavior spawned in part by social-economic stagnation. On the flip side of that is the application of technology to crime prevention and detection. On-line base detection options are available to business owners like the case of the retail store depicted above. Such technology has been in existence for a while. Recognizing the need to thwart such criminal trends, practitioners like ICG, Inc. through their iThreat Solutions platform have developed tools at the cutting edge of crime fighting on the wild-wild west of the cyber world.

I expect strains of the deviant flash mob phenomenon to propagate and become a trend globally; mainly because such tactics have already been in use all over the world. There is strength in numbers and these deviant youths have figured out there are ways to circumvent established social and crime controls. But technology gives to all and off-line crime control techniques have already evolved into the cyber sphere. Victims of deviant flash mobs should bare this fact in mind when they implement prevention and reaction plans.

Summer @ SBB

You may have notice a drop in activity on this blog. I’ve been busy seeking alternative means of income through professional and entrepreneurial endeavors. As the sole contributor to this site, that meant sacrificing the time I normally dedicated to bringing you timely and actionable information—the staple of the site. Be it as it may, I’m refocusing attention to important areas of security by working on a posting series to be published over the next few months.

I promised you the content would not disappoint. Being active in corporate security circles has given me unique insights into ideas we’ve been espousing since the site’s inception. Once such area I plan to drill down on is the role of security risk assessment in setting the pace for the strategic security plan.


Community Preparedness, Compare and Prepare

Ironically, I started to write this post a day before the catastrophic earthquake and Tsunami in northern Japan, but it seems the gripping headlines from this terrible tragedy continue to rewrite this post for me.  My original intent was to compare community emergency preparedness programs in New York and California called Ready New York and The Greatest Shakeout respectively. But omission of what the Japanese have achieved in the area of preparedness would be ludicrous. In light of the magnitude of this natural event and their effectiveness at containing life loss a more effective aim would be to discuss how preparedness elsewhere in the world compares to Japanese resilience to such incredibly destructive events in the hopes of applying clear takeaways to our own resilient communities.

As I write this post major natural disasters have been taking place around the globe. Japan just witnessed a major earthquake measured at 8.8 on the Richter scale, causing a tsunami with over 23-feet waves. Christchurch, New Zealand also experienced a horrific earthquake last month. North America has been under snow storm and most recently flooding disaster. The Midwest region of the US is also expecting its own bout with extreme weather with both tornados and flooding likely to cause major damage. I mentioned these examples to put things into context. Preparedness can’t exist in a void, there has to be significant cooperation from every member of the community. It is the most effective way to minimize life lost. Authorities in many countries realize this, which is why they have invested resources in systems, processes, and training to protect their communities’ most precious resources in the face on changing patterns fueling the spate of recent natural disasters.

Arguably large scale natural disasters are the context of many discussions lately. But discussions would be out of context without making reference to preparedness and awareness campaigns where we live and work. In that regard “The Great California Shakeout” is a community preparedness resource dedicated to promoting awareness about one of the State’s most prevalent natural hazards, earthquakes, more specifically a potential devastating earthquake. Started in 2008 as the largest earthquake drill in the US, it owes its beginnings to a group of concerned scientist who took it as their responsibility not only to study root causes for potential deadly quake activities, but also to educate the communities on how to protect themselves from their effects. Today the preparedness drills span all 58 counties with more than 6.9 million participating Californians.  At the center of the program is the simple to remember “Drop, Cover and Hold-on” which is essential to saving lives in a traumatic event.


The site encourages everyone from individuals, to public/private organizations and authorities at all levels to participate in preparedness exercises; besides providing advice and training materials.  The resources they provide have been approved by a team of multidisciplinary experts. The drill manuals cover a variety of learning styles and information intake based on age groups. Multimedia tools allow easy sharing and access which is important for widespread adoption of such information. Flyers and other mass communication tools also help put the word out. The site also links to news and events to aid in the awareness efforts and provides a forum for participants to share their inputs. It also has a presence through social media networks to keep people engaged and help push up-to-the-minute information. Regarding the latter, I stated in a recent post that “social media” has become an indispensable tool in rapid emergency communication and awareness”. That is as much as I can tell you about The Great California Shakeout. If you want to learn more follow the link to the official site:

New York’s community preparedness program by contrast takes a broader, all-hazards approach. Ready New York is a program managed through the Office of Emergency Management (OEM). Through it they offer informational guides to help New Yorkers prepare for all types of emergencies. New Yorkers are encouraged to take three critical steps: make a plan, get a kit and be informed. Since 2003 when its public readiness campaigns began, they have been aimed at getting New Yorkers to a state of readiness.   The program’s common sense approach to potential hazards has also aided its broad adoption by New York’s diverse community.


Japan today is reeling from two catastrophic natural disasters a major earthquake and tsunami leaving a path of death and destruction in their wake. A third disaster, nuclear power plants, damaged by earthquakes destructive force looks likely to be averted for now, according to experts in the field. The death toll is likely to be high, but in contrast to recent earthquake disasters in Haiti, China or the 2004 Indian Ocean earthquake which unleashed a series of devastating tsunamis, the number of victims will likely pale in comparison. It speaks bounds of Japanese resilience. It’s important to understand how this became so, if we intend to improve upon their approach in our own preparedness efforts. After the 1923 massive earthquake that struck the Kanto Plain nearly destroying Tokyo and Yokohama, Japan carefully rebuilt these cities ensuring resilience against another catastrophic event. Japan is one of the most seismically active countries in the world, owing to its location on the “Ring of Fire, an arc of seismic activity that encircles the Pacific Basin” for that reason their built environment (from highways, transportation tunnels and airport facilities, to residential/office building) were constructed with advanced earthquake science in common. Japan has invested significant resources for earthquake safety and disaster management research. In 2000, the country’s building codes were revised again, this time with specific requirements and mandatory checks. At the local level billions of dollars are allocated for “improving the safety of hospitals, schools and social welfare facilities.”

They also take preparedness serious, Japan “marks Disaster Prevention Day on Sept. 1, the anniversary of the 1923 Tokyo quake with a series of awareness activities. At many Japanese schools, first-day-of-class celebrations include an evacuation drill. Even the Prime Minster participates: at this year’s closing ceremony, Naoto Kan spoke about the importance of “mutual aid” in times of crisis.  Japan boasts the world’s most sophisticated earthquake early-warning systems. Emergency drills organized by public and private organizations work, among other things, to transport “stranded” commuters from their offices to their homes. Japan’s tsunami warning service, set up in 1952, consists of 300 sensors around the archipelago, including 80 aquatic sensors that monitor seismic activity 24/7. Small wonder how they have survived such catastrophic events with minimal casualties. The key here is a precise focus on preparedness at every level.

Why is this important to community preparedness around the world? My two illustrated States in the USA, California and New York have similar hazard elements as Japan with unstable fault lines, which may potentially trigger seismic activity in the future according to leading scientists. Both States also have major cities near their significant coast lines which make them vulnerable to tsunamis among other natural hazards. For the sake of our discussion, this is representative of many other developed regions around the world. In terms of critical infrastructure both California and New York have nuclear power plants among their energy assets, which is common among modern industrialized regions around the glove. As far as I’m aware, the Department of Energy regulates construction of power plants and oil refineries to withstand large scale seismic activity, as well as, advanced preparedness (including early warning and evacuation of surrounding communities) procedures in case of emergencies. However the recent oil disaster off the Gulf of Mexico raises concern regarding how strict these procedures have in fact been, when you peeled the bureaucratic layers at such facilities. Both states also strictly regulate building codes to ensure that high-rise building and industrial facilities are built to endure earthquakes. In terms of readiness, California and New York have far reaching community preparedness programs as previously explained. California for its part having identified, through its risk management measures, the high probability of getting hit with another major earthquake, emphasizes such readiness more so than other States. Be that as it may, there is always room for improvement.

Japan’s approach to preparedness offers proven lessons for all communities around the world.  In addition, the aftermath of the recent tragedy has revealed a number of takeaways that can further advanced earthquake safety research. Critical infrastructure such as nuclear power plants, refineries, weapons stockpile (including research facilities handling deadly toxins) require renewed attention anywhere there is high probability of an earthquake. Every citizen needs to take responsibility for their preparedness: heeding early warning signals; stocking emergency supplies like food, water and medicine (I’d also consider stocking iodine, a radiation antidote if I lived close enough to a nuclear power plant facility), as well as having access to emergency communication, with social media being a proven tool for such events.

Community preparedness is an intelligent way to minimize the risk to life and property loss during natural disasters. I have been involved in these community resilience efforts through my participation in the Community Emergency Response Team (CERT). Comparing these two emergency preparedness programs from New York and California in light of recent experience around the world, should serve as motivation to get you acquainted with similar efforts in your community, and hopefully when disaster strikes you would know what to do. I hope that the magnitude of these tragic events would serve as incentive for everyone to keep preparedness top of mind. These life lessons carry incredible value beyond weathering a disaster, since they are about awareness and being ready for whatever the unpredictable force of nature throws at us.

Some Laser Pointers, a Risk to Civil Aviation

Despite what most of us know about external risks to aircraft, there appear to be other risks to civil aviation we should know and be concerned about. Most airplane passengers only reluctantly comply with often repeated request to turn off cell phones which may create electromagnetic interference with aircraft avionics. A few years ago we awoke to the reality of bird strikes as a very real safety risk to the commercial flights. There are other sinister threats or terrorist plots from shoe to underwear bombers to parcel bombs. For a brief while after 9/11 much attention was also paid to the laser guided shoulder-fired SAMs that could be used to bring down low-flying commercial aircrafts. Because SAMs could be acquired cheap on a bourgeoning global black market for these weapons; they were the subject of intense international arms control (mass destruction of stockpiles) and non-proliferation agreements.

A NYT article recently shed light on another risk to civil aviation, equally sinister for its intended consequences, but alarming due to its widespread, mostly benign use in everyday life. Some deranged individuals have taken to directing laser pointers to commercial aircraft’s darken cockpits, which can disorient or temporarily blind a pilot during critical landing and takeoff phases. These devices have also been aimed at helicopters (especially police air patrol units), which can compromise the safety of people on board as well as on the ground if the pilot lost control of the aircraft. In the US the authorities (FAA and FDA) are well aware of the problem and as the article points out, measures are already in place to regulate distribution and sale of powerful laser pointer devices, especially Class 4 lasers. But what if anything would be done elsewhere around the world to keep an individual with ill intent from directing their laser pointers at low-flying aircrafts from densely populated areas where detection can’t be assured. Perhaps Class 4 lasers and other such devices should be included in the list of Directed Energy (non-lethal) Weapons, which are subject to international enforcement under the CCWC as adopted in 1995 in Vienna.

Laser pointers and other similar devices are ubiquitous, but as laser technology becomes cheaper, more powerful devices would be available on the world’s mostly unregulated legit and illegitimate markets. I estimate more abuses of this technology would proliferate to the detriment of public safety. For that reason I’ll be keeping close attention on developments.

Demystifying the Security Business Unit

By Francisco Mateo

Many organizations around the world have hired security professionals to man security departments.  The reasons are obvious, in a fragmenting world risk are ever more unpredictable. Companies can no longer sit around and wait for threats to inflict damage to their people, assets, reputations and brands (PARB), so they tap the professionals to do vulnerability and threat assessments and subsequently provide recommendations and action plans.

Security is unique among operations department, looking at the organization horizontally, vertically and laterally for risks. That is why when the going gets rough the company honchos look to security for solutions. Just look at the services many companies expect to be provided by their security business partners: physical security for staff and assets, travel security, loss prevention, investigations, crisis management, executive protection, guard force management, just to name a few. It is an incredibly complex matrix of mission critical solutions expected from an understaffed, under-budgeted and overworked department. That is indeed the reality of the security suite today. The experts are in agreement that security department is one of the business units that has suffered must since the economic downturn began.  The key indicators tell the story, from hiring freezes across industries to low attendance at trade shows and reduced security technology spending.

Ever the optimist, security practitioners have set out to deal with the new normal, a fragmenting global economy, crushed by the weight of debt, underemployment and under-consumption all having a detrimental effect on productivity and profit margins. There are also asymmetrical risks (illicit global business activities) working their way through from the periphery to the core of our global business environment. Through all of this the security suite must be a vanguard in understanding and mitigating its effects. Take for instance the trends in theft of hot commodity products and raw materials negatively affecting, on one end prices and on another production cycles, as well as, infrastructure capacity.  But, who can ignore the chronic piracy problem on the Horn of Africa; a hydra of risk events affecting this vital route of global commerce, eroding confidence and creating global supply chain inefficiencies.  You can rest assure there are many security suites at organizations large and small monitoring the gathering storm of violent protest in Europe driven by government austerity measures (and given the fragility in the state of global affairs) to determine the risk they represent and creating tactical plans to lessen the impact on their people and assets. It is this maelstrom of risk scenarios that fills a security executive’s agenda. It begs the question whether enough resources have been allocated to tackle these mission critical events. The answer may surprise you.

The truth is that there has been a new mantra in security, like any other service organization, for quite some time, “do more with less”.  Despite the shrinking budgets, the security executive is challenged to manage a peak performance organization without skipping a beat from the plumb times just a few years ago. Adopting efficient business operation methodologies like Lean Security have been paramount. Applying lean security principles requires focus on value-added activities on a continuous improvement loop that delivers result and enhances productivity.  The simple process that keeps the security practitioner from lamenting the lost of budget allocation for important security investment and instead making it work just as well, if not better than before is an act of lean thinking.

Allow me to illustrate the point: say you want to harness and enhance your security guard service’s return on investment (ROI). You identify which security guard activities cut across multiple functions. You zero in on building patrols, which from the outset offers a return on investment by reducing premises liability exposures, as well as leading to lower insurance rates. But this activity has greater potential as it can also be leveraged to cut maintenance cost. It is feasible that the retained security services staff would be trained and empowered to perform tasks such as: turning off lights and HVAC systems after hours; identifying defective building systems and calling for emergency service (elevators, data centers, electricity and water services, ect); as well as turning off space heaters, and coffee pots, which may elevate the risk of building fires. Such activities can reduce maintenance staffing cost, while constantly mitigating potential vulnerabilities. As you apply continuous improvement processes you determine some patrol routes only add time to the physical walk through, without the residual benefit previously described. The process is more effectively served with automation like adding an integrated CCTV with zone-specific sensors array to enabled virtual patrols of the area with clearly defined escalation protocols. The real power behind lean security principles is that it can be dynamically applied to asset protection (as previously exemplify) as well as people, reputation and brand protection problem solving.

The linchpin behind the successful application of these methodologies is reflective leadership or when the managers actively apply new ideas to transform on-going initiatives and concerns.  We thrive under these difficult times because like other high performance organizations the security suite resides in a problem solving space, making us adept at evaluating personalities; constantly looking for collaboration opportunities (decimating silos); leveraging institutional synergies and culture. One of the reasons that executives at many organizations have come to rely on security professionals for mission critical activities at their outfits is because they’ve come to expect this level of transformational results.

It is quite evident when you look at the job descriptions for security managers at many organizations that they aim to obtain more than assurances.  For the most part they’re not disappointed, but don’t make the mistake of expecting a pad on the back. Do expect however to be challenged at every junction to demonstrate your worth regardless of the risk scenarios.  For senior company executives the real issue is obviously one of perception, any threat to revenue and shareholder value can be partially transferred to the security suite with the expectation that it won’t hit the balance sheet. Unfortunately as the pendulum has swung to bust cycles on the bursting of global financial bubbles the security suite has been a prime target for trims.  We are well prepared though. It does not change the basic fact that as our risk mitigation strategies improve (lower cost, greater output), and the economic recession deepens…insert your expected outcome here: _______________________________________________________________________.