Global Security Experts Weigh In
It seems like tragic news is hitting us in wave after wave these days, with barely time to process one horrific event before the next one happens. The recent May Buffalo store shooting was followed too closely by the Robb Elementary massacre. Our world is getting more dangerous and bad people intent on doing harm are more prolific than ever.
Security experts around the world acknowledge that when these tragedies are dissected (after the fact), there is a complicated series of events and a trail of crumbs that lead up to these individuals doing the unthinkable. These same global experts will also tell you that actionable protocols and security best practices exist for organizations of any size, from schools, to malls, to concert halls, to the local pub. These senseless tragedies can be stopped.
How to Create Venue Security in an Unsecure World
Protecting the people in your venue is far more complex than it used to be. Today, a venue’s security is at the mercy of any number of dynamic variables such as an active shooter, smash and grab theft, an employee recently fired who returns with a gun, or a riot happening on the street outside, to name a few.
Evolv consulted with two global security experts to get their best practice recommendations for organizations to help them better anticipate, prevent, even de-escalate threats in progress.
Our global experts include:
Mark Sullivan, founder of Mark Sullivan Consulting in St. Petersburg, Florida, and Washington D.C., has a long and distinguished career in global security and security solutions, consulting with some of the most innovative private sector security companies in the world. His experience includes a role as principal at Global Security & Innovative Strategies, and 35 years of service as a Special Agent with the U.S. Secret Service, including a presidential appointment as Director of the Secret Service from 2006 to 2013 leading high impact initiatives in protective operations, protective intelligence, and criminal investigations. He currently sits on eight Boards of Director and Security Advisory Boards, and is a sought-after global security expert and advisor.
David Cohen is one of the world's leading authorities on intelligence analysis and operations, with expertise developed over a 35-year career with the Central Intelligence Agency (CIA), including as Director of CIA's Clandestine Service and before that managing all CIA analysis for the US National Security community. He then served 12 years as NYPD Deputy Commissioner for Intelligence; a position established in the wake of the 9/11 attacks. He revolutionized how the NYPD collected, analyzed, and leveraged intelligence and established a global NYPD presence to protect New York City from another terrorist attack. Now President of Columbia Consultants, a risk assessment firm, he is on the Business Executives for National Security Advisory Board.
A Proportionate, Effective Threat Mitigation Approach Requires a Four-Step Plan
“The environment we’re living in today demands anticipation and preparation.” - David Cohen
Those responsible for their venue security simply want to know they stand ready to effectively mitigate and deal with both external and internal threats—of every kind. Our experts agree: Organizations that use an enterprise-wide, four-step approach are in a better position to protect people and their physical venue.
Here is a snapshot of those steps and what it means to take an enterprise-wide approach. We also offer step-specific insights from our experts.
Step 1: Assess
This foundational first step requires you to build a threat-level matrix that includes probability and impact for both external and internal threats. Once complete, it becomes your customized threat mitigation guide. Use it to more confidently plan for and secure funding for any additional security resources you might need.
“As a venue owner, I would want a security expert advising my staff as to what they think the greatest threats are and how they recommend we mitigate the risks from those threats. Do they advise I hire more security guards, update security plans, invest in additional forward-leaning technology, or improve training? Regardless of the recommendations, they will more than likely come at a cost. For many venues, there will always be the balance between justifying the operational costs with the value added. A way to justify that cost is by having an enterprise-wide solutions approach that increases our capabilities to protect us against our biggest threats. And finally, it’s important that every investment is made not because it is deemed a nice-to-have, but because it’s a need-to-have.” - Mark Sullivan
- Insight 1. Building a threat-level matrix helps you assess your threats, vulnerabilities, resulting risks, and how to best mitigate them. If the end goal is prevention, all possible threats must be factored into a threat matrix.
- Insight 2. Just the process of assessing threats, and ranking them from highest to lowest, is valuable because it forces venue owners and security experts to think through the range of issues they may have to deal with, including both internal and external threats. Your insurance company may require some form of physical threat, vulnerability, and risk assessment—but this is not enough. Because the world is more dangerous, small to very large venues are wise to build a matrix that addresses everything from a customer fall down your escalator to an active shooter in your lobby.
- Insight 3. Because threats are variable and dynamic, any matrix you build will be unique to your venue, —and its location—on any given day. As a result, consider it a living, 360-degree plan, a daily assessment of your current state of threats. A day with protests nearby presents a different threat level than a quiet day during the middle of the week.
Below are key elements to form the top of your threat level matrix. For each threat you identify, both internal and external, create enough detail and context for each to help you prioritize solution urgency and needed resources.
- Threat type
- Threat probability (high/medium/low)
- People and property impact
- Mitigation approach
- Needed resources
Step 2: Plan
This step is all about creating updated plans, policies, and procedures around your newly prioritized matrix of probable threats. Key to the success of any plan you implement is how well you cultivate and sustain solid relationships with security, law enforcement, and area businesses—and how you tap available intelligence to stay on top of dynamic threat variables.
“Just like humans instinctively use situational awareness when they are out and about to keep themselves and their families safe from harm, organizations must learn how to proactively use situation awareness to help mitigate threats to their employees, students, customers, and property.” - David Cohen
- Insight 1. Once you garner approval for an enterprise threat mitigation plan, it’s critical to establish or re-establish a broad and deep relationship with local law enforcement and private security personnel. Make sure they know who you are and where you are located. Cultivate relationships and share vital safety information. Spend time with these contacts to develop trusted relationships and build a strong communications network for those times you need each other most.
- Insight 2. Sizeable venues should have some security anchor point, a location inside that can serve as an operation center housing resources like video, phones connected to local law enforcement, and a place for any hired security personnel to go in case of emergency or for shift breaks.
- Insight 3. Depending on your venue location and size, your level of situational awareness increases to the degree you create a plan for monitoring social media, the dark web, local news alerts, and other available communications intelligence that might tip you off to an impending threat. Once you create access to the best intelligence, make sure this marries up with your threat mitigation emergency plan. This helps you create a 24/7 plan that keeps you current and responsive whether you are closed or open.
Step 3. Communicate
“The best plan is meaningless if no one knows what is in it. It needs to be communicated often, and in detail, including building it into performance plans if necessary. There can be no room for doubt about the order of operations or chain of command when lives hang in the balance.” - Mark Sullivan
- Insight l. A plan is ultimately only as good as how well you engage the entire team that is responsible for implementing the plan. Critical is that they all understand their role in the plan and appreciate its importance for the safety and security of employees, students, customers, clients and visitors. For large venues and small, the repetition and reinforcement of this message starts at the top.
- Insight 2. Even in large event venues, effective communication can be a challenge as a hefty security construct can often involve numerous moving parts that may or may not see themselves as an integrated whole. It falls heavily to leadership—via good communications skills—to ensure that the left and right hands not only know their own role in assuring venue security, but how they connect to each other. In brief, on security, the whole is greater than the sum of the parts.
Step 4. Train
“The ability to deescalate an internal threat situation is valuable training for every single one of your employees.” - David Cohen
- Insight 1. It is important for management to take the initiative to train all employees at onboarding and on an annual basis—on the plans, policies, and procedures around threat identification and mitigation including threat de-escalation training. Teach them how to watch for dramatic or unusual behavior and act on it. Help them confidently own their role to speak up and make sure they have immediate access to the tools and technology they need to reach management and law enforcement in the face of an escalated threat. Depending on the size of your organization, training can be a ½ day seminar, or a series of workshops that spans weeks or months.
- Insight 2. After hours, train all employees on the evacuation plan specific to your venue and their roles in moving people to and through locations in the venue, depending on the threat. Plan where you will all meet and the communication protocols for interacting with customers, security, and law enforcement in an active threat situation.
- Insight 3. Within legal bounds, it’s become increasingly important for organizations to know who is working for them. Use legal and available employee vetting and law enforcement services to do thorough background checks. One bad apple that somehow fell through the cracks can inflict far too much physical, property, and even reputational damage to your business. Be sure, if you let someone go, that you always conduct an exit interview to gauge potential rage or threat-based reactions. Teach your personnel how to manage and report any individuals they feel may try to cause harm.
My most recent blog covered how the tragic bombing of the Manchester Arena in 2017 took 22 innocent lives, and how 650,000 venues throughout the U.K. may now be required to adopt security mitigation protocols as a result. This U.K legislation was driven by many, including Figan Murray, the mom of 22-year-old Martyn Hett who died in that bombing.
Mark Sullivan and David Cohen have identified a series of four steps that organizations can take to thoughtfully and proactively increase protection for the innocent lives within their walls. The spike of gun violence is a multifactorial issue; everyone agrees on this. What’s required now is a stake in the ground commitment of people coming together to make real change happen to protect their people and places.