Today we continue our discussion on Acumen Capacity in the protection industry series. In this article, we will focus on the second of six dimensions “Practical Thinking”.
According to a study by the U.S. Army Research Institute for Behavioral and Social Sciences “Practical thinking is based on natural ways of thinking such as considering multiple perspectives, adapting thinking to situations, looking for hidden assumptions, and following guidelines for reasoning”. (Fallesen, Michel, Lussier, & Pounds, 1996). It is the capacity for common sense in decision-making and problem-solving to achieve goals.
Practical Thinking can also be thought of as street smarts, using the knowledge and experience you have and applying that to achieve a goal. This capacity is not about learning new information or analyzing. It is the capacity to use existing knowledge to achieve a goal in a common sense way. It has been said many times “common sense is not always common”. We have a proven process for discerning an individual’s capacity for practical thinking.
Benefits of High Clarity in Practical Thinking:
Ability to adapt to changing environments/situations
Open Mindedness to other possibilities
Having flexibility in the approach to problem-solving
Understanding how to get along with and talk to others
Ability to solve real-world problems
Ability to utilize all available resources
So the answer to today’s question…
“Does the way we think really matter” is ABSOLUTELY YES!
The way we think has a direct correlation to how we behave, perform, communicate, learn, listen, and interact with others. This collectively has a direct impact on your personal career and your organizations business results.
In the protection industry, I am sure you can see the value and importance of Practical Thinking to achieve assignment goals. In the ever-changing environment, shifting priorities, and the unexpected events which occur adapting and practical problem solving is a must have for any successful professional.
How many times have you worked with someone who seems to do things the hard way? This is often a lack of clarity for practical thinking. The individual may lack the ability to adapt or be open to other possibilities. They may be stuck in his or her own mind or routine and not see other alternatives.
Let’s consider for a moment an individual performing Protective Intelligence or Risk Analysis tasks.
Low Clarity with Negative Bias: the individual is likely to rush through the process resulting in missed details. This individual might also struggle communicating the intelligence work and plan created. Lastly, this individual may leave too much to chance and be reactive versus the proactive planning required. This increases the potential for a failed assignment or critical event.
High Clarity with Positive/Neutral Bias: The benefit of selecting the right professional for this assignment with high clarity and neutral or positive bias includes, proactive approach, more effective communication, quality results, and a more engaged professional.
Let’s take a little deeper look into this dimension of Acumen Capacity™
The Practical Thinking dimension is evaluated in two ways first is the clarity and second the individual’s bias. The clarity tells us how well the individual can discern values in situations in the outside world. Bias provides additional insights into how the individual sees the world around them.
If you have any questions, feel free to reach out and contact us!
Co-Authorized: Michael Delamere
Works Cited
Fallesen, J. J., Michel, R. R., Lussier, J. W., & Pounds, J. (1996, January). Practical Thinking?: Innovation in Battle Command Instruction. Retrieved from Defense Technical Information Center: www.dtic.mil/get-tr-doc/pdf?AD=ADA309755
Building a business case for security can often be a daunting task, presenting multiple challenges. Now there’s a solution, one that works and makes good business sense. It’s defining the real and measurable value your security business brings to any organization. We’ll discuss how to calculate the real value Corporate Security brings to an organization. It’s called Value Proposition, and it works.
The realization that the sum total of all our efforts was not producing the results we needed led us to look at applying proven business skills to Corporate Security. We asked ourselves about the basic business function of Security, that we couldn’t do today’s job with yesterday’s methods, and expect to be successful in the future.
We began to ask questions of ourselves – and not easy ones.
In taking an honest look at our department, what did we see?
What results were we actually producing?
How did we get there?
What did we need to do?
We also asked of ourselves, if we keep doing what we’re doing right now, where will we be in 1 year, 2 years, and 3 years?
Can we stop trying to explain the problems and start trying to solve them?
We agreed that we needed to train our people to propose solutions rather than keep asking for them.
We also asked the question as to what we learn from tough economic times.
Our answer was that when we are forced to face economic reality we need to do something different.
We asked ourselves this question: At what point do we stop doing what we’re doing and tell ourselves we could do it better?
If we don’t like what’s happening or what we’re getting, at what point do we change?
Why aren’t we anticipating change and preempting problems?
Value proposition mathematically is simply benefits minus cost (VP = B – C). It is a security statement that speaks to how security services addresses and/or solves problems or improves the company’s position. It describes how Security brings specific and quantifiable benefits to the company and tells the company how their security differentiates from other security models. The Value Proposition of Security also describes how Security contributes to the company’s productivity and it’s bottom line. “What we are about is helping the company run its business in a risky world.”[1] The value of Security to the company is its ability to identify and manage risk.
Corporate Security’s Value Proposition may be the most essential part of developing and evangelizing its business case.
Building a business case for Corporate Security is often a daunting task. Challenges include:
The company’s desire for profitability;
Corporate Security does not generate revenue; it’s viewed as a cost center;
The perception that Security adds to much too the business processes;
Determining just how much security is needed and for what;
Determining the level of risk to the organization, especially when there aren’t many incidents;
Workplace violence potential;
Employee conduct;
Terrorism
The budget for Corporate Security – is it ever enough? How do you maximize what you have and produce outcomes of value?
Protecting company information from hackers, viruses, and other concerns;
Security reporting within Security and to the executives;
Theft, loss, and other crimes – by personnel or external people. How does Security involve company employees in protecting themselves and company assets?
Achieving the Corporate Security mission and goals – do security personnel even know what they are?
Transforming a risk-averse, reactive security management model into a proactive, problem identification, results-based model;
Reducing attrition of security personnel;
Finally, optimizing security efficiency and effectiveness, and demonstrating articulable, measurable value to the company.
Given these issues, Corporate Security can address, mitigate, reduce, or even eliminate risk and loss, threats, and provide a workplace environment that enhances productivity and does contribute to the bottom line. There are three major elements that will drive Security’s value dramatically, allowing a quantifiable, measurable, and reportable value. These elements are derived from the Cooper Management Model, developed and implemented by Bill Cooper, Senior Security Manager and retired Chief of Police.
Part 1 – Lean Six Sigma’s Applicability to the Value of Security
By definition, Lean Six Sigma is a business philosophy centered on the relentless identification and elimination of waste, re-works, and redundancy from all processes so they flow at the rate of customer demand, at the same time improve the overall quality of the output. Lean Six Sigma is the optimization of value in all processes. Lean Six Sigma will provide exactly what is needed, when it’s needed, in the form it’s needed. In other words, business process simplification. Lean Six Sigma can be applied to anything. Lean Six Sigma is made up of principles, methods, and tools that are designed to improve the speed and efficiency of any process by targeting and removing unnecessary and wasteful steps or materials – Lean Six Sigma identifies bottlenecks found in processes and systems.
Lean Six Sigma provides a common foundation to support production of services (and goods) for our customers of value to the customer with a high degree of quality and minimal waste. The most significant benefit of Lean Six Sigma is the large-scale cost savings realized sooner rather than later due to streamlined processes. Lean Six Sigma’s goal is growth, not just cost-cutting, with emphasis on effectiveness, not just efficiency. Part of the overall strategy is to teach the organization not only how to improve, but how to innovate.
The need for more efficiency and effectiveness in virtually everything an organization does continues to grow and become more of a priority. Identifying and eliminating what doesn’t add value and reducing cost become more important every day.
Lean Six Sigma is continuous improvement, a process improvement methodology, a results-oriented, focused approach to quality. Lean Six Sigma minimizes mistakes and maximizes value and creates precision in the work. It measures and sets targets for reductions in problems and defects which translates into cost and time savings and dramatically reduces the chances of introducing errors in the future. Lean Six Sigma develops the practice of getting it right the first time.
Lean Six Sigma is the single most effective problem solving methodology for improving organizational performance. The evidence leads you to the real causes of problems, allowing easier solution generation. It improves the speed to completion – you don’t have to work harder or faster to produce more speed; this removes the barriers and obstacles, getting you from beginning to end faster.
Departments have inconsistency in their processes, systems, and services. Professional results demand consistency; inconsistency degrades good performance and inconsistency is all about waste, redundancy, and re-doing work that has already been done.
Any task that can be performed more efficiently and isn’t is an example of poor quality and increased cost – waste.
Benefits of Lean Six Sigma
Faster service
Higher quality
Lower cost
Increased performance
Increased credibility
Increased morale
Predictability
Part 2 – The Value of Business Intelligence to Decision Making
Security organizations collect large amounts of information and data as a result of their daily operations. Using that data to create usable information and actionable intelligence is a key element of good security management. Organizing the information in as near real time as possible and displaying it in a useful manner is critical to allowing proper decisions regarding deployment and actions required to provide the organization with measurable, articulable results. The purpose of a good business intelligence system is to improve the availability and quality of information useful for making more informed management decisions – based on facts.
Establishing a business intelligence architecture in your security organization can transform this raw data into meaningful and useful information. Business intelligence provides historic, current, and predictive views of your operations. If you were asked by superiors to provide essential information – facts – about the real results Security is providing, could you do it? Do you have quantifiable security performance metrics that show an improved state of security and safety in the organization? Do you have – and use – metrics that consistently and intelligently assess outputs and results?
Business Intelligence also provides Security with two further opportunities:
Good systems can help fix problems in the shortest time possible.
Better align strategy and execution; better deployment of staff and resources; better overall decision making that gets Security to achieving its goals.
Intelligence is crucial to managing security. When developing and deploying business intelligence, the broader the distribution the higher the return. The more real-time the intelligence distribution the more agility Security has in addressing security and safety issues and concerns.
This data-based analysis improves the quality of decision making throughout the organization by replacing hunches and guesses with data-based analysis. The ability to identify real causes allows Security to design and deploy solutions that produce results that are unmatched.
Producing business intelligence in a graphics-rich format allows faster, far more accurate deployment of staff and resources to real problems, producing real outcomes. This system additionally measures performance and accountability.
Based on the original NYPD CompStat program, this business intelligence system asks four questions, each requiring answers:
What’s working….why?
What’s not working…why not?
If it isn’t working what could we or should we do about it?
What new strategies need to be put in place?
The benefits of a good, robust business intelligence system include:
Delivers consistent information
Drives innovative problem solving
Gives a better view of reality and drives better decisions based on that reality
Improves communication – no spin
Saves time and cost
Enables fact-based decision making
Provides actionable intelligence
Drives an effective overall Security strategy
Enhances the ability to make superior decisions
Improves the ability to create effective plans
Optimizes performance of Security
Part 3 – Employee Involvement in Organizational Security
Organizations speak frequently about employees being involved in working with their communities to enhance their quality of life. These organizations seek to hire and retain good employees and Security is no different. The purpose here is for Security to partner with the organization’s staff and employees as a force multiplier in keeping the company safe and secure. By successfully doing this the company can reduce its costs, time to complete work, and improve its profit margin.
Employees, typically new to an organization, are provided with orientation that may include direction on how to keep themselves and corporate assets secure – most of this orientation is inadequate. If assets are lost or stolen, the cost to the organization may become very large. Risk of loss and vulnerability to loss increase proportional to lax behavior on the part of employees.
It is Security’s responsibility to assure assets and people are protected. In reality, Security traditionally follows a reactive management model, reporting loss or other issues after the fact. The value of Security increases exponentially as it transforms into a proactive, results-based model. By a proactive approach, security officers look for and identify security and safety issues, escalate them to the appropriate people, and follow up to assure they have been addressed.
Examples of real cases include the following:
Asset protection – proactively patrolling the company’s buildings security officers observed unsecured laptop computers by the hundreds after hours, even though employees had been given locking cables. Over 400 unsecured laptops were observed. Officers created a professional reminder card, reminding employees of the need to secure their assets. Officers signed, dated and placed the cards on the desks. In a 30-day period these unsecured laptops were reduced by 98% and kept there.
To calculate the value of this one security activity, assume 20 laptops per year were stolen. The value of the computer is about $1,500. The value of the intellectual property on the computer varies. Now, examine the time and loss associated with replacing the computer. Question 1 is how long the employee who lost the computer takes to get fully re-engaged. On average it is about 10 days – 2 weeks. Determine how many people are involved in reporting the loss, authorizing the replacement, ordering, preparing, shipping, and formatting the computer before it goes to the employee. On average the cost is between $10,000 and $20,000 per loss.
If 20 laptops are lost annually, the effective loss to the company is estimated to be about $200,000 – $400,000. As Security reduced that loss by 98%, Security saved the company some $196,000 – $392,000 in cost avoidance. By simply quietly and subtly engaging the employees in securing their own assets, Security saved a significant amount of money.
To further this example, Security conducted an assessment of access control on the campus. Each building required a card key to enter, but due to tailgating, employees letting people in, etc., Security determined 56% of the employees entering the executive building did not have or use an access card. With 17,000 visitors annually, Security and the company did not know who more than 9,000 of them were – a significant risk and vulnerability.
Security implemented random visits to visibly remind employees to use their cards and not allow tailgating, etc. In six months, a reduction of 90% was realized, resulting in 8,500 fewer people entering than previously. Security’s random reminders to employees had those employees reminding fellow employees, visitors, and others to use a card key to get in.
Look at the cause and effect relationship to establish real value of Security. The report to the C-Suite stated that people had less than a 10% probability of entering one of the buildings, and f they did get in, had less than a 2% probability of taking something of value.
Overheating IDF/MDF rooms – server farms – this company had 10 such rooms. If the rooms got to a certain temperature level, they overheated and shut down. It cost $100,000 to reboot them and get them in working order. The security officers proactively began to check each room on each shift. In a 1-year period, they found the rooms overheating 184 times. The officers acted on the spot and prevented the loss to the company.
By proactively patrolling, looking for problems, the officers saved the company more than $18,000,000 annualized.
We’ll next look at, define, and establish the value proposition of Security in any organizations.
Part 4 – The Value Proposition of Security
Value proposition is a clear, compelling, and credible statement of the experience the company will receive from Security. Value propositions work because they force Security to focus resources where they are needed; articulating this value increases the visibility and presence of Security in the organization. The presence of properly managed Security allows the organization and its employees to enhance productivity and optimize performance, decreases costs and issues and increase profit.
Security needs to ask and answer these questions to describe itself and begin to articulate its value:
Where does Security excel?
What does Security actually do that lowers costs in the organization and helps increase profit?
What does Security do that helps the organization improve quality and eliminate problems, waste, redundancy, and non-value add elements?
What are the core competencies of Security?
What benefits does Security provide the organization to employees or systems that allows them to be better than they were?
Recall that Value Proposition is simply Benefits minus Costs (VP = B – C). To calculate value use that formula. Assume the cost element is the Security budget. Using the previous case study involving IDF/MDF rooms we determined that Security’s proactive patrol model resulted in more than $18,000,000 in cost avoidance. In this instance the Corporate Security budget was $9,000,000. The Value Proposition is benefits minus cost, or $18,000,000 – $9,000,000, or for every dollar spent on Security, Security returned two dollars. This is just one example; imagine doing this for each instance. In this case Security told the C-Suite that for every dollar invested in Security, Security was returning between $2 and $100 – quite a compelling ratio.
In the instance of unsecured laptop computers, the cost of the reminder cards was about $200. The cost avoidance at the lower end was $200,000, so in this case for every dollar invested in Security, Security returned $1,000. This is yet another compelling statement.
Tying the Parts Together
Any one element of these models works very well as a stand-alone system; each has been proven successful in its own right. The strength of each part is amplified when they are combined into a single management model.
Employee Involvement reduces the burden on Security by acting as a force multiplier to Security, freeing time and cost.
Lean Six Sigma eliminates suboptimal processes, further reducing time and cost and freeing security resources.
The Business Intelligence Decision Support System laser focuses your security resources to where they’re needed, what they’re needed for, and how they’re needed. The randomness of patrols is refocused.
Value Proposition demonstrates the true value of Security to the organization, clearly showing measurable, articulable results. These results are formatted graphically into the reports prepared for executives, each of which provides an enhancement to the organization’s financial and operational positions. The bottom line is dramatically improved.
Finally, “Do not lose sight of the fact that you are the core to your venture’s value proposition. What solution can you deliver uniquely well? What kind of disruptive business model can you bring? Be true to yourself as a thought leader and you will go far.
Chief Security Officer Online, August 1, 2003. Security’s Value Proposition.
The Cooper Management Model, copyright 2010, 2015. Bill Cooper.
Leading Beyond Tradition: Exceeding Expectations in Any Economy, Cooper, William E., 2012
Leading Beyond Tradition: Exceeding Expectations in Any Economy, Cooper, William E., 2015
Serving US: Seattle, Bellevue, San Francisco, San Jose, Sunnyvale, Cupertino, Fremont, Milpitas, San Mateo, Palo Alto, Sacramento, Los Angeles, Orange County, San Diego, Las Vegas, Reno, Portland, Vancouver WA, Honolulu, Denver, Salt Lake City, Dallas, Houston, San Antonio, Austin, Chicago, Columbus, Atlanta, Tampa, Orlando, Miami, Charlotte, Washington DC, New York City, Boston
Serving International: Vancouver Canada, Mexico, Guatemala, Panama, Brazil, Argentina, Chile, Peru, Ireland, United Kingdom, France, Spain, Italy, Switzerland, Germany, Czech Republic, Netherlands, Poland, Hungary, Turkey, Ukraine, Russia, Saudi Arabia, United Arab Emirates, South Africa, Kenya, Nigeria, Algeria, Egypt, India, Bangladesh, China, Thailand, Cambodia, Vietnam, Philippines, Indonesia, Japan, South Korea
What if I could hand you a crystal ball for your talent selection and hiring decisions? How awesome would that be? What if you could know in advance your talents potential for success, risk of turnover, potential conflicts and more all before they occur? These are a few benefits of job benchmarking and predictive analytics.
How amazing would it be to see under the surface of your existing talent and future applicants to see if they have the Capacity to do the job or the assignment? Using the most current validated and reliable tools that meet EEOC and OFCCP requirements we can provide powerful insights. What is the likelihood an individual will be successful in your organization and for specific assignments? Granted there is nothing 100% certain in life. However, with when using people science we can significantly increase the odds of success!
It is easy to see if an individual has the pre-requisite training, certifications, and relevant experience. Those are all above the surface and easy to detect and validate. However, these hard skills are just telling you if they CAN do the job. What they do not tell you is, do they have the CAPACITY to do the job? Do they have the POTENTIAL to grow?
So, what doescapacity even mean? Great question, the short answer is an individual’s CAPACITY to do the job at the required level of performance along with their POTENTIAL for growth.
“The stronger a person’s acumen, the greater his or her ability to make distinctions in how they view themselves and the world around them. Everyone’s brain has a unique thought process or model through which they filter and assess their views of the world. These patterns of thought determine the natural talents that people bring to any situation or role. Therefore, understanding these patterns enables people to apply their potential”
How does this connect to your organizations talent?
The following info-graphic provides an easy to understand visual. Here we have two vehicles representing your talent. Both are doing the same job, in this case traveling at 80 mph. However, one vehicle is running at almost max capacity without much else to give. They are running much hotter to coin an automotive phrase. While the other individual has double the capacity left, running cooler, and plenty potential left.
Which would you rather have on your team or placed on an assignment? The one who is working twice as hard to be successful, maxed out & possibly on the edge of breaking down. Compared to the alternative individual who requires half the effort to complete the same work.
Those with low capacity are more likely to burn out, make poor decisions, be unreliable, leave the position, and unable to take on any additional responsibilities. These individuals are more likely to increase your risk for liability. While those with higher clarity will be less stressed, more stable, high performing, flexible, resilient, and not as likely to make costly bad decisions minimizing your risk.
Additionally, having this amazing insight to your talent provides you the opportunity to create personalized development plans where needed. The talent is set up for success from day one with the training and development needed to reach his or her full potential.
Top 5 Benefits to Your Organization?
The benefits of this process are countless ranging from
Improved Team Performance
Mitigated Risk Factors
Increased Job Satisfaction by Everyone
Enhanced Client Experiences
Increased Profitability
And more…
Introduction to Acumen Capacity Index?
One of the People Science tools we will discuss in this and future articles is called Acumen Capacity Index (ACI) ™. The Acumen Capacity Index is based on a proven scientific methodology called Axiology developed by Dr. Robert S. Hartman in 1967. Dr. Hartman’s work “Foundation of Scientific Axiology” resulted in his nomination for a Nobel Peace Prize in 1973.
Acumen Capacity Index looks at three dimensions/values of an individual:
These three dimensions are broken down into six variables split between World View and Self View.
World View variables are Understanding Others, Practical Thinking & Systems Judgement.
Self-View variables are: Sense of Self, Role Awareness, & Self Direction
Each of these variables is essential for high-performing professionals & organizations. Whether it’s an Executive Protection Specialist, Work Place Violence Protection Specialist, Special Event Protection Manager, Security Driver, Security Guard, Loss Prevention/Asset Protection roles, or any protection position. Even high net worth individuals like Jack Ma of Alibaba understand the importance of People Science in their own business endeavors. Listen to his remarks around the 5:40-6:15 minute mark in this video. At PRS, we have adopted this (and more) into our hiring practices in talent selection strategy for all of our protective and consulting services personnel that are on staff. Feel free to reference PRS Radio Show #13 for more detailed information!
We will share in more detail throughout upcoming articles in this series.
Stay tuned to learn more!
If you have any questions, feel free to reach out and contact us!
Co-Authored by Michael Delamere
Trusted Global Private Security Services
Serving US: Seattle, Bellevue, San Francisco, San Jose, Sunnyvale, Cupertino, Fremont, Milpitas, San Mateo, Palo Alto, Sacramento, Los Angeles, Orange County, San Diego, Las Vegas, Reno, Portland, Vancouver WA, Honolulu, Denver, Salt Lake City, Dallas, Houston, San Antonio, Austin, Chicago, Columbus, Atlanta, Tampa, Orlando, Miami, Charlotte, Washington DC, New York City, Boston
Serving International: Vancouver Canada, Mexico, Guatemala, Panama, Brazil, Argentina, Chile, Peru, Ireland, United Kingdom, France, Spain, Italy, Switzerland, Germany, Czech Republic, Netherlands, Poland, Hungary, Turkey, Ukraine, Russia, Saudi Arabia, United Arab Emirates, South Africa, Kenya, Nigeria, Algeria, Egypt, India, Bangladesh, China, Thailand, Cambodia, Vietnam, Philippines, Indonesia, Japan, South Korea
Premier Risk Solutions LLC (PRS) has created a new, fresh approach towards the Executive Protection industry. After listening to a group of cross representation of select end-users and subject matter experts, we have listened to the current and future opportunities that they have identified, gaps in the marketplace when considering the qualities of an individual agent(s) on Executive Protection assignments, and what the industry is already doing at a high level.
This dialogue and research have lead us to partner with Career Path Consulting & Development to charter into People Science utilizing Science of Self™ to create a Personalized Culture Fit™ program in Executive Protection, Secure Transportation, Workplace Violence Specialist, Special Event Management, and Security Consultant roles. This PRS Radio segment discusses the science and application of this new offering to clients and ultimately the next step in the evolution of the protective services industry.
Trusted Global Private Security Services
Serving US: Seattle, Bellevue, San Francisco, San Jose, Sunnyvale, Cupertino, Fremont, Milpitas, San Mateo, Palo Alto, Sacramento, Los Angeles, Orange County, San Diego, Las Vegas, Reno, Portland, Vancouver WA, Honolulu, Denver, Salt Lake City, Dallas, Houston, San Antonio, Austin, Chicago, Columbus, Atlanta, Tampa, Orlando, Miami, Charlotte, Washington DC, New York City, Boston
Serving International: Vancouver Canada, Mexico, Guatemala, Panama, Brazil, Argentina, Chile, Peru, Ireland, United Kingdom, France, Spain, Italy, Switzerland, Germany, Czech Republic, Netherlands, Poland, Hungary, Turkey, Ukraine, Russia, Saudi Arabia, United Arab Emirates, South Africa, Kenya, Nigeria, Algeria, Egypt, India, Bangladesh, China, Thailand, Cambodia, Vietnam, Philippines, Indonesia, Japan, South Korea
Being able to share information instantly with just a push of a button, the click on the keyboard, or in casual conversation, it’s easy to forget the importance of maintaining operational security for an EP assignment. Often, critical data is transmitted and shared throughout the assignment. Sometimes seemingly innocent factors such as particular Internet connections and casual conversation can be a hindrance and even potentially, a direct threat.
The five steps of operational security include determining the scope of critical information, developing threats, identifying weaknesses, calculating risks and ultimately implementing countermeasures. As professionals, when we address each of these areas there are multiple opportunities to make a mistake and reveal something that could be detrimental to the integrity of the assignment.
Critical Information
After handling many operations, we must remember that the information we request initially (the who, what, when, where, and how of the assignment) is basic to our preparation and often the most vulnerable element. We are given a significant amount of detail regarding our principal’s movement and itinerary that must be handled prudently. As we come in contact with people during the advance, we must decide what pieces of information we are able to parcel out to them based on our need for their support and conversely, what pieces of information we must keep close to the vest. This first step is identifying what type of information is critical and examples include:
The name of the principal.
The schedule of events.
The method of travel and movement.
Residential, lodging and transportation details.
Just the fact that security is present (which often provokes interest where none may normally have been shown).
Not everyone that we come in contact with during the advance should be privy to these details and in fact, if they don’t already know a piece of information, we should be very cautious about giving it to them. For example, a hotel manager may be aware of our principal’s name and room number, but not any elements of the itinerary during the stay. It’s sometimes easy to assume that since they are aware of one piece of information, that it’s okay to reveal additional pieces of information. We should be very cautious of casual conversation that could potentially lead to areas for compromise. A difficult choice of balance may occur when we have a recognized principal attending an event where we need to have special considerations made for entry/exit, movement and seating. As much as we may be hesitant to reveal who our client is, we must weigh that against our ability to garner assistance from, for example, an event staff manager or security manager. When choosing to provide the identity of the client to these individuals, we must also factor in the timing of revealing that information. Giving it to them a week prior opens the possibility of a greater risk than were we to reveal it just an hour or two before the event.
With regards to identifying the presence of security, this can play an important role. If the principal is not recognized by name and/or previously associated with a known security team, it’s often best to downplay our role to those with whom we come in contact. If we tell outside individuals that we are protective agent, this can sometimes cause more interest than if we were to just say we are providing security assistance or transportation assistance. The choice of wording and the approach should be made with discretion.
Threats, Weaknesses and Risks
We should keep in mind that threats may come from those who may be monitoring what we are doing and who are looking for patterns. It’s important to remember that the repetition of doing things the same way, traveling the same routes could put the assignment at risk. If you decide to review open source information regarding your principal (to stay on top of what may be reported about them through the Internet and the media) just keep in mind that those wishing to do harm also have access to that same open source information. Your principal’s company may have a media or public relations department that, through press releases and other marketing, may inadvertently reveal details affecting operational security.
An often-overlooked consideration is utilizing Internet connections that are unsecured and notoriously vulnerable to compromise. The next time you decide to connect to the free Internet provided at a coffee shop, you should think twice about doing so.
In a 2017 Mobile Security Report by IPass, there was a survey conducted of over 500 CIO’s and IT decision-makers with results that were not terribly surprising. In the report, 78% of those surveyed indicated that coffee shops were the top three most dangerous places to have access compromised. Accordingly, “C – Suite” executives were deemed most vulnerable. Of the US companies surveyed, they ranked unsecured networks highest in their “degree of concerns”, yet still acknowledged allowing public WiFi and MiFi use. Sadly, only 36% of the US companies took measures to ban employee use of these hotspots all the time. Even more concerning is that often security practitioners are not required in any way to adhere to these policies.
78% of those surveyed indicated that coffee shops in the top three most dangerous places to have access compromised
It’s very important to consider alternatives such as using your own cell phone’s data plan or bringing along a separate secured connection that you can use.
Countermeasures
As you make efforts to arrange elements of the logistics for the coverage of your principal, you should decide where your potential weak points are and review the dissemination of information accordingly. It’s best to develop information about who has already been provided details of your client’s arrival and what type of details they were given. As sometimes this prior dissemination is out of your control, it’s important to decide what steps you must take after the information is already out. If the principal is recognized and giving an announced presentation, it’s very hard to control information in that regard. Similarly, if they are booked into a hotel, then the registration, bell and cleaning staff may also be aware of their presence. Although there may not be much that you can do at this point, you at least have some other times in between where your itinerary and movements may only be known to you. For example, if your client was planning on going to a particular restaurant or attending a particular event your advance may require contact with staff at these locations. I have found that doing additional advance work for other locations (even if they weren’t going there) would add a measure of security. If information were somehow revealed to a potential threat, and to their knowledge there were multiple options for dining, it would make it more difficult for them to pinpoint an exact location at a specific time.
It would not be unusual to throw out a “red herring” even to event staff, other location’s security and those outside of the protective team so as to keep critical information from being passed along by these people. By keeping the details vague and indicating that sometimes “the client changes their mind” about things at the last minute, it allows you to have the flexibility of not being pinned down at a specific location at a specific time – despite the fact that you might already know that you are. The irony is, that oftentimes your client will make last-minute changes anyway.
Although it’s debatable whether one should be entirely truthful with the hotel or event security, just keep in mind that whatever you provide them loses its security integrity as soon as they know. It is not without reason to assume that a hotel security manager would almost immediately share confidential details with his or her staff the moment you walk out of their office. Overall, this is not meant to be a comprehensive review of operational security, but just a reminder to keep that in the forefront of your thinking and planning for each and every assignment.
Trusted Global Private Security Services
Serving US: Seattle, Bellevue, San Francisco, San Jose, Sunnyvale, Cupertino, Fremont, Milpitas, San Mateo, Palo Alto, Sacramento, Los Angeles, Orange County, San Diego, Las Vegas, Reno, Portland, Vancouver WA, Honolulu, Denver, Salt Lake City, Dallas, Houston, San Antonio, Austin, Chicago, Columbus, Atlanta, Tampa, Orlando, Miami, Charlotte, Washington DC, New York City, Boston
Serving International: Vancouver Canada, Mexico, Guatemala, Panama, Brazil, Argentina, Chile, Peru, Ireland, United Kingdom, France, Spain, Italy, Switzerland, Germany, Czech Republic, Netherlands, Poland, Hungary, Turkey, Ukraine, Russia, Saudi Arabia, United Arab Emirates, South Africa, Kenya, Nigeria, Algeria, Egypt, India, Bangladesh, China, Thailand, Cambodia, Vietnam, Philippines, Indonesia, Japan, South Korea
Whether your business is global or local, at some point real-time security information and operations will be vital to the continuity of your business. Some larger companies have created a Global Security Operations Center (GSOC) that may also include regional centers. Other firms create a Security Operations Center (SOC) that helps manage security and resources within a single state or region. For this article we will use the term SOC for simplicity, as not all companies are global in footprint.
This article will provide some insight into some of the considerations our clients have wrestled with, the GSOC/SOC benefits they seek, and some steps we use to design a SOC.
The Security Operations Center (SOC) – A Good Business Practice
THE BRIEF HISTORY
For over 75 years government agencies and other entities learned the value to the organization provided by a central nerve center. A center that monitors various technology systems, live situations, or events, protects and directs personnel resources, and provides a hub for the organization’s quick response to a wide range of events that require immediate attention. Military organizations the world over utilize the principles of Command and Control.
While we were all impressed with NASA’s “Mission Control Center” during a space mission launch, crisis situations like the “Bay of Pigs” operation requiring a Global Security Operations Center (GSOC), and post-9/11 US Transportation Security Administration (TSA) new operations centers to communicate, collaborate, and coordinate, may not be so well known.
There are many types of operations centers, and today they include:
Global Security Operations Center (GSOC)
Security Operations Center (SOC)
Mission Operations Center (MOC)
Threat Operations Center (TOC)
Emergency Operations Center (EOC)
Network Operations Center (NOC)
THE PURPOSE OF THE SECURITY OPERATIONS CENTER (SOC)
More than any time in our history, business entities face an infinite number of internal and external threats and risks. We have deployed various security technologies to help protect our staff, visitors, and assets:
Video Monitoring/CCTV
Access Control Systems
Intrusion Detection
Duress Alarms
Communications Systems
Possible IT Network Security Integration
Support to onsite Emergency Response Team (ERT)
Post-9/11 the proliferation of security technology created an array of challenges, such as:
Large amounts of data being stored, with data and systems being un-utilized or under-utilized
Disparate security systems, platforms, and applications
Failure to effectively monitor thousands of alerts and respond to events proactively
Increased regulatory compliance issues and consequences for failures
A disconnect between the people and the technology
Gaps in the integration of disparate systems
Timely communications failures
Reacting to data and information that is stale
Failure to protectively respond to alerts, before they become a crisis
High costs associated with “crisis response”, verses a Proactive Program
The Security Operations Center (SOC) provides the place for organizations to monitor developing situations, analyze the risks in real-time, and proactively respond before something becomes a crisis. As crisis response is extremely costly, the investment in a SOC helps conserves corporate resources, while clustering them to realize a savings.
CONTEMPORARY BUSINESS REQUIREMENTS
The mission control center is no longer something just for NASA or rocket scientists. Today’s SOC serves a set of vital functions that are common to many other business operations. Just as various business units will monitor a variety of business requirements and respond to them, the SOC helps apply the same business process to all matters related to security.
Just as the Finance Department monitors federal, state, and local regulations, taking appropriate proactive actions to keep the organization in compliance, the SOC monitors information in real-time, analyzes this data, and coordinates a measured response to protect people and assets proactively. Today’s business environment requires a high degree of internal and external situational awareness.
Building A SOC – Modern Cost and Risk Factors to Consider:
A highly mobile workforce that requires greater protection
Active threats, risks, and corporate responsibilities extending far beyond the buildings, campus and local area – Business is now global
The ever-emerging “All Hazards” landscape requiring agencies to address weather, wild fires, traffic/travel, seismic disturbances, man-made and natural events, active threats, local radical/reactionary group protests, home-grown and international terrorism
A heightened need for corporate intelligence and situational awareness
Increasing distrust, threats, and violence again government and quasi-government agencies
Significant legal action, court awards, penalties, and public outrage post-incident when response is slow or lacking
Large investments in current security technology with resulting data going to waste (storage)
Inefficient in deploying manned security resources and failing to maximize return on investment
DUTY OF CARE
The US Department of Labor’s Occupational Safety and Health Administration (OSHA) have enforced standards, rules, and regulations in the workplace since the Occupational Safety and Health Act of 1970 (OSH Act). Over the past few years, with workplace violence on the rise, OSHA and numerous court decisions have shined a spotlight on the OSH Act’s “General Duty” Clause (Section 5(a)(1).
It is now recognized that “Employers have a responsibility to provide a safe workplace”. This requirement is applicable to physical work spaces, as well as employees working off-site and traveling on company business.
From OSHA Guidance to Industry:
“Under the General Duty Clause, Section 5(a)(1) of the Occupational Safety and Health Act of 1970, employers are required to provide their employees with a place of employment that is “free from recognized hazards that are causing or are likely to cause death or serious harm.”
The courts have interpreted OSHA’s general duty clause to mean that an employer has a legal obligation to provide a workplace free of conditions or activities that either the employer or industry recognizes as hazardous and that cause, or are likely to cause, death or serious physical harm to employees when there is a feasible method to abate the hazard.”
“An employer that has experienced acts of workplace violence, or becomes aware of threats, intimidation, or other indicators showing that the potential for violence in the workplace exists, would be on notice of the risk of workplace violence and should implement a workplace violence prevention program combined with engineering controls, administrative controls, and training.”
While a SOC will greatly assist the organization to address Duty of Care in a professional and responsive manner, this comprehensive business approach will clearly show proof of the organization’s commitment to protect people, assets, data, and places.
WHAT THE SOC PROVIDES TO THE ORGANIZATION
Unified Command – The basic principle of incident response is to provide a single command that directs the response to any incident or event. The SOC serves this purpose in real-time, with systems enhanced with artificial intelligence and analytics.
Monitoring of Real-time Security Video Feeds
Active Maintenance, Monitoring, and Response Perimeter
Gatekeeper for All Campus Access and Visitor Management
Real-time Monitoring and Analysis of Data – Speed & Actionability
Live Security Incident Reporting & Management
Live Area Incident
Weather / Wild Fire / Environmental / Seismic
Traffic
Staff Travel
IT Network Monitoring (optional)
Mass Notification – A Proactive Response Mechanism for Two-Way Communications Capabilities 24/7/365
Inclusion of New or Next Version Artificial Intelligence (AI), Plate and Facial Recognition, and Analytics Tools
The Concept of Continuous Prevention – In Real-time Operational Risk Management
Supportive of Basic Security Principles: Delay – Detect – Respond
Ability to Recover More Quickly from a Breach
Enhanced Protection of Staff Working Remotely or in Isolation
Far Less Costs Being Proactive vs. Reactive or Funding a Crisis Response Effort
Resources – The SOC is a place where all the resources of the organization are known and can be deployed quickly. From alerts of temperature issues in IT server rooms, to a broken pipe causing flooding within a building, the timely awareness and hailing of repair resources can salvage vital business assets. Whatever the problem or event, the SOC operator will have a ready list of response resources to call always to mitigate any active threat. While it is not advisable to flood SOC staff with numerous non-security responsibilities, business unit functions that are directly related to security and life safety, can be supported by the SOC.
Readiness – An organization that commits to a SOC is affirming its dedication to readiness. While other organizations may switch to “panic mode” and fumble to respond appropriately, the design, data feeds, SOC Operator training, and testing will ensure organizational readiness 24/7/365. The introduction of smart security tools such as recognition, AI, analytics, and other new or next version technologies allow the SOC to work smarter, with an additional level of readiness. Continuous Prevention is the organizational and SOC objective.
Proactiveness – The very nature of the SOC is to be the organization’s alert apparatus always and provide the proactive response mechanism that provides a steady and knowledgeable operation of trust. Apart from responding to any developing crisis, the SOC can provide helpful and sometimes lifesaving information to staff. This information and communications could be related to pending severe weather, the sudden shift of a wildfire, or a traffic incident with a mass warning to impacted staff, allowing for a detour or avoidance, for safe passage to work.
COST BENEFIT TO THE ORGANIZATION
A Security Operations Center will be a valuable tool to the organization through the provision of Continuous Prevention. In addition to the many functions the SOC actively delivers to keep people, data, and assets safe and secure, the SOC presents opportunities for cost savings.
Remote Assessment
False Alarm Reduction
Duress Technology – Life Safety
Working Alone /Remote Staff Monitoring
Monitoring and Mass Notification Warnings – Severe Weather/Terror Strikes/Disasters
An example of cost savings would include a strategy to deploy Remote Assessment. As the SOC is built out, strategically placed cameras with audio capabilities can be integrated with remote controllable hardware, and possible mobile devices that allow a single security officer in the SOC to preform Remote Assessment of many doors and locations around the entire campus. The technology becomes a force multiplier, thereby reducing the costs associated with manned security, while providing an enhanced level of protection to the organization.
Monitoring and analysis of data is a real-time function of the SOC. Some of the data being scrutinized are intrusion detection/alarm system. A SOC operating 24/7/365 can assess these alarms and determine legitimate from false alarm, thereby reducing the costs associated with false alarm response.
In support of a workplace violence / active threat prevention program, inexpensive duress technology can be incorporated into the current prevention plan to raise the bar in providing proactive actionable intelligence prior to a full-blown event. This is a very important life safety benefit that can be delivered by the SOC systems and staff.
Whether staff are working remotely or in an isolated area of the main campus, the SOC can provide an immediate link to remote or isolated working staff through many voice and signal technologies. The SOC increases compliance with General Duty of Care provisions, while providing a potential lifeline and peace of mind to isolated or remote working staff.
SAMPLE IMPLEMENTATION PROCESS AND CONSIDERATIONS
Depending on the client and their needs and desires, PRS follows this flexible process. It is provided here to give you an idea of the planning process. If you have not yet selected a site for your GSOC/SOC, then one of your first missions will be to conduct an All Hazards Assessment of the possible sites, in order to narrow the choice. If your SOC operations are critical to your business and you require 99.999% reliability and up-time, then careful site selection will be even more critical. The Public Safety Access Point (PSAP) / 911 Center is generally a post-disaster facility with redundant utility runs from two or more compass directions. If 99.000% (or 5 nines) is necessary, then you need to soberly consider your site, threats, risks, and vulnerabilities, as well as the ease of running redundant utilities and systems.
Sample Phased Implementation
Phase 1 – SOC Conceptional Design Process
The Security Operations Center project would take a conservative phased approach. Initially, a SOC Conceptional Design Process will seek to quantify technical needs with rough order of magnitude budget, functional requirements, as well as to document SOC operational expectations will. This initial phase will flow as follows:
Fact-Finding – In addition to engaging stakeholders, the nature of the SOC requires sober information and data analysis. By examining information through the lens of several internal and external sources, we can determine the features and design principles we need to accommodate. This phase of research and analysis is accomplished off-site.
Stakeholder Engagement – Our experience has shown that early engagement of the client’s stakeholder group is imperative to the success of the SOC. As State Fund will be making a significant investment in this center, we need to confirm what services and expectations the stakeholders will be anticipating, and how they can best be delivered by the SOC now and in the future. If this vital engagement does not happen, costly retrofits may be required going forward. This work is best accomplished on-site.
On-Site Study – Following an off-site research and analysis phase, PRS will launch into the stakeholder engagement and on-site study portion of the work to that conserves client resources. By examining the physical plant with any constraints, limitations, and requirements, PRS takes our collective data analysis and applies this knowledge to site reality.
Numerous important design considerations will be assessed and research, with deliverables to include a Security Operations Center Conceptual Design Document that answers:
What design elements are required externally to support an SOC – materials and infrastructure
What should be housed in the SOC and what features will support long-term monitoring needs
The essential services are expected by the organization and to be services by the SOC
Based on emerging trends – What technologies should be included in the SOC (phased in)
Details of SOC manpower requirements, proposed selection process, and training needs
A Rough Order of Magnitude (RoM) projection of costs and suggested phase in plan, so that the decision makers have an informed implementation path to match with budget processes and timelines
Next Steps Plan
Phase 2 – First Layer Build-out and Integration
During this phase, the initial build-out of the physical space for the SOC will take shape and integrate perimeter video and intrusion detection system. As the organization benefits from this initial layer of situational awareness and continual prevention, the systems will be incorporated and expanded to other locations and terminated into the SOC, as costly manual or manned processes are eliminated.
As project phases and budgets are approved, the holistic SOC will seek to incorporate:
Multi-Campus Access and Visitor Management
Multi-Campus Video with Artificial Intelligence (AI) and Analytics
Enhanced Protection Systems – Staff Working Remotely or in Isolation
This process sample should help you with your planning and building of a business case. If done properly, the GSOC/SOC can be the crown jewel of your security organization. Proving its value and active vigilance that will prove vital to your business. By directly connecting the business with security, you will be well on your way to building a a contemporary corporate security organization that will stand the test of time.
Trusted Global Private Security Services
Serving US: Seattle, Bellevue, San Francisco, San Jose, Sunnyvale, Cupertino, Fremont, Milpitas, San Mateo, Palo Alto, Sacramento, Los Angeles, Orange County, San Diego, Las Vegas, Reno, Portland, Vancouver WA, Honolulu, Denver, Salt Lake City, Dallas, Houston, San Antonio, Austin, Chicago, Columbus, Atlanta, Tampa, Orlando, Miami, Charlotte, Washington DC, New York City, Boston
Serving International: Vancouver Canada, Mexico, Guatemala, Panama, Brazil, Argentina, Chile, Peru, Ireland, United Kingdom, France, Spain, Italy, Switzerland, Germany, Czech Republic, Netherlands, Poland, Hungary, Turkey, Ukraine, Russia, Saudi Arabia, United Arab Emirates, South Africa, Kenya, Nigeria, Algeria, Egypt, India, Bangladesh, China, Thailand, Cambodia, Vietnam, Philippines, Indonesia, Japan, South Korea
Premier Risk Solutions LLC (PRS) has created a new, fresh approach towards the Executive Protection industry. After listening to a group of cross representation of select end-users and subject matter experts, we have listened to the current and future opportunities that they have identified, gaps in the marketplace when considering the qualities of an individual agent(s) on Executive Protection assignments, and what the industry is already doing at a high level. Based on their experience working with Executive Protection providers these are the top five areas that they deem are most important for agents:
High-Level Professionalism & Appearance
Ability to Communicate at All Levels
Experienced Personnel
Responsiveness
Flexible and Adaptable
In short summary, these five qualities are required for an ideal candidate for Executive Protection agent positions can be summed up as highly trained, situationally aware, emotionally intelligent individuals who represent and carry themselves (and ergo their employer and client/principal) extremely well. Often the hard skills associated with the job (concealed weapons permit, education, previous training and related) are easy to identify through the talent selection process. It is the soft skills and emotional intelligence which are much more difficult to quantify and clarify with a level of certainty. We believe this is where the greatest opportunity for fitting the client needs rests.
PRS has developed our own Personalized Culture FitTM program that utilizes science of self methodologies creating custom job benchmarks for our staff to integrate into our client’s corporate culture and structure.
Using the PRSMeridian ModelTM, PRS’s senior management team will gain insight into unique needs and culture-specific tailoring to our approach in providing Executive Protection services. We are able to provide our client with a robust concept of how an Executive Protection program deployed can offset and/or prevent organizational strife during challenging times of a minor, moderate, or major incident. Our model details ten (10) categories of consideration and discussion with our client to help articulate the value of an Executive Protection program.
In doing so, PRS and our client obtain a deeper relationship with each other to employ best practices and show true value to the client organization. Utilization of the Personalized Culture FitTM program is our unique approach to talent selection. We can provide validated and reliable empirical data that has been proven EEOC & OFCCPcompliant to ascertain Behaviors, Driving Forces, Acumen Capacity Index, and Competencies for each job benchmark/role identified for the final candidates to be considered for the position. In doing so, we can provide an additional level of comfort and definitiveness to our clients that the final candidate(s) selected for the role(s) will be a great match. The longer-term implications for this include reduced turnover, higher job satisfaction, engaged employees, and a more satisfied client when the proper fit is established and maintained. Bottom line, relationships matter, and knowing our client’s unique needs for consistency and reliability is of utmost importance to PRS and the next evolution in Executive Protection.
Trusted Global Private Security Services
Serving US: Seattle, Bellevue, San Francisco, San Jose, Sunnyvale, Cupertino, Fremont, Milpitas, San Mateo, Palo Alto, Sacramento, Los Angeles, Orange County, San Diego, Las Vegas, Reno, Portland, Vancouver WA, Honolulu, Denver, Salt Lake City, Dallas, Houston, San Antonio, Austin, Chicago, Columbus, Atlanta, Tampa, Orlando, Miami, Charlotte, Washington DC, New York City, Boston
Serving International: Vancouver Canada, Mexico, Guatemala, Panama, Brazil, Argentina, Chile, Peru, Ireland, United Kingdom, France, Spain, Italy, Switzerland, Germany, Czech Republic, Netherlands, Poland, Hungary, Turkey, Ukraine, Russia, Saudi Arabia, United Arab Emirates, South Africa, Kenya, Nigeria, Algeria, Egypt, India, Bangladesh, China, Thailand, Cambodia, Vietnam, Philippines, Indonesia, Japan, South Korea
