I called a vendor the other day, needing to resolve a problem.  From the moment the customer service agent picked up my call, I knew I was in trouble.  Unprofessional on every level, his communication skills were weak: he wasn’t listening closely to me nor was he explaining himself clearly.  He was poorly versed on the information I needed and showed a lack of motivation to solve the issue.  He was not mission oriented.  Sadly, although this vendor company is a good one, at the end of the day, it’s all about the people.  They are the face of any company and can hold the key to its success or failure.

In the case of security services, having good people is even more critical.  The protection of lives and assets lies directly in their hands.  Although choosing the right person for a job is important, subsequent training is absolutely critical.  Without effective training, even the right people will not do a good job.  And with effective training, even weak workers can come up to speed.  (more…)

In 1945, the Russians gave U.S. Ambassador Harriman a gift of an intricately carved wood replica of the Great Seal of the United States.  This goodwill gesture was delivered by school children.  The seal was displayed in his office in Moscow for seven years until 1952, when an electronic countermeasures sweep discovered that the seal was bugged.  The CIA, which was initially confounded by the workings of the device, dubbed it The Thing. It had no power or active electrical components.  Eventually it was determined that a radio signal on the correct frequency would activate the small device, remotely, a technology that made it very difficult to detect.  Léon Theremin, a Russian inventor who created this first electronic listening device, was highly awarded by his country for his achievement. (more…)

Can you beat a polygraph?

Aldrich Ames, arrested in 1994 for spying that resulted in the death of ten CIA agents, passed two polygraph tests while working for The Company.  Ana Montez passed the polygraph test she was given when she first joined the DIA.  Once it was revealed that she was a spy for Cuba, polygraphs were used as part of her interrogation.

Polygraphs are readily available but not commonly used.  In places where the polygraph is not part of regular assessment procedures, there is a stigma associated with giving such a test.  The implication in those instances is that the subject is not to be trusted or is potentially guilty.

Some folks are naturally anxious; their nervousness can lead to false positives.  Guilt grabbers are prone to feel guilty just at the mere thought of doing something wrong, skewing test results.

But how do people who do have something to hide manage to beat a lie detector test?

(more…)

The U.S. government sequester and associated furloughs are taking another bite out of already anemic government budgets.  Everyone is affected somehow.  Areas hardest hit financially often experience parallel increases in criminal activity.  Oakland, California is one case in point.

Oakland has seen 20 to 40% increases in murders, rape, robbery and burglary over the last few years.  In fact, it has one of the highest murder rates in the nation.  While Oakland, a city of about 400K residents, was never considered particularly safe compared to other cities in California, things have definitely taken a turn for the worse.  One reason for the spike in crime is the sharp decline in its number of police forces.  There’s been an exodus from the demoralized department leaving it severely understaffed. (more…)

After Action Reports (AARs) are not new.  Between 58-52BC, Julius Caesar wrote what may have been the first AAR, his Commentaries on the Gallic War.

An AAR is a performance appraisal that is conducted after an action, and not exclusively a military campaign.  It aims to identify problems and issues, propose measures to address those issues, clarify lessons learned and disseminate the information to all appropriate parties.  It’s a debrief.

In a non-military context, this debrief could come after a school fire drill, a hospital mass casualty drill, a response to a robbery or attempted robbery, after a security test (red team) is conducted, or even when there is a safety accident or real close call.  Not conducting such an assessment means that the drill or test takes place in a (more…)

The perpetrator of one of the largest cases of municipal fraud in the U.S. was sentenced this week to almost 20 years in prison. Her position as City Comptroller gave Rita Crundwell access to funds that she funneled into an account on which she was sole signatory. Over two decades in that role, she succeeded in embezzling $54 million. It is an astounding figure.

Dixon, Illinois is a small city of less than 15,000, some 100 miles west of Chicago.

Crundwell had begun her career in city government while still in High School, quickly rising up the ranks. As is common in smaller municipalities, city administration jobs such as mayor or are filled on a part time, volunteer basis. The Comptroller job is a full time, salaried position which paid Crundwell $80,000 per year. Crundwell handled all financial and budgetary matters. She had a reputation of being efficient and capable. She was indispensable. And she was unfettered by oversight procedures.

(more…)

I am hard pressed to identify any organization, be it public or private, that does not face potential Insider Threat.  Just about everyone is at risk for some kind of internally-created trouble: theft, workplace violence, espionage, hacking or sabotage – to name just a few issues.

Usually we take notice of threats after the fact, when the security department is already conducting an investigation on an actual breach.  Why don’t folks take a more proactive approach?  Maybe it’s uncomfortable to think of colleagues, with whom we often spend more time than our families, as capable of committing these acts.  So perhaps there’s a pinch of psychological denial at play?  In any event, not facing up to the possibility of insider threat exposes us to potentially grave consequences.

(more…)

At this time of year, the Sales department, Marketing team and HR are all plotting goals and strategies for the coming twelve months.  These plans are a way to budget and allocate resources, measure success, reward effort and generally keep on a positive track.

We know that an effective target should be specific, measurable, attainable, relevant and time-framed.  “I am going to lose weight this year” versus “I am going to lose 10 pounds and bench press 250 by June 1^st.”  It also needs to tie into to a broader security mission.

A security objective is not just a line item, such as “purchase security cameras for the lobby”, but rather, the realization of an actual effect, such as giving security officers tools to improve their ability to recognize surveillance activity in real time and thus mitigate the adversary’s surveillance capabilities. (more…)

This is the second in a series of blogs about INSIDER THREAT.

Running a background check on a prospective employee is a fairly common practice these days.  No one wants to employ someone who could potentially harm their company or agency, its assets or people.  So, people need a tool to help them make this important determination.

Various kinds of background checks can be performed: criminal and arrest records, driving, verification of education, financial and litigation records, and more.  We are put at ease once a ‘clear’ record has been established, no reported blemishes.  I’m not against using these kinds of checks.  They present one piece of a puzzle and are in that way potentially valuable.  However, over reliance on them or misunderstanding their scope is a common, major mistake. (more…)

Not long after the events of 9/11, a couple of my colleagues were driving back to L.A. from Vegas.  The topic of conversation in the car turned to anti-terrorism tactics.  One colleague, formerly with the IDF, had done a stint with El Al airlines.  In Israel, threat-based security is de rigueur if not simply a matter of self preservation.   A solid understanding of terrorist methods of operation is at the heart of this approach.  Indicators are derived from those terrorist MOs and form operational profiles that are the basis of the security assessment.  Although objects and situations may be profiled, usually security officers profile behaviors and activities.  For example

(more…)