Tourists come to Tel Aviv, also known as “The City that Never Sleeps” to enjoy its beaches and cafes, its museums, funky architecture, vibrant culture and night life.  At the same time, Israel is a tiny country, with no shortage of enemies, often a target.  Israelis may well be fun loving and irreverent, but they take security very seriously.  There, homeland security is not theoretical but rather existential.  And thus Israel has earned the unfortunate distinction of being amongst the world’s best when it comes to security.

What better place, then, to learn about using a threat-oriented security approach than in Tel Aviv?  That is exactly what you can do (more…)

A good deal of money is spent on trying to protect the world’s IT systems and assets.  The vulnerability of our collective, ever increasing dependence on computers and digital networks is a big deal.  Systems are bolstered with firewalls and protective software, they are subjected to ethical hacking.  But at the end of the day, all these efforts amount to bopkes if physical security has been neglected.

Chameleon has conducted security assessments for companies where it was far too easy for our red team to (more…)

Loss Prevention systems often miss the mark by skipping vital steps in SOP development.

My company was hired by a large food wholesaler to assess their loss prevention operations.  At that time, their shrinkage (defined as a reduction in inventory due to shoplifting, employee theft, paperwork errors and supplier fraud) was reported at 1.5 percent.  During a visit to the central distribution warehouse, our security consultant noticed a brand new Series 7 BMW coming on to the lot; the driver waved at the executive who was accompanying the consultant who asked  “Who’s that guy?”  “He’s one of the warehouse supervisors …” (more…)

Clever terrorists and thieves motivated by an important target patiently plan their attack, knowing that careful planning more likely begets success.  Case in point, the largest diamond heist in history was over three years in the planning.  Although the story of the Antwerp Gang of Turin robbery is remarkable for the amount stolen ($120 million worth) and the charming troop of aging Italian criminals that allegedly pulled it off, I was taken by the methodical preparation behind its success.  That, and the (in hindsight) Antwerp Diamond Centre’s over reliance on technology; few live security guards were on duty.

Posing as a company owner, Leonardo Notarbartolo rented an office in the Centre in November, 2000 where he worked as a diamond merchant.  Prior to the robbery on the weekend of February 15, 2003, he had made several visits to the vaults deep underground while also proceeding to obtain copies of master keys.   Over time, he learned how the alarm system worked.

The robbers chose a weekend when the city’s attention would be on the Diamond Games Tennis tournament attended by many Diamond Centre employees and for that matter, its security guards.  First the thieves bypassed (more…)

Want a good answer?  Ask the right question.

It’s easy to revert to boilerplate when sending out a Request for Proposal (RFP) for security services or security consulting but bear in mind that the response you get may also be boilerplate.  One important issue that is often overlooked is training and oversight.

Consider adding the following questions to your next RFP and be assured to have brought the process up a notch:

(more…)

For many years now, Chameleon Associates has provided training and consultation on how to identify external adversaries, on how to mitigate attempts to defeat physical security access or a security screening process.  But when you think about it, all bets are off and physical security is rendered benign in the face of internal threat.  This is the reason why effort, resources and training should also be put into how a company’s or agency’s human resources, including contractors, are screened.

Predictive Profiling is an excellent security tool for both for pre employment screening and for screening an existing employee base.  How is this accomplished?  In the hiring process, just as in terrorist mitigation, look for indicators from an applicant’s background, application, resume and interview.  Some would argue that a background check is good enough.  I think not.  A background check reflects only (more…)

For many of us, transmitting sensitive or personal data via the web can be nerve wracking.  Although I now purchase way too much stuff online with my credit cards, when the option first presented itself decades ago, I vowed never to shop online.  Psychologically, people are uncomfortable relinquishing control of data to a remote, third party.  It just seems less secure.  Despite my shift, even today, every hacking story I hear unnerves me.

The Los Angeles Police Department last December cancelled moving their employees over to Google Apps over security and policy concerns.  Governments continue to work on regulating the Cloud and all sides are coming up against myriad obstacles.  There is an awful lot of data out there.  It’s harder to impose standards and policies on existing structures.  There are also international headaches to the regulation of data which goes whizzing back and forth across the globe. (more…)

What do Louis Vitton, Oakley, Calloway and the State of Louisiana have in common?  They all have felt the sting of counterfeits.  In the case of retailers and manufacturers, knock offs cut into profits.  For those fashionistas looking to save a buck, it’s a choice.  But who wants to unknowingly pay $800 for an imitation Prada bag?  In the Louisiana example, the issue was voters not handbags.   The register to vote dot org website looks like a legitimate government website but does not reveal its contact information and is not a registered governmental or non profit agency.  The site may well register voters but in the meanwhile also obtains personal identification information and is alleged to assess reoccurring monthly fees for their services.  Let’s just say there have been complaints about it.

For the average computer user, knockoff domain addresses also pose a real threat.

These doppelgangers take advantage of a misspelled domain name in the context of a site or email address.  By omitting the dot between main and sub what should be “us.company.com” ends up as “uscompany.com.”  All possible mistyped domains are bought up and used by unscrupulous typosquatters.  Some fake sites and emails look deadly real.  This ploy is on the rise.

At a glance, it looks fine.  But when you come back from a week-long holiday and there are 548 emails in your inbox, you may not exercise the kind of diligence needed to catch this stuff.  Let’s add doppelganger websites and domains to the ever growing list of scams of which we need to be aware.

A client of ours, a Security Training Supervisor at a federal financial institution in the Midwest, called to chat.  They have been using Chameleon’s Predictive Profiling Online course as part of their curriculum for about a year now, and he called to tell me how pleased he is with the program.

Tell me more, I begged.

This is what he liked:

• The course information is taught using actual events and real situations via videos or in abundant reference materials.  The students aren’t given purely hypothetical scenarios but (more…)

My first encounter with handwriting analysis many years ago was quite positive.  On a lark, I asked  graphologist expert Lena Rivkin to look at writing samples from a few close friends of mine.  There was nothing hocus pocus or vague about her observations.  She hit the nail on the head in every case, in surprising detail.

Graphology can be a useful tool for analyzing a wide variety of potential behaviors, aspects of a person’s personality as well as for detecting forgery. The term derives from the greek graphein (to write) and logos (to study), in this case the study of a person’s psychological makeup via handwriting.  It is an effective and reliable indicator of a person’s personality and behavior and is used in human resources, private and criminal investigations and jury selection.

Ms. Rivkin told me a story about a pre-employment screening she conducted where she recommended against a hire.  The client hired the person anyway but before long (more…)