Tangled Webs: Knitting for espionage During Times of Conflict
When people think about espionage, the James Bond archetype usually comes to mind – mysterious aliases, cool cars, cold indifference, and nifty gadgets. What they don’t think about are the more mundane ways in which real spies have conducted operations throughout history.
Knitting for a Cause
During both World Wars, knitting was a popular form of espionage among female spies, allowing them to transmit messages under the guise of a seemingly benign activity. This was at a time when society largely perceived women as meek and subordinate to their male counterparts.
Intelligence organizations were quick to exploit the public’s underestimation of women, however. Throughout World War I, European powers employed elderly Belgian matriarchs to transmit valuable information about the adversary. These women would intentionally alter their knitting patterns—such as dropping a stitch or creating a bump—to encode messages about enemy troop movements. The women would then pass these coded garments to resistance fighters, who could decipher the information and use it to their advantage.
The simplicity and universality of knitting made it an effective medium for encoding messages in binary, where a dropped stitch might mean a zero and a textured bump might correlate to a one. Spies of the past were known for incorporating these simple patterns into garments and textiles to convey details about positions, combat plans, and other operational intelligence.
Famous Knitting Spies
No story would be complete without its characters. During each World War, a handful of women stood out for the unique tactics they utilized while knitting as spies. History has recognized these individuals as truly exemplary in their efforts and courage.
Phyllis Latour Doyle
Phyllis Latour Doyle was a British secret agent during World War II. She spent her time in service knitting as a cover, passing code in secret. But her journey was more than a walk in the park. She parachuted into occupied Normandy in 1944. Once there, she would ride about on a bike, flirting with German soldiers and covertly collecting intelligence. Then, she would take to her needlework, etching what she learned into fabric for recipients in morse code.
Elizabeth Bentley
American Elizabeth Bentley built up quite a post-war reputation as a knitting spy. Her actions, however, were not on what many would call the “right side” of history. She operated two, separate espionage rings that would regularly relay damaging information about the United States back to officials in Moscow. She even went so far as to smuggle sensitive documents in her knitting bag to and from drop points connected to the Kremlin.
Madame Levengle
A third maven of the craft went by the name of Madame Levengle. Her ruse involved a more complicated method of espionage. Levengle would sit at her window watching troop movements while knitting, her children would listen for their mom’s foot taps, as they pretended to engage in schoolwork. These taps would indicate troop movements, which the children would then translate to writing, and subsequently pass off to the Allies.
Historical Recruiting Efforts
Many nongovernmental organizations promoted knitting as a patriotic pastime during both wars. The American Red Cross promoted an intense marketing campaign, calling upon women to take up knitting as a way of creating clothes for soldiers on the front lines. In reality, these calls to action were nothing more than clever ways to recruit mothers, sisters and wives as spies against the Germans.
Concealed Communication Today
The practice of using knitted goods to convey codes and signals is an example of steganography, the word used to describe hiding messages within innocuous-looking items. Steganography is still used today when traditional communication channels are compromised or under surveillance.
In more modern applications, steganography is used regularly on the digital frontier. Cyber hackers today use “covered” communication to transmit malicious code, tunneling protocols or display instructions, sight unseen. A simple example might look like one terrorist sending attack coordinates to another using an image instead of text to avoid detection.
Conclusion
Like knitting, any humdrum task can be used to disguise espionage in plain sight. While modes of communication have grown increasingly sophisticated, sometimes the simplest ones remain the most effective, especially among spies.
To read more about knitting agents of the 20th century, click here: https://getpocket.com/explore/item/the-wartime-spies-who-used-knitting-as-an-espionage-tool?utm_source=firefox-newtab-en-us
To learn about codes and signaling still in play today, check out this article from the Central Intelligence Agency: https://www.cia.gov/stories/story/smoke-and-mirrors-the-magic-of-spycraft/
New Surveillance Tech Gives Security Pros a 360-Degree View of the Threat
As threats to physical security become more complex, staying ahead of them requires cutting-edge technologies that offer greater situational awareness. One technology seeking to outpace the adversary is the 360-degree camera system. These omni-directional surveillance tools provide expansive coverage and valuable insights for security analysts and decision-makers.
Understanding 360-Degree Cameras
Traditional security cameras often have limited fields of view, necessitating multiple units to cover a broad area. Even in facilities with dozens of cameras, there are too often too many blind sports. Conversely, 360-degree cameras use multiple fisheye lenses in a single unit to capture a full panoramic view from a single vantage point. This design ensures that no area within the camera's range is left unmonitored, effectively eliminating blind spots and enhancing overall security coverage.
Key Benefits of 360-Degree Cameras
Full range – or 360-degree – camera systems have a lot going for them. Beyond the obvious, their value to physical security professionals is substantial, providing a reduction in equipment, lowering operating costs, increasing the quality of situational awareness, and streamlining the surveillance process for those in charge of monitoring feeds.
Minimal Equipment and a Lower Cost
With their wide field of view, 360-degree cameras are an effective replacement for traditional surveillance arrays. Consolidating multiple, linear cameras into a single, omni-directional one reduces upfront and maintenance costs.
Enhanced Situational Awareness
With 360-degree cameras, security personnel get a more holistic perspective of monitored areas, allowing them to more quickly and efficiently identify suspicious or threatening activities. They also gain the ability to zoom in on specific areas for greater fidelity, improving the quality of their investigations and decreasing response times. 360-degree cameras also offer a better operating picture in areas with odd shapes, obstructions, or layouts.
Simplified System Management
With a reduced number of cameras in play, monitoring for threats is more for security professionals. Fewer points of view mean fewer monitors, which helps those in charge of surveillance reduce the potential for missing something important, decreases their fatigue, and focuses their attention. In other words, 360-degree cameras can help decrease the chances of cognitive overload for the people using them.
Real-World Applications of 360-Degree Cameras
Highly guarded facilities aren’t the only types of users for whom 360-degree camera technology has benefits. Nearly all industries can attest to at least a few use cases, including those not typically thought of as high security environments.
- Education: Educational institutions have implemented 360-degree cameras to monitor campuses comprehensively, enhancing student safety and aiding in the prevention of incidents. They are particularly useful to deter, monitor, or respond to active shooters.
- Transportation: Airports and transit hubs utilize these cameras to oversee vast terminal areas, improving passenger security and operational efficiency. They also aid in documenting infractions and incidents that might require a presentation of camera feeds to courts as evidence.
- Healthcare: Hospitals employ 360-degree cameras to safeguard patients and staff, ensuring that critical areas are under constant surveillance. Assaults on medical staff continue to rise, especially in the United States, and this technology can help to keep health care practitioners safe.
Beyond 360 Degrees
While a panoramic view alone is enough to warrant adopting the latest surveillance tools, some companies are taking it a step further.
Liquid360 is one such company. They offer real-time, 3D visualizations of entire sites, enabling security personnel to assess risks rapidly and respond proactively. Features such as mobile command and control, as well as the ability to see through walls and around corners, provide tactical advantages in both everyday operations and emergency situations.
What sets companies like Liquid360 apart from the pack is their advanced layering technology that not only provides a full, 3D layout of a facility, but also allows users to see through walls, zoom out for a better operational picture, and integration with fences, jammers, radars, and more. Many prominent organizations have relied on Liquid360 for their high-profile surveillance needs, including the Israeli Special Forces.
Last year, Chameleon Associates had the pleasure of interviewing Liquid360’s Founder and CEO, Alisa Givertz. She shared the personal experience that led her to start the company, reflecting on a time when she had lost her son inside of a Walmart. Givertz was moved by the quickness and smoothness with which the retailer was able to help locate her child, sending her down a pathway toward better understanding what could cause some physical security teams to come up short, while others exceeded expectations. The answer, she determined? Unparalleled situational awareness and coordination.
Liquid360 is a situational awareness tool at its heart – one that arms human security personnel with the benefits of advanced technology. In concert with one another, man and machine are able to achieve a level of coordination neither can possibly reach alone.
Conclusion
Integrating 360-degree camera technology into security operations is a commonsense growth opportunity for organizations serious about preventing, mitigating, or responding to physical security threats. Even so, it’s not the only technology advantage out there. To learn more about what options are available and how to better protect your facilities and people with cutting-edge tools, check out any one of our many security trainings here: https://chameleonassociates.com/services-chameleon-associates/.
Chameleon holds School Security Summit in Los Angeles
Last month, Chameleon Associates hosted a School Security Summit in Los Angeles, bringing together educators, administrators, and security professionals to address the pressing challenges facing school safety.
The Summit covered a variety of topics at the top of educators’ list. In addition to discussion about cyber threats, emergency response and using K9s, the Summit gave an overview of proactive strategies designed to prevent incidents before they occur, using the core components of deterrence, adversarial thinking, threat behavior analysis, and effective response. This approach is at the heart of Chameleon’s security methodologies.
The case for proactive security
A central theme of the Summit was the importance of shifting away from reactive incident response to proactive security. Traditionally, reactive approaches typically commence only after an incident is already under way, giving responders only one option: to lose well.
In contrast, proactive security focuses on identifying and mitigating threats before they materialize, giving schools the chance to “win” by preventing incidents altogether. Effective security isn’t just about responding to attacks. It’s about preventing them from happening in the first place.
How deterrence can help
The summit also encouraged participants to change their understanding of security as a singular function to one with multiple purposes, namely as both as means of providing customer service to the good guys while also serving as a deterrent to potential adversaries.
Also, a customer-centric mindset is instrumental in identifying suspicious behavior. Approaching a person who exhibits concerning signs with genuine engagement can dissuade them from carrying out malicious plans, putting them on the back foot after realizing they’ve been noticed. This strategy not only enhances security but also complements the welcoming environments education systems strive to maintain.
What stepping inside the adversary’s shoes can reveal
Another takeaway from the Summit was how potential attackers often seek the path of least resistance. By implementing visible and effective security measures, schools can discourage threat actors who prefer easier targets.
As an example, the profile of a school shooter is different from that of an impulse killer. The former tends not to snap but rather to boil over. Their lethal actions are the result of mounting frustrations that eventually lead them to violence. As such, early intervention can help deter would-be school shooters before their grievances finally spill over into aggression.
How behavioral indicators can aid in early intervention
One of the Summit’s chief lessons was the value of understanding behavioral indicators. Knowing how to spot the warning signs associated with a threat actor can enable staff and faculty to intervene before anything consequential takes place. Understanding behavioral indicators empowers schools to act decisively and appropriately when they suspect potential threats.
What it means to mount an effective response
In the event of an active shooter scenario, Summit attendees were reminded how creating time and distance are vital to success. Tactics for buying time and distancing oneself from the threat include evacuation, entry point barricades, and staying out of the attacker's line of sight. In addition to creating time and distance know that if you can see the gun, the gun can see you - so don't let the gun see you no matter where you are - even in a locked room.
Each of these response actions can significantly increase the odds of survival and should be incorporated as integral components of any district-wide or campus-specific emergency response plan. Furthermore, these tactics should also be drilled and practiced routinely throughout the academic year.
Care culture and vigilance go hand-in-hand
Compassion for others is the driving force behind security. A community that prioritizes the well-being of its members naturally cultivates a protective environment. When individuals feel responsible for one another's safety, they are more likely to report suspicious activities and support security initiatives. This collective vigilance forms the bedrock of a resilient and secure school community.
Conclusion
Effective school security isn’t only about the latest technology, stringent protocols, or even public policy. It’s about fostering a proactive, engaged, and caring coalition. By emphasizing early detection, prioritizing deterrence, understanding threats from an adversarial point of view, and building a culture of care, schools can create environments where safety and learning mutually thrive.
In addition to hosting learning experiences such as the recent Summit, Chameleon Associates offers a School Security Online Course that provides training on addressing threats in educational environments. This resource serves as an excellent starting point for schools aiming to enhance their security posture and protect their communities.
This insider threat problem has the US Government in a chokehold
There’s no greater risk to organizational security than that of an insider threat. Those with direct access to sensitive information can bring about irreparable damage to the companies and agencies they represent. Governments are no exception.
The 2025 United States (US) Presidential Election brought with it a tidal wave of policy actions and executive overhauls that has kept the country busy trying to keep track of them all. However, an unintended impact of these rapid transformations has also been an unprecedented risk level attributable to insider threat, both from those working to secure the US Federal Government and on those on their way out from it.
Risk One: The Department of Government Efficiency
One of the biggest changes President Donald Trump instituted on the first day of his presidency was the creation of an independent auditing authority, known as the Department of Government Efficiency (DOGE). In theory, this entity would act with special authorities to review agency programs and expenditures, then make recommendations on whether those expenses and projects should continue.
However, DOGE has thus far operated with limited oversight, obtained no clearances for elevated access to classified information, and allowed employees with questionable track records to carry out their audits. One DOGE staffer tasked with backing up encrypted databases at agencies like USAID was fired from a previous job for leaking company secrets and meddling in their systems for some time after termination. Shortly after this discovery hit news circuits, DOGE leadership accidentally leaked protected, personally identifiable information on the organization’s official webpage.
While the merits of DOGE are subjective, their practices throughout these early months of 2025 have objectively allowed those who would normally be ineligible for security clearances access to some of the most tightly guarded cyber systems on earth. This has put agencies in a sticky situation, asking them to balance deferring to the current Commander-in-Chief and safeguarding national security information.
Risk Two: A Fork in the Road
In addition to DOGE, the Administration offered an exit opportunity to nearly all federal employees, shortly after Donald Trump took office for the second time. The call to action was simple: Voluntarily resign, and enjoy a long, all-expenses-paid divorce from public sector employment.
Despite this, many federal workers averse to what’s happening in politics dug in their heels and risked a layoff. Others readily jumped ship.
In either scenario, disgruntled employees at odds with the Administration and who have (or had) access to state secrets could leak this information to adversarial nations, criminal organizations, or lone wolf saboteurs. State-sponsored threat actors are certainly looking to capitalize on the fallout by tantalizing affected government workers with hefty monetary incentives – a deal made all the sweeter for those from low grades or who were altogether dismissed. This risk was high long before the election and has since skyrocketed for the Departments of Defense and Homeland Security, as well as the Intelligence Community.
Conclusion
Current political happenings are a reminder that even the best intentions can bring about dangerous consequences. Insider threats are serious problem for agencies across the country right now, and the high level of risk that comes with them is unlikely to subside any time soon.
Chameleon Associates helps enterprises like yours consider these variables before rolling out major organizational changes. We coach leaders and staff on how to consider their plans and strategies for gaps and missteps that might let insider threats run amuck and unchecked.
To learn more about how we consult with governments, nonprofits, and businesses on pressing security topics, consider signing up for our in-person seminar.
Red teaming and its real-world value to your organization
There is only one way to know that your security system is working - Red team testing. Our clients may at times find the results of a red team painful to hear, but always useful, an indispensable resource.
What is red teaming?
Red teaming is akin to a cyber penetration test, although for the physical security arena. Role players simulate bad actors in an attempt to thwart security processes and systems against the backdrop of a real-world scenario. As with cyber security testing, the goal is to help clients identify critical vulnerabilities.
When should an organization use a red team?
Organizations can benefit from red teaming almost any security measure they wish to stress test - from access control to badging systems, from human engineering to officer attentiveness. Even the best designed security can benefit from an objectively executed test of a threat-based scenario. The following are actual case studies from Chameleon's files, where a red team helped businesses and government agencies identify security weaknesses and ultimately remedy them.
Fencing and perimeter breach
Company A had spent hundreds of thousands of dollars installing a perimeter fence with barbed wire and fence sensors, supported by closed-circuit television cameras. Despite this costly installation, a red team player managed to uncover several entry points. At the first, the player was able to climb a steam pipe, which was in a camera blind spot, and cross the fence without setting off the sensors. At another location, the player found a padlocked gate that was easily opened by moving a pipe that secured the gate to the ground.
Social engineering and tailgating
Company B worked out of a highly secure research facility. It had recently posted job openings for internship positions. A red team player used LinkedIn to research Company B employees and their names. The player went to the facility with this information and tailgated an employee entering through the main gate. The player assured the employee he was there to meet "Mr. Smith" about a job (name gleaned from research.) The employee escorted the player throughout the facility, explaining key building features and introducing him to other staff. The player was able to leave with this information, unconfronted.
Artificial intelligence camera system
Company C had recently started relying on an artificial intelligence (AI) system to help monitor a network of several hundred security cameras. Over the course of several red team exercises, the company's security operations center was able to pinpoint important strengths and weaknesses in the system. Several incidents of suspicious behavior were used to “train” the AI to better detect criminal conduct. The red team players also advised, from their point of view, on better location and configuration for the cameras.
Dumpster dive data leak
Company D was using dumpsters outside their office building to dispose of documents containing corporate records and personally identifiable information on their employees. A red team player sorted through the dumpster trash for sensitive materials, which they eventually found. The player obtained three trash bags-full of personnel documents, emails, invoices, research material, and handwritten notes about the company. Dumpster diving is a frequently used method of gathering intelligence about an organization and is legal in many cities. The information gleaned by the red team could have been used with malicious intent in any number of ways, to support a variety of schemes.
Conclusion
Red teaming is a vital practice that can help organizations improve their security posture, close operational gaps, and stamp out vulnerabilities. Chameleon Associates provides expert consulting services for private and public sector clients looking to bolster their defenses.
To learn more about this service, check out our Red Teaming and Penetration Testing webpage.
Brian Thompson: When Executive Protection Planning Goes Wrong
Brian Thompson’s shocking murder this week on the streets of New York pulled the curtain back on a hot button issue in U.S. society while also raising questions about executive protection of high-profile individuals.
Thompson was a figurehead of one of the largest health insurance companies in the U.S. with 440,000 employees, net profits of $23 billion last year, covering more than 50 million people. He had received threats and was, obviously, a target.
That so many comments on social media have been brutal in suggesting that Thompson deserved to be killed (for example, his murder being ‘due to a pre-existing condition’) or comments that focused on the abysmal state of health care costs in the U.S. today, reflect an increasingly cynical state of mind in the U.S.
His murder has touched a nerve, and it calls to mind narratives of executives pitted against the public, such as the one depicted in the 1997 film, The Rainmaker. In that film, the CEO was brought to trial by the family of a young man, who died as a result of having been denied a medical procedure.
According to kff.org, medical debt in the U.S. is $220 billion. One in 12 adults owe medical debt. Over 50% of bankruptcies are due to medical expenses. UnitedHealth Care is cited as having a claim rejection rate of 30%. I myself was once denied health coverage due to an ingrown toenail (not kidding). Some note that the U.S. is the only member country of the Organization for Economic Cooperation and Development that does not have universal healthcare.
Possible Motive
At this point, the assassin is still at large, and we can only speculate at his motive. Was it personal, an act of revenge for a loved one who he felt was mistreated? Was it a case of taking it upon himself to make a statement, for the “greater good”? Did he believe that only through a violent act would he be able to engender change or accountability in the healthcare system? It’s not hard to imagine that the denial of coverage to customers paying a premium – as a business model - would amount to millions of disgruntled folks and among them, some prone to extreme violence.
It is reported that the words "delay," "deny" and possibly "depose" appear on shell casings and bullets that were recovered from the scene of the shooting. Investigators believe that these three D’s refer to insurance company tactics to delay and deny policyholder claims.
Given the comments and response to the assassination, clearly a risk assessment that could have helped prevent this tragedy was either lacking or altogether missing. Companies engaging in controversial practices are exposed to risk. Not just to the executives but to other company assets. CEOs of companies far smaller and less controversial than UnitedHealth have executive protection details in place. None of the basics were covered: threat assessment, monitoring threats, doing an advance, counter surveillance, establishing perimeter, ensuring ingress/egress to a location, and more. A security detail that conducts these basic protective measures should certainly have been in place, particularly given that this was a scheduled public meeting.
Vigilante or Murderer
We can agree that as a society we are against an Active Shooter – a murderer - who kills innocent children. Yet in this case, the man who shot Thompson – a murderer – is considered less a villain for having brought down the head of a company whose policies are responsible, in the minds of some people, for countless deaths and suffering.
When the court of public opinion feels that the only recourse for solving problems is violence, we’re in trouble. It’s unlikely that the healthcare industry will change because of Thompson’s death, but other people may be provoked to act - copy cats with either a twisted desire for publicity or a deep grudge.
This attack (regardless of the shooter’s motive) may not change the landscape of healthcare coverage in the U.S. But this assassination will definitely impact the next person filling Thompson’s shoes at the company. And it may well have an impact on the level of executive protection for many other CEOs in the crosshairs of consumers with a grudge.
Threat and Executive Protection
From the limited video coverage currently publicly available, it appears that the gunman was proficient if not a professional. He used a silencer and at one point, when it looked like his gun jammed, he was able to swiftly rack it and continue shooting. His quick getaway by foot or e-bike (not yet confirmed) through nearby central park was effective.
Chameleon consults and trains on executive protection and foundationally, we espouse the importance of understanding how a given adversary operates. An attacker needs to follow certain steps. The assassin in this case obviously marked his target, gathered information, obtained equipment (gun and silencer), conducted surveillance, perhaps made some dry runs before executing and getaway.
Clearly, there was no EP team with Thompson. That may have been his decision; we have clients who strongly prefer a light touch when it comes to close protection. But the weaknesses in this case are compound: the company is a political target, there were yet undisclosed threats, Thompson was a figurehead, the UnitedHealth Group Annual Investor Day conference was well publicized as was his attendance at it. Even without preattack surveillance, it was sufficient for the attacker to lie in wait without being challenged.
To learn more about how our company helps others practice and plan for their executive protection needs, click here: https://chameleonassociates.com/services-chameleon-associates/executive-protection/
Securing spaces in modern times
Last week, headlines spun a concerning narrative about a foiled terrorist plot, one that ultimately drove pop culture icon Taylor Swift to cancel her shows in Vienna. Fans of the musician were understandably rattled—if authorities hadn’t thwarted the attack, this very well could have been a mass casualty event.
Such a near miss highlights a need for greater attention in event management. But ensuring that a large-scale event like a Taylor Swift concert is a safe experience for all is no easy task. It requires significant manpower, many hours of advance planning, and a clear read on venue-specific vulnerabilities.
So then, how did teams involved in Taylor Swift’s event security manage to prevent what had all the makings of a catastrophe? The answer lies at the intersection of good counterterrorism principles and a refined awareness of the modern threat landscape.
Commonalities between counterterrorism and event safety
Security teams lean heavily on established counterterrorism practices to keep VIPs and the public safe during highly trafficked events. They evaluate the unique conditions at play and assess their conduciveness for bad actors to carry out attacks. They also reference open-source intelligence to take a pulse on global, political, and economic climates, which collectively paint a clear picture about risk and threat.
In the case of Taylor Swift’s concert, law enforcement, government officials, and the singer’s own security teams acted promptly on good intelligence, which ultimately resulted in the arrest of two would-be terrorists, both reportedly affiliated with the Islamic State organization, ISIS. A third was apprehended a few days later, confirming further details of the event and explaining that the suspects intended to carry out a suicide bombing using chemicals and explosives that law enforcement found in their homes.
A growing need for better security in public spaces
Taylor Swift’s concert is not the first music festival in the last few years to be plagued by radical extremism. There are parallels between hers and Arianna Grande’s 2017 concert, where a suicide bomber murdered 22 concertgoers in an unexpected attack in Manchester, England. (We’ve previously covered the story, here.)
Those familiar with the Manchester bombing will recall that Britain’s intelligence community had credible evidence of a terrorist plot but did not act quickly enough on the information to stop it. Given what seems to be a rapidly increasing threat of terrorism in public spaces—especially Western or democratic ones—the national security community will need to work more efficiently and create closer ties with private and local details to stop future incidents.
After the incident, the United Kingdom’s Security Minister James Brokenshire proposed a “Protect Duty” in 2020 that called on venue operators to consider the risk of attacks and take “proportionate and reasonable measures” to prepare for such scenarios. Today, the edict is more commonly known as Martyn’s Law, and it has made great strides to create safer public gatherings for all.
Other considerations for better venue security
While terrorists are undeniably a massive threat to public events, not every bomber, shooter, or saboteur has ties to extremist ideologies. Social and environmental pressures drive up risk and push social outcasts, those with severe and untreated mental health disorders, and career criminals to the breaking point.
A textbook example of someone who evaded event security and orchestrated a mass casualty incident is Stephen Paddock, or as many know him, the Vegas Shooter. Paddock was not associated with any known terrorist organization but was irrefutably deranged. In the years following his attack, he has even gone on record stating that what inspired him the most was his father’s criminal reputation.
One could also easily point to any number of public shootings that terrorize traditionally safe spaces, like grocery stores, schools, and movie theaters as evidence for why a counterterrorism mindset alone is not enough. Stopping those hellbent on mass-scale murder demands awareness, creativity, collaboration, and an open mind.
What it will take to make events more secure
Whether they be a terrorist, violent perpetrator, or just criminally insane, their potential for harm is all the same. To thwart attacks like the one planned for Taylor Swift’s Vienna show, it takes careful, intentional coordination between national security organizations, intelligence communities, private security, and local law enforcement.
And undoubtedly, it also takes participation from the public. Everyone should think of themselves as a mandated reporter, and if they witness something off, share it with authorities as soon as possible. The proof is undeniable: Civilian reports save lives. Those in doubt can look to the famous Herald Square plot in New York City as a shining example of how one tip can make all the difference.
Diligence and coordination at every level are prerequisites to good event security planning, and the more commonplace that interplay becomes, the safer the world will be.
What makes a good security leader?
July has been a jam-packed month for security professionals. It started with an attempted assassination on former United States President Donald Trump and ended with U.S. Secret Service Director Kimberly Cheatle’s resignation.
The whole saga has triggered debate on what it means to be at the helm of a security-focused organization. Some demand that leaders need to accept greater accountability in the face of crises. Others insist security managers should do more to prevent threats in the first place. There are multiple facets to effective security management.
Security leadership isn’t all black-and-white.
What makes a good leader is not straight forward, emphasizing any single factor. Adept security professionals embody a combination of qualifications that in our view must include the ability to step into the mind of the adversary and make preemptive decisions that protect against any number of catastrophes.
Seven core traits define the best security leaders.
There isn’t an official or academic way to determine if someone’s character is ideal for roles in security leadership. But even so, there are more than a few indicators that can signal someone’s likelihood for success in the hot seat.
1 - Relevant Expertise
The traditional pipeline for many security leaders begins with a career in law enforcement or the military. From there, individuals climb a public or defense-centric ladder, and later transfer out to private sector work. However, those CVs don’t always translate easily to civilian life. Military and/or law enforcement experience and skill sets can be really valuable yet, security leaders must be able to adapt to the culture and rules of the sector in which they work.
2 - Planning Propensity
Security is an industry measured almost entirely through failures. Attacks happen, and then success is gauged based on the efficacy of a response and extent of resulting damage. Because of the cause-and-effect nature of security, leaders need to ensure their staff are trained, that processes and protocols are thoroughly and regularly exercised, and plans are written with threats in mind. Planning never stops.
3 - Healthy Skepticism
The best security leaders harbor doubt as a general working assumption. In other words, they’re always hoping for the best but expecting the worst – planning for contingencies and never resting on their laurels. They understand that even the best plans fail, and they go to great lengths to bake in operational redundancies, wherever and whenever possible.
4 - Test Obsession
Scrutiny. Good leaders understand that no person, process, or system is ever perfect, necessitating constant refinement to keep edges sharp and staff well-versed in the latest methodologies and approaches. A plan is one thing. A tested plan is so much more. In doing so, security management creates strong barriers against bad actors and position their teams for the best chances at operational success, no matter the circumstances.
5 - Motivational Mindset
Leaders of all types need to be motivational and compelling. But for security executives, this responsibility is acute. It takes complete motivation and buy in to combat passionate, determined adversaries. It is no small thing to be prepared to risk one’s life to save the lives of others. Instilling that level of commitment in a security force is therefore critical. But security leaders also must ensure that officers and personnel are motivated to adhere to the everyday, ‘mundane’ security protocols with equal zeal.
6 - Boots on the Ground
The need for fighting from the trenches in a security context is paramount. The best security leaders are as capable and skilled as the professionals they employ and exhibit a willingness to roll up their sleeves and get tactical when the occasion calls for it. Spending time with the troops also affords management insights they might otherwise not get from the C suite.
7 - Adversarial Understanding
Good security leaders seek to fully understand their adversaries. An intimate knowledge of bad actors should be the basis for a security system and all its components. The threats posed inform everything from placement of a CCTV array to training curriculum for security personnel. Boilerplate security offers the enemy too many potential loopholes versus security that is designed to match the specific characteristics of a given security environment and the threats it faces.
Training to develop security leaders
Even if a security leader checks every box on paper, they require development opportunities just like any other role. Trainings for security professionals are available, but less so for those charged with oversight and management. To ensure organizational leaders can direct their teams in an effective and efficient way, companies should put more effort into executive development courses, like these.
Travel is up, and so is the world’s patience
Fancy a vacation right about now? You’d be hard-pressed to find someone who doesn’t. Problem is, traveling for rest and relaxation is hard to come by these day, and none other than your fellow excursionists are to blame for that one.
We’re not talking about over-tourism, either. We’re talking about cringeworthy acts of petty crime, disruption to the peace, and overt mayhem some unscrupulous jetsetters are stirring up in destinations all over the world.
Is there a solution? Can anything be done to curtail these shenanigans? Truth is, balancing a welcoming vibe with sensible security has always been a fine line for the hottest tourist economies on Earth, but it’s one governments and businesses ought to invest in learning how to walk.
One of the biggest threats to travel security is locals’ exhaustion
Travel is one of those things that’s great when you’re the one doing it, but godawful when you’re feeling its effects at home. Local citizens in some of the world’s most sought-after vacation spots say they’re fed up with entitled out-of-towners running amuck in the streets.
And if you thought public discourse was where the tourism problem ended, you’d be wrong. It reaches all the way into politics, with some officials centering their campaigns around what to do with an unprecedented surge in visitors.
A growing consternation with vacationers has reached a fever pitch in some countries like Spain, where locals recently took to the streets with water guns to fend off sightseers from the Barcelona area. Incidents like these are likely to grow more common without a greater attention to security from governments, industry, and travelers themselves.
The government’s role in regulating travel and security
Some would say the less government, the better. Unfortunately, it’s not quite that simple, especially when it comes to managing tourists. Nations and their leaders have a responsibility to protect their homelands, which requires screening inbound travelers, strongly enforcing local laws, and helping to provide a tourism infrastructure sustainable with a growing influx of visitors.
Screening
Screening is a quintessential function of every government. Fly into any airport from out of town, and you’re guaranteed to pass through security of some kind. Touch down in a country that’s not your own, and you’re sure to encounter robust port-of-entry requirements, including passport control, customs, and more.
Governments must keep these entry and exist protocols airtight to prevent terrorism and to keep would-be criminals from stirring conflict in the streets.
Enforcement
Enforcing the law is what most people think of when they think of government. Police and courts exist to deter crime and dole out reasonable sentences. But what happens if someone’s unfamiliar with the rules and regulations in play at their destination? Though rare, travelers do occasionally break laws out of ignorance. For example, it might shock you to learn that prostitution is illegal on the Vegas Strip, or that Russia, a country famous for its spirits strictly prohibits alcohol sales after 11pm in many of its cities.
Governments should take additional steps to educate incoming travelers on local laws particularly those that may seem to contradict the public narrative about the destination itself. They should also put a greater emphasis on de-escalation tactics, to prevent things from getting out of hand.
Infrastructure
Ask any sociologist, and they’ll tell you that when people get into crowds, all common sense goes out the window. Group behavior is a real phenomenon, and it often creates conditions perfect for undesirable outcomes like protest and civil unrest.
Governments have a duty to erect and maintain public infrastructure that can support throngs of people, which includes not only physical infrastructure, but also intangibles like staffing and other resources.
The private sector’s role in promoting a safer travel experience
Public sector institutions can’t be the only forces for change, if we want to see a safer travel experience for everyone. Local businesses and private economic drivers must also play their part. Companies ranging from hospitality to food service can do a great deal to enhance tourism, including beefing up their own security measures and innovating new ways to deal with pedestrian throughput.
Security
Though it might seem farfetched, corporations with their own security teams work wonders for the local tourism industry. In concert with local tourism boards, they’re able to quickly stand-up patrols that limit crime and positively influence travelers’ perceptions. They don’t need to be armed and uniformed security details, either. Something as simple as tighter control at bars and pubs could limit the number of violent, drunken outburst, or a plain clothes brigade down by the ocean could curtail beach-side petty theft.
Throughput
Lines. Nobody like them, and we all like standing in them even less. Industrial engineers constantly work with the private sector to innovate new ways of handling masses quickly and efficiently. Popular destinations like theme parks and ski resorts are scaling up their resources to better manage shuffling visitors from one place to another, and as globe-trotting continues to bounce back from Covid’s record lows, crowd management is a business that’s likely to keep on booming.
The individual’s role in managing their travel expectations and behaviors
Chiefly responsible for their behavior are travelers themselves. Vacations aren’t an invitation to act irresponsibly or disrespect local rules. They’re an opportunity to see incredible sites, rejuvenate yourself, and appreciate cultural differences between wherever you’re from and wherever you’re at. Security is an individual responsibility above all else, and maintaining a healthy degree of self-control will undoubtedly have the greatest impact on a safer travel experience for everyone.
Final thoughts on the state of travel security
Security is a shared responsibility between governments, businesses, and pedestrians (both local and visiting). Unfortunately, a failure from any one of those groups to pull their weight will introduce risk and the potential for chaos.
Chameleon works with organizations from all backgrounds to drum up sensible security plans, assess their vulnerabilities, and protect their constituencies. To learn more about how we can help you contribute to better travel security, email us at info@chameleonassociates.com.
The Preventative Power of Early Intervention
“There was always something a little off about him.”
It’s a phrase that follows far too many mass casualty events – a sentence wrought from the forges of guilt, shame, and sadness.
We see the signs but choose to ignore them. Maybe we feel it’s not our place to pry, or the idea of reaching out to someone suffering makes us feel awkward. Whatever the reason, the fact remains: We tend to notice the writing on the wall and just as quickly dismiss it.
See something? Don’t just say something. Do something.
The bystander effect is very real and very dangerous. It’s a social and psychological phenomenon that keeps individuals and groups complacent in the face of clear and present danger.
Overcoming the bystander effect isn’t easy. But one way to recondition the mind’s inclination toward avoidance is through routine security awareness training. Exercising our observational skills and learning to recognize warning signs gradually builds up our confidence and reorients our thinking in a way that prepares us to act in the crucial moments before catastrophe.
Many factors drive someone to violence.
It’s hard to pinpoint a single reason why a person might resort to acts of aggression. The contributing factors toward someone’s sudden brutality often manifest in combination with one another. Even so, there are a handful of hallmarks that, if present, could be your cue to intervene.
They seem isolated from the community
Reclusive behavior can mean many things, with very few of them good. When someone begins to isolate for prolonged periods of time after a personal tragedy or emotional event, this should raise alarm bells. These trigger events could be something as passive as a poor performance review or dynamic as a skirmish in the schoolyard.
They appear angry or in distress
Another warning sign is when someone becomes irrationally angry, especially over inconsequential matters. Disproportionate malice toward anything or anyone – particularly if it’s constant and maintained for more than a few days – could spell trouble.
They’re vocal about their intentions
While rare, those who carry out violent acts do sometimes come clean about their plans ahead of time. Other times, they will accidentally reveal them either through a verbal slip up or leakage. On occasion, this might even be to spare that confidant from suffering whatever awful fate they aim to bring to others.
Intervention doesn’t have to be forceful.
The best time to resolve a conflict is before it gains momentum. Much of what drives the modern-day school shooter, workplace violence perpetrator, or mentally ill aggressor is simply a reaction to what they perceive as insurmountable environmental stimuli or a world that stands in opposition to them.
For the student, it could be bullying or feelings of otherism and isolation. For the disgruntled employee, it might be abuse from a coworker or financial destitution. Regardless of their specific profile, people who exhibit distress in a way that might lead them to violence need skillful assistance from a trusted party, be they a therapist, doctor, spiritual leader, or close friend who can lend a sympathetic ear.
There are many de-escalation tactics you can use to curtail someone exhibiting questionable behavior, but these three, controlled approaches trump the rest: Listen. Observe. Report.
Listen to them
The first step in any intervention plan is to listen out for any cries for help. In many cases, what people want more than anything is simply to be heard. Making yourself available as a sounding board could diffuse a situation before it ever reaches a boiling point.
Observe their behavior
If you’ve heard something threatening or are worried by the tenor with which someone is describing their grievances, continue to monitor their behavior for changes. If their actions become more reckless or erratic, it could be time to share your concerns with the appropriate authorities.
File a report
Reporting someone as a threat doesn’t always mean a police response. In corporate settings, a good first report could be to a supervisor. In a school, you might consider confiding in the principal. Those trusted authorities may choose to handle the issue directly or escalate further. But regardless of where a report goes, it’s important to remember that this is a crucial step in not only stopping something bad from happening, but potentially saving an otherwise good person from doing something terrible. At worst, you’ll have reported suspicious behavior that wasn’t leading anywhere sinister (but always better to be safe than sorry).
Threat assessment teams can also help.
In a large enough organization, establishing a unit devoted to identifying, managing, and training staff on potential threats could prove invaluable. Some states even outright require companies to draft and maintain certain types of threat protection plans. One such state is California, which mandates all businesses with more than 10 employees implement comprehensive workplace violence prevention strategies.
Get involved.
No threat is ever mitigated through inaction. When in doubt, ask yourself: Is what I’m witnessing abnormal, and would my community expect me to act on this information? If the answer is yes, then don’t hesitate.
For threats to national security, you can file a report with your country’s homeland security office, like this one. For everything else, we encourage you to grow your security skillset through various trainings and seminars, similar to the ones we offer online. Our training on workplace violence provides information that is both useful and easily actionable.
And as always, we welcome your questions, concerns, and feedback at info@chameleonassociates.com.