Back in 2002, I was driving with a colleague to see a client in Palmdale, California, a couple hours’ drive outside of Los Angeles. This was only a few months after 9/11 when the country and the world were looking for an understanding of and solutions to the specter of terrorism. We were talking about finding a name for the methodology that we had started to promote, a methodology that I had used while working for the Israeli government. I pointed out to my travel companion that we needed to teach how to profile – not a person but rather an adversary’s Methods of Operation. He said, yeah, you are predicting the MO. It was one of those ‘ah-ha’ moments and the term Predictive Profiling was born.
We began with a two-day training program on the subject of Predictive Profiling. Each class we delivered was an eye opener for the students and the feedback we received helped us mold and hone the program and the methods.
Through our interaction with police officers we saw the challenges presented moving from a reactive, law enforcement stance to a proactive, prevention oriented stance.
When talking about Predictive Profiling with security management, we were struck by the degree which liability and political correctness influenced their decision making. For many, the word Profiling was synonymous with racial profiling although our version was the very antithesis of racial profiling – it was about profiling an MO not a person’s ethnicity, color or gender.
One thing was clear though: there was a thirst for a solution because the dependence on technology and the focus on response simply did not cut it. Between 2002 and 2010, we trained thousands of security personnel and law enforcement from all over the world. The term Predictive Profiling was very attractive for pulling people into a training room. Everyone wanted to taste the ‘forbidden fruit’. Students left the classroom having recognized the simplicity and effectiveness of our common sense approach. However, most of them told us that it would be difficult to implement because of the organizational culture of their company or agency, attitudes towards security and other reasons.
There were, however, a few folks who did not have excuses and thought only in terms of prevention, cost effectiveness, common sense and in terms of ‘this is the right thing to do’. Certain countries were also quick and enthusiastic to adopt Predictive Profiling and engage Chameleon services. One example is Singapore, one of the first to jump on board. Government security agencies, border and custom control units and transit services eagerly incorporated proactive security assessment methods and protocols into their system. The Netherlands is another country that came to embrace the espoused Chameleon methodology. There, Predictive Profiling came to be fully adopted by the national Police Academy (Politieacademie).
Initially, a few Chameleon clients had brought in the Police Academy as observers to our courses.
Realizing the value and applicability of our training program, some of the Police Academy trainers built a national program they called “Spotting”. The core elements and modules of the Spotting training program is based directly on Chameleon methods, indeed, all of the Police Academy Trainers have received Chameleon training. To date, thousands of Dutch police officers have been trained on Spotting.
It was very fulfilling to hear that a few weeks ago Amsterdam police officers thwarted a terrorist attack in the making at the Central railway station. It was reported that the engaging officers were trained in Spotting and attribute their success to methods they learned in that program.
Various military units value the applicability of the approach to the modern battle field. They contracted Chameleon to train units that were about to deploy to Iraq and Afghanistan so that they would be equipped with lifesaving tools enabling them to spot an ambush, an IED, or insider threat downrange.
There were also some corporate fans of our methodology who have implemented Predictive Profiling. Large malls, museums, retailers, mass transit hubs and entertainment centers seemed to be the first to jump on the wagon, as no technological security solutions could help them in the open environments they were trying to protect.
Not everyone got it.
I remember a former marine Colonel and Vice President of one of the largest security companies in the world who twelve years ago said to me “Amotz, everything that you teach makes so much sense but you are asking people to work. People are lazy. They want to just buy a box that will do the work for them.”
You see, the problem was that Predictive Profiling at its core is a human process, not a magic technological solution. Those who had not come around to understanding that Predictive Profiling is an applicable solution to any environment were stuck in a paradigm that failed to address the adversary as the most influential element in security. Instead, they were distracted by organizational politics, perceived (unrealistic) legal liability, and as the Colonel blunted put it – just laziness. At its core, protection, prevention and security is a kind of contest between good and bad guys. Predictive Profiling is about doing security with the adversary constantly in mind.
There were those who raised the flag of liability as a reason to avoid Predictive Profiling. After all, if Predictive Profiling promoted smart decision-making by every security stakeholder in a system, then the exposure to liability must be huge. That was the claim. For every lawyer who argues that decision making exposes an organization to liability, there are three who would argue that indecision would do the same. There’s not enough space in this blog post to cite examples.
Sixteen years into Predictive Profiling, I can now tell all those liability ‘obsessives’ that not Chameleon nor any of its clients has been sued for implementing proactive threat assessment security. In fact, a lawsuit recently filed in a federal court aimed to prove that the reason for a security failure (fatal shootings) was that Chameleon methods had not been implemented.
One of our biggest objectives from day one was to implement Predictive Profiling in aviation security in the U.S. and around the world. After all, our methodology was built (at least in the beginning) on principles of Israeli aviation security. Throughout the years, the TSA has contracted Chameleon for Predictive Profiling and Security Questioning seminars provided to thousands of DHS inspectors and supervisors. The positive response was overwhelming. Trainees claimed the method was so logical and made so much common sense but lamented that it contradicted the policy and procedures of the DHS. Politics intervened and the U.S. administration has not yet adopted a truly threat oriented stance. As in the case of many large bureaucracies, the reason for not doing the right thing was always shifted on to someone else. There was reluctance to take responsibility. To date, TSA works with basically the same methods used pre-9/11 with some advancements in technology and a well-paid work force.
After over two decades of working in this field of training and consulting on proactive threat assessment methods, I’ve learned that a certain type of security executive is most likely to embrace the methodology: they have a solid work ethic, confidence and smarts. A work ethic because for better or worse, implementing Predictive Profiling requires work and motivation. The application of Predictive Profiling requires a shift in outlook from ourselves to that of the adversary. That change of perspective takes a certain amount of intelligence and introspection. Red team testing of one’s own security system, with the expectation that there will be failed tests and exposed vulnerabilities, comes with the territory and requires confidence. Only confident people are willing to test themselves in this way.
It may sound obvious but perhaps nonetheless worth noting that it is the application of the method that is critical, not just receiving training in the method. Putting it into practice involves developing and maintaining a proactive SOP, the design of and conducting red teams, and then providing continuous training to all security stakeholders.
We have been able to show clients how they are able to use Predictive Profiling in any security task be it K-9s, screening with x-ray machines, boosting loss prevention efforts, pre-employment screening, mail room and logistics.
When I took Philosophy and Logic classes at UCLA, I was drawn to those simple formulas that could prove or disprove everything. The reason for the wide applicability of Predictive Profiling is that it uses elegant formulas with simple terms and definitions. For example, a term like threat is defined as ‘a suspicion that cannot be refuted’. This definition applies anywhere. Any suspicion, anywhere, should be addressed with the objective of refuting it. If not refuted, it is a threat. If it is refuted, it’s not a threat.
Because at Chameleon we are formula oriented, we are constantly refining and defining the problems and the solutions our clients pose to us. For example, we’ve had to create definitions for our military clients for the application of Predictive Profiling against an insurgent versus a terrorist. The indicators are quite different for an insurgent who works ‘at home’ versus a terrorist who operates in your protected environment.
Our Predictive Profiling method has improved over the years because of our clients and students. This is because we teach and even consult using a Socratic and Talmudic approach – we want our students and our clients to question and even attack our own presumptions. Challenging our students and clients to think and solve, we provoke them to come to the conclusions themselves. We always favor realization over memorization, and clarity over consensus.
Our motto is if it doesn’t make sense, don’t use it. Since we began, we have seen a gradual realization by the public, law enforcement and the industry that security solutions to the threats that we face must be proactive and ‘left of bang,’ to use a Marine Corps term. Much of this change is due to the frequency of violent attacks at schools and public venues. The latest FBI report on active shootings fell heavily on the term ‘pre-attack indicators’ and prevention.
Slowly, an industry has sprung up around Predictive Profiling within certain law enforcement and corporate sectors. This tells us that some are really seeing the value of the approach. Many Chameleon trainees have set up companies to deliver Predictive Profiling programs. Imitation is the sincerest form of flattery, it is said. Naturally, our students and clients return to Chameleon to draw from the source, as it were.
Chameleon is constantly innovating, developing and adapting our materials and training programs and services to an ever changing threat environment. Each year, new clients from various industries make us push the envelope because they challenge us with problems that are unique to them. Bring it on.