The Red Headed Stepchild of Corporate Security: Personal Safety and Security Programs

Charles E. Goslin, UNDERSTANDING PERSONAL SECURITY AND RISK: A Guide For Business Travelers

The Red Headed Stepchild of Corporate Security: Personal Safety and Security Programs

The Corporate CEO is quite often compared to the captain of the ship.  The CEO’s judgements and decisions rendered regarding the company's course in business, and care for its valuable assets that move the “company ship” towards its goal should be sound and consistent.   At least, one would hope. 

Poor judgement, inconsistency and questionable logic have caused more corporations to go under, their CEOs fired, or resigned in disgrace.   These fatal flaws all represent a misunderstanding or minimization of risk to a business.  

Which brings us to the question of personal security and safety.  

A corporation’s most precious asset is its people.  That includes the CEO, employees, contractors, trusted partners.  Harnessed as a team, through bid proposals, projects, or ongoing programs, people are the life blood of a company.  This is why a “Corporation” – derived from the ancient Latin word “Corpus” for body -- is legally considered its own entity.  Within the four-walls of the corporate castle, or regional headquarters, security systems featuring integrated video and access control, berms and bollard barriers, panic alarms, or even armed guards keep those assets - your people - safe.  Why on earth, then, would a CEO in their right mind let the company's intellectual property, talent & skill walk out the front door and board an airplane to international locations abroad without a security program for their personal safety?  Physical security measures for the typical sun-dappled corporate campus routinely runs into the millions of dollars, protecting against notional threats at best.  Overseas, however, corporate travelers are increasingly exposed to very real and growing threats from terrorism, from cyber threat actors, foreign governments, rival corporations, and crime.  Does it make sense to expose one’s corporate assets to these threats with little more than a pat on the shoulder, a “checklist” of do’s and don’ts and an out-sourced response plan if they are kidnapped, injured, or killed?  Response plans are good, but they are no substitute for a formal, well-rounded personal security and safety program. 

Corporate CEOs in today's global business marketplace can, to some extent, be forgiven.  Usually corporate security is delegated below the core executive team.  How “security” gets defined follows a familiar and dull pattern - gate, guards, guns and the addition of fences, gates, cameras, access control, etc.  Systems become paramount in securing the castle, and by extension subsume the definition of what constitutes a holistic security program for the company, overall.  The same holds true for guard forces, whether proprietary or contracted.  Whether systems or guards, both are exceedingly expensive and their utility usually stops at the company front gate. For the Chief Security Officer (CSO) invested in this kind of program, it makes for good theatre. 

Every day, though, the company's most valuable assets go out that well-guarded front gate and board airplanes for distant countries without a clue about the threat environment at their destination, what to do to protect themselves, their team, or their cyber gear.  The resources paid, quite frequently, to the easy task of securing the fortress is missing or minimized when securing the company's human assets.  A company CSO who gives his CEO a glazed stare, a stutter and then mumbles about a checklist, an out-sourced response program or threat database when asked about how personal security programs for employees is not an effective CSO.  Period. 

A sound corporate personal security and safety program for company assets, its people, and associated human assets can be defined by what it should not be:  an afterthought delegated to a department that assumes personal security and safety is about personnel accountability, rather than protection.  Ultimately, a responsible business leader understands that his security, and the safety and security of his personnel comes down to ensuring that a methodical, layered program is developed and inculcated around the company's human assets.  When they step outside the boundary of the protective corporate castle, they have tools and resources to maintain good security for themselves wherever they are at. 

Unlike other security disciplines, a personal security program rests on three key objectives.  It must be effective, it must accurately address risk within the personal security realm, and it must be cognizant of the importance of time…or more accurately, timing.   For a program to be effective, it cannot be outsourced to a checklist.  It must be available for immediate recall, in one's memory.  Second, risk in the personal security realm is unique.   Threat actors and threat events exist and occur externally, as with all risk.   However, the idea of vulnerability is more complex.   It is dynamic and multi-dimensional, in the sense that it can be both external and internal.  For example, if you are paralyzed by fear, that is an internal vulnerability that will be exploited by an adversary.   If through naiveté or ignorance you put yourself in the wrong neighborhood at the wrong time of night, you become vulnerable through external circumstances.  Why is it important to know this?  An integral part of personal security is being capable of anticipation as well as reaction.  If you are self-aware and also understand and KNOW your enemy, your adversary, you are much more capable at anticipating their tactics, their patterns, and reacting to avoid them.   Finally, unlike other security disciplines, in personal security the time it takes one to identify, react, and mitigate a potential or validated threat event happens very, very quickly.  Time is a premium - so cultivating the skills that make one sensitive to detail on the street, in the airport, the hotel, or elsewhere are crucial.  Anticipation in time can make all the difference between life and death. 

Just as with any other security discipline, having sound principles that inform one's program ensure that security and safety are naturally layered around yourself or your employees.  Building a program around one thing:  accountability, response in the event of a crisis, a guard force with guns…bad idea.  Good, solid security planning starts with you, and is built around five principles:  Preparation, Detection, Deterrence, Delay, and Defense.  Preparation is really the long pole in the tent of good personal safety and security.  When done properly, each interlocks with the other and works seamlessly to minimize risk to you or your employees.   From a practical standpoint, the investment in a personal safety and security program is a fraction of what it costs to invest in systems and equipment designed to keep the facility safe and account for employee's comings and goings.  Ironically, the chances of a threat event affecting one's company is greater when the company's assets - you or its employees - are out in the real world, and not inside the company gates.  Yet the investment dollars for "security,” proportionally speaking, always go towards to big systems and equipment. 

That kind of unbalanced investment represents poor judgement, inconsistency, and questionable logic.  Indeed, the fatal flaws that will get a CEO fired, because the risk to the company’s most valuable assets was ignored. 


About the Author

Charles Goslin is author of UNDERSTANDING PERSONAL SECURITY AND RISK: A Guide For Business Travelers. He is a retired Central Intelligence Agency operations officer who served throughout the world in a wide range of capacities that bridged covert technical and human intelligence operations.  Goslin continues actively consulting on international intelligence, security, and risk issues faced by multinational corporations operating in some of the world’s most hostile regions.  He has published numerous white papers on security threats and business risk issues, and lectures regularly on terrorist radicalization and the threat of jihadist groups to Europe and the United States.

For more information, please visit www.charlesegoslin.com