Ensuring the tactical readiness of executive protection details is the number one responsibility of security management. It’s the backbone of quality control. And it’s the one thing that EP and other security practitioners consistently get wrong. Yeah, EP industry, we’re talking about you. We’re talking about all of us. We don’t expect everyone to clap their hands in agreement with us, but that’s OK. We need to write this blog and to get more of us thinking about tactical readiness every day – and every minute – so that we can all up our game.
Tactical readiness – or the ability to understand and be prepared to stop any security issue as early as possible and as far away from the people we are protecting – is the very essence of executive protection. It’s at the heart of everything we do – or should do. It is our duty of care – toward clients and toward our own teams – that we are as tactically ready as possible within whatever budget and practical constraints there may be.
Objectively hard to pin down, subjectively easy to claim
The problem with talking about tactical readiness is that it’s objectively difficult for most people to determine whether an EP team has got it or not. While the concept itself is clear enough, observing its application and ensuring unswerving dedication to it in the day-after-day real world are not so easy.
Clients have no way to know whether their EP team is at the top of their tactical readiness game or not. So long as nothing happens, so long as there is no apparent security breach or incident, then the client has no reason to suspect anything is wrong. And as those of us who have put in our share of shifts know all too well: nothing usually happens that the client would see as security issues. Most days are uneventful in terms of thwarting obvious threats, so clients have little occasion to think about how their protective teams handled any such issue.
That’s fair enough. That’s why they hire us. We’re the ones who are supposed to know all about tactical readiness and to ensure that our teams comprehend the myriad threat constellations that can be taking form right before our eyes, but are still out of view. We’re also the ones whose job it is to make sure our teams are prepared to stop emerging threats as quickly as possible.
What’s not fair enough is that a lot of EP agents and managers don’t seem to be able determine whether they’re operating at optimal tactical readiness. Their subjective feel is that they’ve got it, but they haven’t put that readiness to any kind of objective test. They simply don’t display enough interest in tactical readiness as a goal, and they apparently don’t have the ability or means to consistently improve their teams’ tactical readiness.
That’s not OK. That IS our job. And as an industry, we need to get better at it. Let’s examine how this should happen.
Tactical readiness: It’s a movie, not a photograph
Tactical readiness is more of a process than a state, more of a movie than a photograph.
The process starts with a solid understanding of the environment and probable threats: the risk, threat and vulnerability analysis (RTVA). From that understanding, we move to create procedures to plug identified vulnerabilities. To be truly effective, these procedures cannot be cookie-cutter solutions. Rather, they must be designed around the three other things (physical security, people and tech) that define the four pillars of protective security. We must also integrate our understanding of the client’s corporate culture and personal preferences into the development of these procedures.
The four pillars interact in different ways in different situations. For example, if city ordinances limit the height of a perimeter wall (physical security) to make it easily scalable, then we may need to adjust by adding an extra guard (people) or sensors on the wall (tech) and then define procedures that ensure that the vulnerability of the low wall is mitigated to the extent possible.
But the process doesn’t end there. In fact, it’s only begun. Once we’ve identified gaps and developed procedures to plug them, we need to train people how to implement the procedures correctly. Only then can these be audited and tested, something that must be done regularly regarding people, tech and physical security to determine whether they actually do what they’re supposed to do.
Such tests, or audits, can take on several forms, but they always serve the same purpose: they are meant to facilitate continuous quality improvement by examining how agents and teams mitigate probable risks through implementing defined procedures. The procedures are always the central part of the audit. It’s not about playing “gotcha” and making people look stupid. It’s about checking our processes versus risk, and refining the design and implementation of procedures so they are constantly honed to do the best possible job with the available resources. If there are no procedures for relevant situations, we need to develop them. If they are not followed, we need better training or other corrective action. If they are followed but don’t work in the face of new threats, we need to rethink them.
Here are the three kinds of audits:
- Announced audits: The auditor tells the team that he or she will be coming, say in three weeks, and the team has time to prepare. The tactical readiness audit consists of reviews of procedures and the team’s ability to implement them.
- Unannounced audits: The auditor simply shows up and commences the auditing process. The tactical readiness audit consists of reviews of procedures and the team’s ability to implement them.
- Red teaming: The auditor sets up circumstances that mimic those a hostile might use. The tactical readiness audit consists of analyzing how the team’s procedures and performance stand up to such adversarial efforts.
After any audit, we may have to adjust our training processes, procedures, equipment or wherever else the gap was identified. Alternatively, we may have to determine how we can prevent complacency from creeping in. And just when we think we’ve arrived at perfection, we need to have another hard look at our RTVA to make sure it’s updated. And then the whole process starts over again.
“We are what we repeatedly do. Excellence, then, is not an act, but a habit.” (Will Durant)
Routine. Routine. Routine. Emergency.
To get to the heart of tactical readiness improvement, we need to distinguish between routine and emergency situations and procedures. A heck of a lot of what EP agents do is routine, and very little of it has to do with emergencies. That’s how life works in general, unless you’re a first responder or live with a drama queen, of course.
EP teams need to have very solid routine procedures. Just as importantly, they need to know what to do if a situation escalates from routine to emergency. A lot of teams (believe us, not all) get the routine part right. They have solid SOPs and they’re pretty good at following them. Far fewer get the emergency part right.
It’s important to understand the significance of routine procedures. These daily protective SOPs constitute the bulk of what we do. Routine procedures form the basis of – and the platform for action on – emergency procedures. When performed well, routine SOPs provide the bulk of the protection we provide. On any given day (or month), many agents will not have to rely on anything but these SOPs. And they will be fine – as will their principals.
From a quality control viewpoint, emergency procedures are where things can get really dicey. Let’s face it: EP practitioners are hired to deal with both the routine and the extreme. When we push each other out of the comfort zone of the routine and into the uncharted waters of an emergency, the “standard” part of “SOP” isn’t so obvious. Repetitive goes out the window. But that doesn’t mean we cannot and should not prepare watertight procedures for emergencies.
It’s all about asking “What if?” and probing responses. What would the agent do if an intruder jumped over the residence’s perimeter wall and started sprinting for the house? Does the agent have a procedure for such emergency events that are well within the realm of the possible, and even probable at some point? If not, why not? If so, is it a good procedure, the best among available options? Has the agent trained in this procedure? Is he or she capable and confident about initiating it?
In our experience, too many teams fail to do their due diligence on emergency procedures. We realize there is only so much time and budget to get things done, but we still believe teams would do well to consider a range of predictable emergency situations, then develop appropriate responses to these in the form of trainable procedures.