Why we need to train and hire the first executive protection technology officers


February 21, 2020 - By Martin Nielsen & Christian West

Tags: , ,

The EP industry is not exactly known for its culture of innovation. If you compare us to many of the disruptive and highly successful companies and individuals we serve, it would be fair to call the industry “conservative.” To be more accurate, if less politically correct, some parts of the executive protection look a lot like out-to-pasture dinosaurs just waiting for extinction.

Agents still train in the core areas of executive protection TTP’s, advances, driving, medical and shooting. Nothing wrong with that, of course: all of these skills are necessary. We, too, demand that our own people keep these perishable skills sharp. But are these time-tested skills sufficient to deal with the everchanging threat scenarios facing our clients? We don’t think so.

To be fair, it’s not that the EP industry has been completely bereft of innovation. Changing client expectations have increased the demand for skillsets like covert protection and surveillance detection, and training in these areas has increased significantly in recent years. Within our own four walls, we’ve developed new ways to integrate GSOC support and intelligence, including micro-intelligence, into our training and protective programs. We also came up with the first app for EP professionals, Protection Manager, because we got tired of the old way of preparing advances: spending hours keeping track of Word documents, pictures and other files. Still, R & D costs are not the biggest line item for any EP company we’ve ever heard of.

Executive protection professionals aren’t the only ones who are conservative. CSOs and security directors can also be as leery of change as our clients are willing to try and pay for something new.

Some of this resistance to the new has to do with poor framing and standardization. We are firm believers in technical surveillance countermeasures (TSCM), for example, and believe TSCM should be a much more regular element of many more personal protection programs. But when TSCM experts come off like the nutty professors in tinfoil hats, and most EP agents can’t tell the good ones from the bad ones, we have a problem.

Executive protection will always be physical, but cyber threats must now be an integrated element of risk mitigation, too

During the last few years, enterprise security risk experts have shed a fair amount of ink on the “convergence” of physical and cybersecurity. As physical security progressively takes advantage of and relies on digital technology (for example, a majority of major US and European companies already use biometric access control), cyber vulnerabilities quickly turn into physical vulnerabilities. The flip side is also true: even small physical security breaches, such as plugging a thumb drive into a networked computer, can result in massive cybersecurity problems.

What’s true at the enterprise level is also true at the personal level. Executive protection will always be physical, but cyber threats must now be an integrated element of risk mitigation, too. We have crossed the digital Rubicon, and there’s no turning back to a time when a purely analog approach to security was sufficient.

Cyber threats come in many shapes and sizes, but they keep on growing

Not all bad guys are standing still. Some are actually highly innovative and very open to developing inventive ways to breach new vulnerabilities. If we are to deal effectively with these risks, personal protection stakeholders can’t stand still, either.

On any given day, our principals are exposed to a wide variety of cyber-related threats that could expose their personal or corporate information to bad actors. These include getting their personal (phones, tablets, computers) or IoT devices hacked/hijacked as well as being surveilled by bugs (cameras, microphones, data capture) in their own homes, vehicles, and offices as well as in outside facilities (planes, hotels, conference centers, etc.).

Consider, for example, the personal risk implications of the Internet of Things (IoT). An estimated 20 billion devices will be connected to the IoT by the end of 2020. While many of these “things” will keep supply chains and infrastructures humming, with little direct exposure to our principals, a growing share of these always-online devices will be embedded into our lives. We will increasingly rely on smart vehicle maintenance systems, doorbells, vacuum-robots, voice assistants, and who knows what else will show up at the next CES. Unfortunately, all of these helpful things can also be hacked for harm.

Likewise, how is it possible that the record number of data breaches in 2019, when an estimated 8.5 billion records were exposed, mean nothing for the safety of our principals, their significant others, or children? Or that the time and place predictability of prominent CEOs who are expected to be permanently plugged into social media is the same in 2020 as it was in 2010?

We need to start training and hiring the first executive protection technology officers (EPTOs) to make sure risk mitigation keeps up

Some large, well-funded EP teams have access to corporate IT experts who routinely support the principal’s personal digital security. A few even incorporate corporate or third-party TCSM teams into a schedule for regular sweeps of offices, cars, planes, buildings, conference rooms, etc.  

What is far more common, however, is that the CEO gets little more IT security assistance than anyone else in the company, and TSCM sweeps, if they ever happen, do so only in an emergency situation or once or twice a year. This results in a situation in which the gaps in personal cyber protection for the CEO are far more prevalent than the rare moments of coverage.

We need executive protection technology officers (EPTOs) to step in and cover these cyber protection gaps. Of course, the EPTO will not be able to completely prevent bad things from happening; no one can. But well-trained EPTOs will mitigate the risk of cyber threats and hostile surveillance in far more situations than dedicated IT and TSCM experts will be available for, at home and on the road.

Job description: Executive protection technology officer (EPTO)

The first job description for EPTOs has yet to be written, but we imagine it would include a number of the bullets below:

Summary:

As executive protection technology officer (EPTO) for a major corporate executive protection program, you will combine your solid executive protection experience with your ever-evolving technological expertise to help provide world-class personal cyber protection for a busy principal. Based in X, you will also travel frequently, sometimes at short notice.

Responsibilities:

  • Understand the latest tech that our principals use and are surrounded by
  • Stay abreast of personal cyber threats and vulnerabilities and know the basics of risk mitigation
  • Participate in EP advances to look beyond the usual physical security shortcomings, determine what the team can and can’t do to mitigate cyber and surveillance risks, and assess at what point to bring in more dedicated expertise
  • Perform basic to intermediate TSCM sweeps, evaluate network status, look for fake cell tower signals, and scan and screen people with a device like the SWORD
  • Select, brief, and perform quality control for TSCM vendors worldwide
  • Guide principals, their families and business entourages – and executive protection colleagues – on best practices for personal cybersecurity

Qualifications and skills:

  • 3-5 years experience as an executive protection agent
  • Working knowledge and basic experience of TSCM methods and technology
  • Proven ability to learn how to use new tech gear and enable others how to learn, too
  • Experience with vendor management
  • Excellent communication skills

One of the toughest challenges in training the EPTO is keeping up with technology developments. The basic training curriculum will probably have to be updated every six months. Sustainment training will be necessary at least once a year. Instructors will have to be at the top of their game – and work hard to stay on top, non-stop.

So, what do you all think? Does the EPTO concept make sense to you? Is anyone out there ready to write his or her own job description? Let us know!

Martin Nielsen

Martin Nielsen

Executive Protection Operations & Executive Projects Director

With over 18 years of worldwide experience in executive protection, physical security, and security operations management worldwide, Martin has participated in, led, planned, managed and executed security details in more than 65 countries. He has held positions from team member to detail leader, SAIC, operations manager and assistant director. Martin’s experience with security for ultra-high net worth individuals and corporations also includes program design, recruiting and training agents, technology sourcing, system and GSOC design, SOP and TTP development, and creating training programs for EP agents and other security professionals.

Martin believes in being on the forefront of technology, and keeps up on the latest developments within everything from access control to drone and counter-drone technology.

Passionate about developing both hard and soft skills for himself and others, Martin has consistently sought the best training ever since he started in the industry. He is a graduate of more than 35 courses.

Martin’s current role at AS Solution supports senior management in a variety of ways, including protection program data analysis, handling client information requests, organizing and coordinating outreach and external relations efforts, improving EP training programs, and overseeing special projects from conception to completion.

Christian West

Founder and CEO

Christian has been active in the executive protection industry since the late 1980s, when he worked for Danish musicians who relocated to Hollywood. Upon returning to Denmark, he founded his own EP company, which he quickly grew into Scandinavia’s largest, before it was acquired by Securitas.

Christian founded AS Solution in 2003, and again in 2009 followed his international clients to the US, where he is now based. An active member of ASIS and a leader in the corporate executive protection industry, Christian has personally planned and led high-profile engagements in over 76 countries for a wide variety of corporate and high net worth individual clients, including the international roadshow for the biggest IPO in history.