Opinion

Getting the Message Across

It isn't always easy to get your message of security and risk across to your constituents.

By Bob Bragdon, Publisher, CSO

November 19, 2007 — CSO —

It isn’t always easy to get your message of security and risk across to your constituents. Sometimes it’s damn near impossible. As security professionals, people often think of you as paranoid (as I have often admitted to being in this column)…the executive who is always looking at the bad side of things and anticipating the worst. And sometimes your message is twisted and changed into something you never intended. Often those doing the twisting have the best intentions; they just aren’t in possession of all the facts.

Security is a funny thing. Some people embrace it while others fear it. In my October column I discussed the risk of complacency invading what we used to call “mahogany row”—the executive corridors of power. In addition to complacency, there are two other deadly sins of selling security: the morphing of security practices and policies that is forced upon organizations in an attempt to make security more “palatable” or effective, and what we affectionately refer to as CYA, or “Cover Your A**.” I’ll address the first here and the second next month.

I had the good fortune a few years back to attend a seminar on predictive profiling and terrorist threat mitigation at the invitation of Amotz Brandes of Chameleon Associates. The seminar was a precursor session to a training program run by Chameleon (www.chameleonassociates.com), an organization that included former security from El Al Airlines. During this program, Tomer Benito taught our class of 25 or so to think like terrorists. To plan like they do. To see the simplicity in what they do. And, ultimately, to understand the interview technique used by El Al security to screen passengers by identifying suspicious indicators and trying to eliminate those indicators through a customer service–style interview.

This effective technique has been adopted around the world. But some organizations in the U.S. have changed this model to focus on analyzing facial cues for signs of deception as opposed to focusing on the interview technique itself. In some cases they even use armed, uniformed personnel to conduct the interviews, immediately putting interviewees on the defensive. Sometimes it’s best to leave something that already works well alone.

Earlier this year, Benito, having left Chameleon Associates, authored a novel that incorporates the best practices he teaches. Rain for the Wicked is a thrilling and engaging tale that entertains even as it teaches the reader the basics of deterrence. While it showcases many of the institutional challenges that security professionals encounter, it also vividly describes exactly what we are up against.