There are a number of reasons for formally protecting executive leadership within a company. The impetus could be the result of a risk assessment, complaints or threats from users or activists, the sign of a growing security organization, or requests from top executives or the Board of Directors.
Often, the decision to establish an executive protection (or EP) program is reactionary, says Mónica Duperon Rodríguez, Senior Manager of Executive Protection and Global Event Security at LinkedIn. “Many executives will say, ‘my risk level is very low.’ However, they don’t consider that a low threat level is still a threat level,” she says.
Whatever the reason, security teams that build an executive protection program proactively instead of reactively will be way ahead of the game, advises Mary Fleury, Director of Global Security at Ford Motor Company. “You don’t want to wait until there’s a situation that is threat-driven.” Get ahead of the threats and put a program in place so that “at a minimum, it covers the highest leadership level,” she says.
“When starting a program, use your risk assessment as the foundation in identifying what the risks are for the company and its executives. Then address those risks while providing value to the organization through the expertise that you bring. Be human, be approachable, be open, and be flexible. Build the security program with the organization’s values in mind. Really understand the business and be willing to understand what people’s preferences are while addressing risks at the same time.”
— Camille D’Angerio, Director of Security, Executive Protection, AMD
Considerations for Launching an Executive Protection Program
Here’s what the experts say to keep in mind when starting an executive protection program:
1. Get leadership buy-in first.
Fleury points out that getting executive leadership on board from the beginning is essential. “If you don’t have that senior-level buy-in, you’re not going to be able to put a program in place,” she says.
2. Understand the risks.
It’s crucial to understand the organization’s risk tolerance and the specific risks that face the key executives who will be protected under any executive protection program.
“These two elements are foundational for providing the priorities and the direction of the program,” says Camille D’Angerio, Director of Security, Executive Protection at AMD. “Risk informs what kind of programs should be built specifically for your organization.”
3. Tailor the program.
“Executive protection programs are not, and should not be, a cookie-cutter approach,” says Duperon Rodríguez. For instance, a startup company doesn’t need the same executive protection program that a Fortune 50 executive does. She says tailoring the approach to meet a company’s specific needs and risks is critical, based on the company’s baseline of identified and potential risks.
This is true when it comes to deciding who should be protected too, points out D’Angerio. “Your risk assessment often isn’t as hierarchical as one might think,” she says. “It would be great to provide protection to all the executives, but not all executives actually need it. Plus, protection can be very expensive.”
MÓNICA DUPERON RODRÍGUEZ
“It’s a huge challenge, yet an amazing opportunity to put your stamp on a program. It is your brand — manage it as such. You will not be the most popular person through each battle. Be consistent, be honest, be transparent, and be ready for anything. Get used to getting push back. Try again and again and again. Ask for what you need, justify your requests with a cost analysis to identify your business perspective, and identify the budget surplus where applicable. Surround yourself with professionals. Meaning, do not hire your best friend or the first resume that hits your desk. When starting an [executive protection] program, you need people that know what they are doing and can help build it with you.”
— Mónica Duperon Rodríguez,Senior Manager of Executive Protection and Global Event Security, LinkedIn
4. Nail down operational methodology.
One of the most important factors to consider is the actual operations of your executive protection program, says Scott Vogel, Global Manager of Executive Protection and Protective Intelligence at Ford Motor Company. For example, will the detail leader and other personnel be armed or unarmed? What about drivers?
Security leaders may need to walk principals, the people the team is protecting, through why the program and personnel do what they do, Fleury says. In her experience, she says, “Some people didn’t understand what we were doing — they thought we were a concierge service helping with the logistics — so helping them understand this methodology and why we do it is really important,” she explains.
5. Focus on having the right personnel.
It’s important that any executive protection team has the hard and soft skills to assimilate into the company culture, as well as the skills to adapt to the principal they’re protecting, Fleury says.
Vogel adds that, regardless of resume or background, “you have to adapt your knowledge and security background to the culture itself.”
“My advice to any company who’s starting to think about putting this program together is that it really is necessary to safeguard your highest-level executives. It should be a very dedicated program, with the right people, the right competencies, the right soft skills and hard skills. You need the right people in place to have this program, but it’s definitely something needed ahead of time versus thinking about it after something happens.”
— Mary Fleury, Director of Global Security at Ford Motor Company
Overlooked Considerations for Launching Executive Protection Functions
When crafting or building an executive protection program from scratch, there are a few considerations that often get missed, according to executive protection experts.
1. Don’t forget “The Fourth Ring.”
Many protection methodologies are centered around three rings of security — the inner, middle and outer.
“I think that you can add a fourth ring, and that’s the digital and cyber,” Vogel says. He notes that many cutting-edge EP programs with a digital and cyber footprint monitor social media and the dark web, as well as the digital and cyber footprint of the company’s principals.
“If you don’t have continuous monitoring and eliminating of that footprint, the information of the principals you’re trying to protect is out there,” Fleury warns.
This level of protective intelligence is costly, Vogel acknowledges. “Companies have to evaluate whether they’re going to invest in that aspect of the protection,” he says.
Duperon Rodríguez says that embedding a protective intelligence analyst or division within the executive protection team is far less expensive than the cost of dealing with the aftermath of a cyberattack or data breach. Added intelligence is also a beneficial resource for the executive protection specialists on the ground.
“I think a strong intel program is what makes the executive protection program that much better. You can function well without it, but I think to be functioning at a high level, you have to be willing to disrupt and modernize. You also have to be willing to adapt and adjust and grow at the same time. There are a lot of great professionals out there and I’ll be the first to say that I don’t know everything about EP. You’ve got to be willing to learn from others.
“I’m a retired Secret Service agent and I had a detail leader back in the day when I was on the president’s detail. He once called it ‘a silent ballet.’ And that’s what a successful EP program looks like — things are planned and choreographed in such a way that it’s seamless.”
— Scott Vogel, Global Manager of Executive Protection and Protective Intelligence, Ford Motor Company
2. Educate stakeholders.
D’Angerio says that a new executive protection program requires education for the stakeholders to understand what exactly it does.
Most people, including executives, think they know what executive protection involves — “it’s someone standing next to the executive watching them and that’s it,” she says. “That’s because operations are the most visible piece of the program, so this is often the easiest part to create and understand. But a full-scope program is often like an iceberg — only 10% of it is what you see on the surface.”
These preconceived ideas can make educating stakeholders more difficult, but they also highlight the importance of executive protection.
3. Collaborate with other teams.
Often, programs don’t have a lot of authority within the organization, D’Angerio says. That means “you need to work with others to influence security in the areas that you don’t control.”
She gives the example of executive mail screening, which is typically managed by a different team than security. “Mail is a threat vector, so we have to work together to find effective solutions to accomplish the EP goals and minimize the impact to their operations.”
4. Keep up with training.
It’s important to make sure everyone on the team remains contemporary with their specific skill sets, says Duperon Rodríguez. “This applies to other things too, such as gear, first aid training and proper incident management and investigation training. Your travel budget must be forecasted according to current trends, too,” she says. “Skills are perishable, and they diminish with time
5. Define what constitutes a threat.
Threats tend to get ignored or forgotten about, D’Angerio says. “You can ask multiple people what threat executives have faced over the years, and they all say ‘none.’” But dig a little deeper and security leaders may find executives have had many threats — it’s just that no one knew what to do about them.
For this reason, having a proactive system in place to report, receive and identify threats “helps your organization track, mitigate and respond to them instead of being in a constant state of reaction,” she says.
6. Plan for backup.
Many programs try to operate with only one or two executive protection specialists. “The problem is, they need to go on vacation, take time off and spend time with their own families. They, too, need a work-life balance,” explains Duperon Rodríguez.
“If we do not care for our team’s overall ability to perform, this will lead to burnout quickly. If you’re going to develop an executive protection team, allocating the proper amount of resources will make it a strong and functional team,” she adds.
Bio images are courtesy of: Camille D’Angerio, Mónica Duperon Rodríguez, Mary Fleury and Scott Vogel