- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
CSO - We know it takes a team effort and a multidisciplinary approach to solve the complex problem of workplace violence prevention. All successful threat assessments require both information and conversation. We must know as much as possible about the subject making the threat and his or her intended targets. And we must be able to communicate with as many people as we can (with confidentiality in mind, of course) to ask questions, get answers, and develop our potential solutions. Threat assessment is a team approach in every respect, because the decisions either come from or affect so many stakeholders.
So if we agree that threat assessment is a collective effort and that we must get information from multiple sources, it's time to answer a question that has been posed to security professionals: Can you do an accurate threat assessment without actually meeting the subject?
I believe the short answer is yes. This question was posed to me during a meeting at an organization where I was gathering information about the troubling behavior of an employee. I had met with many of his colleagues, discussed his behavior and employment history with his supervisors, read his ranting and disconnected e-mails, and even sat in quietly and anonymously during a large staff meeting where he tried to bully the group. In short, I had a full picture of the man I was assessing.
During my meeting with one of his co-workers, who happened to be a non-practicing licensed psychologist, this person said, rather dismissively of my efforts, "I could never do a threat assessment without actually interviewing the subject. Don't you plan to talk to him?"
I replied, "Talking to the subject is very useful in many situations. I do it whenever it's possible and helps my process. In this case, I believe my conversation with him would only make things worse, based on his described level of paranoia." I believe I may have also added, "I don't need to be a meteorologist to know when it's raining outside," but I'm not sure if I said this out loud.
I certainly agree with the clinician's point; it's always helpful to get the threatener's perspective, right from his or her own mouth. It's always good to see this person in an interview situation and make certain assumptions about his or her seriousness, sobriety, need for or lack of control, blaming, targeting, remorse, anger, tone, escalation, cadence, or plans.
My argument in this case was that I didn't believe the subject would be able control his angry behavior long enough to sit through an interview with me. And since he would be forewarned of any future meeting with me, even a quick search of the Internet would tell him my background and what I do. He would then come to the meeting, as many of these threateners do, with many preconceived ideas about its purpose, my goals to "ruin his life," and his desire to outwit, out-converse, or thwart me.
Many security professionals have had cases where the subjects were all too happy and ready to speak with them. They want to tell their tales and be heard, finally, by someone who will listen. But I also know that many times, we can play a more effective role by being on the outside, and providing advice, support, and talking points to the people who will meet with the subject regularly (HR, the employee's supervisor).
Our clinically-trained colleagues have a wealth of tools to use for behavioral interviews, threat assessment interviews, or Fitness For Duty evaluations. These can provide a lot of data in real time. Because I don't come from the same background (my psychology degree only qualifies me to sigh when Dr. Phil gives out soundbite-style advice), I must "rely on the kindness of strangers," and take my data from every source, including even office gossip and rumors, where I can get it.
There are always going to be pros and cons as to if we should meet with threateners. Sometimes our meetings with them serve to escalate their behaviors and they act out, believing they have been triggered, their internal time clock is running down, or they feel forced to initiate their plans. Sometimes our meetings with them serve to put them on notice that their behavior has been noticed and it must stop. And sometimes, as in the case of an ex-employee, anonymous cyber e-mailer, or phone threatener, we won't ever know who we're dealing with or speak to that person. That doesn't mean we can't decide what to do to minimize his or her impact on the business or the victim.
Given my choice between meeting with a subject or not, my answer stays the same: it depends. Will my meeting with that person help or hurt? Will it make it more or less likely the person will act out? Does it make it better or worse for the organization and any current or potential victims? Can I do my best work on the edges of the situation or do I need to be hands-on?
People may call on security professionals and say, "Based on our relationship and current level of rapport, we think we can speak with this person. What should we say or not say, do or not do?" From this, we can help them come up with a plan. Or they may say, "We're not prepared or afraid to meet with him. Could you do it?" Our path is clear.
With all due respect to the clinicians, let us make the decision as to engage or not with threateners. If we can get data from a wide variety of sources, it may not be necessary to meet with them to draw our conclusions and come up with a plan.
We know that threat assessment is not about "predicting violence," it's about assessing dangerousness. We must continue to use the four pillars of security management success: information, intuition, experience, and our ability to communicate, either with the subject and/or the people who will have to make decisions about the subject.
Dr. Steve Albrecht, PHR, CPP, BCC, is board certified in HR, security, and coaching. He worked for the San Diego Police Department from 1984 to 1999 and is the past president for the San Diego chapter of the Association of Threat Assessment Professionals (ATAP). He can be reached at firstname.lastname@example.org