Redesigning Entryways to mitigate violent offenders or unauthorized entries

Simply put, time A straight line to an entryway will allow an offender a faster time to get from point A to point B. By using the design of the environment along with symbolic barriers, the time from both points can be expanded. Greatening the time allows for the adversary to be exposed more and more emotional responses to possibly affect their choice.


Redesigning Entryways to mitigate violent offenders or unauthorized entries

Physical security is a necessity throughout the world. Everyone experiences it, some people experience it almost daily. The entire industry of physical security is rapidly growing with new technology; however, with technology, security professionals lose touch with the essential human function of people. Adversaries or human threats are just individuals who want to harm other people or a facility. Technology can be a lifesaver in some locations, and it can even be great for support, however, when dealing with humans, most of us are the same.

All humans bleed, most think the same, and most human beings have cognitive and emotional factors that allow each other to operate. Cognitive functions enable humans to be analytical and makes decisions, among other things (Van Gelder and De Vries 2014). Think about cognitive in the way deciding if someone wanted to ask their boss for a raise; people typically will weigh the cost and benefits to determine if they will proceed. Emotional responses, commonly known as feelings, would make someone nervous about asking their boss for that raise, maybe even scared. It is arousal of an emotion such as fear, sadness or any other sense (Van Gelder and De Vries 2014).

In the 1970’s several researchers were working on crime prevention programs and two particular researchers working on environmental design theories for crime prevention(Reynald 2014). One was an architect, and the other was a sociologist (Reynald 2014). However, they started the foundation of modern-day Crime Prevention Through Environmental Design or CPTED, which does work off of a person’s cognitive and emotional states like choice and fear (Tseng, Duane, and Hadipriono 2004). From the 1970’s on forward, there has been active and negative research on environmental design for security.

However, we live in a new era of security; threats are more dangerous and more abundant. There is terrorism happening all over the world with “soft targets” and designing safe and secure spaces that are controlled, doesn’t seem like it is getting a lot of research attention compared to other areas such as terrorism. The threats today aren’t to only mitigate risk against small local crime, threats today are to stop suicide bombers and terrorist from driving a massive truck through the front of a business plaza or building.

This paper is going to discuss the mixing of symbolic and manmade obstacles, layered security, together with the arousal of cognitive and emotional responses of humans. To ultimately manipulate and mitigate threats to all assets.

Part 1. Environment Design

Thinking about decision-making from perceived risk point of view

The process of delay and detection has its roots in the designing of a physical protection system from the American Society for Industry Security or ASIS as it’s better known as (ASIS International 2017). This paper draws parallels to risk perception, and a risk vs. reward type of mentality as the overwhelming amount of human beings perceive risk and react to this understanding (Pleskac and Hertwig 2014). As arousal of emotions like fear can make offenders perceive risk differently delaying an offender and causing detection for example.

When researchers think of crime, they can visualize three main elements that incorporate the offenders needs to commit these crimes (Brunet 2002). These items were broken down into three categories, motivation, target, and an opportunity (Cohen and Felson 1979). This came to be known as the Routine Activities Theory, RAT, of 1979 (Brunet 2002). Since then, there has been much more research on RAT, and it has developed into the triangle of crime.

If you notice in the elements of the underlying theory is an opportunity, or as Brunet put it “absence of capable guardians against a violation.” (Brunet 2002, 69) And if any one of these three elements is fractured the crime doesn’t occur (Cohen and Felson 1979).

Every human deal with risks every day, from getting into one’s car and driving; to asking their childhood crush on their very first date, they both have a risk and a reward. Whether the reward is getting to work on time without having to walk or the risk is getting your heart broken for the first time, humans do both.

The difference is how do risk differentiate between choice? One is set on a risk vs. reward analysis, and the other is a cost vs. benefit analysis, which almost appears the same. Humans are required to make decisions about these risk and reward options. Therefore decision theories come into play and cost to benefit analysis have more of a factor after an initial risk vs. reward analysis has processed. However, even though it might seem very confusing, it all can be done in seconds and sometimes it must be done in seconds. This is done with cognitive parts of a humans brain that analyze risk, rewards, cost, and benefits, and then decides (Van Gelder and De Vries 2014).

It also plays a part in the crime triangle as criminals tend to choose the offense based on cost vs. benefit (Steele 2015). Other factors may impede later decisions and raise the risk factors causing this cycle to repeat, and re-evaluation would need to be done (Van Gelder and De Vries 2014).  A decision must be made on all elements of the crime triangle, or the triangle shatters, and the crime is not committed (Cohen and Felson 1979). These decisions are generally ‘rational’ in criminals except for crimes of passion or crimes of “right now” where processing information quickly may be confusing (Steele 2015).

Environmental Design Research

Fear is one of the foundations of the original environmental design theory by Oscar Newman in 1972 (Reynald 2014). Newman’s original theory of ‘Defensible Spaces’ based on his research of housing projects (Reynald 2014) did have the mindset of the residents in the community’s fear involved.

Newman, who was an architect and not a criminologist, but did set the groundwork for environmental design and crime prevention along with a sociologist named C. Ray Jeffrey (Clarke 1989). Newman’s research focused more on the design of the housing projects that created crime and Jeffrey’s study focused more on biological aspects to crime and environmental elements to preventing the opportunity for crime (Clarke 1989). This is where opportunity is first related to the environment during the research for this paper, as mentioned prior, the opportunity is a foundational piece in the triangle of crime (Cohen and Felson 1979).

This era, 1971-1972, is what ultimately pushed other researchers to further the development of new adaptations of environmental design. One of those adjustments is still widely in use today which is called Crime Prevention Through Environmental Design or CPTED as it is commonly referred to (Reynald 2014). It is loosely set on Newman’s Defensible Space theory along with adaptations from other researchers such as Time Crowe who had by 1991 an entire set of guidelines based on environmental factors (Clarke 1989) and other researchers that have been involved since (Reynald 2014).

For instance, the original Defensible Space Theory had only three different phases, “Territoriality, natural surveillance, and image/milieu” (Reynald 2014, 74). These different stages or categories were used when Newman was studying housing projects for crime in the early 1970’s (Reynald 2014). By the early 1990’s, CPTED had developed splitting up the category of territoriality into two categories, one being access control and the other being territoriality and image being changed to maintenance (Reynald 2014).  At this point, there were now four different categories in a basic CPTED design instead of the three in defensible space theory (Reynald 2014). As more research was being conducted, they added a subcategory to make sure it was even better called “activities and support” (Reynald 2014).

The primary functions of CPTED are to limit the access criminals have to an area, facility, etc. (Tseng, Duane, and Hadipriono 2004) and to create “an environment that is unattractive to criminals” (Tseng, Duane, and Hadipriono 2004, 22). CPTED is also meant to make the offender’s anxiety rise and the guest or resident fear of crime lower (Tseng, Duane, and Hadipriono 2004) along with “an environment that evokes a perception of risk in offenders” (Tseng, Duane, and Hadipriono 2004, 22).

Other formations of environmental security theories formed such as Situational Crime Prevention was developed which is a theory that is widely based on the environment and more man-made security utilities (Hayward 2007). CPTED is based more on symbolic or natural measures and is more of a guideline for builders; Situational Crime Prevention is more for immediate action and more as a reaction to business (Hayward 2007).

Both theories have measures that can be taken from them and both play on the cognitive and emotional states of offenders. To say either one is better than the other is a personal preference and an opinion. It is possible to learn from both and apply that to further research.

Cognitive and Emotional Responses of Criminals

Your brain and your body work in mysterious ways, and they in connection with each other (Van Gelder and De Vries 2014). Your mind is always analyzing what is going on around you and sending messages to your body, for example when you know something is going to hurt you automatically stiffen up and try to prepare for the pain. This is the cognitive behavior of your brain, it controls the underlying thinking, analyzing decision-making, etc. while sending signals like emotions out through the body to give a more physiological reaction (Van Gelder and De Vries 2014). These responses can be fear, love, happiness, etc., anything where someone feels or their body changes.

Criminals as well have, generally, the same makeup as normal humans when it comes to their cognitive and emotional behaviors (Steele 2015). Some research by criminologist over the past several decades has gone into looking at decision-making with criminals and how choice theories affect criminals compared to average humans. Most of the research has found very little in the way of differences when it comes to measuring cost vs. benefit (Steele 2015).

Other research has taken a more in-depth look at the brain itself and studied not only choice but the activity of behavior in criminals. This action plays out with the cognitive parts of the brain analyzing the cost and benefits before a crime occurring (Van Gelder and De Vries 2014). In 1962 two researchers, Schachter and Singer did an experiment that showed artificially arousing a person’s physiological state mixed with their cognitive state while manipulating the environment can alter their emotions (Mezzaceppa 1999). Even though this experiment involved pharmaceuticals and individuals as the environment, it showed that there is a possibility of manipulating emotions with environments. However, since the 1962 study of Schachter and Singer, many others have tested their theory have challenged it with different, same, or slightly different results (Mezzaceppa 1999).

This research, along with the environmental theories builds up an approach for the hypothesis of designing an environment for an entryway that is unattractive to criminals; it creates a spike in their emotions to affect their ability to make rational decisions on cost vs. benefit.

Entryways into and Human Threats

These components have been selected due to their capacity to loop everything together and theorize the perfect access point is utilizing specific parts from different areas to create an entryway. CPTED tells us natural surveillance, access control, and territoriality is extremely important to crime prevention (Reynald 2014). Part 2 discusses the role of how cognitive and emotion is controlled in the body and that it is possible, but not guaranteed, to manipulate the behaviors. Mix all of this and out will come the perfect solution to an entryway.

CPTED argues for the use of natural and manmade objects to be used to design an environment for the security. As mentioned earlier, in this day in age, security threats are more significant than ever, and security professionals must think outside the box. Mixing symbolic materials which would be considered landscaping, fountains, natural barriers, benches, etc. with security technology is what is needed in today’s world. Complete control over the flow of people and where they go, using concepts already researched is the new direction of environmental security design.

Defense-in-depth is a known security measure that almost every facility uses, and even executive protection teams use (ASIS International 2009). Defense-in-depth can be described as layers of security where the outer most layer is furthest away from the most valuable asset, and an adversary would have to face a countermeasure at each layer (ASIS International 2009). Depending on the security level, the facility or person might have anywhere from three to ten layers of security.

The fastest way from one point to the next is a straight line. People know this from shared knowledge and life experience. Many entrances to facilities allow for a straight line from the parking area to the reception area.

Just mixing some of these issues anyone can see a formation coming together. Combining layered security, with two of the CPTED guidelines (access control and natural surveillance), along with not allowing a straight line from the parking area to the reception area, will affect a human threats ability on a facility.

If a human threat were to attempt to get into a facility to shoot someone, they would have to go through an outer layer which would have a gate and possibly a guard. They would have to park on the side of the building but visible (natural surveillance) and walk a long distance, zig-zagging while being visible (delaying). Before reaching the front reception area which is layer 2 and should be locked down at this point.

This is just one example of this application could be used for many environments that could have more cognitive and emotional effects on the human threat due to the natural surveillance aspect of the design. The more criminals are seen, the less likely they typically are to commit a crime (Tseng, Duane, and Hadipriono 2004).

The studies of environmental design theories have been evolving for decades and will continue. We live in an ever-growing era of rising threats from both criminals and terrorism and need further studies and research in the field of security science and design. The government typically has the market on security design topics, but the area is rapidly growing, and soon more and more private security officers will be seen in public places.

Work Cited

ASIS International. 2009. “Facilities Physical Security Measures.” Arlington.

. 2017. Protection of Assets – Physical Security. Edited by M Knoke. Arlington: ASIS International. doi:10.1016/B978-0-12-416007-1.00013-3.

Brunet, James R. 2002. “Discouragement of Crime Through Civil Remedies: An Application of a Reformulated Routine Activities Theory.” Western Criminology Review 4 (1): 68–79.

Clarke, Ronald V. 1989. “The Theory of Crime Prevention through Environmental Design.” In, 20.

Cohen, Lawrence E, and Marcus Felson. 1979. “Social Change and Crime Rate Trends: A Routine Activity Approach.” American Sociological Review American Sociological Review 44 (4): 588–608.

Hayward, K. 2007. “Situational Crime Prevention and Its Discontents: Rational Choice Theory versus the ‘Culture of Now.’” Social Policy & Administration 41 (3): 232–50.

Meyer, Sunniva. 2012. “Reducing Harm from Explosive Attacks against Railways.” Security Journal 25 (4). Nature Publishing Group: 309–25. doi:10.1057/sj.2011.23.

Mezzaceppa, Elizabeth S. 1999. “Epinephrine, Arousal, and Emotion: A New Look at Two-Factor Theory.” Cognition & Emotion 13 (2): 181–99. doi:10.1080/026999399379320.

Pleskac, Timothy J, and Ralph Hertwig. 2014. “Ecologically Rational Choice and the Structure of the Environment.”  Journal of Experimental Psychology 143 (5): 2000–2019. doi:10.1037/xge0000013.

Reynald, Danielle M. 2014. “Environmental Design and Crime Events.” Journal of Contemporary Criminal Justice 31 (1): 71–89. doi:10.1177/1043986214552618.

Steele, Rachael. 2015. “How Offenders Make Decisions: Evidence of Rationality.” British Journal of Community Justice 13 (3): 1475–279.

Tseng, Chun-Hao, Josann Duane, and Fabian Hadipriono. 2004. “Performance of Campus Parking Garages in Preventing Crime.” Journal of Performance of Constructed Facilities, no. February: 21–28. doi:10.1061/(ASCE)0887-3828(2004)18.

Van Gelder, Jean-Louis, and Reinout De Vries. 2014. “Rational Misbehavior? Evaluating an Integrated Dual-Process Model of Criminal Decision Making.” Journal of Quantitative Criminology 30 (1): 1–27. doi:10.1007/s10940-012-9192-8.

Securing the system from non-invested users by utilizing the VLAN P.I.A. system


Network oyline



In a typical IT infrastructure, there are seven domains that all carry with them their challenges and risk for securing against attacks (Stewart, 2014). These seven domains; the user, workstation, LAN, LAN to WAN, WAN, remote access, and systems application domains all require layered security approaches as well as both human input and technology made by humans (Stewart, 2014). Even when dealing with the OSI model, at different layers, each layer has its function and needs to be adequately secured and understood (Kamesh & Sakthi Priya, 2014). However, out of all of these domains, the one that deals with humans, is used in both the architecture and OSI models, and has vulnerabilities that come with humans, is the User domain.

People are often unpredictable, make mistakes, and get quickly involved in the wrong situations without thoroughly thinking of the long-term consequences. Humans also are predictable by nature; they tend to create insecure passwords and use them on the same accounts (Chanda, 2016). Password cracking and theft are a significant vulnerable and risk of not securing not only a network but also the information on the network and future information (Chanda, 2016).

Humans are trustworthy and susceptible to espionage or social engineering as a form of information gathering to gain more intelligence on a system or a particular application (Oriyano, 2014). The thing that makes humans great makes them a challenge in the security world. In security; controlling these urges and keeping this information protected is an advantage. However, that isn’t very human.

Typically, at a firm, there will be what could be considered two types of humans. Invested humans and non-invested humans. An invested human would be the everyday proprietary employee who works directly for that firm, gets a paycheck from that company and has a vested interest in that firm succeeding. A non-invested human is someone who isn’t a proprietary worker for the business, has no real connection to the company besides coming every couple of weeks or months to fix something or even a visitor to the business. Someone who has no loyalty to the company and is there to do a job, make another firm money. They typically are a proprietary worker for an entirely different firm, but they come to this company on occasion to either work on projects, fix issues, upgrade hardware, etc. These people are vested in the company they work for, which keeps the majority of them honest but aren’t one-hundred percent invested in the companies they go to. They are usually known as contractors, consultants, technicians, etc. In the realm of security, they can be known as “risk”.

Vulnerabilities & Risk

When talking about threats and vulnerabilities then calculating the likelihood of occurrence to reach a prioritized list of risk (ASIS, 2015), each firm would have to determine what priority the user domain risk is, however, it is likely very high. Password theft is typically one of the most substantial risks along email scams. However, this paper is going to discuss the risk of  “Guest” entry into the primary computer network.

Guest, people who are non-invested in the firm but have to access the network and are authorized by whichever authentication method the business uses to log into the same network as all the firm’s data and essential files sit. In 2006, a study was conducted and found that just in the United States, tech firms held 98% of all their assets in nonphysical, intellectual property assets (Slate, 2009) that were possibly vulnerable to network attacks. This means the guest who sometimes has full access and permission to communicate with the servers, software, and almost all layers of the network from inside has the opportunity to carry out a large-scale attack. They could use some exploits such as injecting malware using a thumb drive, an XSS or SQL injection on a physical server, or even implanting a file on the system to monitor everything and continuously send them a mirror copy of the data. This can all be done within seconds at a workstation; there are several live demonstrations of scripts online that are on a USB drive and placed onto a computer where it works in the background and takes less than thirty seconds to accomplish the commands and exit out.

It’s been long known by researchers that there are three foundations to crimes. These elements are when there is a bringing together of an adversary and a suitable target with the absence of eyes or someone to see them (Reynald & Elffers, 2009, p. 39). This was established in 1979 in Cohen and Felson’s research on Social Change and Crime Trends, which resulted in the “Routine Activity Theory” (Cohen & Felson, 1979). Further research has renamed this to what it’s known today as the crime triangle. The crime triangle is an updated version from years more of research on the subject and shows that crimes must have the motive, opportunity, and ability. If anyone of those factors is missing the offense will not take place (Cohen & Felson, 1979). Law enforcement uses this when they try to prevent crime and other industries due as well. Allowing non-invested humans into sensitive space if giving them the opportunity not taking it away.

This paper is going to focus on the concept of VLANs or Virtual Local Area Networks as a means of mitigating the risk from non-invested humans or “guest”.

Three LAN Compartments

To introduce this, the concept is called Virtual Local Area Network; however, this paper will change it up with some few changes due to the fact there needs to be one-way communication coming from the Business LAN. For that reason, this paper is going to refer to this concept as “Privacy Integrity and Authentication Local Networks”. The entire idea is relatively simple; there are three different LAN’s; Business LAN, Security LAN, and Guest LAN. All three of the networks will not cross each other which is the primary point for securing them. It is impossible for someone who is logged into the Security LAN to enter the Business LAN as an example. The Security LAN is its own area with several servers that serve multiple clients for surveillance, reporting, authentication, etc. The Guest LAN, where non-invested individuals will have access to, will be a mirrored image of the Business LAN. That way the Guest can see in real time what the business is doing or slightly delayed. See Fig. 1 for the topology of the network.

Security LAN

The first section that will be discussed will be the Security local access network or SEClan. The SEClan network should be a network for all of the security needs of the company including physical and most IT security. This is where surveillance video will be stored, sensitive documents, authentication servers, and software among other security-related functions.

One of the primary goals of the SEClan is to act as a general backup to the entire company’s network. This will take a lot of storage space and more than likely, depending on the firm, many servers to do this. These servers such as a database, authentication, media, file and other types of servers would all be needed to complete the mission. Being this is the backbone of the company and holds the company’s critical information, financial reports, customer reports, business continuity, etc., security is a must to this LAN.

General security practices should be upheld when it comes to two-factor identification methods for logging into the LAN as well as possibly even higher security depending on the material. Biometrics to also get onto the login page is a possibility for physical security if needed and passwords should be issued to employees not chosen. Coming into this LAN from the VLAN switch that this paper will talk about later, will be a router with port forwarding with the correct ports for FTP, HTTP, etc. and a firewall.

All VLAN firewalls will require communication from one LAN to the outside WAN before a packet can be sent back. The firewall will be instructed never to let an unsolicited packet through. The firewall should also have the best practices when it comes to what the users of the LAN need and what is secure (Stewart, 2014). A team inside the IT departments and Security departments can come together to determine these rules. This is the same for all the VLANs.

Normal Business VLAN

The next LAN is going to be the standard business LAN, where proprietary employees are authorized to conduct their work as long as it stays within policy. This LAN is set up with the servers it needs to be able to maintain its business operations and competitiveness along with two VPN servers.

During the authentication stage of gaining authority to enter the company’s LAN, the system administrator will set the user, based on the username and account, on which LAN they will have access to and be directed to go. If a new employee comes in, when they get assigned a username and account for logging into the system it will log them directly into the standard business LAN. When a consultant receives an account issued to them, it will give them access to the Guest LAN.

The Business LAN is the primary and most significant LAN of the system and takes up the most bandwidth and usage. Every employee except security personnel, are on this LAN, and it even could have limited remote access capabilities. The business LAN is used for every department. However, you could subnet the network more and create other VLANs depending on your switch and its capabilities.

Guest LAN

The final LAN is the Guest LAN and is used by those who aren’t invested in the company. This LAN is a perfect mirror image of the Normal Business LAN as it continuously updates data through a locked VPN server throughout the day. The data comes directly from the Business LAN and filters through the Guest LAN, making it seem like the real network with minimal delay. However, due to the security measures put in place, it is complicated to upload anything into the Business Network. It is imperative as an IT professional to test your security and the VPN into the Guest LAN is the significant vulnerability. In this scenario, this vulnerability is tested at a minimum once a quarter per policy, however, it is more than likely checked once a week.  It is always documented when a “penetration test” is conducted, along with the results and any screenshots.

As the VPN comes into the Guest LAN, it is met by a forcefield of firewall rules and protections against outgoing packets. As many may say, a firewall can be referred to a bouncer checking ID’s, the wrong person has one, and they get thrown out (Liu & Gouda, 2008). In this scenario, the packets transmitting through the internet would be the ID’s and the information the bouncer is looking for isn’t a birthdate, but instead packet header, port numbers, etc.

Errors in firewall rules can be costly for anyone, but when you’re protecting a million or billion-dollar business, it can be devastating. The key to preserving this single line that connects the Guest to the Business is layered security. Layered security is merely layering countermeasures on top of another so an adversary must keep working (Bhabad & Bagade, 2015). This will hopefully delay them and eventually infuriate them and make them go away.

In the P.I.A. setup with the VLANs, the firewall rules allow for a limited number ports to transmit packets from the Business LAN over a Virtual Private Network to the Guest LAN where it is then filtered to where it needs to go to mirror the Business Network. However, the firewall rules, do not allow and deny any and all outgoing traffic from the Guest LAN (Source: server IP address) to the Business LAN (Destination: VPN IP address). There are two firewalls in place that have this same rule as you can see from Fig. 1.

To make this a bit clearer, the rules on the VPN and firewall only allow for packets to be transmitted from the Business LAN to Guest LAN. If someone were to transfer something from the Guest LAN to the Business LAN, it would be blocked by one of two firewalls, and at least one out of four alerts would come across the IT Security wire.

An IDS or IPS should be added to make another layer of security to create specific data packets aren’t crossing over. A customized IDS or Intrusion Detection System should be installed behind the firewalls near the VPN router and switch, closest to the VPN servers. Having a great IDS, or IPS, as it is sometimes, is referred to can be a great solution to capturing unwanted harmful packets as it often has a database of malware it can compare to and updates frequently (Edith & Chandrasekar, 2014). With the proper information placed inside it should alert IT, staff, if anyone is trying to pass information or trying anything suspicious. It should also be noted, if you look at Fig.1, the Security LAN has the same process due to needing a daily backup sent of all the company’s information. This setup has all the same settings, and nothing is different. Fig 2. Shows an example of the proper firewall rules to allow this option to occur.

However, even with these layers of protection, it is still possible for someone to upload something into the one VPN connection to harm the business network. Malicious content that could be injected physically into a drive manually from a website or email can be incredibly dangerous to the network. This is why a limited number of workstations, depending on the need, should have access to this tunnel. Limiting the number of stations limits the number of vulnerabilities and raises the quality of overview. In the security department, there shouldn’t be any workstations that can access the VPN. The VPN servers should only communicate with switches, routers, and servers in this network. If a typical workstation attempts the VPN connection, an alert should be done, and the firewall should stop it by rule.

The security to get onto the workstation, for guest, should be a password given to you by either IT security or by corporate security and it should last for a maximum of five-hours before a new one must be issued. There should also be software preloaded onto computers to log an alarm when a “guest” inserts a drive into the workstation. A software program such as thing couldn’t be hard to find.

There’s going to be a time when a guest must be on the actual business network to fix an issue. During these times, the guest should be supervised by an IT professional. A robust policy should be applied, and the guest should be forced to log into an account created for them to track them and set off the internal software and supervised. These are ways to mitigate these risks.

VLAN Switch

The entire system will only work off a switch that is a managed switch with VLAN capabilities. What that means is if there are thirty Ethernet ports in the back the IT professional can set each LAN with ten ports and they are all on separate ‘virtual’ networks through the eyes of security. The last LAN can’t talk to the first, and the first can’t speak to the second. You would need to set up a router and route traffic out of that virtual LAN and back into the other one to communicate.

In the figure 1 picture, the demonstration of the VPN is almost a representation of this. On all, Guest, Security, and Business, I had to route the transmission away from the VLAN and towards the VPN server creating an entire network.

Remote Access

It is clear that at some point technicians or consultants are going to have to be inside the system physically. As mentioned before, an IT professional should be able to mitigate that, however, when it comes to remote access things do change. Some companies look for remote access for technicians; others seem to give it to their employees. In this paper, remote access is never suggested for non-invested persons. It is also not recommended for invested persons, but it has to happen, especially in today’s world.

It should be offered with maximum security to both the physical workstation, some access control, logging onto the computer, dual authentication with the remote access software. This dual authentication should be, the password and a ten-minute text message or email with a code. Maybe even a third authentication such as a phrase could be added, but remote access is hazardous and vulnerable especially to foreign travelers.


When it comes to information security, the world is growing. Hackers are getting smarter; technology is getting larger. Everything is progressing and with it comes new responsibility for IT Security professionals to think outside the box. A lot of people in the IT industry are extremely inside the box; they are book smart, they can tell you the formula or whatever you want to know. However, the people trying to dismantle their machines, their brilliance, they think differently.

They look at life from the outside, they think outside the box. One thing about security is you have to adapt to your threat. It happens in almost every line of ‘security’ I know. If you are going to be successful, you must overcome and adapt. Being the ones who are always coming in from behind doesn’t seem like adapting but more responding. Sometimes, just sometimes even security can have some imagination to you. It’s up to the people who implement the security to be imaginative or learn from an incident. Proactivity works, taking steps like these VLANs and others can upgrade the security of many companies across the world in one area.


ASIS. (2015). The New ASIS Standard on Risk Assessment. ASIS. Arlington, VA.

Bhabad, M. A., & Bagade, S. T. (2015). Internet of Things : Architecture, Security Issues, and Countermeasures. International Journal of Computer Applications, 125(14), 1–5.

Chanda, K. (2016). Password security : an analysis of password strengths and vulnerabilities. I. J. Computer Network and Information Security, 7(July), 23–30.

Cohen, L. E., & Felson, M. (1979). Social Change and Crime Rate Trends: A Routine Activity Approach. American Sociological Review American Sociological Review, 44(4), 588–608. Retrieved from

Edith, J. J., & Chandrasekar, A. (2014). Layered Architecture to Detect Attacks Using Asymmetric Support Vector Machine. Journal of Applied Security Research, 9(2), 133–149.

Kamesh, & Sakthi Priya, N. (2014). Security enhancement of authenticated RFID generation. International Journal of Applied Engineering Research, 9(22), 5968–5974.

Liu, A. X., & Gouda, M. G. (2008). Diverse firewall design. IEEE Transactions on Parallel and Distributed Systems, 19(9), 1237–1251.

Oriyano, S.-P. (2014). Hacker techniques, tools, and incident handling (2nd Editio). Burlington, MA: Jones & Bartlett Learning. Retrieved from!/4/2@100:0.00

Reynald, D. M., & Elffers, H. (2009). The Future of Newman’s Defensible Space Theory: Linking Defensible Space and the Routine Activities of Place. European Journal of Criminology, 6(1), 25–46.

Slate, R. (2009). Competing with intelligence: New directions in China’s quest for intangible property and implications for homeland security. Homeland Security Affairs, 5(1), 29. Retrieved from

Stewart, J. (2014). Network security, firewalls, and VPNs (2nd Editio). Burlington, Vermont: Jones & Bartlett Learning. Retrieved from!/4/2/2@0:0

An Introduction to Corporate Espionage: Where do we go from here and how do we mitigate the risk?



Corporations run like fine-tune machines for the most part. They are meant to work with a top-down approach and are fueled by innovation and an open and free market. Corporations have shareholders, and by law, they must do what is best for the shareholders of each organization. However, sometimes these companies are placed in tight spots. The business world is extremely competitive, and other firms are always making products that could be more profitable, so some organizations look for the easier way to play the market, the illegal way.

Businesses play a game, and to play any game, a company needs a robust and well-defined strategy. A Firm need to know the who, what, where, why, and how of everything in the market, data is the critical element of this game. These factors also include information on the competition, the market trends, the regulations, customer base, etc. All this information can be called intelligence, which can be analyzed and be used to generate a robust and dominant strategy to take to the marketplace. The data contained in the knowledge is precious for companies for this exact reason. Unfortunately, getting the information needed has often the hardest part.

With the modern era of globalization and multinational corporations, it has become even more difficult for companies to gather useful actual data by legal methods and a lot of enterprises have moved towards using industrial espionage tactics to get this information. Industrial espionage is defined as the theft of secretive information from corporations by other private companies (Søilena, 2016). Another form of this type of espionage that has grown over the past two decades is Economic Espionage which is theft of trade secrets typically sponsored by other nation-states (Søilena, 2016).

Both types of espionage are having a severe impact on the American economy and American business as a whole. A 2006 report stated that a vast amount of technology companies intellectual assets are unknown to stakeholders [trade secrets] and are vulnerable to cyber attacks (Slate, 2009). America is the largest economy in the world and globalization makes for a robust and insecure security climate toward trade secrets. However, with proper training, policies, and security measures, mitigating risk to trade secrets is possible.

History of Industrial Espionage

The theft of trade secrets has been going on for as long as there has been competition among business. As mentioned before, business is a game that needs a strategy to win. Theft of trade secrets can be traced back to many years to silk road but most notably to around the 17th century where a Frenchman stole secrets from China on how to make porcelain and brought that information back to France to earn money (Champion, 2008).  The first laws to cover “trade secrets” were patents, and they became present when the British government started to issue patents around 1623 (Champion, 2008). Around 1791, the French government also started to issue patents which were the first law to protect commercial items of its kind (Champion, 2008).

Over the past centuries, there have been countless cases of industrial and economic espionage. During the first World War, there was another battle being fought under the seas between Britain and the U.S. and around South America. Cables that were sent from America during this time ultimately passed through Britain controlled companies which they had sort of a monopoly (Winkler, 2001). However, American firms wanted a piece of this market and the first American company to challenge the British monopoly was the Central & South American, Cable Company (C&SA). Who, along with the Wilson Administration, wanted in on the cable communications industry but needed to challenge the British company Western Telegraph (Winkler, 2001). The American Government, with the help of the American Ambassador to Brazil, assisted C&SA with intercepting communications between Western Telegraph and tried to give the American company the advantage it needed to be successful (Winkler, 2001).

More recently, China in the early 2000’s tried to get Google’s source code to try and start a search engine (Javers, 2011). The infamous Enron hired an ex-CIA employee and an ex-British intelligence officer who flew planes over European power plants with thermal imaging cameras to gain intelligence on the output of each plant (Javers, 2011). These are just a couple of the many cases of corporate espionage that have occurred in the modern era of business, and with technology getting more and more advanced, the techniques will be getting harder to spot and defend.

The Vulnerability of Globalization

Some define globalization as being in the communication realm with more and more people being able to talk to each other. Others may describe a social openness allowing different cultures to come together and experiences new and exciting things. However, when it comes to business, globalization can be understood as the expansion of the free market throughout the world (Kovacevic & Pavlovic, 2016). Globalization includes trade and freedom from regulation that has had a significant impact on worldwide economies since the 1970’s for business. These policies have created a global economy that is interconnected instead of a national economy dependent mostly on itself (Kovacevic & Pavlovic, 2016). This lead to significant opportunities for corporations wanting to expand their operations which they did. Making economies no longer just to one country but multiple countries around the world (Kerr, 2016).

During the same time, another technology that undoubtedly had a significant impact on business globalization was being connected all over the world, the world-wide-web. The internet has a fascinating history dating back to 1908 with Nikola Tesla, where he envisioned being able to send a message from New York to a businessperson in London instantly (Kleinrock, 2010). It grew into storytelling with H.G. Wells who wrote about a “World Brain” and then in 1945 when Vannevar Bush wrote about the Memex machine that was like an encyclopedia on steroids for everyone (Kleinrock, 2010). In the late 1960’s ARPANET was created by American graduate students looking for a way to have computers communicate with each other over distances (Kleinrock, 2010). In 1969 this group of Ph.D. students found investors and were able to create a “4 node” network to start the ARPANET project (Kleinrock, 2010).

intial ARPANET

Fig 1. 4 node network (Kleinrock, 2010, pp. 31)

By 1972, email was added to the network, and eventually, other people started creating networks similar to ARPANET-like TELENET and connecting their networks to ARPANET (Kleinrock, 2010). Finally, someone was trying to explain the interconnection of all of these different named networks and how they worked and came up with the name “Internet” (Kleinrock, 2010). The same thing that was happening in America was going on overseas once ARPANET was out there and people started creating networks and connecting them (Kleinrock, 2010). By the end of the 1970’s and into the 1980’s the internet was a worldwide network of connected nodes or computers (Kleinrock, 2010), It wasn’t as large as it is now but it kept growing and growing until it got to where it is today.

With internet expansion across the globe and business development throughout the world, it has made the two work together to achieve the business goals. However, the internet is not the safest place, and many vulnerabilities exist for a company. Throughout the world, corporations are said to have over seventy percent of their assets in intellectual property (Slate, 2009). This means that designs, recipes, and a lot of worldwide corporation’s secrets are somewhere vulnerable online.  Nation states are getting involved and investing billions of dollars into economic espionage to steal trade secrets (Champion, 2008) as well as blackmail, fraud, or counterfeiting American products to boost their economy. With the internet where it is at, this makes it easier for these companies and countries to do this instead of having to send an actual person to do this work.

The problem has become so severe in the United States; it can be called a National Security concern as many of these industries that are vulnerable are connected to the national economy in ways that if they were attacked, it could turn into a catastrophic event. Banking institutions, technology companies, manufacturing companies, and even information companies are the foundation of the American economy. A breach or theft of trade secrets or significant loss of their profits could do extensive damage to the American economy as a whole.

China is currently one of the major players attempting to do this. China is a country with a lot of unskilled labor that wants to build its technology economy up incredibly fast. Unfortunately, they don’t have the skilled labor to develop the technology to do it so for the past twenty or so years they have been investing a lot of money and resources in economic espionage activities in America (Javers, 2011). China wants to outpace the United States and have a much better economy, but they want to pay their labor lower and sell for higher making more money (Javers, 2011). The only way China can do this is cut out the research and development side and steal the r&d just to start producing it. China, and others, actions come at a considerable cost to American companies and the American economy. In 2004, the U.S. Department of Commerce estimated that the economy lost out on over twenty billion dollars due to Chinese counterfeiting (Slate, 2009), and that was just due to one nation-state.

Hardening Trade Secrets

One way to always “catch the bad guy” is to think like the bad guy, and this can be used in the arena of hardening your facility for any espionage attack. Physical security standards are widely adopted and studied for preventing unauthorized individuals from entering a facility. However, when it comes to corporate espionage (combining both industrial and economic espionage) the act in itself typically doesn’t occur like a routine burglary or some random act of theft. Espionage attacks are well thought out, and if an adversary has to make a physical presence at the facility, they will have a planned way of conducting their entry and exit.

The goal is to reduce the risk of both an adversary physically entering the facility and entering the network of the company. To do this, a robust physical security department with appropriate funding and staff must design an environment that meets the needs to adequately ensure the safety of the employees and other tangible assets. Proper barriers such as fencing, walls, windows, and doors need to set up as well as the appropriate access control systems to allow employees into the authorized zones. In total, the entire security plan for the facility needs to be reliable, efficient, and well-developed out which includes espionage as a threat.

When it comes to network security, the same needs to be done. A robust and able Information Security department needs to be set up, and the network needs to be protected but keeping in mind “CIA” (Confidentiality, Integrity, and Availability) by the use of multiple firewalls, intrusion detection systems, and authentication procedures. Password management is a real concern with network security and should be given a lot of time with the IT security staff to develop a plan for managing staff passwords.

By far the weakest link and the most vulnerable are employees. Human error and vulnerability are why training is critical is the overall security of an organization. Every employee needs to be trained and has a thorough understanding of corporate espionage tactics. They also need to understand email security and the proper policies, procedures, contingency plans, and response protocols need to be in place for events that may occur if anything were to happen.

Specialized training should be given to employees who travel and use a remote login system. Especially if the employee is traveling overseas. These employees should be given tips on who, what, where to avoid. What not to do when on a trip and their workstation computer should have multiple authorizations and authentication procedures before being allowed access to the organization’s network. Some tracking or disabling software should be attached to the workstation in case the workstation is stolen or lost, and this training should be conducted yearly to keep the employee up to date on current trends.

Counterespionage Units

Other than setting up an organization’s physical surroundings and network to be as secure as possible from espionage activity, another avenue is to establish a proactive counterespionage objective in the organization to combat potential acts of spying. This paper has documented the long history corporate espionage has and the direct impact it will have on both an economy and on the individual organization. Having staff who are trained in countering the ways people try to steal trade secrets and train employees is only going to benefit the company. These employees know what to look for and identify what methods spies use to obtain trade secrets.

A counterespionage plan should be completed by a team of professionals to detail the risk and targets of trade secrets the company has (Benny, 2013). This program should also include security measures that have been taken to reduce the risk, such as physical security measures, network security measure, policies, procedures, training, security forces, etc. (Benny, 2013). A substantial vulnerability to organizations are disgruntled former employees who wish to sabotage the company, so any and all human resource plans for dealing with terminated employees needs to be included as well (Benny, 2013). A layout for conducting investigations and who the team or unit is ultimately under the supervision of should be defined in this plan as well as the confidentiality of the group. This program should be agreed to and signed by the shareholders of the organization who are in charge of executive management, executive counsel, and executive security such as the Chief Executive Officer, Chief Legal Officer, and Chief Security Officer. If there is a board, the board should also sign off on the authorization of the plan.

The counterespionage team should work in close cooperation with law enforcement officials when it comes to corporate espionage cases as the government can offer more resources. The budget for the team should be efficient, but the team should be allotted enough monetary funds to conduct investigations, travel, training, and to purchase needed equipment to watch suspected individuals legally. A proper counterespionage unit can work either alone or within another department to adequately mitigate the risk of a corporation losing trade secrets and possibly millions of dollars in profit.


Corporate espionage on both fronts, economic and industrial, are severe issues to both corporations and national economies. With the rise of the internet and more global companies expanding every year, the threat grows more substantial. Countries like China and Russia are investing heavily in stealing trade secrets and counterfeiting American products to improve their economy while the American economy stays stagnant or declines. This harms not only the world but also America and eventually every single American.

Corporate espionage is a National Security threat and both, governments and private companies, need to take this threat seriously. Laws have been passed to assist in the effort, but it’s now up to corporations to protect themselves against some of the risks. New ideas and a new generation of thinking need to come into play. Training, policies, procedures, and technology, all need to merge to combat this global threat and mitigate the risk so that it doesn’t destroy the national economy for one while growing the other.




Benny, D. (2013). Developing a Counterespionage program. In Industrial Espionage. CRC Press.

Champion, B. (2008). A Review of Selected Cases of Industrial Espionage and Economic Spying, 1568-1945 Brian Champion. Intelligence and National Security, 13(2), 123–143.

Javers, E. (2011). Secrets and Lies The Rise of Corporate Espionage in a Global Economy. Georgetown Journal of International Affairs, 12(1), 63–60.

Kerr, W. R. (2016). Harnessing the best of globalization. MIT Sloan Management Review, 58(1).

Kleinrock, L. (2010). An early history of the internet. IEEE Communications Magazine, 48(8), 26–36.

Kovacevic, M., & Pavlovic, N. (2016). Globalization and the knowledge society. Scientific Review, 4, 85–94.

Slate, R. (2009). Competing with Intelligence: New Directions in China’s Quest for Intangible Property and Implications for Homeland Security.  Homeland Security Affairs, 5(1), 29. Retrieved from

Søilena, K. (2016). Economic and industrial espionage at the start of the 21 st century – Status questions. Journal of Intelligence Studies in Business, 6(3), 51–64.

Winkler, J. (2001). From the archives, early corporate espionage amid World War I censorship. Cryptologia, 25(2). Retrieved from

Community Policing in America: Is it Possible in 2017 and Beyond?

Over the past several years’ police officers have been under scrutiny for shootings and use of force toward minorities in America. In 2014 after the shooting death of Michael Brown in Ferguson, Missouri, grew a movement where law enforcement has been under the microscope from both the media and the public. Serious violent crime has been on the rise in America, and many believe it is in direct relation to a slowdown in law enforcement tactics in high-crime areas. For the serious violent crime to be reduced there needs to be an equilibrium of effort put forth by the community and the police. It cannot be a one-sided effort.
As violent crime and murder peaked in the late 1980’s, and early 1990’s the public demanded a change from American law enforcement and demanded that law enforcement is more proactive than reactive. Minimum mandatory sentencing made sure offenders stayed in prison for a long time, and violent crime fell in the late 1990’s and throughout the 21st century. However, American law enforcement never adjusted to the crime trends and proactive policing continued at 100% as crime fell into the 21st century. These practices led to an abundance of minorities being incarcerated for more extended periods of time. Which caused damage to the community and police, along with economic and social hardships in inner-city communities due to separated families.
Proactive police work is a needed tactic for law enforcement to prevent crime, there is no denying that.

However, law enforcement needs the community to identify suspects, to report crimes, to be witnesses, etc. Without the assistance of the community, crime reduction is impossible. Each community must have the social capital to assist their community in fighting crime. Social Capital can be described, in relation to law enforcement, as a community with networks, neighbors, foundations, and the ability to trust the police, fire, other officials and can improve the efficiency of that community. A community that looks out for one another and socializes when there are problems.
When it comes to communities that lack this social capital, unfortunately, most are inner-city communities that consist of minorities. Most inner-city communities suffer from economic and social climates that are precursors for crime trends. Having the confidence and ability to be proactive in these communities, as well as all communities, is vital to law enforcement operations as they tend to lead to law enforcement actions like capturing fugitives or seizing contraband. However, when mistrust arises in a community or the social capital of a community is weak, it makes being proactive more difficult.
Many people argue proactivity only targets minorities, however, law enforcement is like any other business and acts on efficiency. The most substantial division of any agency is its patrol division. The upper and mid-level supervisors assign officers to an area based on the historical need in that geographical area of crime trends. If a zone is a high crime area, it will tend to have more officers assigned to it than a zone that is not as crime-ridden. Unfortunately, many inner-city neighborhoods are high crime areas due to their social and economic struggles. Therefore, being proficient, there are naturally more officers patrolling the inner-cities than there are patrolling other regions. On the one hand, this is a good thing; it means faster response times to in-progress calls. However, on the other hand, it says looking at the statistical data on a sheet of paper it is going to show an unbalance of citizen interactions that statistically misrepresent one side. It is also going to enhance the chance of a tragic event happening, i.e. a shooting, police brutality case, etc. because there are far more interactions in that community than others in the same jurisdiction.
There indeed are challenges when it comes to policing in America. It is said that when police officers feel that a community lacks social capital, they feel a responsibility to step up and be the one that protects that community. Police Officers took an oath to protect the citizens they serve, and most police officers are great public servants. However, when trying to balance preventing crime and still building a relationship with that very same community, it is a struggle. The former Dallas Police Chief, David Brown once said, “Every societal failure, we put it on the cops to solve”, meaning schools, economic, social, etc.

With all of this, you throw in being proactive and trying to prevent crime in communities that distrust the police but require the police; it seems impossible. One must ask themselves, how did the state of law enforcement get here? And can police and community relations every improve without social and economic improvements? Things that are out of the control of law enforcement and more in control of politicians who have somehow escaped all blame for the quality of life in inner-city communities.

Why do You Want to Be a Cop? Utilizing Strategic Leadership to Improve Community Policing

Full version published Here on LawOfficer

I remember the feeling of fear from residents when a crime spree was happening in a neighborhood. That anger, frustration, distrust, towards all my zone partners and me for not solving the problem fast enough. Nothing I could say or do would be enough, short of solving the crime. To make all those feelings go away from the members of the community I swore to give my life to protect, no matter the crime.

Years before, I remember being a nineteen-year-old kid fresh out of the academy. A little cocky, I passed one of the top-ranked state tests the first time taking it, receiving my law enforcement certification and ready for a job! Not even legally of age to buy a handgun, I set forward to my first destination for a position in law enforcement. I was also a little more arrogant (internally) with this position due to the fact my dad knew the Chief Deputy. I figured I was a shoe-in for a deputy sheriff.

After applying I got a phone call for what was called an “Oral Review Board”. They taught us about these in the academy; the candidate sits on one side of the table and three to four members of the department sit (in uniform) on the other. Typically, a line officer, a line supervisor, and a command staff member, I was lucky enough to have the the number two; the Chief Deputy, [sarcasm]. I never really figured out if that Chief Deputy liked my dad or if he just wanted to torture me as that entire nine months of processing was horrific as I did ninety-percent of their process, received a conditional offer of employment, almost rented a house, still didn’t get the job.

My father worked in politics, so maybe it was payback. However, it exposed me to experience and one experience, in particular, I learned to take with me to all thirty plus Review Boards I went to in three-years, before actually getting a job. “Why do you want to be a cop?”, This innocent, simple question gave me a lot of trouble, and after speaking with people sitting on the boards, it always gave candidates trouble. I imagine that’s why it’s chosen as a question. The most common answer from an inexperienced person, especially a young person, “I want to protect and serve” or “I want to help people.” Which most boards immediately saw both as a negative. In fact, it wasn’t until later in my career did I understand that question and the answer they are looking for is founded in more of the first word of that entire question, why.

Fast forward well over a decade, October 2017 in Tampa, Florida. The Seminole Heights neighborhood is experiencing a spree of connected homicides. Some in the media are calling this the work of a serial killer, however, to the best of my knowledge Tampa police have not labeled it as such. Tampa police are only saying the murders are connected by location (all four are within blocks of each other) and other circumstances. These additional elements are likely secrets Tampa police want to be kept close to link the suspect when they catch them. Those in law enforcement understand this. More than likely, total speculation based on experience, the same gun –  at least a known caliber – was used, and that is part of the more circumstances among other things.

On November 14th, 2017, a local reporter interviewed a high school student about how this crime spree in the neighborhood has affected her life, and it brought back a lot of passion, anger, and other emotions within me. I haven’t been a cop in six years; I still research law enforcement because, at heart, I’ll always be one, I’ve now moved to the private side – the dark side. However, to listen to this young lady articulate her story of how this one person is affecting her ability to better herself, to live a free life, to enjoy being a kid, just having a massive impact on her quality of life. Those words reminded me of all those Review Boards I sat in, all the times I was asked WHY? Why do you want to be a cop? The emotional wave of passion that filled my blood was almost forcing me to get up and go there; to solve this problem. It was anger, but it was a controlled, compassionate anger that quickly led to the realization that I can’t do a lot. However, I know the police officers that are working the case feel the same way, they are built just like me, with that same passion flowing through their veins. I think to myself, if you’re a cop and this doesn’t invoke a deep desire within you to want to do something about it, you might have chosen the wrong career.

So, what does this long story have to do with leadership and community policing? As we speak, in Tampa, the NAACP is nervous because the suspect that has been listed is a tall black male. Tampa police have been saturating the area, the Mayor of Tampa has “ordered” the police to bring him the killers head. Well, when you have more officers enter a fixed area and are proactive, the numbers of arrest, stops, and general activity is going to go up. The suspect they are looking for is a tall and skinny black male, so a reasonable person would assume the police are trying to legally identify all tall and skinny black males in the area.

This has created a gap, a gap of information and leadership in this particular community. This gap is mostly being filled by the NAACP and some left-leaning media outlets using a narrative of racial profiling. On the positive side, the flow of this information or accusations up to this point is not out of control, and I believe Tampa police have done well, and most media has held off on any far-reaching accusations. There was a town hall-style meeting a couple of days ago where the newly appointed police Chief, Brian Dugan, attempted to qualm the fears of residents. However, it still appeared as if some resident’s concerns were still high. To credit the Chief, he did the correct thing in this situation, the longer this “racial profiling” narrative lives in local media with no one being caught, it will continue to pick up steam and eventually go national. Then the police will be forced to make a choice. This choice will likely involve input by the Mayor and other political figures that will have more interest in their political careers than catching a killer.

But when it comes to the officers on the streets, the ones interacting with the community members directly, can they provide leadership and improve community relations during trying times? The answer to this is yes of course, and we can look at both historical and modern theories of leadership to guide officers on the best ways to apply leadership to individual events or circumstances.

The truth of the matter is a community that has social capital looks up to police when times are bad; they look to police for leadership. However, we must be honest with ourselves, and we can’t be defensive or take personally, others view and the possibility of past adverse interactions with police. Law enforcement must be open-minded and understanding; it’s part of building a strategy. To develop a well-defined and robust strategy, you must have data. Community members feelings towards police, however unrealistic you feel it is, it’s not to them and therefore should be considered useable data. We know not every cop is good, however, 99.99% are great people who would give their lives, marriages, and often, very own quality of life up to serve their communities and save lives. But that’s not one hundred percent and does leave room for wrongdoing, which most police understand.

We also know there’s at least one generation – possibly as many as two –  out there that grew up with law enforcement having a different strategy than the one police in use today and have been using for a long time. This strategy was more of an authority-driven strategy or a “bull in a china store” strategy. Why did this happen? Because the violent crime was skyrocketing, people became scared, and the Government responded by writing laws, and we as a society gave the people we trusted – police – the tools necessary to handle the problem.

This is the way a functioning society is supposed to work.  And it worked, the problem was handled utilizing the strategy of police going in with a hammer to enforce laws written by the government and imposing their will on some communities. This isn’t a secret; this is known information. This didn’t happen everywhere, but it happened in a lot of places around the U.S. Unfortunately, that strategy isn’t “community-focused,” and as many people know, the areas which are hit the hardest with violent crime are minority areas. So, as you can imagine the people who were most affected by this strategy weren’t white middle-class Americans, they were a majority Black and Hispanic Americans who lived in the ghettos of America. However, every race was affected by these strategies, some more than others based on the areas they lived not on the color of their skin as the police were involved. Governments and politician’s involvement as to why they lived there in the first place, that’s a different story for a different day. However, police had zero involvement with that.

You can imagine the people that grew up during this period still to this day have a deep distrust of law enforcement because of how they were, or a family member was treated, wouldn’t you? This distrust, trickles down to their children, as they tell their children these stories and teach them how not to trust law enforcement. So, when police stop someone or a child of someone from this generation, they automatically perceive it is because of what they either experienced thirty years or more ago or more than likely what they have been taught their entire life. This is one of the leading foundations of mistrust in communities along with the promotion of mistrust by media, pop culture, politicians, and prominent figures. These entities promote the perception and create a dissociation from reality when people are in a particular circumstance or environment.

Nationally, that’s not going away. Law enforcement can’t win against billion-dollar industries with huge audiences like the media and pop culture. Police can’t communicate better than activist and politicians backed by billionaires and given platforms by the media. That’s an impossible fight that police need to forget about and develop a custom strategy tailored to their local community. Leave the National pushback to pro-law enforcement activist, groups, and unions, at least unions are “supposed” to be using your money for this I always assumed.

One of the first, if not the first, theorist to write about a leadership framework that is useful to law enforcement was Marry Parker Follett [Follet]. Around the 1920’s, she wrote about “leadership should be a followship” meaning just because you were considered a leader shouldn’t suggest people should be forced to follow you. Leaders should inspire people and make others want to follow them. A great example in law enforcement of this and even in community policing is Officer Tommy Norman of the North Little Rock Police Department who has revolutionized community policing in a social media society.

Follett’s writings were vastly different than the management and leadership theories before her as they were more productivity-driven, or authority-driven. The theories of the late 1800’s and early 1900’s were kind of like the 80’s and 90’s policing strategies. These productivity-driven strategies led to poor work conditions and some say led to the workers’ rights movements, do you think the 80’s and 90’s policing strategies led to any social movements? In the 1920’s, women weren’t exactly taken seriously, especially in the business world. However, Follett’s work lives on in Conflict Management and other areas. Throughout business evolution, other theories developed, some good, some not so much. Some can be applied to law enforcement others can’t. Peter Drucker was a business consultant and author who developed a theory where he believed leaders needed to lead with a purpose. If you lose the sense of that purpose, everything sort of crumbles.

“People don’t buy WHAT you do, they buy. WHY you do it”, Simon Sinek is a modern-day author and speaker, and I would call him a “leadership theorist.” This is a quote from his Ted Talks special on leadership; He explains your brain biologically is set up to understand communication a certain way, and some of the most significant, most successful people have all spoken this way. Sinek calls it the Golden Circle, where there are three circles inside each other, like layers or rings. The outer layer is labeled. ‘What,’ the middle layer is labeled ‘How,’ and the inside ring is labeled ‘Why.’

Most people and companies communicate a strategy or how they are going to complete a mission/goal by talking from the “outside-in” approach or What->How. An example in law enforcement would be, ”We will reduce the number of burglaries by adding ten more patrol units.” In this example, you can see the What [we will reduce the number of burglaries] and the How [by adding ten more patrol units]. However, there is no why, there’s no passion or purpose only assumed wanted or expected results. People, when they listen, are only “buying” what you are saying when they know what’s your cause, beliefs, purpose, what makes you get out of bed in the morning, what drives you, motivates you, angers youWhy are you a cop? Can you think of how to rephrase this strategy to show the path, Why -> How -> What = Goal/Result?

The human brain hears the message in the opposite direction from where most people articulate a strategy according to Sinek. He says, you ever wonder why Apple can sell so many tablets and others can’t? Why was MLK so great? He wasn’t the only Civil Rights leader, but why was he more successful than others? It’s because their message was “We love design, we love innovation and making people happy, we happen to make tablets would you like to buy one?” or it was the “I have a DREAM” speech not I have a plan or idea speech.

Hopefully, you were able to see the differences between the two statements of the police and Apple/MLK. How one merely had no passion, told the listener nothing about the person talking and the other communicated why. Stated their purpose for why they are in this business and selling tablets or fighting for Civil Rights (dream, plus what was in the speech). A Well-developed strategy must be communicated by articulating not just what or how you plan to reach a goal, but it must give the listener the reason why the speaker/company does what it does.

Every officer, deputy sheriff, agent, etc. should have a planned strategy when it comes to “community policing.” If an officer needs help, the community policing department or administration should assist them in helping develop a strategy. Patrol officers are the first line of communication to the community and need the tools and resources to combat the narratives out there pushing against law enforcement trust. It’s difficult; an officer may be coming from a call where parents just tried to kill their child or even a child who drowned. Are you expected to be pleasant after this? But no one said leadership was easy, it’s challenging, not fair, heartbreaking, and sometimes you end up on the wrong side of the stick, you will ultimately be the bad person. However, as I mentioned before, a functioning community looks and expects police to protect them, to maintain order within a community and to be leaders of that community. When the people inside this community don’t trust or have minimal trust in law enforcement, chaos can and will occur, the order can and will be lost, and the feeling of protection/security is gone. These elements aren’t brand new; they go back in time to the beginning of humans, this cycle of “community” and safety when we were protecting caves and had just made fire.

You can, however, combat mistrust with leadership, you can provide leadership through a well-defined and communicated strategy. Business has been utilizing this for decades if not longer, it’s time law enforcement becomes proactive in strategic leadership and communication at the line level. It’s time you figure out why you want/are a cop, and communicate that to the community.

I recommend every police officer to take two-three hours and search YouTube for Simon Sinek. Watch his videos on leaders, and see if you can apply why he says to your everyday interactions with community members. I guarantee you will see a difference.