Best Practices for Event Security

Chris Hurst

Best Practices in Event Security

“I wish I would have known the world has changed.”

This month Stabilitas interviews Brian Sweigart, from Surefox consulting. Brian’s a fellow West Point alum, a former lead instructor at the Army Reconnaissance Course, and an operations officer with the Irregular Warfare Fusion Center.

Brian’s been in the private sector for the last 5 years, managing security at some of the country’s largest conferences.

Chris Hurst: Brian — you’ve been busy, either leading or supporting security at some of the country’s largest conferences. What’s driving the demand for your services?

Brian Sweigart: There have been many events— unfortunately — from school shootings to Vegas (Mandalay Bay shooting), to other active shooters. After one of these events, the operational event manager told me, “I wish I knew that the world has changed.”

C: How is event security changing?

B: We’re seeing more emphasis on:

  • monitoring
  • barricades
  • staffing
  • management and structure
  • response planning

C: Let’s take these in turn. Can you talk more about monitoring?

B: Over the years, we’ve seen a phased approach to monitoring.

Initially, at large events, you might have ‘a guy in a room with a radio and a laptop.’ But over the years, we’ve seen the creation of something like a military TOC (Command Post Tactical Operations Center) — with cameras and alarm systems and distress systems tied in. These Event Security Center enhancements have paralleled the professionalization of corporate GSOCs.

But note that these type of solutions don’t have to be complex. Even simple solutions — like a few well-placed cameras wired from Nest can provide a world of value (though remember to test your wi-fi in advance!)

More recently, at large conferences and events, we’re seeing UAVs in support — which is interesting because we’re also seeing threats from UAVs.

For example, at one company, the CEO was practicing his annual investor report on a large stage, and we caught a UAV operator trying to record the speech.

C: Let’s go deeper on how best to counter UAVs. Any tips?

B: Look for launch areas in advance. The affordable drone models are researchable, so you should know their range and current wind direction — so look for launch areas prior to the conference. Then, “red team” the best launch areas from the drone operator’s perspective. If the red teaming process ends up with a list of particularly suitable launch areas — that’s where I’m going to put security. And my security teams can either be marked as security (or off-duty police, in uniform) — or undercover— to assess, collect intel, and/or convince a drone operator.

Also, UAVs themselves can be used to counter nefarious drones — by flying over these “fishing spots,” and then using the drone to vector in your security personnel.

Sometimes it's advantageous to send in an undercover contractor. The undercover response to a drone operator need not be overly heavy handed. Intent can be gained quickly, “Hey — cool drone! What model is that?” This is a great technique to see what’s being filmed and determine best next steps, with a GSOC in support. If you find a nefarious drone operator, take caution — most drones are programmed to return, but you want to take caution on not dropping a 30-pound drone over a crowd!

This comes down to area denial by using terrain and weather analysis.

C: Let’s discuss barricades and perimeters.

B: Perimeter management is a no-brainer — if you’ve got a crowd of people, you’ll want to lock the area down, sweep the area with dogs, and ensure everyone is bag checked. But adversaries know this of course — they’re now targeting softer areas outside the perimeter.

Consider the FT Lauderdale airport shooting. This was an airport shooting in baggage claim. This is the natural progression of things —ISIS or other terrorist actors can hit somewhere just outside an event or hardened perimeter, and still get the press coverage from hitting a high profile event. And they don’t have to deal with the FBI HRT or Secret Service on the way in.

The lesson is to think about the next choke point created by a hardened perimeter. Consider the Manchester Arena / Arianna Grande Concert Bombing. The implication from this attack is to expand security beyond the fences and metal detectors--to consider places like tunnels where throngs of people may pass through--and where, if an explosion occurs, the impact is most deadly. These are potential targets, and thus places to add mobile security, additional barricades, etc.

For some events, it’s difficult to have a hardened perimeter. In these cases, you want to consider mobile teams — hired personnel moving in teams, with patrol routes. If an event happens, you can then frago them (i.e., adjust their route to send them to the affected location).

It’s important to give these staff clear guidance on when to report to the Command Center. For example, a drunk event attendee may not need to be reported — but the mobile teams need to consider the potential for something to go off the rails.

We like to use non-uniformed, undercover mobile teams for assessment and monitoring, to help vector in the police — who can then make the arrest.

C: Let’s stay on this topic of staffing police and private security.

B: You’ll want to consider layers of security. For example:

  • Outside layer: Police, contracted to the event — in uniform.
  • Next layer: Private security — in branded shirts. They can feed information to police, and provide more authority than unbranded, undercover personnel.
  • Inner layer: Undercover private security moving through the space — with and without principals.

The undercover, plain-clothes layer can gain more information about a potential threat — the location of the next protest for example, and pass that to the Command Post.

Culturally, you need people who can fit in well without creating an authoritative environment — friendly and open — but can also be direct and authoritative when necessary, establishing command and control, “Hey, you in the red shirt. Stop. Come here.”

And different brands and events can reflect different culture. Some tech companies may want open, friendly and honest — down-played. Other organizations — like pro sports leagues — may want large, intimidating security teams, with suits and earpieces, clearing the route in front of the principal/celebrity.

This can affect hiring as well. Some members of elite military units may do better in one culture over the other.

Private security — whether branded or not — can help informally investigate potential problems, and then refer to the first responders, help queue assets, and help vector them to the appropriate location. Police can’t monitor everything — and if they were monitoring everything, they may not be able to respond — or located in a position to respond — to more serious incidents. From a military background, this gets back to “economy of force.”

Appropriately trained private security used in this way can then tell the Police, or the Command Post, when to look at something, and queue up first responders with information so they’re not walking in blind.

They can follow or track someone who stole property —or follow and track individuals with weapons, for example, with their information, direction of travel, and license plate.

C: Let’s talk security management and response planning.

B: You need someone to bring this together, with a strong link to Internal HR, a strong link to Technical experts, and a strong link to marketing and operations — the people making the event run.

You want to establish and delegate decision-making authority prior to the event. A conference leader may be wildly successful in bringing tens of thousands of music-lovers together, but may not have the experience to manage security incidents. Whether contracted or internal employee, designate an incident manager — someone who will take charge on the ground, and vector in first responders when required, and keep conference employees, staff and attendees moving in the right direction.

If a contracted incident manager is brought in, and if the event is large (covering many facilities or buildings), consider designating area or facility incident managers, who would then report to the chief incident manager.

You’ll want to run Table Top exercises — with the Emergency Action Plan. Everyone should know when something happens, and you should practice how that information makes it’s way from the Event Command Post, to the State TOC, the FBI, and Homeland Defense.

C: How do you communicate with security staff?

B: Large conferences tend to have repeaters. This helps establish a good backbone. We also have company phones — group chat. For us, for undercover, we’re not running ear pieces. Just communicating via smartphone (text).

For close protection details, we’re running them through checkpoints, often overwatching with cameras and layered security teams, ensuring routes are clear in front and behind.

It’s also good practice to have our private teams coordinate directly with celebrity’s security teams — for example, walking 5 to 15 meters in front of them. In any case, this needs to be ok’d by the principal or celebrity themselves — some prefer closer, branded security — and others prefer a lower profile.

C: Say more about best practices please related to staffing.

BBe proactive rather than reactive. Stick your nose into things. Know what’s going on.

Security teams should know enough to say, “oh, you’re out of place, but you’re not going to de-rail the event. Carry on.”

Protect the brand and the people. Many events “grow up” as happy organizations — people throwing a music l because they love music or sports — then over 10 or 20 years, they have to begin considering security above and beyond ID-checkers. Once an icon, an event becomes more targetable. That said, security should not change the look and feel of the event. The atmosphere that brought people there in the first place must be protected.

Chris: Thanks so much Brian! I think security teams will appreciate your perspective. We look forward to working together.

Brian: Absolutely. I can be reached at brian@surefox.com.

For more about Stabilitas, sign up for our demo and see Stabilitas in action for yourself.

The Science of Security

Stay up to date with the latest news and insights from the Stabilitas security intelligence network.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.