As businesses, government agencies, and other high-profile organizations look to safeguard their executive personnel from a rising number of threats and attacks, many have reached out to us to ask:
“How does Recorded Future protect its own executives?”
I recently sat down with Brian Solecki, Recorded Future’s Director of Security and Safety, to find out.
Before coming to Recorded Future, Solecki spent 7 years on active duty in the military followed by 20+ years as a Special Agent with the U.S. Department of Defense with a focus on investigations and protective service operations. The sum total of his experience, he said, has led him to believe that threat intelligence is the cornerstone of every effective executive protection program.
Read on for highlights from our conversation about Recorded Future’s own intelligence-led practice.
A proactive approach to corporate security
Solecki acknowledged that most organizations approach security in a reactive way, hiring physical security and arranging secure transportation only after threats have materialized. Recorded Future operates differently.
“We take a proactive approach that begins with crafting Priority Intelligence Requirements,” he said. “Our PIRs help us anticipate, prevent, and manage threats before they escalate to physical danger.”
A key PIR for Recorded Future is to monitor web and social media activity for suspicious content or threats in the lead-up to any event an executive will attend.
“We use the Recorded Future Platform to collect and analyze intelligence on a wide variety of topics, including information on police, firefighters, and emergency management services as well as their areas of operation and response times,” he said. “We also monitor lodging, restaurants, and event venues our executives and staff will be using; transportation and traffic information regarding car services, ride-share services, mass transit, and traffic chokepoints; and any potential threat actors, protest activity, or crime statistics in the areas where we’ll be operating.”
In addition to carrying out this comprehensive pre-event analysis, Solecki’s team is always ready for the unexpected. I asked him how changes on the ground can affect a security plan.
“We very much rely on real-time updates from our Platform as they enable us to make quick changes to our operations plan,” he said. “Let’s say we get an alert about police activity along a route we plan to take, or a power outage at a restaurant an executive is going to visit, or an active shooter incident occurring near where we’re operating. All of that information allows us to take actions like moving to a safe area, sheltering in place, or returning to a secure lodging location.”
He shared an example from February of this year, when Recorded Future executives attended the Munich Security Conference. On day one, Recorded Future Threat Intelligence alerted the security team of a potential disturbance near the conference venue. This actionable intelligence immediately informed security decisions, helping the team assess the safety of the executives’ current location, evaluate planned venues, adjust routes, and determine whether the incident represented broader threat patterns.
Incorporating intelligence-driven monitoring into daily operations
Solecki and team also use the Recorded Future Brand Intelligence Module to monitor more than a dozen company executives, configuring executive Watch Lists to recognize patterns or targeted threats.
“Daily monitoring of Watch Lists has enabled us to see when our personnel are referenced in fake news videos and derogatory social media mentions,” he said. “But we receive other kinds of helpful Alerts as well, such as when executives’ residences were recently in the path of wildfires on the west coast.”
Solecki acknowledged that today’s executives and their families all have significant digital footprints, and that family members are often seen as soft targets for attackers. Negative digital sentiment can rapidly escalate to physical risk as domestic violent extremists conduct sophisticated reconnaissance to locate and attack their targets.
“We’re always looking for escalation indicators,” he said. “These can include things like specific references to where and when an executive will be making an appearance, who their family members and/or associates are, or their modes of transportation.” His team pays close attention to the nature of the threats, looking for instances where general dislike escalates into something more direct — especially to threats of violence.
As for which trends and technologies concern him most, Solecki said he and his team are laser-focused on anything that enables more sophisticated tracking and information collection. “We pay particular attention to technologies that can track Personally Identifiable Information, locations of residences, family members, and patterns of life,” he said. “These are all a great concern on the cybersecurity front, but they’re a definite concern on the physical security front as they allow threat actors to develop plans to harm protectees.”
Responding to threats and measuring success
When threat indicators emerge, teams need to use effective frameworks to assess credibility and determine appropriate protective measures. I asked Solecki to walk me through his team’s alert response process.
“When we receive intelligence via the Platform, our Managed Services team will evaluate it based on an established set of criteria,” he said. “This helps determine whether the threat actors have both the motivation and the means to carry out the threat.”
If it appears that they do, Managed Services will notify Recorded Future’s Physical and Enterprise Security teams as well as the executives involved. “Upon further evaluation,” Solecki said, “the teams will take any necessary actions to mitigate the threats, including moving to an enhanced security posture, notifying law enforcement, requesting law enforcement support, moving executives to alternate work or residential locations, or deviating from or even cancelling a trip itinerary.”
So at the end of the day, how does the team measure success?
“Ultimately, our success is determined by what didn’t happen,” Solecki said. “If our team puts measures in place that deter or prevent an attack, then we are successful. We are not successful if an attempt or attack actually occurs.”
A rise in targeted threats and the future of executive protection
When asked about the biggest changes he’s seen in the landscape, Solecki said he’s most concerned that recent events, like the United Healthcare incident and a suspected arson attack at a Bayer executive’s residence, have emboldened individuals to “get out from behind their keyboards” and actually engage in attacks.
As a result, he thinks we’ll see a different approach to executive protection going forward. This new approach will be based in comprehensive threat intelligence and digital risk protection, and it will encompass both physical and cybersecurity tactics, techniques, and procedures (TTPs).
“The shift from mass casualty attacks to targeted attacks is just the beginning,” he said. “AI integration, open-source intelligence capabilities, and continued polarization of the public tell us that intelligence-driven protection is the only way forward.”
Stay a step ahead with the Recorded Future Platform
For organizations still relying primarily on traditional security measures, the message is clear: Threat actors are using sophisticated intelligence, so your organization must do the same or you'll always be one step behind. In executive protection, that gap can prove catastrophic.
Recorded Future threat intelligence helps close that gap. As Brian Solecki said, “When a security company protects its own executives using its own platform, that's ultimate validation.”
Schedule a demo to see how Recorded Future can address your organization’s unique physical and cybersecurity needs.
Want to take a tour of the Recorded Future products, the Recorded Future Security and Safety team uses? Explore our on-demand demos.
Source: RecordedFuture
Source Link: https://www.recordedfuture.com/blog/real-world-executive-protection-how-we-secure-our-own-leadership-team