Track 2 · Human Security

Your strongest firewall has a LinkedIn profile

It does not matter how well your systems are protected if the people who operate them are not. The adversary understood this before enterprise security did.

In December 2024, the CEO of one of America's largest companies was shot outside a Manhattan hotel. His organization had a world-class cybersecurity program. His personal threat exposure — digital footprint, physical routines, vulnerabilities — had never been formally assessed. The physical security failure was preceded by an intelligence failure that began long before.

Enterprise security programs protect systems. They instrument networks, deploy endpoint agents, build detection rules. What they rarely do is apply the same analytical rigor to the people who run those systems — their digital exposure, their physical routines, their behavioral threat environment. Intelligence-led human security applies the same methodology as digital security: know the adversary, know the terrain, close the gap, monitor continuously.

The nine-step program

01
Executive Threat Profiling
Structured assessment using TRAP-18 behavioral threat assessment criteria. Who has intent, capability, and opportunity to harm this person or organization? Not a background check — an intelligence product.
02
Digital Footprint Assessment
What can an adversary learn from open sources alone? Property records, data brokers, social media, fitness apps, professional networks, family exposure. Most executives who have had one done are surprised by what is visible.
03
Continuous Surface, Deep & Dark Web Monitoring
Not a one-time scan. Ongoing monitoring for mentions, leaked credentials, threat actor discussion of targets, and data exposures. Continuous — because the threat environment changes continuously.
04
OPSEC & Surveillance Awareness Training
Military OPSEC five-step process applied to key personnel. Train people to recognize pre-operational surveillance — vehicles that reappear, individuals who mirror movement patterns, digital signals of reconnaissance.
05
Physical Advance Work & Protection
Before any principal movement: venue survey, approach and departure route assessment, chokepoint identification, emergency egress, nearest medical facilities. Route variation is standard. Same route, same time, same vehicle is exploitable.
06
Foreign Travel Protocol
Threat briefing specific to the destination — not generic advisories. Communication security in-country, device hygiene, emergency contacts, extraction plan, out-of-band communication channel. Built before travel, not improvised during an incident.
07
Persons of Concern & Behavioral Threat Assessment
TRAP-18 criteria for identifying individuals on a pathway toward threatening behavior. Disgruntled former employees, fixated individuals, escalating online threats. Early intervention, not confrontation. Protocols before contact is made.
08
Family Protection
Family members are frequently more exposed than the principal — children's schools visible in tagged photos, spouse's workplace on LinkedIn. Family OPSEC training and digital footprint reduction for immediate family are part of a complete program.
09
Incident Response Protocol
If surveillance is detected: do not confront, activate the established protocol. If a threat is received: document, assess credibility, escalate. These answers exist before the incident — not improvised during it.

Enterprise-wide awareness: All employees are potential targets. The most sophisticated AI-generated spearphishing does not look like the training examples from three years ago. Employees need current threat awareness, a reporting culture, and OPSEC training calibrated to their actual exposure level. The executive program is the most intensive layer — built on top of a foundation that covers everyone.

Phase 5 · Human Security · Deep Dive
Your strongest firewall has a LinkedIn profile
Read the full article →