The commonalities between corporate security and martial arts. Part 2

About Dave Verma, MSc.

Dave Verma is recognized in the UK as a corporate anti-fraud specialist consultant, he has lectured on all related subjects including anti-corruption, fraud risk assessment and procurement fraud. Dave is also the founder of the MARA COMBAT SYSTEM, which he founded in 2012. He founded this combat system after 30 years in martial arts and having gained black-belts in Korean, Chinese and Japanese systems

The first article here.

Introduction:

In paper one we proposed that developing and maintaining effective corporate security and prowess in martial arts – both require three key foundational attributes, these being RESPECT, DISCIPLINE and ETHICAL CONDUCT.

We expanded the discussion further by explaining in some detail ten commonalities between corporate security and martial arts:

1. Threats from within and without are common.

2. Social engineering threats are increasing.

3. ‘Displacement’ of threats is a main objective.

4. Blocks’ as your main line of defence is not an effective strategy.

5. Proactive, preventative and often pre-emptive strategies are a better strategy.

6. Gaining practical ingrained awareness of threats is key.

7. Threats from information security are common.

8. Procurement fraud is common.

9. Abduction, kidnap, extortion are major threats.

10. Highest quality effective training is a highly-desirable solution in the fight against these threats.

Having identified the main common issues above – we explored some key common strategies which could be employed to fight these threats:

1. Embedding risk assessments

2. Top level commitment to acknowledging, preventing and pursuing offenders

3. Engaging pre-emptive attacking methods

4. Embedding a security and ethics ‘culture’

5. Engaging with the wider law enforcement community

6. Ensuring affective use of perimeters, establishing ‘trust’ and developing sound  disaster response methodology

7. Being committed to using controlled aggression, together with technology to monitor suspicious activity,  conducting surveillance and also counter-surveillance, espionage and counterespionage.

8. Embedding information technology security awareness and response strategies.

9. Designing affective disaster response strategies.

10. Ensuring clear roles, responsibilities and accountabilities exist for all of the above.

As stated earlier, the objective of this paper is to focus on particular and important training commonalities to both disciplines.

In this paper we have selected the following three main types of training:

1. Anti-infiltration training

2. Information technology security training

3. Pre-emptive methods of attack

Clearly, there are other common training methods, however exploring them all in this paper would prove unwieldy. There may be scope for further papers to explore these at a later point.

The above three common training methods have the potential to yield the biggest outcome, in terms of ‘return on investment’.

The objective of training is to go from being ‘unconsciously incompetent’ to being ‘consciously incompetent’, to be being ‘consciously competent’ and finally to become unconsciously competent. This is where our skill becomes the most potent because it has become ingrained and therefore reflexive.

Presented below is the high-level syllabus’ employed by me in the training delivery of these three topics.

Anti-infiltration training corporate security

Main objectives of training

The main objectives of corporate anti-infiltration training are to create a top down awareness within the corporate entity of the significant risks, in terms of criminals with a desire to infiltrate the organisation. Without anti-infiltration methods employed in an organisation – criminal opportunities range from different kinds of white-collar crime involving fraud, bribery, corruption, conflicts of interest and theft of intellectual property to whole-scale industrial sabotage and espionage at a local, competitive or international level.

At a more detailed level the training should empower specific and key members of staff. This empowerment should help the, engage in their specific roles in a more value added different fashion, having gained the requisite awareness in how to use both soft and hard skills, with which to deter and detect criminals attempting infiltration.

Key accountabilities

The training should leave the organisation in no doubt that the key accountability resides with the top level officers/board members of the corporate entity. They should duly  discharge this responsibility through designated directors, who discharge their responsibility through managers, who in turn disseminate specific tasks and accountabilities to specific personnel, staff or junior officers. All of this should be measured through rigorous performance management processes to ensure that the accountabilities are actually occurring and not simply lipservice or written in regulations which are never actually adhered to in practice.

Success criteria / outcomes

The key success criteria for this training is that the criminal fraternity instinctively intuit at a ‘gut level’ that particular organisations are not the ones they want to target for infiltration activities. A more measurable outcome would be that infiltration attempts are detected, flagged for investigation and offenders pursued both internally and in collaboration with the wider law-enforcement community.

Whilst initial local displacement activities may be required, the broader objective is to deter activity from complete industries, geographic areas and countries as a whole.

This is where entire national infrastructures can suffer if infiltration is left unaddressed. In this training we focus on physical infiltration, not just information technology infiltration, which clearly are just as dangerous if not more so in terms of the broad reach they can have.

Anti-infiltration training personal security

Main objectives of training

The main objective of personal anti-infiltration training is to empower martial artists with awareness and responses to understand and neutralise the threats that exist to themselves and their family units.

Criminals often wish to socially engineer family members to gain access to people, children, property and objects of monetary value. These infiltration threats can come from within, i.e from known persons, or from without, i.e. from unknown persons. In this training we will focus on infiltration from hostile parties outside the family unit.

Normally these people will focus on more vulnerable members of the family unit – but not necessarily so. Therefore their intention may be to gain access to the household whilst posing or masquerading as a delivery driver, a technician, a gas engineer or another key worker claiming that access to the property is needed on an urgent basis.

Criminals also seeks to infiltrate children while they are going to school, whilst at school or at youth clubs / youth activities. The main objectives of this training are therefore to make family members aware of these risks.

Once this has been done the martial artist will be taught how to respond to these threats, either with physical deterrence or physical force when needed or with referrals to law enforcement.

Key accountabilities

The key accountabilities will be with the adult martial artists  of the family however, who can learn what they need to know and can then empower the other members of the household to understand how they might be a target and what their roles are in terms of the being the first line of defence when the adults are not present.

Teaching vulnerable family member how to react against criminal advancement in the first instance and how to affect physical violence and invoke law enforcement support is also critical.

Success criteria / outcomes

The main success criteria of this type of training is in empowering family members to instinctively gain ability to detect would-be infiltrators to the family household and to use prearranged methods, techniques and invocation systems to gain assistance and to thwart attacks at the earliest possible eventuality.

All family members should know how to open the door using a chain and how to not simply accept a parcel on the doorstep from a stranger.

Similarly, children should never open doors but instead be empowered with electronic microphone and camera systems to talk to people remotely and to alert parents accordingly.

Older people are at particular risk of this type of activity and should therefore and be protected as far as possible.

From a martial arts and self defence perspective guarding one’s personal space when on the street and understanding how to deal with people asking the time, directions or people  approaching ones vehicle, are all necessary skills. These are the skills of avoiding social engineering, in creating assertiveness, confidence and gaining resilience under pressure and also pure combat ability.

If all of the above fails and family members are in an attack scenario – they should be empowered to know where to strike, how to strike and what a strike with to put down the attacker/s. Therefore a key outcome of this training is the use of adapted weapons by all family members and knowing how to call law-enforcement quickly and easily.

Information technology security training – corporate

Main objectives of training

The main objectives of this training are to empower the top leaders within an organisation to understand that one of the key threats to their organisation comes from the cyber realm. These threats are to intellectual property, designs and patents, research and development, customer databases, financial viability generally and the perpetration of various types of fraud.

Only if these threats are understood at a top level can the organisation apply the necessary resources to recruit high functioning and highly trained technology personnel and other corporate security personnel to prevent, detect and investigate these threats.

Some of the skills to deal with this threat are highly technological whilst other skills are more traditional investigation and policing skills. Effective information technology security also relies heavily on affective anti-infiltration methods.

Empowering the organisation to understand that a holistic approach is necessary to deal with this threat is a key objective. Holistic meaning a multidisciplinary approach, involving top management, directors and the various specialisms within a corporate entity, these being human resources, legal, finance, audit, investigations and physical security.

To effectively deal with technological threats, the organisation will have to effectively liaise with specialist law-enforcement units and also national infrastructure agencies, only in this way can they deal with immediate threats and also the totality of international crime at a national level.

Traditionally within the information technology security field there are three main threats existent, these being threats to confidentiality of data, threats to integrity of data and threats to availability of data (this is often known as the CIA model). Whilst this is a somewhat simplified and cliched model – using the CIA model as the basis of corporate information security training – is a tried and tested methodology.

Key accountabilities

The key accountabilities for this reside with the top level of organisation who fulfil their responsibilities through all directorates within the organisation. Also accountable are all staff – who are bound by strict corporate standards and information technology standards. Particularly accountable are specialist members of staff with key responsibilities.

Other accountabilities also reside in partnership working with the broader law enforcement community and national infrastructure agencies.

Success criteria / outcomes

In addition to top level offices and other specialist staff mentioned above being aware of their accountabilities and being trained to be competent and motivated to deliver these competencies, some other key risks need to be understood by the greater staff body. These normally involve the risks associated with the necessary and desirable use of mobile technology – including laptops, phones and tablets within public Wi-Fi areas.

Clearly, hardening devices so they cannot be use or be discovered / recognised in public Wi-Fi or Bluetooth zones is an easy win.

Similarly, encrypting all company devices and ensuring that where personal devices are used on corporate networks, that these are consensually hardened and follow particular rules – are also easy wins.

Information technology security training – personal

Main objectives of training

The main objectives of personal information security training, is to empower individuals to understand the key weaknesses and risks within their own lives pertaining to information technology.

Clearly, some main risks involve what we share on social media, how we communicate through emails and how we store our data.

In addition to this, individuals are particularly susceptible to social engineering risks through phishing scams and other fraudulent scams evident on the Internet generally, fake investment schemes, crypto investments, other Ponzi or pyramid schemes, all of which are propagated through emails / social media and which are received on an unsolicited basis.

Particular risks exist for more vulnerable family members including young people and children who may be socially engineered to orchestrate physical meetings with people who are not who they say they are. The risk of various illegal activities involving paedophilia, grooming and other indecent activities have sharply risen in terms of their exploitation of technological means.

Key accountabilities

The martial artist in the family i.e. the responsible adult/s are primarily responsible for raising awareness as are various education authorities, schools, universities and social media companies generally. Internet dating sites also have a key responsibility in maintaining safety of their patrons.

Success criteria / outcomes

A key success criteria is that the martial artists ie the responsible adults within their household, know how to exploit technology in terms of Wi-Fi security, device security, antivirus software and training everyone in the household to not have easily guessable passwords and to use two stage authentication. The martial artist should also be aware of how to affect proper parental controls on various devices.

Similarly, all family members should be aware that significant risks exist on the Internet generally and that most  approaches on the Internet or by email or social media are NOT to be trusted. A key success criteria is to have a degree of suspicion for any communication even if it is from people purporting to be known to family members. Masquerading is a key criminal ploy – and can be used for fraud, abduction and to cause a variety of physical harm.

Having covered prevention and detection techniques, martial artists and their family members need to be aware of what to do if a crime does occur pertaining to information, data or social engineering or an attempt to make contact with a child within the household. Knowing which law-enforcement agencies deal with this and how to make a referral can be essential.

A key success criteria is for responsible adults and other family members to understand how best to use  and exploit technology for their own security. This means understanding how to use geo-mapping authorisation on mobile devices, so that family members can track each other consensually. Making best use of codewords, pre-designated text messages and also using particular applications, which can be used for security and can alert for help very simply with a touch of particular keys on a mobile phone.

The final success criteria, which is similar to the above, is for martial artists and their families to be aware of covert monitoring, hidden CCTV, listening devices and tracking devices that could all be used by criminals against them. Particular instinctive care needs to be taken in hotels, public restrooms, gyms etc, where illegal video devices are often planted by criminals.

Here is an acid test of success – the martial artist sees the same person at three distinct locations over two days, this should indicate an immediate threat of being followed. This normally means that anti-surveillance awareness has failed, or more likely that criminals have planted an illegal tracker to a vehicle used by the family. Clearly, the martial artist is now presented with some interesting choices – should he /she expose their knowledge? should he/she stay covert? should he/she alert law enforcement ? Should he/she create their own ambush scenario?

Pre-emptive attack methodology corporate security

Main objectives of training

The main objective of a pre-emptive attacking methodology for corporate entities is for them to use their corporate security departments to spot threats before they occur, while they are being planned and to take the fight the attackers. Attack is always better than defence.

Pre-emptive attack by corporate organisations could be in response to theft of intellectual property threats, infiltration threats, fraud, bribery, corruption or conflicts of interest et cetera.

Devising and implementing particular pinpointed proactive drives, based on rigorous and structured risk methodology will assist in this regard. Risk methodology is a course in itself – however in essence – it means analysing the liklehood of an undesirable event occurring (scored 1-5) multiplied by the perceived impact of the event occurring (also scored 1-5). This resultant score, if high, e.g. 20 – 25 means that a proactive approach is required.

For example, matching various types of data and engaging in professional due diligence and business intelligence activities can create intelligence on which to act pre-emptively.

Due diligence means – knowing your employee, knowing your supplier, knowing your customer, knowing your investor and those you are going to work in partnership with generally. ‘Knowing’ means running a tranche of business intelligence checks to really create a trust base – credit checks, references, bak accounts, identities, social media presence, open source intelligence checks and many other independent enquiries can all be ascertained to give a holistic picture of people and business with whom we wish to operate. The UK government’s various levels of ‘Security Clearance’ checks for jobs that have an impact on national security is a superb example of how this is undertaken, the checks combine references, address checks, history checks (often going back to childhood) and various ‘other’ checks – all combined with physical interviews with referees to really understand the true background, character, interests, political leanings and lifestyle of the applicant.

The UK Fraud Act 2006 – ceased a raft of new offences. The act created new offences, whereby attempting fraud, or even possessing documents or articles that could be used in fraud (for example false identity documents, fake bank statements, fake payslips, fake company accounts etc) constitute possible criminal offences. This enables law-enforcement (in partnership with industry) to be extremely pre-emptive in attacking would-be criminals before they have actually undertaken any crime.

The same approach has also been adopted towards money laundering offences and the accumulation of criminal finances generally. The Proceeds of Crime Act 2002 essentially allows law enforcement agencies to confiscate funds where no proper explanation can be provided as to the legitimate origin of said funds. This is interesting as the criminal is essentially guilty until they can prove their innocence – this being in contradiction of the normal state of law – which proposes the opposite scenario (For those interested, please also appraise yourself of the UK’s new National Security and Investment Act 2021, which essentially brings into force legislation pertaining to high risk transactions, on which certain sectors will be obliged to gain authorisation on through formal notification to the Secretary for State).

Key accountabilities

The key accountabilities within the corporate entity for being pre-emptive would be the senior leaders/board members/Chief Executive. This would then be discharged through the corporate security department, head of antifraud and other key personnel. Prearranged relationships and responses with local law enforcement would also be a necessary accountability.

Success criteria / outcomes

The key success criteria for this pre-emptive approach is that criminals are detected before or whilst they are planning crimes against a corporate entity. Disciplining internal offenders at the attempt stage and prosecuting external attackers at the planning stage would be a key success criteria.

Pre-emptive attack methodology personal security

Main objectives of training

The main objectives of any personal training in pre-emptive attacking is to gain the confidence to hit first, hit hard and put potential attackers down. This might mean empty-handed methods, improvised weapons methods or traditional weapons where the law allows.

Pre-emptive attacking combined with active fear-control training are often under looked area of martial arts training , which often tend to focus on block strike methodology or defence against someone once they have actually commenced their attack.

Harnessing an ‘animalistic’ pre-emptive approach will give the potential to gain a better outcome, especially when multiple appointments or weapons are involved in a surprise unprovoked attack. In most western countries this pre-emption is allowed within the law i.e. hitting before you are hit – as long as one can justify one’s actions in the reasonable belief that an attack was imminent.

Pre-emptive striking methodology, whether empty-handed or with weapons, can only succeed when harnessing total commitment, the afore-mentioned animalistic approach, explosiveness and an element of cloaked surprise.

This normally means using an explosive strike launched from a covert guard – with maximum intent – whilst shouting (using the voice to also shock) – and whilst striking the most vulnerable areas on the attacker (normally the neck, throat, groin, knee, temple, floating ribs and eyes).

Using several strikes in close explosive succession and not finishing until the job is done – can seek to engender fear in any other attackers who might suddenly rethink their intentions. This is also called implementing ‘shock and awe’ against the enemy.

Key accountabilities

The key accountabilities for learning this will be with family members who are martial artists already. It can be easier to learn this methodology once one has a solid basis in fighting, ie stance, movement, structure, power generation and evasion. Within my own martial arts teaching we teach pre-emptive strike methods from lesson one, to beginners and then all the way through to advanced level.

I have found that training the mind to be pre-emptive from the commencement of training is important – as opposed to negatively conditioning the mind to be ‘reactive’ only.

For real application and success though pre-emption, martial artists therefore benefit immensely from adopting a  less sporting and more militaristic approach to combat.

Success criteria / outcomes

The key success criteria is that the individual feels empowered to strike first and this comes from a change in mindset, a change in training and from training in a different way. It also comes from viewing potential aggressors as an immediate threat which needs to be neutralised (within the scope of the law for civilians) as soon as contact commences, in terms of planning and orchestrating a sufficiently violent pre-emptive attack at the earliest possible opportunity.

Whilst learning to read people generally, in terms of their intent (body language, movement, stance, eyes, posture,  and other give away signs that they are planning to implement imminent hostility) is important knowledge. As is knowing how to engage in active deescalation methodology, pre-emptive strike methodology at least equals this in terms of importance. An often overlooked learning also pertains to knowing what to do immediately after a pre-emptive attack scenario, is it best to flee? Apply first aid to your attacker ? Call police ? Liaise with witnesses ? Deal with your own body shock response? These are all key learnings and success outcomes.

Individuals should feel that they have awareness, ability and that their ‘internal thinking’ has changed after proper training. This will normally only result after sufficient real life training / pressure testing / familiarisation training.

Paper three will be more practical in giving example training methods, though exploring specialist tools and methods available to the corporate entity, for example actual counter-surveillance methods.

Paper three will then explore similar methods available for the private individual/martial artist, for example the actual use of improvised weapons.

Author: Editorial