intelligence analyst

The Missing Link in Executive Protection: Why Protective Intelligence Services Matter More Now Than Ever

LeMareschal

Those who have been in the business for some time will tell you that executive protection is 90% about preventing threats and only 10% about responding to them. Preparation is key when it comes to protective details, and while physical security measures, highly trained agents, luxury vehicles, and advanced equipment are all critical components of any operation, one often-overlooked asset can mean the difference between proactive protection and reactive response: protective intelligence services.

We can all agree that the world is rapidly changing, and with it, so are the threats, how they materialize, and the individuals behind them. The ways in which hostile actors can reach and harm your clients are constantly evolving. A bodyguard today must consider and prepare for risks and threats that are significantly different from those of 15 or 20 years ago. The digital age has given criminals, stalkers, and hostile actors new tools to track, target, and attack high-profile individuals.  

Protective details are often perceived by the public as a purely physical profession, standing guard outside a client’s hotel room, escorting them from point A to point B, and responding to immediate threats. However, in reality, there is far more happening behind the scenes. A successful protective detail involves more than just the agents’ strength or combat skills. A security team that relies solely on reactive methods rather than proactive strategies is doomed to fail. If your protective team lacks the critical foresight needed to anticipate threats, avoid danger, and prepare before a situation escalates, failure is inevitable and failure in this industry can mean human loss, physical harm, asset loss, or reputational damage.

If you ask executive protection (EP) agents how often they have been provided with necessary protective intelligence by the companies that hired them, the majority will likely tell you they haven’t, unless they worked for a major corporation that either invested in its own intelligence division or sourced intelligence from a third party.

The reality is that most security firms neglect to integrate intelligence gathering and analysis into their protective operations, often citing cost concerns or client unwillingness to fund such capabilities. This short-sighted approach leaves agents in the field operating in a vacuum, exposed to a variety of dangers, limiting their ability to anticipate threats, assess risks, and make informed decisions that could prevent an incident before it happens. These security providers fail to recognize that protective intelligence is now a fundamental part of executive protection, just as advances, risk assessments, and threat assessments are (or at least, should be, for those still neglecting these basics). Intelligence should not be provided only if the client requests it; rather, it must be an integral part of every protective detail.

The Role of Protective Intelligence in Executive Protection Settings

Decades ago, intelligence services were primarily associated with government agencies and large corporations. However, today, with advancements in technology and access to open-source information, intelligence can be integrated into organizations of any size, whether small or large.

Consider this scenario: Your protective team has taken all necessary steps to keep your client’s dinner meeting at an A-list restaurant safe and confidential. They even booked the reservation under an alias. However, another customer at the restaurant recognizes your client and tweets on X, “Guess who’s having dinner at our restaurant?” followed by #YourClientsName.

Now, the location of your client’s dinner is public knowledge, rapidly spreading across X and other social media platforms. Meanwhile, your executive protection (EP) team still believes the visit is confidential, unaware that the client’s whereabouts have been exposed. This is critical information they should have in order to take precautions and act accordingly. But without protective intelligence services, they wouldn’t even know the exposure had occurred.

Now, let’s consider another scenario. One of your clients is on a business trip, staying at a hotel. Nearby, a protest is forming and moving closer to the hotel. As a security provider, you would want to advise your client to stay put until the situation stabilizes. But again, without intelligence services monitoring such developments, you wouldn’t have the necessary information to take proactive measures and you would ignorantly move your client into harm’s way.

Why Intelligence Matters in Executive Protection

Executive protection is not just about reacting to threats, it’s about preventing them from occurring in the first place. This is where protective intelligence plays a crucial role. While general intelligence involves gathering and analyzing information across various domains, protective intelligence is a specialized discipline focused on identifying, assessing, and mitigating threats before they materialize into real dangers.

Many executive protection teams rely solely on physical security measures, such as bodyguards, armored vehicles, and surveillance equipment. However, without an intelligence-driven approach, these teams are operating in the dark, reacting to threats as they unfold rather than anticipating, mitigating, avoiding, and/or neutralizing them ahead of time.

The Role of Protective Intelligence

Protective intelligence serves as the foundation of proactive security. It enables security teams to:

Identify Threats Before They Become a Problem – Protective intelligence involves continuous monitoring of potential threats, including hostile actors, criminal activity, cyber threats, and geopolitical risks. This allows security teams to take preemptive measures rather than relying on last-minute reactions.

Enhance Situational Awareness – Protective intelligence provides real-time updates on crime trends, civil unrest, and other evolving security threats in locations where clients are traveling or staying. This helps protection teams make informed decisions, adjusting routes and security plans as needed.

Mitigate Risks Through Social Media Monitoring – We live in a digital world and many threat actors use social media to track, expose, or target high-profile individuals. Protective intelligence includes monitoring online threats, identifying potential leaks of a client’s location, and flagging concerning activity before it escalates into a real-world risk.

Support Advance Work and Security Planning – Before a client arrives in a city/country location, at a venue, hotel, or meeting location, protective intelligence ensures comprehensive site assessments. Intelligence analysts vet the security of these locations, identifying potential risks and enabling teams to establish backup plans in case of emergencies.

Provide a Strategic Advantage to Executive Protection Teams – Without protective intelligence, bodyguards and security teams are left to react to threats in real time, often with limited information. With intelligence, they gain a strategic advantage, allowing them to operate proactively and avoid unnecessary risk exposure.

While executive protection agents are considered the last line of defense,  intelligence services can extend their protective reach beyond the immediate environment as they can provide:  

  • Location-based and Situation-based risk assessments – Evaluating crime rates, political instability, and recent incidents at destinations.
  • Live threat alerts – Real-time updates on emerging dangers such as civil unrest, roadblocks, or suspicious individuals.
  • Pre-mission planning – Conducting advances on venues, hotels, and travel routes to preempt potential risks.

Why Small Firms Avoid Intelligence Services

However, despite its undeniable value, or how many will seek education on the topic, many executive protection firms only integrate protective intelligence when a client specifically requests it, and they can charge for it. This is a highly flawed approach because protective intelligence should not be seen as an optional service to add on, but it must be a core component of every security detail!  

A team that operates without intelligence is only providing half of the protection necessary to keep a client safe. In contrast, a security team equipped with protective intelligence is proactive, informed, and always one step ahead of potential threats. The reality is that many small executive protection companies skip intelligence capabilities because they often function on tight budgets and want to prioritize the most visible security measures which are bodyguards, vehicles, and sometimes surveillance equipment without realizing that intelligence is the very foundation upon which these elements should be deployed.

However, waiting for a client to demand intelligence services before integrating them into a security operation is fundamentally flawed. A security company should be advising the client on what is necessary, not the other way around. And when the client does not wish to pay for it, then what? You should have it as part of the services you provide in order to prepare and equip your agents best. The reluctance to invest in intelligence is a classic case of reactive security planning instead of proactive threat mitigation and that comes with a cost.  

The cost of ignoring the use of protective intelligence is exposing themselves to unnecessary risk and liability. A single incident, whether it’s an ambush, a targeted attack, an embarrassing situation, or even a travel or meeting disruption, can severely damage a company’s reputation, not to mention endanger lives and assets. On the other hand, an intelligence-driven approach enhances the professionalism of a firm and gives clients a reason to trust in the protective measures they provide.

Again, consider this scenario: A protective team is escorting an executive to a conference in a foreign city. Without intelligence, they are unaware that the hotel is located near an area experiencing political protests. A sudden outbreak of violence places the client and the team at risk. With an intelligence component, this risk would have been identified in advance, and an alternative plan could have been executed.

Making Protective Intelligence a Standard, Not an Option

Security firms must begin treating protective intelligence services as a standard part of their operations, not an add-on that only high-budget clients receive. Even small firms can develop intelligence capabilities by:

  • Hiring or outsourcing intelligence analysts who can provide actionable insights.
  • Using open-source intelligence (OSINT) to monitor real-time threats.
  • Using technology and proper AI-driven tools to track risk factors across different regions.
  • Training security personnel to integrate intelligence into their daily routines.

Prevention can be more effective than reaction, considering the fact the enemy holds the element of surprise and chooses when, where and how. The primary goal of a protective team is to be able to detect when, where and how and take proactive actions to prevent attacks.  

Protective Intelligence services allow for:
-Early threat detection – Monitoring and identifying potential threats before they become direct dangers.
-Predictive risk analysis – Understanding patterns of criminal activity, protests, or hostile surveillance.
-Strategic planning – Knowing the safest routes, venues, and contingency plans in advance.

An intelligence-informed protective team doesn’t just protect, it ensures their client never even faces the threat in the first place. Protective intelligence should not be seen as merely an expense but an investment in the effectiveness and credibility of a security detail. The most successful executive protection teams are those that blend physical security with actionable intelligence, ensuring they stay ahead of threats instead of merely reacting to them. When a protective team has access to protective intelligence, they elevate their role from a “security presence” to a “security strategist.”

It is time for executive protection companies, especially the smaller firms, to rethink their approach. Intelligence is not a luxury; it is an operational necessity that must be built into every protective detail, regardless of client expectations. If the goal is truly to protect, then intelligence must be at the core of every mission.

Chris Grow, Managing Partner, LeMareschal LLC

Russian Oligarchs Keep Getting In Troubles by Instagram Selfies

LeMareschal

In our latest interview with expert Nick Barreiro, Chief Forensic Analyst of Principle Forensics, we discussed the security risks from any/all social media platform postings and how someone can obtain critical information from your pictures. If you haven’t watched the interview yet, please find it below

According to Vice’s latest article, authorities have been following Instagram profiles of the women related to, or involved with, Russian oligarchs to obtain information about them, their holdings, accounts, and locate assets to seize/freeze by merely identifying and following the weakest link who posts the most. These women who act like ”influencers” or social media celebrities are looking for publicity, but they now represent a significant threat to the security of the individuals they’re around and expose them to unwanted scrutiny. ”Oligarchs themselves rarely use Instagram to accidentally crack open a window into their high living. Rather, it’s the people partying with them: A stepdaughter, an ex-wife, or in the least one infamous case, an escort.” Read the full article here.

Social Media Investigations and Monitoring for Risk Mitigation Purposes

Featured

The use of social media and the way it affects our lives and businesses have brought a new challenge to the security industry and the protective team’s responsibility. It gives the entire world the ability to look into people’s lives with the mere push of a button. Scandals are created, secrets exposed, and lives ruined. In the case of personal security, social media can be used in the advancement of a protective detail; however, one must know how to utilize it properly. Today, we will talk about Social Media Investigations and Monitoring. For those who are not aware of the term, as we utilize it in protection circles, Social Media Investigation and Monitoring is the process by which you can identify what is being said about your clients, a brand they represent, or the corporations with which they are involved and any threats or dangers that may exist in relation to those aspects.

As we sift through different social media platforms and online channels, we must then determine if what is being said has any significance regarding your clients’ reputation, persona, and safety and if there is the need to mitigate any risks. In other words, it’s like setting up an online, social media “net”. This process then helps you discover everything that is being said, written about, or portrayed on social media and determine its relevance to your clients. You can gather information about the ‘’public opinion’’ surrounding your clients, about people or entities who are angry with them for one reason or the other, people who are obsessed with them, or people who are making online threats. SOCMINT or Social Media Intelligence (not to be confused with OSINT) has seen a huge rise in necessity due to the use of social media and a competent protective detail needs to always be informed and social media investigations and monitoring are a huge part of this process. 

Now, let’s see some examples of how social media investigations and monitoring applies in protective services. Let’s say one of the people you are protecting belongs to a large pharmaceutical company and they decided to raise the price of a specific drug, thus affecting the lives and wellbeing of thousands of people. Perhaps another client is involved in a financial institution that quite suddenly makes a significant decision that affects people’s lifetime savings and pensions. You can imagine that there will be a significant number of people who become very angry, and some may want to harm your client. During the recent pandemic, there were a number of “anti-vaxx” groups that were quite vocal and utilized Facebook as one of their many platforms to accomplish their goals. Another example would be the need to discover if there is someone using your client’s name or company to scam others and commit crimes.

We are sure that many of you today are aware of the infamous ‘’Tinder Swindler’’, Shimon Yehuda Hayut, who legally changed his name to Simon Leviev to pretend to be the son of the billionaire Lev Leviev and used his name and company logos to scam people. Although his actions were known since 2017, it was only after the airing of the Netflix documentary in 2022 that the Leviev family found out and filed a lawsuit against Hayut for falsely portraying himself as the son of Lev Leviev, receiving benefits, and committing crimes.

According to Leviev’s family attorney, Guy Ophir, they will now include anyone who has attempted to make a profit from his scam during the next lawsuit. What we can ask is, as security providers, why didn’t someone from the real Leviev family ever discover this scam artist who was extremely public and active on social media as the ‘’son of Lev Leviev’’? Although the real family members were never part of this fraudulent scheme, and it didn’t appear to affect their safety, it did, however, involve their name/brand in a very public and negative way. In other words, it should have definitely been considered as a threat to their reputation. Other people who were harmed by this scam artist were the businesses who did work with them, and their secondary service providers as well. 

Another interesting case to mention is Elon Musk where he, the actual client, took it upon himself to “solve” the issue and directly contacted the person of interest who had begun posting his private flight details and created the security risk for him and was literally blackmailing him unless the POI was paid. According to media reports “Elon Musk states social-media accounts that track his travel movements are ‘becoming a security issue.” Tail numbers and yacht names of billionaires are increasingly being shared on online platforms and one can track them by having the appropriate app unless significant efforts are made to secure them from the reach of those diligent few. These are some unique specific details that the security team needs to pay close attention to at all times.

Photo by Asad Photo Maldives on Pexels.com

Since Social Media platforms are the way people today communicate with each other, we as security providers must keep in mind that this is not always a positive aspect. Perhaps a person or persons will utilize social media to collectively gather people with their same goal or mission, to get together and plan their next move (Example: protesting outside your client’s house or corporation). In this case, you will want to know what is being said online about the person you protect to determine if there is something of extreme necessity to include in your risk and threat assessment and then take protective measures as well as inform their legal department.

As we have all witnessed too many times, it only takes one well-placed picture or story regarding some alleged activity on the part of your client, and it will go viral quickly, truth or not. Staying one step ahead of this type of “attack” has become a crucial necessity in order to protect your client from embarrassment or exposure. One of the most common issues in recent history is when personnel close to the client i.e., family, staff, vendors, and any other secondary customers post pictures, stories, or opinions and subsequently fail to understand the negative effect these types of communications can and will have on the client’s life, business, and the lives of their loved ones.

Why do you need a Social Media Investigations and Monitoring Strategy when you are a security services provider? To summarize we can say:  

1) To identify new threats. 

2) To discover what information about your client is posted online either by himself, the ones close to him, or his employees and evaluate how these affect his safety. 

3) To evaluate a threat (someone is posting online threats directed at your client).

4) To add to your due diligence.

5) To geolocate a picture or a video, sometimes even audio. 

6) To include any findings in your Risk and Threat Assessment (We can never highlight this enough, social media surveys and investigations are now a critical part of your Risk and Threat Assessments).

7) To find people obsessed with or following your clients (stalkers).

8) To identify hate groups or terrorist organizations that may affect your client.

9) To identify people or businesses your client may or may not want to do business with.

10)To mitigate risks from the information found online about the person you protect (How are the pictures of my client used or tampered with and for what purpose?).

11)To identify if someone is impersonating your client or a family member.

12)To find out if your client’s moves/visits/travels are posted online (Exposing them to others who may be in the same hotel, conference room, restaurant). 

13)To identify workplace violence or insider threat indicators.

14)To find out what is the ‘’public opinion’’ regarding your client (Always keep an eye on what is being said about your client and have a strategy to respond). 

15)To determine if a person or persons are utilizing your client’s name or business name in a malicious or unauthorized manner for their own personal gain. (Claiming associations or partnerships, etc.)

How to perform Social Media Monitoring for security purposes? 

First, let’s clarify one important thing. ‘’Googling it’’ is not enough, nor is it the answer. There are a number of search sites that allow for user input thus watering down or contaminating information and it’s accuracy. For those who are not aware, Social Media Investigations and Monitoring is quite a different department of protective services and quite often falls under Intelligence Analysis and Open-Source Intelligence. It requires unique skills and knowledge. One must clearly understand different social media and research platforms and how to use each one of them (and/or in combination) to obtain information. How you will approach each case is different and certainly depends on who your client is, their business, close relations, and/or their public image. This will directly affect the searches and the resources used and for what purpose. It is vital in our current day and age to include SOCMINT (Social Media Intelligence) in your client’s service proposal, no matter how public the person may or may not be. Hiring ten Executive Protection agents and a Residential Security Team is not enough anymore. SOCMINT services are a vital part of your Risk and Threat Assessments (Dynamic Risk Assessments too) and enable your protective detail to function more efficiently. 

For those who can not provide a certified Social Media Investigator for their clients, follow up with these steps:

1)Understand who your client is, his/her background, the threats, where do they stand in political, social, financial sectors.

2)Be aware of any of the latest changes in your clients’ lifestyle, public opinions, and professional decisions. 

3)Be aware of any of their political and social changes. Watch the news from multiple channels. 

4)Familiarize yourself with all close family, friends, staff, and associates and their respective social media footprints.

5)Set up a social media investigation and monitoring strategy. 

6)Have a good understanding of the Intelligence Cycle (How the intel is being collected, analyzed, disseminated, reviewed, etc.).

7)Have a good understanding of the search tools on different platforms (Facebook, Twitter, Instagram, TikTok, LinkedIn, Tumblr, Reddit, etc.) 

8)Do research on the available search engines and the strengths and limitations each one may have. 

9)Know how to conduct image, video, and audio research and gather intelligence from them.

10)Invest in appropriate platforms for social media investigations and monitoring (Have in mind, NEVER rely on one platform’s result or just platforms’ results. The user/investigator is the main component of a social media investigation). 

11)Download and use appropriate search engine extensions and apps. 

12)Invest time in creating ‘’sock puppets’’ or fake profiles and maintain their persona. Sometimes you may need a profile to have access to different forums or groups without being discovered.

13)Train yourself in link analysis (How to look for connections between people, events, and organizations).

14)Set keyword alerts (In multiple languages in case your client has ties with more than one country).

15)Gather, analyze, evaluate, and report your findings to the appropriate department or leadership.  

Photo by Lisa Fotios on Pexels.com

As the threat landscape changes every day, we as protection providers must be able to adapt and keep ourselves up to date with additional training. Today’s executive protection agent must also be skilled and knowledgeable in investigations, open-source intelligence, protective intelligence, HUMINT, and have an increased understanding of cyber security. Large corporations have already created their own embedded intelligence departments, while others are hiring threat analysts and OSINT investigations from outside security providers. The rise of protective intelligence, and whatever that includes, is here to stay and we are seeing it more and more through the highly increased number of related job postings every day. 

If you are an Executive Protection Agent and want to learn more on how to utilize Social Media Investigations and Monitoring for Risk Mitigation Purposes, reach out to us.

f you are a service provider and want to add Social Media Investigations and Monitoring for Risk Mitigation Purposes on your service list, contact us to learn about our vendor services. 

Chris Grow

AUS Global Special Services Travel Team

Managing Partner LeMareschal LLC

Denida Grow

Founder & CEO

Athena Worldwide 

Nannyguards

Managing Partner LeMareschal LLC