Meeting the subject of a threat assessment: Is it always necessary?

When assessing a threat in the workplace, it isn't always necessary to meet with the subject in question, says Dr. Steve Albrecht

We know it takes a team effort and a multidisciplinary approach to solve the complex problem of workplace violence prevention. All successful threat assessments require both information and conversation. We must know as much as possible about the subject making the threat and his or her intended targets. And we must be able to communicate with as many people as we can (with confidentiality in mind, of course) to ask questions, get answers, and develop our potential solutions. Threat assessment is a team approach in every respect, because the decisions either come from or affect so many stakeholders.

[Making the case for preventing workplace violence]

So if we agree that threat assessment is a collective effort and that we must get information from multiple sources, it's time to answer a question that has been posed to security professionals: Can you do an accurate threat assessment without actually meeting the subject?

I believe the short answer is yes. This question was posed to me during a meeting at an organization where I was gathering information about the troubling behavior of an employee. I had met with many of his colleagues, discussed his behavior and employment history with his supervisors, read his ranting and disconnected e-mails, and even sat in quietly and anonymously during a large staff meeting where he tried to bully the group. In short, I had a full picture of the man I was assessing.

During my meeting with one of his co-workers, who happened to be a non-practicing licensed psychologist, this person said, rather dismissively of my efforts, "I could never do a threat assessment without actually interviewing the subject. Don't you plan to talk to him?"

I replied, "Talking to the subject is very useful in many situations. I do it whenever it's possible and helps my process. In this case, I believe my conversation with him would only make things worse, based on his described level of paranoia." I believe I may have also added, "I don't need to be a meteorologist to know when it's raining outside," but I'm not sure if I said this out loud.

[What it's like to respond to a bomb threat]

I certainly agree with the clinician's point; it's always helpful to get the threatener's perspective, right from his or her own mouth. It's always good to see this person in an interview situation and make certain assumptions about his or her seriousness, sobriety, need for or lack of control, blaming, targeting, remorse, anger, tone, escalation, cadence, or plans.

My argument in this case was that I didn't believe the subject would be able control his angry behavior long enough to sit through an interview with me. And since he would be forewarned of any future meeting with me, even a quick search of the Internet would tell him my background and what I do. He would then come to the meeting, as many of these threateners do, with many preconceived ideas about its purpose, my goals to "ruin his life," and his desire to outwit, out-converse, or thwart me.

[Executive protection: 4 essentials for secure travel]

Many security professionals have had cases where the subjects were all too happy and ready to speak with them. They want to tell their tales and be heard, finally, by someone who will listen. But I also know that many times, we can play a more effective role by being on the outside, and providing advice, support, and talking points to the people who will meet with the subject regularly (HR, the employee's supervisor).

Our clinically-trained colleagues have a wealth of tools to use for behavioral interviews, threat assessment interviews, or Fitness For Duty evaluations. These can provide a lot of data in real time. Because I don't come from the same background (my psychology degree only qualifies me to sigh when Dr. Phil gives out soundbite-style advice), I must "rely on the kindness of strangers," and take my data from every source, including even office gossip and rumors, where I can get it.

There are always going to be pros and cons as to if we should meet with threateners. Sometimes our meetings with them serve to escalate their behaviors and they act out, believing they have been triggered, their internal time clock is running down, or they feel forced to initiate their plans. Sometimes our meetings with them serve to put them on notice that their behavior has been noticed and it must stop. And sometimes, as in the case of an ex-employee, anonymous cyber e-mailer, or phone threatener, we won't ever know who we're dealing with or speak to that person. That doesn't mean we can't decide what to do to minimize his or her impact on the business or the victim.

[10 tips for offsite meeting security]

Given my choice between meeting with a subject or not, my answer stays the same: it depends. Will my meeting with that person help or hurt? Will it make it more or less likely the person will act out? Does it make it better or worse for the organization and any current or potential victims? Can I do my best work on the edges of the situation or do I need to be hands-on?

People may call on security professionals and say, "Based on our relationship and current level of rapport, we think we can speak with this person. What should we say or not say, do or not do?" From this, we can help them come up with a plan. Or they may say, "We're not prepared or afraid to meet with him. Could you do it?" Our path is clear.

With all due respect to the clinicians, let us make the decision as to engage or not with threateners. If we can get data from a wide variety of sources, it may not be necessary to meet with them to draw our conclusions and come up with a plan.

We know that threat assessment is not about "predicting violence," it's about assessing dangerousness. We must continue to use the four pillars of security management success: information, intuition, experience, and our ability to communicate, either with the subject and/or the people who will have to make decisions about the subject.

Dr. Steve Albrecht, PHR, CPP, BCC, is board certified in HR, security, and coaching. He worked for the San Diego Police Department from 1984 to 1999 and is the past president for the San Diego chapter of the Association of Threat Assessment Professionals (ATAP). He can be reached at

Join the CSO newsletter!

Error: Please check your email address.

Tags security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Albrecht

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts