Recognizing the Limitations of Physical Self Defense


Why do many self-defense training scenarios start with a gun already at your head? Or an assailant threatening you with a knife to your throat? What happened in the moments prior to that situation and how often is that time frame covered in any depth in much of what passes for self- defense training? If you Google self-defense classes you will likely get info on a bunch of local martial arts schools and maybe a course or two offered through a Y or community center. While many of these courses will mention the need for awareness, assertiveness and in some cases de-escalation most will quickly shift the focus to physical techniques – some better than others depending on the program and the instructor.

First off let me say that I am not against training in physical self-defense techniques. I think they are useful and I love combat sports and martial arts and have done them in one form or another for most of my life up to this day. I also don’t mean to imply that there are not good self-defense teachers out there who also teach awareness, de-escalation and other non-physical proactive measures as big part of their curriculum, because there are. Our focus here is on the more common training programs that cut right to the physical with little regard for the components that lead up to a violent incident occurring.

Now – with that out of the way – let’s look at some of the real limitations of focusing exclusively or mainly on physical self-defense:

  • Many self-defense courses are taught using techniques and elements from traditional martial arts. While some traditional arts have aspects or tools that may be useful in a real confrontation for the most part many of the techniques are not applicable for a real world violent confrontation.
  • Many are taught based solely on combat sports. While this is perhaps a better fit than the traditional arts in most respects, if not properly modified there can be real shortcomings such as not considering multiple opponents, weapons, etc. We previously discussed the pros and cons of both approaches here:
  • Regardless of the physical techniques used many self-defense systems require a great deal of training to become proficient. There are some practical combative systems that can be learned relatively quickly but frankly they are not widely available to most people. Given the level of interest and competing commitments many if not most people will not devote the time to become proficient.
  • To train realistically requires training with intensity. This means against a resisting opponent with some level of contact that approximates a real situation. There must be enough intensity to get your adrenaline flowing as it would in a real violent encounter. A large segment of the population is not willing to train at this level.
  • Despite what many people think – size and strength are a factor. Unless you are at a very high level you will be at a disadvantage against a larger, stronger opponent. Especially if that opponent has training and experience with violence – which most assailants will have.
  • As you age your ability to be physically effective resisting a determined attacker is decreased.
  • Your assailants will choose the time and place where they attack you in most cases. They will choose a situation where the odds are in their favor and you are in a disadvantaged position.
  • Your attacker has likely committed similar violent assaults, has a game plan and knows what to expect. For you it may be the first time.
  • In many if not most cases there will be multiple assailants, weapons or both.
  • Carrying firearms or other weapons may be of no help or even counterproductive unless you train to use them under duress and have bridging techniques that allow you to get space and draw and deploy your weapon if suddenly attacked. We discussed this in our piece on the 21 foot rule:

The fact is criminal assaults don’t happen in a vacuum. There are always indicators prior to the attack and with the possible exception of some ambush-style assaults where the perpetrators are well concealed and lying in wait for a victim, you can usually detect these indicators. The key factor is you need to be watching for them and you need to be trained or have trained yourself to recognize them.

Personal security and self-defense needs to start before an incident ever begins and way before any physical techniques are needed. You need to:

Training to physically respond to a violent attack has its place but also its limitations. Training for personal protection should focus heavily on detecting and avoiding potential threats. These are things everyone can do – especially with a little training and practice – regardless of age, physical condition and so forth. It’s also completely scalable based on the person’s perceived threat level and degree of interest. Many aspects of this approach were covered in previous articles which are linked here for those who want more information and a greater understanding.


A Tiger Kidnapping in Connecticut and Defining an “At-Risk” Person

Fairfield Heist

At about 9pm on April 11, 2013 a group of 5 men forced their way into an apartment in Meriden, Connecticut in the Northeastern US and overpowered and restrained four people inside.  The apartment was reportedly company-rented and used by employees of Lenox Jewelers in Fairfield who frequently transited between that store and another store in neighboring Massachusetts.  Reports indicate that two employees of the store were likely followed after closing at 8pm and were initially targeted as stepped from their vehicle.  They were then forced into the apartment where the other two employees were.  They bound them and blindfolded them with pillow cases.  Then they separated the employees with four of the assailants taking two of the jewelry store employees back to the store while the fifth man remained at the apartment to guard the other two employees.  When they got to the store they forced the two employees to disarm the security system and stole approximately $5million in jewels.  They then left the two employees bound in the store and notified their accomplice guarding the other two in the apartment.  Upon receiving word the heist was successful he left the remaining two employees bound in the apartment.   Five men were arrested weeks after the robbery and are awaiting trial.

While most tiger kidnappings tend to involve holding family members or other loved ones hostage to force a person with special access to comply in this particular case it involved holding co-workers hostage.  This crime has been prevalent in Ireland and the UK but less so in the US.

This incident raises two interesting points – one about the presence of pre-incident indicators and the second about who is an “at-risk” person.

When the robbers were escorting the two store employees back to the store they made a comment to one that he “drives too fast” indicating that they likely had him under surveillance for a period of time prior to the incident.  Additionally a neighbor at the apartment complex observed and noted the kidnappers’ car conducting surveillance on the morning of March 30.  The neighbor noted the car’s plate number and gave it to the police after the incident which contributed to the arrest of the suspects.  This means that (1) the surveillance was occurring at least 11 days prior to the crime and probably even earlier (2) the surveillance activity was noticeable to someone who was paying attention to the environment.  Interestingly in an unrelated case in a New York City suburb law enforcement was conducting surveillance outside the home of a suspected drug dealer and were detected by neighbors.  Local residents noticed a car with occupants sitting on a quiet suburban street and questioned them what they were doing there.  This incident illustrates that even professional surveillance efforts can be detected if people pay attention to their surroundings.

We often discuss that key times for heightening alertness include arrivals and departures (especially from home and work) and locations/zones of predictability.  We also state that security measures should be scalable and in context with the person’s risk profile.  Therefore a person who believes he or she may be facing a demonstrable threat or is working/living in a high threat environment should devote more time and effort to practicing individual protective measures.  A person at less risk should still be aware but may not need to expend a great deal of effort.

In this case it’s likely the jewelry store employees who became victims did not consider themselves to be “at-risk”.  While they probably recognized the risk of robbery as a professional hazard they likely thought of it in the context of a classic armed robbery at the place of business and not a tiger kidnapping involving elaborate planning.  It’s important when considering your risk profile to accurately assess the potential threats you may face and the vulnerabilities in your lifestyle.  Without an honest appreciation of these it’s difficult to determine the level of mitigation and countermeasures you need to put in place.  You don’t need to be a millionaire, a celebrity or a politician to be “at-risk”.  A variety of factors in your professional and or personal life can raise your profile.



Lessons Learned vs. Armchair Quarterbacking

One of the best ways to develop new countermeasures and enhance your personal or your organization’s security is by studying security incidents that have occurred to learn both from the mistakes of others and also from what they did well.  Rightly or wrongly there is often a tendency to focus on the mistakes and things that went wrong as these sometimes provide the most cogent lessons learned.  When doing this we need to do it dispassionately and we need to avoid the appearance of blaming the victim.  All hindsight is 20/20 and it is easy to look at all the details of an event after it has transpired and pontificate about what someone did wrong and why we would have done it differently.  It is much different when the event is unfolding and you are wrapped in uncertainty and trying to make decisions under pressure.  It is also different when you don’t have the ability to see a threat clearly due to other events or distractions that may be going on.

The horrific school shooting in Newtown, Connecticut brings this principle to the forefront.  While information and details are still coming in as of this writing it demonstrates the need to study these events to look for areas of improvement and consider how things can be done in the future to mitigate the risk.   This is not intended to be a discussion of the Sandy Hook massacre as this is being covered extensively in other venues and discussed by people much more knowledgeable about school security and active shooter situations than I am.   Those of us who are parents though are searching for information and perhaps answers and solutions to make our children safer.   Interestingly it appears from current information that the Sandy Hook Elementary School did a whole lot right in terms of their security program and perhaps exceeded what is in place at many schools.  Still we need to do a close examination to see what might be implemented to reduce the risk at other schools in the future.

One of the most valuable things we can do is to look at case studies concerning criminal and terrorist incidents and look at why the victim was vulnerable and what they might have done to reduce or even eliminate that vulnerability.  If we are looking at confrontational crimes targeting individuals we might look at a robbery incident where the victims was distracted and fumbling with her car keys when she was approached and victimized.   Looking at a kidnapping we may find the victim habitually departed for work each day at the same time and used the same route.  We should also look at our own experiences where we had near misses or close calls and look at areas where we could have done something differently.  In these cases we need to be frank with ourselves if we were lazy, complacent, overconfident, disregarded our own intuition, or whatever.

What separates armchair or Monday morning quarterbacking from thoughtful lessons learned?  As much as anything it’s the spirit in which it’s done and the mindset.  Armchair quarterbacking is pontificating, sometimes accusatory and not done with a constructive goal in mind.  Analyzing lessons learned on the other hand is thoughtful, constructive and done with the intent of not repeating past mistakes or missteps – others or our own – but rather learning from them to develop new procedures tactics and approaches that will reduce the risk and make us more effective.




Using Threat Information in the Context of Business Operations


When evaluating threat information, especially information received from subscription security intelligence services which are produced for a broad audience, it is essential to view them in the context of your company’s operations.  Many, if not most providers, use a color and/or numerical rating to designate the risk level of a particular city or country.  Different firms use different methods to determine their risk ratings.  Regardless of the method used it is important to realize that while these risk ratings have their uses, especially as a starting point when evaluating risk, they can be very misleading depending on the nature of your organization’s operations.  There are simply too many variables to use this as a cut and dried definitive resource.  Not only do different neighborhoods and areas of a city or country frequently present greatly different levels of risk, so do different types of activities.  An executive flying into the capital city of a developing country for a meeting, being picked-up at the airport by a company representative and staying at a five star hotel for two days for a meeting typically faces a very different risk level than an engineer traveling to the interior of the country for two weeks to review a new hydroelectric dam project.


The same is true of the travel advisories posted by the US Department of State, UK Foreign & Commonwealth Office, Australian Department of Foreign Affairs and Trade, etc.  It is useful to be aware of these as part of the framework of your risk assessment but these are directed at far too general an audience to be useful in and of themselves in the decision-making process.  It is also worth mentioning that these do warrant attention because the company’s employees have access to them and may have questions and concerns that need to be addressed by the company’s security department.  As an example, the US State Department has a Travel Warning posted for thePhilippines.  The warning correctly states that terrorist groups such as Abu Sayyaf and Jemmah Islamiya are active in planning and carrying out attacks and warns against all but essential travel throughout the country.  Under most circumstances a business traveler could visit much of thePhilippines– particularly popular destinations likeManilaorCebuCity- and providing that they use care in selecting hotels and transportation options and practice basic personal security measures do it relatively safely.  What is not mentioned in the Travel Warning is the high level of crime in many areas and the innumerable scams that exist to separate the traveler from his or her money, although these are mentioned in the State Department’s Consular Information Sheet for thePhilippines.  Given the wide audience that these government bulletins address there is sometimes an “err on the side of caution” approach that may not realistically match your organization’s operations.


Regardless of the source, all security intelligence should be viewed through the prism of how it relates to your organization, its operations and its employees.  To be effective, security measures should be tied to the threat situation in the locations where you have operations and travelers.  It is very likely there will be some generic aspects that may apply across the board such as basic access control measures or policies relating to displaying ID on company premises, etc.  Whether or not to utilize close protection teams or simply trusted transportation, as an example, should be based on the threat information received from security intelligence resources and perhaps in some cases augmented or validated by an on-the-ground assessment.  Building effective and applicable security measures for facilities and for employee protection, developing policies governing employee travel and planning contingencies for likely events all require an in depth knowledge of the threat situation.  This knowledge cannot be gained by solely from mass media like CNN or the New York Times because these media outlets tailor their coverage to aUSand/or European mainstream audience and do not cover all corners of the world or provide coverage and insight in all regions where an organization may have interests or travelers.  How much coverage did we see on television or in the major newspapers devoted to civil unrest in Bangladesh throughout much of 2006 and early 2007?  It is also problematic to get all information from one retained provider – even if that provider is capable and competent.  A more effective approach is to engage several providers with strengths in different areas, participate in private-public partnership organizations, solicit information and opinion from sources on the ground and after gathering all this information view it in the context of your organization’s operations and business activities to develop the most accurate picture of how events effect you and your people and what steps need to be taken to provide a reasonable level of protection to your organization’s employees and assets.




Evaluating and Choosing Private Intelligence Providers

How does management identify and monitor these threats in different locations around the world?  Many companies subscribe to one or more of the private security intelligence providers that are available.  While some of these firms use the term intelligence to describe their products and services, others use terms like risk reporting, assessment & analysis and information services.  For purposes of clarity and consistency the term intelligence or security intelligence will be used throughout this article.  These firms either solely provide security intelligence or offer it as one of a number of other services such as security consulting, evacuation support, executive protection services, traveler tracking, etc.  The quality, depth, level of coverage and other factors vary widely in these intelligence products.  Some providers may offer a greater level of detail, more flexibility for customization, better qualified analysts, greater brevity or may be stronger in one geographical area than another.  For this reason – and because it is important to get a range of perspectives – it is strongly recommended that the company’s security department utilize several different providers with strengths in different areas.


The following are some examples of the types of providers that might be encountered and their relative strengths and weaknesses:


Provider A:  Very good general information and alerts presented in a brief format via email that is easy to read.  Most information is taken directly from open source publications and websites with little vetting, perspective or analysis.  Foreign media sources are checked as well as US media.  Cost is low.


Provider B: Detailed website with security briefs for multiple cities and countries as well as detail email briefs that offer analysis and perspective.  Analysts come from a variety of backgrounds and generally have lived or traveled in their respective regions.  Good quality information but little room for customization.  Cost is high.


Provider C: Detailed website with security briefs for multiple cities and countries (though not as extensive as Provider B), email briefs and alerts that are sometimes taken directly from open sources with little analysis.  Analysts are mainly recent college graduates often with limited or no practical experience living or working in their region.  There is a high degree of customization in terms of reports, specialized monitoring and consultations.  Cost is medium.


Provider D:  Provides totally customized intelligence reports and risk assessments.  Most analysts have a military intelligence or government intelligence agency background with a sprinkling of academics.  Most analysts have extensive experience in their region, a network of local contacts and often language skills.  Cost is high.


Looking at these four examples of different types of private intelligence providers it is easy to see how an organization would benefit by using several of these firms rather than just one.  When evaluating and choosing providers it is important to determine what the organization’s needs are, what each potential provider’s strong and weak points are, and select several providers based on these factors.


Tactical vs. Strategic Intelligence

Intelligence needs related to security will largely be determined by the type of operation a company has in a particular location, the size of the footprint, number of personnel, amount of infrastructure and assets, etc.  As an example, a company involved in oil, gas or mining operations with extensive and costly infrastructure will typically need to take a longer view of the situation in a given country than a wholesaler that sends buyers to the country for short periods of time.


Therefore it is critical that the company’s security management understand the difference between tactical and strategic intelligence, how this applies to business operations and how to best gather each type.  Strategic intelligence covers the Macro and generally more long range view of events in a particular location.  What affect will upcoming elections have on the business environment?  Is a coup d’etat imminent and will that require an evacuation of company employees?  Tactical intelligence is more micro in its scope.  What routes are safest to use between the company’s residential compound and the office or between the hotel and the airport?  What intersections are likely to be affected by an upcoming political protest?  What neighborhoods have the highest levels of street crime?


Clearly both strategic and tactical intelligence are important when assessing risk.  Generally, the more nimble an organization is and the smaller its footprint is the less reliant it is on strategic intelligence.  On the other hand, a company with more physical assets and infrastructure that is less able to disengage itself quickly without risking the loss of its assets must be more mindful of long-term events in the country that could affect its business and employees.  Any organization with employees in a particular country or traveling to a particular country needs to be attentive to tactical intelligence on that location.  Unfortunately of the two, tactical intelligence is often more difficult to get in an accurate and timely manner.


One area that is perhaps best described as a subset of tactical intelligence is the understanding of tactics, techniques and procedures (TTPs) used by criminals and terrorists in the locations where your company does business.  This is also sometimes referred to as modus operandi and is often highly specific to the location you are operating in.  Two examples are the methodologies used by express kidnappers inCaracas,Venezuelaand carjackers inNairobi,Kenya.  During the summer of 2005, OSAC released a report describing a number of incidents where travelers were met at Maquetia airport inCaracasand directed to taxis or private car services where they were subsequently express kidnapped and robbed.  The report detailed several specific incidents, mentioned ruses that were used, etc.  A previous report on express kidnappings at Maquetia airport also included a physical description of one team involved in the incidents.  Similarly, when looking at carjacking techniques in use in Nairobi, Kenya it would be important to look at trends from past incidents in terms of frequent locations of occurrence, size of carjacking teams, presence of weapons, use of violence, use of blocking vehicles or ruses to halt target vehicles, etc.

Another good example of a tactic is the popular use of incapacitating drugs in certain countries to facilitate other crimes such as robbery, kidnapping and sexual assault (this will be discussed in greater depth in a future post).  In the Philippines, the drug Ativan is frequently introduced by criminals into a victim’s food or drink to incapacitate them.  In Colombia, the drug Scopolamine, locally referred to as Burundanga is used in a similar way.


This type of detailed information on the methods used by different threat groups in various locales provides the company’s security management with important information to use when implementing effective countermeasures and is also valuable in educating travelers and expatriates about the nature of the threat in a particular place.

Assessing Overseas Security Risks to Your Organization


If your company is expanding into new markets overseas how do you evaluate the physical security risk to your employees and assets?  If you are working in the developing world how do you monitor events and assess the potential threat to your personnel and operations?

Looking at year 2012 so far we have seen two notable coups in Africa – one in historically unstable Guinea-Bissau and another in Mali – once considered a bastion of stability and relative democracy.   In 2011 (although it technically began in December 2010 in Tunisia) we saw the speed with which the Arab Spring spread across the Middle East and North Africa unseating heretofore stable governments and changing for many the notion of trip wires or trigger points – or at least their expected timeline.

  • The first key element is recognizing and assessing the threats that exist.
  • The second is looking at your operations in the context of the threat environment.
  • The third is identifying vulnerabilities in your operations.
  • The fourth is considering probability and criticality of the threat as it relates to your company’s business and operations.

The most important element in identifying and initially addressing these elements is good intelligence.

Good intelligence can come from:

  • Paid security intelligence providers
  • Government agencies and public-private partnerships
  • Local sources in the area in question
  • Your professional network in other companies, industries and organizations
  • Open source resources such as media, government and private publications
  • Paid or unpaid sources you develop specifically to provide intelligence
  • Area specialists, academics and consultants

Ideally you should be drawing from at least several and possibly many of these different resources.  There are pros and cons to each of these and we will discuss some of them at greater length in future posts.

Next you need to have a firm understanding of your company or organization’s operations in the location in question.  Are you building a factory, operating a mine or oil field, providing training?  Where are your personnel located and what do they do?  How does this activity match up against the threat information?

To take this contextual look a step further – what vulnerabilities exist for your employees and company assets?  Do your personnel establish patterns that can be exploited to conduct a targeted attack?  Are your facilities in close proximity to high value targets?

What is the probability or likelihood of certain types of security events occurring?  Which are more likely than others?  What is the criticality or consequence of being the victim of a particular type of security event.  As a rough example:  in a given location pickpocketing and petty theft may be a common occurrence (high probability) but the impact on your organization’s operations would be low.  The threat of a coordinated terrorist attack using multiple vehicle bombs may be a lower probability but the impact on your operations – especially if you are specifically targeted – might be catastrophic.

By looking at the threats that exist in the context of your operations, identifying vulnerabilities and determining the probability and criticality of various events you can begin to make more educated business decisions and develop security countermeasures and mitigation steps to better support your operations.