Q&A with John Tran, Director of Intelligence, Allied Universal® Enhanced Protection Services

For corporate security leaders, the value of a Global Security Operations Center (GSOC) is not measured by screens in a room. It is measured by the quality of decisions the operation helps support.

A foundational GSOC can centralize CCTV monitoring, access control activity, alarms, and incident reporting. But for organizations with complex physical footprints in multiple locations, campus environments, and more frequent business travel, monitoring alone is rarely enough.
A mature GSOC brings together people, technology, intelligence, communication protocols, and escalation frameworks to help corporate security teams assess what is happening and support a structured response.

The better question is not whether the organization has a GSOC. It is whether the GSOC aligns with the organization’s risk profile, complexity, and business priorities.

What does a foundational GSOC support?

A foundational GSOC supports core security operations: CCTV surveillance, access control, alarm monitoring, visitor or badge-related requests, incident documentation, and stakeholder notifications. This model works well for smaller organizations with limited complexity. Personnel staffing a basic GSOC follow static procedures: if camera footage in the parking lot shows individuals loitering at night, send a security patrol to investigate. If the high temperature alarm triggers in the server room, inform the stakeholders, vent the room, and monitor it on CCTV until resolved. Simply put, if A happens, do B. 

The challenge appears when a GSOC team must address more complex scenarios requiring personnel to assess context, business impact, and escalation needs beyond what a standard procedure covers. That move from task completion to incident assessment and response is where GSOC maturity needs emerge.

What are the maturity levels of a GSOC? 

Allied Universal typically classifies GSOC maturity from level 1 monitoring to level 4 intelligence-led decision support:

Level 1: Monitoring: The GSOC monitors cameras, alarms, and access control systems while documenting routine incidents.
Level 2: Expanded operational support: The GSOC manages service requests, facility alerts, technology-related notifications, and stakeholder communications.
Level 3: Coordinated response and communication: The GSOC supports 24/7 operations across locations, regions, or time zones. It uses escalation paths, mass notification tools, and incident response planning when an event could affect people, facilities, or operations.
Level 4: Intelligence-led operations: The most mature models integrate multi-specialty staffing, intelligence analysis, global monitoring, executive and traveler support, business continuity planning, and strategic reporting.

At higher levels, the GSOC becomes a decision-support function. The team asks who may be affected, what function may be disrupted, who needs to know, and what response options are appropriate. Threat identification and remediation is complex, requiring more sophisticated tools and more skilled personnel. 
 

When does an organization need a more mature GSOC?

An organization may need a more mature GSOC when its risk profile, footprint, or operational complexity has outgrown the capabilities of its current model. Common indicators include: 

• Expansive footprint: A larger footprint typically creates a wider variety of activity to monitor across various areas of security.
• 24/7 operations: A more advanced understanding of escalation processes and independent decision making overnight.
• Frequent employee travel: Travel adds exposure beyond the workplace and may require real-time awareness, accountability, and decision-ready information.
• High public visibility: A visible brand, executive profile, or public-facing mission can increase scrutiny, unwanted attention, and reputational exposure.
• Critical infrastructure: Data centers, labs, operations centers, and other specialized environments can carry greater business continuity implications.
• Escalation gaps: Complex notification paths, documentation standards, or decision thresholds may require more advanced staffing.
• Business continuity concerns: Adverse weather, civil unrest, workplace violence concerns, infrastructure failure, or local disruption can affect people, facilities, travel, and operations at the same time.

These factors must be evaluated in a holistic manner. For example, a large global company may have a smaller GSOC than expected if the team’s time is focused on local radio traffic and day-to-day site activity. Conversely, a small organization may require a more advanced GSOC when monitoring complex executive travel or sensitive operations. Decisions should be based on a comprehensive assessment of the organization’s overall risk profile and security objectives. 

Why are security professionals critical to GSOC performance?

Technology can identify activity. Security professionals determine what that activity means.

In a mature GSOC, security professionals need operational judgment, communication discipline, platform familiarity, report-writing ability, and an understanding of the client’s business. They must know when to escalate, monitor, document, or seek more context.

That judgment helps reduce noise. For example: a door-forced-open (DFO) alarm is a common event in many monitoring environments. But the alert itself rarely provides enough context to determine risk. Was the door opened by an unauthorized individual, a technician servicing the hardware, or a faulty sensor triggering a false alarm? A well-trained GSOC professional uses experience, training, and operational context to assess the situation and determine the appropriate response.

Strong GSOC programs build consistency through training, quality assurance, and documented escalation frameworks, especially when corporate security services support legal, compliance, risk, facilities, human resources, and executive stakeholders.

How does a GSOC support business continuity?

A mature GSOC supports business continuity by connecting situational awareness to operational action. When an incident occurs, leaders need accurate information quickly. A GSOC can help gather details, verify conditions, identify affected people or facilities, notify stakeholders, and support a coordinated response.

This is where integrated security solutions matter. Video, access control, mass notification, intelligence, reporting, and trained security professionals should support one security operating picture.
 

The Bottom Line

A standard GSOC monitors activity. A mature GSOC helps interpret activity, assess impact, and support better decisions.

For security, risk, legal, facilities, and executive leaders, the issue is whether the GSOC is positioned to support the complexity of the organization it serves.

Strong programs combine trained security professionals, technology, intelligence, documentation, and clear escalation frameworks. That is how a GSOC becomes a strategic capability that helps manage risk, support continuity, and strengthen corporate security.
 

About the Expert

John Tran is Director of Intelligence within the Allied Universal ® Enhanced Protection Services, where he leads the development and delivery Global Security Operations Center (GSOC) programs for clients operating in complex environments.

With more than 16 years of experience supporting leading technology organizations, John specializes in the design, implementation, and long-term maturation of intelligence and GSOC operations. His work focuses on building structured, scalable programs that integrate protective intelligence, operational workflows, and training to support informed decision-making and effective incident response.

Throughout his career, John has partnered with internal and client stakeholders to develop and professionalize intelligence capabilities, including team recruitment, training, program development, and quality assurance. His approach emphasizes consistency, operational clarity, and the ability to adapt to evolving risk landscapes.

On a typical afternoon, Stephen Rice and Annie search the entry points of an iconic American skyscraper where deliveries, contractors, vehicles, and equipment move in a steady stream. In that kind of environment, this detection team depends on discipline, repetition, and trust.

Annie, a yellow Labrador retriever, is a key part of that work. Young and highly motivated, she has an intense sniff drive and a natural curiosity that keeps her engaged in the search. Stephen, her handler with Allied Universal® Enhanced Protection Services, harnesses Annie’s instincts into focused, reliable performance.

Annie is not the kind of detection dog that needs to be pushed into the job. She wants it. Stephen says her strongest trait is her desire to sniff everything in front of her, and that is what makes her effective during long searches in busy environments. Although she is eager, her composure helps her stay fully engaged in the role.

“She genuinely wants to search everything,” Stephen says. “That’s what makes her so good. My job is to keep that energy focused in the right direction.”

Built for the Work

That role suits Stephen’s background. He served in the Army Reserves while studying criminal justice at Liberty University, often completing coursework while deployed. His criminal justice studies gave him a better understanding of structured security operations and how to stay methodical under pressure. His military duties reinforced discipline, structure, and readiness, values he now relies on every day as a handler.

He had not partnered with dogs professionally before joining Allied Universal, but he was drawn to the challenge of learning what motivates dogs, and how training connects directly to performance. That became especially important when he was paired with Annie.

Handlers and dogs are matched in part by temperament and energy level. In Annie’s case, the fit came together quickly. Stephen describes her as calm and content off duty, then immediately “switched on” and ready to work once she arrives at her post. She likes to keep moving and using her nose.

That balance gives Annie a distinctive working style. She is led by her sense of smell, but she also takes direction from Stephen well. She is alert without being chaotic, and that consistency helps in settings where distractions are constant, Stephen says.

Locked In, On Duty and Off

Training is woven into daily life. Stephen uses calm parts of the shift to keep Annie sharp. And on days off, he does sustainment training with inert aids, placing them around vehicles or in public places where Annie must work through competing smells. He purposely makes the searches harder by using trash cans and other scent-heavy areas. The point is to keep Annie locked in on her task in various environments.

“One thing about Annie is that she doesn’t quit on a search,” Stephen says. “If she thinks something is there, she wants to stay with it and work it out.”

That kind of focus stands out most clearly on response calls. In addition to screening items at their post, Stephen and Annie are called when something unattended or suspicious needs to be cleared. Those calls do not always end with a confirmed threat, but they still show how the team works together. Stephen remembers response calls where Annie alerted to something that required a closer look. In those moments, her focus and persistence stood out, even when the item was ultimately cleared as non-threatening. The value was in her consistency — engaged, responsive, and doing exactly what she was trained to do.

Off duty, Annie reveals another side of herself, and it helps explain the bond between her and Stephen. At home, she can go from stretched out on the couch to instantly ready if Stephen suggests going outside. After late shifts, she often still has enough energy to play while Stephen is ready to wind down. He humors her for a bit, then the two settle into their routine. Sometimes, that means Annie curls up next to him while he watches television before bed.

That rhythm matters. Living and working together has helped Stephen learn Annie’s habits, her idiosyncrasies, and the small cues that tell him where her attention is going. Annie, in turn, has learned how to read him and the situation around her.

That is what makes the partnership work. Annie brings the nose, the drive, and the determination. Stephen provides the structure and support to help her do the job well. Together, they bring the trust, discipline, and consistency that strong detection work depends on.
 

Learn more about Canine Detection services

For decades, mailroom security has focused on a familiar set of risks: explosives, firearms and edged weapons. Those threats remain, but they no longer define the full risk profile. Today’s threat landscape is more subtle, more deceptive and in many cases more disruptive because it does not present as dangerous at first glance.

For senior security leaders, especially those with law enforcement or military backgrounds, the challenge is not awareness. It is recognizing how the threat has evolved. The mailroom is no longer just a screening checkpoint. It is a potential entry point for chemical, biological, radiological, nuclear and explosive threats that are harder to detect, easier to conceal and capable of disrupting operations quickly.

The Evolution of Mailroom Threats

Traditional screening programs were designed to identify prominent anomalies such as wires, dense objects or irregular shapes. That model still plays an important role, but high-risk environments require a more expansive screening infrastructure. Adversaries are adapting, and concealment methods are becoming more challenging to detect.

Many modern threats share a few common characteristics:

• They are low-profile and appear routine at first glance
• They move easily through standard delivery channels
• They can bypass preliminary screening measures 
   

In practice, that could mean a standard envelope, a small parcel or a common consumer item that triggers a response because no one can immediately determine that it poses a threat.

That shift changes the mission. It is no longer just about identifying a device or confirming a potential explosive threat. It is about quickly and accurately determining whether something presents a real risk – whether that risk is a traditional device or a less visible hazard.

At the same time, traditional threats have not gone away. Suspicious X-ray images that resemble explosive devices remain one of the most common and high-consequence challenges for screening teams. Everyday items can mimic threat signatures, forcing screeners to pause, assess and make critical decisions under pressure. The ability to distinguish between a credible device and a false alarm remains a core function of any effective screening program.

Powders and Substances: The Persistent Unknown

In addition to traditional device threats, suspicious powders remain one of the most challenging mailroom scenarios. Even when the substance is harmless, the uncertainty around it can drive a full operational response.

A single envelope containing an unknown powder can stop processing, trigger evacuation protocols and require emergency response. The result is lost time, operational disruption, concern among employees, and potential reputational damage.

This is where many programs fall short. Detection is only the first step. What matters is how quickly a team can determine what the substance is and whether it poses a threat.

The effectiveness of a screening program is not measured solely by what it identifies, but by how efficiently it resolves uncertainty and supports informed decision-making.

Fentanyl: A Modern Mailroom Risk
 

Beyond traditional device threats and unknown substances, Fentanyl presents a different type of challenge. While it is well understood in law enforcement environments, many corporate security programs are still adapting to its implications in the mailroom.

It is highly potent, can be transported in very small quantities and is not easily identified without specialized detection. In a mailroom setting, even the suspicion of fentanyl can trigger a significant response.

That response often includes shutting down operations, isolating personnel and escalating to hazardous materials teams. Regardless of the outcome, the disruption is immediate.

For organizations with elevated risk profiles, including executive offices, healthcare systems and government facilities, fentanyl is not a hypothetical concern. It is a scenario that should be reflected in both screening protocols and response planning.

The Gap Between Detection and Decision

Most mailroom programs rely on detection tools such as X-ray systems, visual inspection and established procedures. These are essential, but they do not answer the most important question.

Detection identifies a potential issue. It does not explain whether it is a credible explosive threat, a benign item that appears suspicious or a substance that requires further analysis. 

When a screener flags an anomaly, the next step becomes critical. Without immediate access to expertise, teams are forced to make decisions with limited information. That can lead to unnecessary disruption or delayed escalation.

This is where integrated solutions such as SmartTech® screening add value. By connecting front-line screeners with certified bomb technicians and subject matter experts in real time, organizations can move from uncertainty to clarity in seconds. 
 

Expanding the Definition of Screening

To address emerging threats, security leaders need to rethink what screening means.

An effective program combines several key elements to address both traditional and emerging threats:

• Advanced detection capabilities that account for both traditional and emerging threats
• Immediate access to expert support to validate and assess anomalies
• Clear escalation protocols that reduce hesitation and uncertainty
• Ongoing training that reflects how threats continue to evolve
   

Screeners need to understand not only what to look for, but how to respond and when to escalate. This shift turns screening into a more dynamic, responsive process.

When the Risk Profile Demands More

In higher-risk environments, additional layers may be appropriate.

Some organizations invest in negative pressure mailrooms designed to contain airborne contaminants and limit the spread of hazardous substances. These environments offer a high level of control but require significant investment.

Others utilize off-site mail screening. Mail is routed to a secure facility, screened away from the primary workplace and delivered once it has been verified. This approach reduces on-site exposure risk and helps maintain continuity if a suspicious item is identified.

Another option includes the integration of downdraft tables and chemical sensors in mailrooms. These systems help capture and contain airborne particulates at the source while using advanced analytical sensors to rapidly assess potential chemical or biological threats. By combining localized containment with near real time substance identification, this approach can reduce exposure risk and accelerate informed decision making without immediately escalating to full facility shutdowns.

These solutions are not necessary for every organization, but they are worth evaluating when the risk profile demands it.

A Layered Approach to Mailroom Security

No single solution addresses every threat. The most effective programs combine technology, expertise, training and clearly defined processes.

The mailroom should be treated as a critical access point within a broader security strategy. Risk assessments consistently identify it as an area where gaps can lead to broader exposure if not properly addressed. 
 

The Bottom Line

The mailroom has become a frontline security concern.

The threats are less visible, more ambiguous and often designed to create disruption rather than immediate harm. For security leaders, the priority is staying ahead of these changes.

That means strengthening screening programs, refining response protocols and building the ability to act quickly when uncertainty arrives in a plain envelope.

Because in today’s environment, the most serious threats are often the ones that do not look like threats at all.

About the author:

Joseph Beglane

Joseph Beglane brings more than three decades of experience in law enforcement, explosives response, and security operations. He served 27 years with the Nassau County Police Department and the New York City Police Department, retiring at the rank of Sergeant. During his career he served as a certified hazardous devices technician (bomb technician) and hazardous materials technician and was directly responsible for rendering- safe improvised explosive devices. He also served as the lead detective on numerous large-scale investigations involving multiple federal agencies including the FBI, ATF, and the U.S. Attorney’s Office.

Joseph joined Allied Universal® Enhanced Protection Services following his law enforcement career and has played a key role in the development and operation of advanced screening programs. He was instrumental in the design and implementation of the Vehicle Screening Center supporting a major New York City landmark, overseeing operations, staffing, and coordination with federal, state, and local partners.

As Director of SmartTech® Screening, Joseph oversees the SmartTech® Emergency Operations Center and supports the global deployment and operational management of SmartTech® screening technology.

Learn More about Screener Support 
 

Security staffing solutions are no longer just about filling open positions. In 2026 and beyond, they are about building a resilient, reliable, and professional workforce that can adapt to evolving risks, regulatory expectations, and operational demands. Organizations need security teams that are not only present, but prepared, trained, and aligned with their culture and objectives.

A strong security program starts with the right people. That means having a recruiting and screening process that identifies qualified candidates, verifies credentials, and places individuals who are equipped to perform in high-trust environments. Effective security staffing solutions help organizations maintain consistency, reduce turnover, and create a foundation for long-term operational stability.
 

The Role of Background Screening in Security Staffing

Background screening is the backbone of any responsible security staffing solution. It helps organizations make informed hiring decisions and reduces risk before it ever reaches the workplace. In today’s environment, where trust and accountability matter more than ever, thorough screening helps protect both people and operations.

Strong background screening programs typically include:

• Criminal history checks
• Employment and education verification
• Identity validation
• Compliance with industry and regulatory standards

These steps help organizations confirm that candidates meet professional expectations and align with the responsibilities of security-sensitive roles.

When background screening is integrated into a broader security staffing strategy, it creates confidence in hiring decisions and supports a safer, more dependable workforce.

Building a Reliable Talent Pipeline

Security staffing solutions must also focus on sustainability. It is not enough to hire once. Organizations need a continuous pipeline of qualified professionals who can step into roles quickly and effectively as needs change.

A strong talent pipeline includes:

• Proactive recruiting strategies
• Ongoing candidate evaluation
• Structured onboarding programs
• Clear training and development pathways

This approach helps organizations stay agile while maintaining consistency in service quality and professionalism.
 

Training That Strengthens Security Operations

The best security staffing solutions combine hiring with ongoing education. Training reinforces standards, improves situational awareness, and supports confident decision making in real-world environments. It builds a positive security culture, helping reduce attrition by showing candidates that their growth and development matter.

Well-designed training programs support:

• Operational readiness
• Compliance requirements
• Professional confidence
• Long-term performance

When training and staffing work together, security teams become more reliable, capable, and aligned with organizational goals.
 

Why Integrated Security Staffing Solutions Create Long-Term Value
 

Security staffing solutions are most effective when they connect recruiting, screening, training, and workforce management into a single strategy. This integrated approach helps organizations:

• Reduce hiring risk
• Improve workforce consistency
• Strengthen compliance readiness
• Support operational continuity
• Build trust across teams and stakeholders

Instead of treating staffing as a transactional process, modern security programs view it as a strategic investment in people and performance.

The Future of Security Staffing

In 2026 and beyond, security staffing solutions will continue to evolve alongside technology, compliance standards, and organizational expectations. What will not change is the importance of trust, preparation, and accountability. Organizations that invest in structured, thoughtful staffing programs position themselves to operate with greater confidence and stability in an unpredictable world.

Security begins with people. The right security staffing solutions help organizations find them, prepare them, and support them every step of the way.
 

How Allied Can Help
 

Allied Universal helps organizations build security staffing programs that go beyond filling positions by focusing on preparation, consistency, and long-term performance. We help support recruiting, screening, and training processes that place qualified professionals in high-trust environments while reducing hiring risk and strengthening accountability. Through ongoing training and structured workforce development, we help protect people, operations, and reputation by supporting teams that are prepared, reliable, and aligned with each organization’s culture and security objectives. 

Contact Us

Q&A with Mick Pinneke, Vice President of Investigations & Threat Management Practice at Allied Universal® Enhanced Protection Services

Insider threats rarely begin as an obvious crisis. More often, they surface as a control failure, unusual behavior, missing information, a questionable vendor relationship, or activity outside the normal operating picture. By the time leadership recognizes the risk, the exposure is often broader than initially assumed.

That dynamic is what makes insider threat detection a critical component of modern security programs. Risk is no longer limited to physical theft or employee fraud. It now includes data misuse, sabotage, vendor collusion, intellectual property loss, and other issues that can quietly impact operations, reputation, and legal exposure over time.

Mick Pinneke, Vice President of Investigations & Threat Management Practice at Allied Universal® Enhanced Protection Services, explains how insider risk management works in practice and where organizations often underestimate the challenge.

What is typically happening inside an organization when leaders raise concerns about insider threats?

In most cases, they are already reacting to something. They may have identified unusual activity, a possible fraud issue, a data concern, or another signal that suggests internal risk. The key question is not whether something occurred — it is whether what they are seeing represents the full picture.

That is where the investigative process begins. The goal is not just to confirm an issue, but to define its scope, determine how far it extends, and understand the potential business and legal impact. What starts as a single data point often turns out to be part of a larger pattern once relationships, timelines, and third parties are examined.

What makes insider threat detection challenging?

The challenge is not just the threat itself — it is visibility.

Traditional cases such as theft, embezzlement, and fraud still exist, but many insider risks now develop in environments where activity is less visible and harder to interpret. Cyber misuse, access abuse, or data exfiltration may not present as a clear event, but as subtle deviations over time.

That creates a gap. Organizations may have strong controls, but not always the ability to connect signals across systems, functions, or timelines.

Speed is another factor. Once one pathway is restricted, a determined insider may shift tactics. Effective programs depend on continuous evaluation and the ability to recognize when isolated signals begin to form a pattern.

What does an effective investigations response look like?

It starts with disciplined fact development.

Before interviews or conclusions, investigators focus on what is known, how it is known, and where the gaps are. From there, the work centers on reconstructing the full picture — not just validating the initial concern.

That includes examining how the issue surfaced, identifying who may be connected, and determining whether external parties are involved. In practice, that often means moving beyond a single incident to evaluate broader activity across transactions, systems, and relationships.

A strong investigative file is not just thorough — it is actionable. Whether the outcome involves employment action, civil litigation, or referral to law enforcement, the findings must stand on their own and support the next step.

What should an insider threat program include before an incident happens?

It begins with alignment around what matters most.

Organizations need to understand which assets carry the greatest risk, where exposure exists, and how those risks could realistically materialize. From there, insider threat management becomes a cross-functional effort.
Security, legal, IT, and human resources each see different parts of the risk picture. Without coordination, critical signals can remain isolated. A formal threat management structure helps ensure those perspectives are brought together and evaluated consistently.

Just as important is regular reassessment. As organizations evolve — through new systems, vendors, or business lines — the risk environment changes with them.

What are the most important steps security leaders should take now to reduce insider risk?

Focus on the areas where insider cases are most often missed or misunderstood.

1. Define what triggers escalation. Many organizations collect indicators but lack a shared threshold for action. Without clear ownership and timelines, signals can remain unaddressed until the issue has expanded.
2. Pay close attention to transition points. Role changes, terminations, contractor offboarding, and disciplinary actions are often where access, motive, and opportunity converge. These moments require tighter oversight than routine operations.
3. Train managers to recognize and document patterns. Insider cases rarely hinge on a single event. They develop over time, and early context is often lost if it is not captured consistently.
4. Use every substantiated case to identify control gaps. The most valuable outcome of an investigation is not resolution — it is understanding what allowed the issue to occur and ensuring those conditions no longer exist.

The objective is to shorten the time between the first signal and the first informed decision — and to ensure each incident strengthens the organization’s ability to detect and respond to risk moving forward.

About the Expert

Mick Pinneke is Vice President of Investigations & Threat Management Practice at Allied Universal® Enhanced Protection Services, with over 30 years of experience in the Loss Prevention / Asset Protection / Investigations Industry.  Mick has extensive experience in Designing and Implementing Processes and utilizing Data Analytics to enhance revenue and reduce loss. He specializes in Theft and Fraud Identification/Resolution, Workplace Violence Readiness, and Response, and Audit Controls.

As the Vice President of the Global investigation and Threat Management Practice, Mick currently leads a team of highly experienced investigators, threat managers, threat analysts, and auditors.

Mick was formerly with The Home Depot, Inc. for 12 years, as an Asset Protection Corporate Executive in their Atlanta headquarters where he was responsible for leading enterprise-wide programs and initiatives to reduce loss, manage physical security resources, and enhance the safety of store associates, within the entire retail business channel, which included multiple investigative practices and audit functions.

Prior to The Home Depot, Mick spent 10 years with Walmart, Inc., where his final role was the Director of Loss Prevention & Risk Control for their Caribbean operations, based out of Puerto Rico.

Mick holds both an MBA and Bachelor of Business Administration degree.
 

Q&A with Chris Shelton, Vice President, Air Cargo at Allied Universal® Enhanced Protection Services

In enterprise business environments, a successful security program is not determined based solely on the number of solutions deployed, but by how well the overall program addresses real-world risks and vulnerabilities. In dynamic environments like cargo facilities, corporate campuses, and public venues, threats rarely present themselves at predictable checkpoints. Risks shift across space, time, and operational workflows. Organizations must design layered, flexible programs that adapt as conditions change.

Detection dogs continue to play a critical role in modern security programs because they introduce mobility and adaptability that fixed systems cannot replicate. When integrated into a robust program, canine teams expand screening capabilities, support faster resolution, and help maintain operational continuity.

Chris Shelton, Vice President, Air Cargo at Allied Universal® Enhanced Protection Services explains how canine teams fit into a modern, layered approach to security.

With so much focus on AI and advanced screening technology, why do detection dogs still matter?

Most organizational environments are dynamic. Technology is typically deployed at defined checkpoints, but risks are not always so predictable.

Canine teams are able to move across a facility and apply detection where it is needed in real time. This extends screening beyond fixed locations and allows organizations to identify potential risks earlier—before a person, vehicle, or package reaches a more sensitive area.

For security leaders, that shifts coverage design from fixed entry points to distributed detection aligned with operational flow.

What do canine teams add that technology often cannot?
 

Image

Adaptability under real-world conditions.

If the threat landscape shifts, canine teams can be retrained to address a new threat profile in a relatively short period of time—something not always feasible with fixed detection systems. This versatility becomes exponentially more powerful when considered alongside the canine’s mobility. Once trained on the new threat, they can be repositioned within the facility as vulnerabilities.

I would also note that their presence influences behavior, much more so than other security solutions. Hostile actors have become desensitized to camera systems, access control, and even security personnel. Yet they still hesitate around a canine, especially when they are not sure what type of work that canine is trained to conduct. In many environments, this deterrence factor contributes to risk reduction before an incident ever develops.
 

How do detection dogs and X-ray complement each other in practice?

Threats do not always appear where screening is concentrated. Incidents such as the Manchester Arena bombing reinforced the importance of extending detection beyond fixed checkpoints into the broader operating environment. Like most venues, the arena had screening in place during entrance, but none in place during egress; this vulnerability was exploited with devastating consequences and the entire industry realized they needed to adjust overnight. A mobile canine team can adjust to these requirements in real time as concerns evolve. It would be expensive and infeasible to achieve these same results with technology. 

Air cargo illustrates this well. Canine teams can screen cargo significantly faster than X-ray or explosive trace detection, helping move volume without creating bottlenecks. More than 350 Allied Universal teams are individually TSA certified for these environments, demonstrating how this model operates at scale.

The advantage is not just speed — it is how efficiently a program moves from detection to resolution without disrupting operations. A canine alert does not have to trigger a shutdown. Through our patented Advanced Alarm Resolution process, the item can be routed to X-ray, reviewed through our SmartTech® platform by certified bomb technicians, and resolved in about 90 seconds. The handler coordinates with client stakeholders according to established escalation protocols, enabling a consistent, defensible response.

This is how layered security systems function best: canine teams expand coverage and flexibility, while technology and remote expertise provide the depth needed to resolve uncertainty.

Supporting tools reinforce that process. Our K9-Comply® platform captures screening data in real time, reducing manual workload while maintaining compliance and audit readiness.

What kinds of threats are organizations asking canine teams to address today?

The scope has expanded. While explosives detection remains central, organizations are increasingly adding firearms detection and, in some environments, narcotics detection.

This reflects a broader shift in risk mitigation. Rather than focusing on a single threat, organizations are evaluating how multiple threats could impact operations, safety, and reputation — and seeking capabilities that can adapt accordingly.

Canine teams are effective in this environment because they detect trace amounts of odor, including residual odor that may remain even when an item is concealed, vacuum packed, or surrounded by distracting odors.

What should security leaders evaluate when considering a canine program?

Program discipline is critical.

This includes handler standards, training methodology, certification processes, and how performance is validated over time. Strong programs are defined not just by training, but by consistent performance under real-world operating conditions.

In regulated environments such as air cargo, this also includes alignment with federal requirements, third-party testing, and structured oversight to help ensure performance is both effective and compliant.

The most effective programs align canine teams, technology, and daily workflows. When those elements support each other, organizations can close gaps, respond with less disruption, and maintain consistency as conditions change.

The Bottom Line

Detection dogs are not an alternative to technology — they extend it.

Programs that integrate canine teams with X-ray, AI-supported workflows, and remote expertise gain flexibility and depth, allowing organizations to screen more effectively, respond more quickly, and maintain continuity.

For security leaders, the objective is not to choose between capabilities, but to design a system where each component strengthens the overall security posture.

About the Expert

Chris Shelton is a 17-year veteran with the Federal Air Marshal Service (FAMS), a United States federal law enforcement agency under the supervision of the Transportation Security Administration (TSA) of the United States Department of Homeland Security (DHS).  During his tenure with FAMS, Mr. Shelton served as the Supervisory Air Marshal in Charge of the TSA Canine Training Center. He supervised canine team training for the largest explosive detection canine program in DHS and was responsible for training, deploying and evaluating over 1,000 TSA and law enforcement-led canine teams for aviation, multimodal, maritime, mass transit and cargo environments. Mr. Shelton was instrumental in the development and implementation of the Certified Cargo Security Program – Canine (CCSP-K9), the TSA program regulating the use of third-party canine providers for explosive detection screening in regulated air cargo environments. With a long-time passion for security and explosive detection canines, Mr. Shelton began his career with a decade of service as a municipal law enforcement officer.
 

Visit our Canine Security page to learn more

Executive protection remains a core pillar of organizational safety strategy, especially in complex and evolving threat environments. But protection is not simply about assigning agents or establishing routines. Truly effective executive protection must be grounded in a risk-based approach, aligning security measures with the unique needs, goals, and risk profile of the individual or organization.
 

What Is Risk-Based Executive Protection?
 

At its core, risk-based executive protection is about understanding risk holistically and designing protective policies and procedures that directly support organizational and personal safety objectives. This approach goes beyond standard protection models by looking at threat likelihood, potential impact, and the broader context in which executives and high-profile personnel operate.

When protection strategies are built solely on assumptions or reactive measures, they can create a false sense of security and fail to address root causes of risk. In some cases, improperly applied protection can even escalate a situation or divert focus from the actual threat drivers.
 

Why a Risk-Based Approach Matters
 

A risk-based model helps ensure that executive protection:

●    Aligns with business goals by supporting organizational priorities and mission-critical functions

●    Identifies and assesses real risk based on likelihood, impact, and relevance

●    Allocates resources effectively through scalable and adaptable protection strategies

●    Addresses the human element through education, communication, and cultural integration

Balancing Protection With Broader Strategy
 

Executive protection can take many forms including physical detail, cybersecurity measures, and travel security. Each plays a role in mitigating different types of risk. The goal of a risk-based executive protection strategy is to balance these elements while supporting operational objectives rather than hindering them.

Security metrics also play a critical role. Tracking performance over time allows organizations to evaluate effectiveness and make informed improvements instead of relying solely on intuition or static checklists.
 

Building a Strong Protective Culture
 

A strong executive protection program recognizes that security does not exist in isolation. It must be embedded across the organization with clear roles, shared awareness, and collaboration across teams such as HR, operations, legal, and technology.

A security-aware culture reduces vulnerability by encouraging proactive awareness and reinforcing that protection is a shared responsibility.
 

Adaptive Protection for a Changing Risk Landscape
 

Threat environments evolve quickly, and static protection programs can lose relevance. Risk-based executive protection must be agile, regularly reviewed, and adjusted to reflect new intelligence, emerging threats, and organizational change.

This adaptability is what separates resilient protection programs from those that simply meet baseline expectations.
 

How Allied Universal Enhanced Protection Services Can Help
 

Allied Universal Enhanced Protection Services helps organizations design and implement executive protection programs rooted in risk-based analysis. By aligning people, intelligence, and strategy, we support protection programs that evolve with the threat landscape and the needs of today’s leaders.
 

Contact Us

By Ashley Heimerl, Senior Intelligence Analyst
Allied Universal® Enhanced Protection Services

Over the past several decades, violent extremists and hostile actors have adjusted tactics and tradecraft to evade detection and maximize the impact of incidents. In today’s evolving threat landscape, organizations must rethink their approach with proactive preparation in mind. The challenge is not only deciding whether security is needed; it is building a plan that still holds when attack methods shift.
 

The ‘How’ Keeps Expanding

The history of counterterror research illustrates how quickly the tactics and tradecraft of threat actors can evolve and spread. This type of copycat behavior is referred to as contagion or diffusion. Once a tactic is proven to be effective, low-cost, hard to stop, and highly visible, the unfortunate reality is that it tends to spread rapidly across ideologies, geographies, and targets. Groups that otherwise have nothing in common may adopt tactics that appear effective to achieve their own ends. For security leaders, this makes it vital to stay up-to-date on threat trends, quickly identifying and implementing preventive strategies that reduce specific areas of risk and exposure. Let us consider a few recent examples. 
 

Transit Attacks

The 1995 Tokyo subway sarin attack, leading to 13 deaths and 5,800 injuries, was a key flashpoint in the evolution of terrorist tactics. Japanese cult Aum Shinrikyō released the highly toxic nerve agent on multiple train lines converging in central Tokyo. Law enforcement was caught off-guard by these incidents, which demonstrated a civilian capacity to develop and deploy military-grade weapons along with the successful exploitation of crowded, soft-target environments. Threat actors across ideologies have since targeted commuter transit systems in attempts to inflict catastrophic damage. The Madrid train attacks in 2004 left 191 dead and 1,800 injured, and the London transit attacks in 2005 resulted in 52 casualties and 770 injuries. These tactics continue to challenge law enforcement and security systems in more recent years as shown in the 2016 Brussels airport and metro bombings, the 2017 St. Petersburg Metro attacks, and beyond. Security leaders have been working diligently to increase security efforts across transit systems to combat this ongoing threat. 
 

Complex Coordinated Attacks 
 

The 2008 Mumbai attacks have been studied as one of the first examples of a complex coordinated terrorist attack. Threat actors used a mix of firearms and explosives to conduct a series of coordinated attacks against soft targets throughout the city. They remained active, coordinated, and mobile, causing chaos and confusion for law enforcement and first responders. These tactics were later observed in the 2013 Nairobi Westgate Mall attacks which lasted four days, the 2015 Paris attacks, and other plots that have been successfully preempted. These shocking events indicate that smaller businesses and soft targets are just as vulnerable to exploitation as prominent, symbolic targets. Security at these sites cannot be overlooked. 
 

IoT & AI-Enabled Threats 

A newer example of evolving tactics involves new vulnerabilities via the Internet of Things (IoT) and Artificial Intelligence (AI). In a recent non-violent incident, a French software developer discovered a significant vulnerability while attempting to connect his vacuum to a PS5 remote using Claude Code AI. In doing so, he discovered he was able to remotely access 7,000 robot vacuums across 24 countries with the ability to control the devices remotely, view camera feeds, listen to onboard microphones, and generate floor plans of homes thousands of miles away. While he alerted the manufacturer to the security flaw and it has since been addressed, the incident highlights potential vulnerabilities malign actors could exploit, not just at home, but in public spaces as well. Experts believe hostile actors are already evaluating how to leverage AI technology to inflict catastrophic physical harm. The Department of Homeland Security has pointed to the use of AI for targeted radicalization efforts, surveillance, training, and even attack planning. 
 

Drone-Related Threats

Drones are being increasingly leveraged to cause damage. Thus far, this has mainly been limited to overseas warcraft, such as with the Ukrainian-Russian conflict, but the potential for contagion into civilian spaces is beginning to emerge. Drones can be used for delivery of weapons into secure areas, such as sports stadiums, reconnaissance and surveillance of potential targets, and other harmful purposes. In November, 2024, an individual in Tennessee was arrested and charged for attempting to use a drone laden with explosives to attack an energy facility. His goal was to shut down substantial portions of the power grid, impacting critical infrastructure, such as hospitals, without power. Security leaders must pay close attention to this emerging threat vector, and how their security programs can be modified to mitigate new vulnerabilities. 
 

The Takeaway

For business and organizational leaders, the takeaway is not to fixate on any single threat; it is to recognize the pattern and anticipate the evolution. Threat actors move quickly, and tactics can be copied, tweaked, and repeated in new places. The practical challenge for organizations is the diversity of threats. A security plan built around one scenario is likely to fall short. When considering the broad spectrum of concerns across the threat landscape, it becomes clear: preparedness works best when it focuses on behaviors and impacts rather than trying to predict a single type of event.
 

Where Intelligence Fits in the Plan

When discussing security measures, most people picture access control, cameras, personnel, and procedures. But intelligence is what helps those measures stay current, enabling a shift to a proactive security stance, rather than a reactive one. Intelligence empowers security leaders with answers to key questions such as:

• What is happening around us right now? Local events, protests, and crime patterns that can affect risk.
• What is being said online that could affect us? threatening social media posts or direct messages are red flags, but negative or even misinformation about an organization can also drive unwanted attention.
• What could impact our security posture? Holidays, religious occasions, or high-profile incidents can influence copycat behavior and timing.
   

This is not about predicting the future. It is about reducing blind spots so organizations can make informed, measured decisions at critical moments, tighten an entry policy, adjust staffing, update security protocols, or coordinate earlier with law enforcement when a threat appears credible.

Threat tactics will keep evolving—sometimes in predictable ways, sometimes not. Organizations do not need to forecast every event to improve preparedness. They benefit from a flexible plan, facilitated by timely intelligence, and grounded in practical operational practices. This holistic approach helps teams respond with clarity as the threat landscape continues to evolve.

About Ashley Heimerl: 

Ashley is a Senior Intelligence Analyst with Allied Universal® Enhanced Protection Services, where she supports executive protection operations through strategic intelligence analysis and threat monitoring. She has eight years of private-sector intelligence experience supporting clients across multiple industries. Ashley holds a Master of Arts in International Security with High Honors from the University of Arizona, where she focused her research on counterterrorism dynamics in Africa and the Middle East. Her work centers on analyzing complex threat environments, assessing emerging security trends, and providing strategic insights to support informed decision making. Ashley brings a deep understanding of geopolitical drivers, extremist networks, and regional instability, leveraging her expertise to support mission critical intelligence and security initiatives.
 

Workplace violence is a serious concern for organizations across every industry. Beyond immediate safety risks, incidents can disrupt operations, impact morale, and create long-term reputational challenges. A proactive workplace violence prevention strategy helps organizations reduce risk while fostering a culture of safety, awareness, and accountability.

Effective prevention requires more than reacting to incidents. It involves understanding risk factors, recognizing early warning signs, strengthening communication, and preparing teams with clear response protocols.
 

Why Workplace Violence Prevention Matters

Workplace violence prevention is not just a compliance requirement. It is a business priority that supports employee well-being, operational continuity, and stakeholder confidence. Organizations that invest in prevention often experience stronger reporting cultures, faster response times, and greater overall resilience.

Incidents rarely occur without warning. In many cases, behavioral indicators, communication breakdowns, or unresolved conflicts provide opportunities for early intervention.
 

Understanding Workplace Violence Risk

To build a strong workplace violence prevention program, organizations must first understand the different forms risk can take and where vulnerabilities may exist. Risk does not look the same in every environment, which is why awareness is critical.
 

What Is Workplace Violence?

Workplace violence can range from subtle threats to serious physical harm. It may involve employees, customers, contractors, or visitors. While the severity varies, even minor incidents can signal deeper organizational risk.

Workplace violence may include:

• Verbal threats or intimidation
• Harassment or aggressive behavior
• Physical altercations or assaults
• Escalating interpersonal conflicts

Recognizing the broad scope of workplace violence helps organizations avoid underestimating potential warning signs.
 

Common Misconceptions About Workplace Violence

One common misconception is that workplace violence only affects certain industries such as healthcare or retail. In reality, risk exists anywhere people interact under stress, deadlines, or high expectations. Prevention should be considered across all business environments, not just those traditionally viewed as high risk.
 

Recognizing Early Warning Signs

A strong workplace violence prevention strategy includes educating teams on how to identify behaviors that may indicate elevated risk. These indicators do not automatically predict violence, but they provide opportunities for support and early intervention.

Behavioral and Emotional Indicators

Changes in behavior are often among the first visible signals. 

These may include:

• Sudden personality shifts
• Increased hostility or agitation
• Emotional distress or visible frustration
• Withdrawal from colleagues or leadership

When organizations encourage employees to report concerns early, these signals can be addressed constructively.
 

Workplace and Environmental Indicators

Risk can also surface through patterns in performance or workplace dynamics. 

Organizations should monitor for:

• Escalating interpersonal conflicts
• Frequent complaints involving the same individuals
• Increased absenteeism tied to unresolved tension
• Lack of clear reporting or communication channels

Addressing these issues early strengthens overall workplace violence prevention efforts.
 

Building a Workplace Violence Prevention Strategy

Prevention requires a structured, organization-wide approach. Policies alone are not enough. Successful programs integrate communication, leadership alignment, training, and response planning.
 

Develop Clear Policies and Expectations

Workplace violence prevention should begin with clearly documented policies that define unacceptable behaviors and outline reporting procedures. These policies should be easily accessible and reinforced regularly.

Strong policies typically:

• Define prohibited conduct
• Explain how to report concerns
• Clarify investigation procedures
• Outline accountability measures

Clarity reduces uncertainty and helps employees understand expectations.
 

Provide Ongoing Training for Employees and Leaders

Training plays a critical role in prevention. When employees know how to recognize warning signs and respond appropriately, organizations reduce the likelihood of escalation.

Effective training programs cover:

• Identifying behavioral indicators
• De-escalation techniques
• Reporting processes
• Emergency response procedures

Regular reinforcement helps keep prevention top of mind.
 

Establish Safe and Accessible Reporting Channels

Workplace violence prevention depends on employees feeling safe when raising concerns. Organizations should provide multiple reporting options and reinforce non-retaliation policies.

This may include:

• Anonymous reporting systems
• Dedicated HR or security contacts
• Clear escalation pathways
• Follow-up communication protocols

A transparent reporting culture increases early detection and reduces risk.
 

Strengthening Response Preparedness

Even the strongest prevention programs must include response planning. Preparation supports teams in acting quickly and confidently if a situation arises.

Organizations should develop documented response plans that outline:

• Lockdown or evacuation procedures
• Emergency communication methods
• Coordination with external responders
• Post-incident review processes

Conducting drills and tabletop exercises helps reinforce readiness and reduce confusion during real incidents.

How Technology Supports Workplace Violence Prevention

Technology can enhance both prevention and response when used strategically. While tools alone do not eliminate risk, they provide valuable visibility and coordination.

Organizations may leverage:

• Video monitoring systems to increase situational awareness
• Access control systems to restrict unauthorized entry
• Mass notification tools for rapid communication
• Incident tracking platforms for documentation and review

When integrated effectively, these systems strengthen workplace violence prevention efforts by improving visibility and coordination.

Leadership’s Role in Workplace Violence Prevention

Leadership commitment is one of the most important drivers of prevention success. Employees are more likely to report concerns and follow protocols when leaders consistently reinforce safety as a priority.

Leaders should:

• Model respectful behavior
• Communicate expectations clearly
• Encourage open dialogue
• Support proactive intervention

When prevention becomes part of organizational culture, risk mitigation becomes more sustainable.

Continuous Improvement in Workplace Violence Prevention

Workplace violence prevention is not a one-time initiative. It requires ongoing evaluation and refinement.

Organizations should regularly:

• Review incident data
• Update training programs
• Assess policy effectiveness
• Gather employee feedback

Continuous improvement helps organizations adapt to evolving risks and maintain strong prevention practices.
 

Conclusion: Taking a Proactive Approach to Workplace Violence Prevention

Workplace violence prevention requires awareness, preparation, and leadership commitment. By recognizing early warning signs, strengthening communication, establishing clear policies, and preparing teams with response protocols, organizations can reduce risk and build safer work environments.
A thoughtful, comprehensive approach keeps prevention an active, integrated part of daily operations — not just a reaction to incidents.

 

Contact Us

In a high-volume airport cargo environment, the work moves in a steady rhythm. Packages come in, get sorted, and head back out. In the middle of it all is Ricsi, a German-Shepherd Malinois mix trained in explosive detection, and his handler, Jacob Wichman.

Image

A K9 team working as part of Allied Universal® Enhanced Protection Services, their role is simple to describe and hard to do well: stay ready, stay consistent, and help support a safe cargo operation every day. Together, they are locked in on the job, working as a team to help keep packages secure before they move on to their next destination. 

Ricsi uses his nose to screen freight and packages for specific odors that may indicate a threat. Jacob, a former U.S. Army artilleryman and Transportation Security Administration (TSA) officer, guides Ricsi through search patterns, keeps him under tight control in a fast-moving work area, and watches for small changes in his body language that can signal a credible alert. If Ricsi flags an item, Jacob follows site-specific protocols so the right people can take a closer look, resolving the alarm or confirming the presence of a threat.

What sets Ricsi apart is his ability to shift seamlessly between high energy and focused precision—slowing down, working methodically, and staying locked in even as activity increases around him.
Jacob describes Ricsi as a “wild man” full of energy, but he also knows how to keep his focus on the task at hand. “When he’s finding what he needs to find, he slows down and becomes very methodical,” Jacob says.

Every detection dog has a drive that keeps them searching. For Ricsi, Jacob says the biggest reward is the work itself. That attitude shows up the moment they arrive on the job. Jacob starts each shift at 4 p.m. the same way, giving Ricsi time to settle in and get focused. As the night moves along and the operation picks up, Ricsi shifts into high gear, getting excited because he knows he has a task to complete, Jacob says.
 

Training That Keeps Ricsi Sharp  

Discipline, consistency, and strong procedures have been the cornerstones of Jacob’s career path from the military to the security field, and he intends to impart those principles on Ricsi as well. Ricsi’s performance on duty is tied to training outside the active work.

Image

“Training is daily,” Jacob says. “We follow company standards, and I always meet or exceed the minimum requirements.”

But effective training doesn’t have to be monotonous. In fact, it’s better for Ricsi if the training style varies. Jacob changes Ricsi’s routines to keep him vigilant and reliant on his nose. “I constantly move training aids and vary their placement—different heights, depths, and environments—so Ricsi never gets complacent,” Jacob says. “Dogs are smart. If you do the same thing repeatedly, they stop using their nose and start patterning.”

Jacob also works with Ricsi at home on search types and scenarios they don’t always see during a normal shift. “At home, we work on open-area searches, vehicle searches, and scenarios we don’t typically encounter at work,” Jacob says. “It’s all about repetition, consistency, and keeping him honest.”

Trust Built Over Time

Image

A strong bond between handler and canine takes time to develop. Jacob says the connection with Ricsi grew as they trained, traveled, and worked side by side. There was no single moment that cemented their relationship, Jacob says.

“But about six months into the job, I felt very confident and connected with him,” he adds.

Ricsi also makes it clear he likes being close to his person. “If I’m more than five feet away from him, he lets me know,” Jacob says.

That closeness carries into their professional relationship, too. “We travel together frequently for training. He’ll climb up and lean into me like he’s giving me a hug. He’s my buddy. I spend more time with him than anyone else.”

Off Duty, Ricsi Is a Different Dog

Image

But when he’s off duty, Jacob says he is calm and content at home. “He’s a completely different dog,” Jacob says. “At home, he’s a big couch potato. He’ll sit at my feet, hang out on the couch, or just relax until I open the door to go outside.”
Jacob says Ricsi loves being outdoors, and he’s the kind of dog who wins people over quickly. “Everyone who meets him loves him,” Jacob says. “He’s friendly, loving, and a big goofball.”

Why Their Work Matters 

Jacob says this role feels different because he gets to do meaningful work with a partner he trusts. He adds that this job has tapped into his true passion in life.
“The work matters, and I get to do it with my best friend,” Jacob says.

Ricsi brings drive, focus, and heart to every shift. Jacob brings steady training, patience, and pride in the work. Together, they are the kind of team you want in a place where details matter and consistency is key.