Integrating Protective Intelligence in Executive Protection: It's Time to Sharpen the Saw

Sign up to receive our blog posts in your inbox.



In this blog, we will be discussing some other aspects of the broader concept of protective intelligence in executive protection.

First, we want to reach across the gap that exists between the intelligence community and the executive protection community and point out that although what we do and how we use intelligence are different, there are also important similarities. We can and should get better at learning from each other as we continue to improve the practice of protective intelligence.

Second, we think it is time to sharpen the saw. In this blog, we make the case that everyone working in executive protection, from the newest person on a residential team to seasoned traveling EP agents and team leaders, needs intelligence as a tool in our day-to-day protective jobs. As EP practitioners, EP companies, and as an industry, we all need to get even better at protective intelligence as part of ever-improving executive protection programs.

We don’t expect EP agents to turn into intelligence analysts, but we do want to learn from them.

Most intelligence analysis practices are guided by time-tested methodologies that have proven their worth at the macro level of government intelligence programs, not the micro level of an executive protection detail. As we’ll see, however, while scope and scale obviously depend on whether you’re using intelligence to improve the security of an entire nation or that of a single principal, the basic approach and methodologies are essentially the same – even though how these are practically applied can be very different.

All the phases of the classic intelligence cycle, from gathering to analyzing and reporting intelligence, are every bit as important to our work in executive protection details as they are to our national defense. How intelligence and EP practitioners run through this cycle, however, is determined by different conditions and desired outcomes and will, therefore, be different.

The intelligence cycle and executive protection

While there are multiple takes on the discrete steps of the intelligence cycle – as well as the words used to describe them (see, for example, how the U.S. government and Wikipedia lay them out for just two) – most models break the intelligence cycle into four stages, with some adding “processing” between “collection” and “analysis” in the model below for a five-stage model.

stages of the intelligence cycle

Let’s take a quick look at these stages of the intelligence cycle to see how they apply to executive protection.


Also referred to as “the planning stage”, the intelligence cycle begins with the end in mind. The “intent” phase of the intelligence program entails briefings on the types of intelligence that decision-makers need in order to meet their goals. It is their needs for intelligence (what kinds of information are relevant, what issues should it address, etc.) that define the starting point of the intelligence analysis program – and all of its planned outcomes.

Resources in private sector executive protection are limited compared to those dedicated to heads of state or national intelligence analysis efforts. We have to prioritize carefully what we allocate time, money, and attention to – and what we choose not to focus on. To do this, three key criteria distinguish the intent and desired outcomes of protective intelligence compared to intelligence analysis programs driven by large governmental agencies:

1. Risk-based: Mitigating risk to our principals is the key intent of intelligence in executive protection. Although it might be interesting to learn about the long-term effects of macroeconomic and geopolitical trends, for example, our main goal is always the safety of our principal. Even when we enhance the scope of our goals to include the principal’s productivity and satisfaction with the executive protection program, thus expanding the intent of protective intelligence in ways that are highly relevant to success in the executive protection industry, risk-based intelligence that proactively keeps us better informed about threats and vulnerabilities relevant to our mission of protecting the principal is primary.

2. Proximal: Protective intelligence, in our view, should be more concerned with what’s nearby than what’s far away. In the context of protective intelligence, this bias towards immediate proximity has three dimensions:

  • Geographical or spatial proximity: The closer the object of intelligence is to our principal, the more it matters. If we’re protecting a principal while he or she is delivering a speech at a hotel in Cairo’s central business district, for example, we’re very interested in intelligence that could affect security there, around there, or on our way to or from there from the airport.
  • Temporal proximity: Protective intelligence is much more interested in something that is happening now, is about to happen, or just happened than it is in events occurring in the far future or distant past. Reading up on history and future trends is great, but not something that gets any bandwidth while we’re on the clock.


  • Relational proximity: For our purposes, intelligence on a stalker with a history of close encounters with our principal is much more relevant than that on a person of interest (POI) with none. Similarly, intel on a POI who displays a pattern of repeated attempts to get in touch with the principal will get more attention than a first-timer – everything else being equal.

3. Actionable: Finally, we believe that the value of protective intelligence is directly proportional to its actionability. Intelligence that can be acted on here and now is much more valuable than a lot of information that requires further processing and analysis. As we will see below, the protective intelligence cycle is typically much shorter than the traditional intelligence cycle; when we define the intent of protective intelligence processes, the importance of quickly arriving at actionable insights must be built in from the start.


Collection, or “data gathering”, refers to all the raw information that we bring in from a variety of sources via a range of different methods. In government circles, analysts refer to six ways to collect data:

1. Human-Source Intelligence: Intel we get from other people. As executive protection practitioners, we use human-source intelligence in many ways, big and small, every day.

2. Open-Source Intelligence: Intel we get from sources open to all, whether free or proprietary. In executive protection, we often use open-source intelligence as part of advances and other preparations for trips.

3. Signals Intelligence: Intel derived from intercepting signals between people, machines or both. Although we don’t do any of the cloak and dagger eavesdropping of some of our counterparts in the intelligence community, we do use TSCM to preempt others from intercepting our principal’s communications.

4. Imagery Intelligence: Intel based on photos and other images. This is not a big source for us, although facial recognition technology is making new inroads in many EP-relevant contexts, including spotting POIs as part of event security.

5. Geospatial Intelligence: Intel that draws on satellite images and geolocation technology. While the use of geospatial intelligence is not widespread in EP, we do use geolocation every day with apps, that we use for advance planning, detail implementation, and reporting.

6. Measurement and Signature Intelligence: Intel that relies on technical information (from radars, sensors, etc.) to reveal target characteristics – and nothing we use in executive protection.

For us in executive protection, although all of the above-mentioned might be relevant, some of these sources are more important than others – especially human and open-source intelligence.

Whether carrying out advance work, a crucial opportunity for intelligence gathering in protective intelligence, or in the middle of a multi-day traveling detail, the reasons for this policy are not about denying hard-working agents a little quiet time; they’re about ensuring an ongoing focus on the importance of gathering intelligence from other people in quantities large and small.

EP agents aren’t likely to learn anything new chewing on a burger while locked in their rooms. When they are down in the lobby café, however, equipped with a healthy appetite for information as well as for food, they dramatically improve their chances of picking up useful intel when chewing the fat with others. Similarly, if residential agents are properly briefed and trained, even simple, everyday interactions with folks in the neighborhood can hold significant intel value. Talking to neighbors can provide a better understanding of local issues, sentiments, and potential risks to the principal. Unassuming chats with dog walkers, estate staff, and delivery drivers can all deliver their own golden intel nuggets.


This is where gathered information gets processed into raw intelligence and then further processed into actionable intelligence. In the right hands (and minds), this is the stage where unfiltered data is transformed into refined understanding.

This could be as simple as translating something heard in Spanish to something English speakers can comprehend – or vice versa. It could involve sorting and prioritizing disparate bits of information into recognizable patterns that tell their own story – or contribute to an emerging narrative. As an example, consider a CIA Paramilitary Operations Officer (PMOO) whose primary role is to collect intelligence in the field to support paramilitary operations. The PMOO uses his or her training and experience to collect raw information by observing, talking to people, and researching. This intelligence can then lead to more informed decisions and, ultimately, mission success.

It’s important to note here that within typical executive protection teams, analyzing intelligence happens in a variety of ways that contrast with the intelligence community’s more formalized and hierarchical systems.

In the case where a single agent is protecting a traveling principal, for example, most of the intelligence cycle will probably take place within one agent’s head. He or she will often be the only one to process and analyze what has been learned from human or open sources – and then act based on it.

In more complex corporate protection or residential security projects, things are different. Here, briefing and training all involved agents to collect intel via interactions with neighbors, corporate stakeholders, and others, and then report it, can significantly boost the protective team’s collective intelligence capabilities and resultant protective readiness.


The reporting, or dissemination phase, is when the analyzed intelligence gets passed on to others – including the decision makers who were responsible for defining the intent of the intelligence operation and initiating it. After consuming these reports, decision makers may discover that they need more information on certain issues, and then give the wheel of the intelligence cycle another spin.

In the government sector, this dissemination typically takes place in formal reports, the basic currency of intelligence analysis. These reports can be part of long-term research projects or sound the alarm on emergency developments.

The ideal output of the protective intelligence cycle is not reporting that other decision-makers will read, and for executive protection practitioners, the reporting process is often much less formalized. This does not mean that reporting intelligence is not important, however. Reporting includes properly completed and shared advance reports; it can be as simple as an agent passing on some observations or including intelligence in hand-off reports at the end of a shift, or it might entail more formal documents.

Also, important here is that agents know what to pass on to whom. Managing the information flow so that decision-makers are aware of emerging facts, but not necessarily the recipients of every last detail of every conversation, is vital to EP operations. It’s critical to note, in this context, that an agent might not know which bits of information could be important to whom. A residential agent working the graveyard shift won’t have the overview of a team lead, but he or she might be in possession of a vital puzzle piece that can have consequences when fitted with others.

The executive protection industry needs to up its protective intelligence game.

We are 100% convinced that most executive protection teams are already practicing protective intelligence at some level or another. As our industry grows and professionalizes, however, and clients continue to demand ever-better service, we can’t just rely on intuitions and informal processes. What one person might do instinctively and with great success will not necessarily be repeated by the entire team.

What we need to do is to operationalize the intelligence analysis mindset. How do we plan, manage, train for, follow up on, and innovate the intelligence side of what we do? We’re open to suggestions as we explore this theme in future blogs.