The Person Who Is Paying Attention

In my career, I learned that every security plan eventually has to survive contact with reality.

On paper, everything can look squared away. The venue has been advanced. The floor plan has been studied. The access points have been identified. The magnetometers are in place. The assignments are made. The evacuation routes are rehearsed. Everybody has a post, a radio, a responsibility, and a plan.

Then somebody walks through a door they should not be able to walk through.

That is when the plan stops being theoretical.

When I watched the video from the White House Correspondents Dinner incident, that was the first thing that stood out to me. Before the attack unfolded, the subject entered a stairwell. A K-9 handler followed him to that doorway, but did not go in after him. Moments later, the subject came back out at a full run.

What he ran through was the magnetometer area, which was in the process of being disassembled. That matters. Transitions are dangerous. The beginning of an event is dangerous. The end of an event is dangerous. Any time people start to shift from full security posture into teardown, movement, or reset mode, attention can begin to drift.

According to what was later determined, this subject had a Mossberg 12-gauge shotgun with an extended tube magazine. If fully loaded, that could mean seven rounds in the tube and one in the chamber. He also had a pistol and three knives.

A uniformed Secret Service officer was shot in his vest. The attacker got past multiple visible law enforcement personnel. He made it through a checkpoint area. He continued moving until he was taken into custody approximately 45 yards later. He was stopped near the top of a stairwell that led toward the ballroom entrance.

That is not good.

In protective work, you cannot grade the event only by the fact that the protectee survived. That is the main goal, of course. But after the fact, you have to look honestly at every layer that did not hold.

Did the outer perimeter work?

Did the access control work?

Did the personnel posted in that area recognize the threat soon enough?

Did anyone challenge the subject when he entered the stairwell?

Why was the magnetometer area being broken down while this vulnerability still existed?

What was the plan for that door?

Who owned that space?

These are not Monday morning quarterback questions. These are the questions you have to ask if you want the next plan to be better than the last one.

One of the biggest things I think would help, if it is not already being done, is the use of a dedicated red cell before major protective events.

A red cell is a small group of experienced people whose job is to look at the final approved security plan and try to defeat it.

Not admire it.

Not rubber stamp it.

Defeat it.

I would want that group to include people from the counter assault team, the shift, post standards, and the technology side. Give them the venue. Give them the plan. Give them the access points, the schedule, the protectee movement, the outer perimeter, the inner perimeter, and the contingency routes.

Then ask them:

How would you attack this?

How would you pierce the outer perimeter?

How would you get close enough to the principal?

Where does this plan assume compliance?

Where does it depend on one person making the perfect decision at the perfect time?

Where does the plan get thin?

If the red cell comes back and says, “We tried to defeat it, but the plan already accounts for these possibilities,” then bravo. That is what you want.

But if they come back and say, “Here are three serious gaps,” then you fix those gaps before the event, not after the video is on the internet.

That is the whole point.

The attacker does not care about your plan. He does not care how many people approved it. He does not care how many meetings were held. He is looking for the weak point. The unlocked door. The distracted post. The soft transition. The moment where everyone assumes someone else has it.

That is why complacency is so dangerous.

When I was a new cop and later as an ATF agent, one of the deadly sins drilled into us was simple: complacency kills. It does not matter if you are standing alone or surrounded by 30 people. A motivated attacker can do a lot of damage very quickly, especially if he is not afraid to die.

That appears to be what we had here. Based on the information discussed publicly, this was a subject who expected to die and intended to attack the president and as many administration officials as he could.

That changes the equation.

A person who is not afraid to die is not thinking like a rational trespasser. He is not looking for the clean exit. He is not worried about the consequences. He is trying to close distance and create damage before he is stopped.

Your security plan has to account for that kind of mindset.

One thing that stood out in the video was that there appeared to be one person who was truly locked in on the attacker before the worst of the incident unfolded. That uniformed officer drew his weapon, engaged the threat, and took a round in his vest.

There is always that last Mohican.

The one guy paying attention.

That officer had a bad day. There is no way around that. If somebody puts a round on you, even if the vest stops it, that is a bad day. But he also may have prevented a much worse day.

That is the reality of this work. Sometimes the system works because every layer holds. Sometimes the system works because one person refuses to drift with the room.

You do not want to depend on that second version.

You want systems that make it hard for the attacker to get close in the first place. You want doors challenged. You want stairwells owned. You want perimeters that do not quietly dissolve during teardown. You want personnel who understand that the end of the event is not the end of the threat.

And you want a culture where people are allowed to attack the plan before the attacker does.

That lesson applies far beyond the Secret Service.

Schools need this.

Corporate security teams need this.

Event planners need this.

Executives need this.

Crisis communications teams need this.

Any organization responsible for people, reputation, operations, or continuity needs to understand the difference between having a plan and having a plan that has been tested.

A school may have a binder.

A company may have a crisis deck.

A venue may have a security vendor.

A leadership team may have a chain of command.

That is not the same as preparedness.

Preparedness is when you have already asked the uncomfortable questions. It is when you have rehearsed the movement. It is when you have identified the weak points. It is when people know what to do when door number one is no good, when the hallway is blocked, when the radio traffic is bad, when the first assumption fails.

In a crisis, you do not want to be formulating the plan.

You want to be executing a plan you already built, tested, and corrected.

That is why the red cell mindset matters so much. It is humility turned into process. It says, “We may be good, but we are not above being tested.” It gives professionals permission to find the flaw before the flaw becomes the story.

Nobody likes being told their plan has holes.

But I would rather hear it in a conference room than see it on video after someone gets hurt.

That is the job.

The public will usually only see the dramatic part: the evacuation, the weapons, the agents moving, the protectee being rushed away. But the real work is quieter than that. It is the planning. The rehearsal. The post assignments. The contingency routes. The person who asks why a door is accessible. The person who says the checkpoint should not come down yet. The person who notices that attention is drifting.

The person who is still paying attention.

Because sometimes that is the distance between a close call and a catastrophe.