One of the most rapidly evolving trends in security risk management is quietly unfolding at the intersection of threat assessment and open-source threat monitoring.

Open-Source Threat Monitoring is Opening Up New Ways to Intervene Before an Attack Occurs

I call it a “quiet revolution” because so few experts in this country understand the principles and tenets of behavioral threat assessment.  And I would be surprised if those that do are able to keep up with the tremendous leaps and gains that are (1) transforming open-source and social media monitoring every day, (2) helping to identify individuals on a path to violence and (3) enabling rapid, preventive and successful intervention. If you are a Chief Security Officer and lead a department such as IT, HR, compliance, and risk management, here are three tips – based on analytical methods and intervention strategies – that you should know about.  I’ll share three more next week.

Tip #1: Know What to Look For. Now Look Online.

  • Traditional Threat Assessment Tenet: People generally don’t just snap prior to committing targeted violence.  Targeted violence is often preceded by an attack pathway that involves planning.
  • Implications for Open-Source Threat Monitoring: Pre-attack planning is often observable and possibly detectable if you know what to look for and much of that planning likely takes place online.  Would-be attackers who use the Internet to research, communicate to others or plan an attack often unwittingly leave an electronic evidence trail that points directly to them.  Online search must target the deepest segments of the World Wide Web.  Driving this search isn’t just a matter of selecting the right key words and search terms.  It’s also a matter of understanding behaviors and how these typically manifest themselves in an online environment.

Tip #2: Use Open-Source Threat Monitoring to Identify Threats Made – But Not Received

  • Traditional Threat Assessment Tenet: Most attackers do not make direct threats to the target.  
  • Implications for Open-Source Threat Monitoring: Though the threats may not be received by the targets, the threats or other ominous warnings that reveal the subject’s intent may be posted to different websites.

Tip #3: Pay Attention to What a Subject’s Friends and Associates Are Posting

  • Traditional Threat Assessment Tenet: Those who attack innocent victims in mass violence scenarios often communicate their intentions to others, including friends, family, co-workers and, increasingly, to a web audience via Internet postings.
  • Implications for Open-Source Threat Monitoring: Individuals with extremist and violent views often turn to the web to find the camaraderie and support only those peers with the same views can provide.  In the online environment, this communication of attack-related behavior, in some cases, takes the form of a posting on a social media platform.

Does this make sense to you? Do you have insights on this you’d like to share? Or questions?  Post a comment and I’ll respond. Or email me directly at

When tweets turn to threats: learn more about the risks.
Download the executive briefing