In this episode, we deep-dive into the dynamic theme of Integrated Training and how this innovative approach is revolutionizing the way security professionals operate. Discover why mastering both the digital battleground and the physical frontline is no longer a luxury, but a critical necessity.
Phelim and Shaun are pleased to welcome Lee McWhorter, CTO and Director of Cybersecurity at Covered Six, and Kevin Lewis, Director of Training also at Covered Six as we take a journey through the cutting-edge intersection of cyber and physical security.
Tune in to learn why Integrated Training isn’t just an option, but an absolute game-changer for anyone in the security field. In this epsiode we discuss:
Our Guests:
More about the Circuit:
The Circuit Magazine is written and produced by volunteers, most of who are operationally active, working full time in the security industry. The magazine is a product of their combined passion and desire to give something back to the industry. By subscribing to the magazine you are helping to keep it going into the future. Find out more >
If you liked this podcast, we have an accompanying weekly newsletter called 'On the Circuit' where we take a deeper dive into the wider industry. Opt in here >
The Circuit team is:
Connect with Us:
It's one of the problems with the training in the United States,
2
:is it focuses on what I call the big
sexy driving, shooting, fighting,
3
:you know, all that kind of stuff.
4
:Welcome to the Circuit Magazine, the
number one source of information on
5
:protection matters, the industry leading
magazine for all security professionals
6
:who want to stay ahead of the game.
7
:Phelim: Integrated EP training.
8
:Today, Shaun West and myself are
delighted to be speaking with
9
:Lee McWhorter and Kevin Lewis.
10
:from Covered six out of
California and Texas.
11
:Great to be talking about this topic,
but also great because Kevin has an
12
:EP background, a physical security
background, a martial arts background,
13
:and Lee has a quote unquote cyber,
but actually OSINT background.
14
:Shaun, why is this an increasingly
important topic in terms of, you
15
:know, the way EP trains today?
16
:Shaun West: Thank you, traditional EPO.
17
:Who completes their course, they get
the bare bones skills to go on and do
18
:the job, get their license and operate.
19
:But that can't be the
end of your learning.
20
:You have to add more
tools to your toolbox.
21
:And I think some of the things
you mentioned there are key.
22
:I think OSINT is definitely
becoming more prevalent.
23
:in the game at the moment because it
allows you to carry out your own due
24
:diligence on your principles yourself,
see what's out there on yourself.
25
:And also when you're prepping
for other tasks or visiting other
26
:venues, there's lots of tools out
there that can aid you in that due
27
:diligence and advance of that event or
28
:Phelim: location.
29
:And that's really key, isn't it?
30
:Because I think maybe five, ten years
ago, when people thought cyber skills,
31
:IT skills, they thought, oh no, I have
to learn how to code, and oh no, maybe
32
:I need to spend time in a, in a SOC,
and, and work my way up as an analyst.
33
:But actually, no, that's
not really what it's about.
34
:It's about maintaining your EP discipline,
but knowing how to find information out.
35
:Now, of course, there are limits.
36
:Maybe you don't want to
go onto the dark web.
37
:Um, and we would not recommend that,
uh, for our listeners, but there's
38
:certainly a lot of OSINT, um, courses
out there, and, and, and maybe just, um,
39
:having a little bit of cyber training
alongside enables you to know who and
40
:why to call, or, or maybe what to harden.
41
:I think they like to call it SAS
hardening, software as a service
42
:hardening, which, you know, it could, it
could be as simple as the, the, the Zoom
43
:platform, um, Did you make sure that your,
your attendees in, in a webinar could
44
:not do absolutely anything they wanted?
45
:Um, I mean, that's, that's security too.
46
:Um, I, I think it doesn't have to be
this, uh, rather ominous, uh, coding,
47
:uh, bootcamp type skills, does it, Shaun?
48
:No, not
49
:Lee McWhorter: at
50
:Shaun West: all.
51
:I think since I've started my
career, I like to do a lot of courses
52
:that sort of broaden my knowledge
in a lot of different areas.
53
:Whilst it gives me the knowledge,
I also like to have a good contact
54
:book of specialists also because
things that become out of your remit
55
:or knowledge, it's always better to
get a professional in to do that job.
56
:But yeah, there's, I mean, there's
lots of information you can do
57
:and tools you can add to yourself.
58
:without becoming an expert where you
can still add a huge amount of value.
59
:Phelim: Perfect.
60
:Well, well, well, that's perhaps
where we need to dig into it.
61
:And that's why it's great to have
someone that is a bona fide physical
62
:security expert and a quote unquote
cyber security expert here today.
63
:Um, so, so let's get into it.
64
:Um, let's look at the, uh,
integrated training of the
65
:future, uh, for the protector.
66
:And, uh, yeah, I'm, I'm really,
really looking forward to
67
:hearing from Lee and Kevin.
68
:Kevin Lewis: And now let's meet one of
the contributors to the Circuit Magazine.
69
:Phelim: Integrated Training
for Tomorrow's Protector.
70
:I'm delighted to be speaking with Lee
McWhorter, CTO, Director of Cybersecurity
71
:at Covered Six, and Kevin Lewis,
Director of Training also at Covered Six.
72
:Loved to have you both on.
73
:How are you doing?
74
:Doing
75
:Kevin Lewis: good.
76
:Thanks for having us.
77
:Yeah, thank you so much for having us.
78
:We're happy to be here.
79
:Phelim: And I'm really happy because
Both of you represent two sides of
80
:the security environment that come
together for integrated training.
81
:So often on the podcast, we do touch
on topics that are maybe cyber heavy or
82
:maybe physical heavy, but coming together
in an integrated training, I think,
83
:is what people have been asking for.
84
:They said, yes, but what about me?
85
:Right?
86
:Me, the protector, I the
protector, how can I benefit?
87
:So, with our three quickfire
questions, let's get into it.
88
:What is the problem we're trying
to solve with a training such as
89
:Lee McWhorter: yours?
90
:Well, I think we're trying to solve, you
know, at least from my perspective, we
91
:teach cameras and access controls and
lock the darn server room door and man
92
:traps and piggybacking and all that.
93
:And I know Kevin's side of the house
teaches a lot of tech and information
94
:that will, you know, helps there.
95
:Um, physical and EP protectors
have a balanced approach from the
96
:other side of the house as well.
97
:Kevin Lewis: Sure, Kevin can add.
98
:Yeah, it's definitely, um, we're just
trying to make sure that we mitigate all
99
:the risks and the current threat scape.
100
:And as you know, the threat scape
is evolving very quickly right now.
101
:So we're, we constantly have to up our
game in order to deal with all those
102
:various threats that are coming from the
cyber side or, you know, the deep fake
103
:side, the AI, all that fun stuff that's.
104
:Currently happening, but then again,
address that to the physical, um, and
105
:really just mitigate rest for the client.
106
:That's what it's all about.
107
:Okay,
108
:Phelim: I like that.
109
:And ultimately, the client probably
just doesn't care, they want it solved.
110
:But let's take a step back.
111
:What about your passion?
112
:Where does your passion
for this come from?
113
:Uh, Lee, and
114
:Lee McWhorter: then maybe Kevin?
115
:Well, you know, it's one of the things
when I was fortunate enough to be
116
:referred and got to join this wonderful
group here at Covered Six, um, that I
117
:really shared with our founder, Kristone.
118
:Kevin and all the senior team,
is just a holistic approach.
119
:I've always felt, even as a
guy who really focuses on the
120
:cyber side, that you have to.
121
:It's one of my mantras, lock
the damn server room door.
122
:There's all these stories of people
who put up all the defenses and the
123
:firewalls and the intrusion detection,
and somebody wants it bad enough, they
124
:just drive a car through the front
window and steal all the hard drives.
125
:And of course, you know, we want
to make sure that the other side
126
:of the house is aware that a
drone flying over the building is
127
:not just some kid's toy anymore.
128
:That could be me landing a
hotspot to break into your office.
129
:And so this kind of cross, you
know, we're always as strong as our
130
:weakest link and it's usually people.
131
:And so one of the biggest
things we got to do is train.
132
:And if we can train in a more integrated
way, then I think that betters both sides
133
:and then the whole holistic approach to
134
:Kevin Lewis: security.
135
:Yeah, so Leah and I have had many
conversations about this and it's
136
:really about, you know, I was a
solo operator most of the time, so
137
:I was constantly looking for ways
to leverage force multipliers of any
138
:kind in order to help me provide for
my client, because, you know, it's,
139
:There's not enough manpower, right?
140
:But also, um, to be able to educate
myself enough so that I know what other
141
:possible threats could be out there.
142
:Because, uh, I jokingly always say
to Lee that I'm a walking EMP, right?
143
:So, if I don't You know, I need to
know more about this side of the field
144
:because I feel totally vulnerable there
because I don't have any understanding
145
:until Lee came along and started
teaching me and then telling us, you
146
:know, giving us opportunities to learn
from any everything from OSINT to just,
147
:you know, good, good cyber awareness
and, and hygiene, you know, I mean,
148
:that's just the basic entry level that
every agent needs to have, because you
149
:could be setting things up that could
cause your client problems, right?
150
:Okay.
151
:Plus the clients are bringing us problems.
152
:And again, every time I walk into
a new residence or with a new
153
:client, I have to deal with a new I.
154
:T.
155
:team and they're not always, um.
156
:forthcoming, right?
157
:So I need to know enough that I can
ask the right questions from two
158
:of them to make sure everything's
locked down for the client.
159
:So it's more for my end, uh, for our,
our educational process, that the guys
160
:really understand the risks and what
they can do to help mitigate them.
161
:So, you
162
:Lee McWhorter: know, going on with
what Kevin said about sometimes.
163
:IT teams out there not being forthcoming.
164
:We've, it's something we're trying to, I'm
trying to break down and have people, and
165
:that's people I train and people out in
the community not do, but we kind of, you
166
:know, keep the information to ourselves.
167
:And, um, you know, that is something
that you do run into a lot of IT teams.
168
:It's like they need to keep it for their
own secrecy, but we need to share it
169
:so that we can all be on the same page.
170
:Phelim: Okay.
171
:So, so, so let me ask Kevin for the
third quickfire question, right?
172
:Kevin.
173
:What does the uninitiated
protector need to better understand
174
:about integrated training?
175
:Like, I can imagine them thinking,
Oh, well, am I going to learn to code?
176
:Well, what should they
better understand, Kevin?
177
:Kevin Lewis: Well, they should definitely
better understand the OSINT side.
178
:And a lot of accounts now are asking
for, uh, agents that can actually
179
:do OSINT scrubs on the client daily.
180
:Um, so that's a key factor, but just
in general, what is good cyber hygiene,
181
:uh, would be a base level, right?
182
:And then what potential risks are out
there that the client's facing or that
183
:the security, the cybersecurity team
is facing so that we can assist in
184
:asking the right questions and also, uh,
pushing, uh, helping the client make the
185
:proper decision making to like upgrade
the things that the cyber team needs.
186
:You know, that would be like the
elemental things that I would say.
187
:Phelim: Okay.
188
:That makes sense.
189
:And I like that because that's from
the perspective of the protector.
190
:And quite often the protector
sees lots of flashy, fancy ideas.
191
:And, and they think, well, I mean,
I'm not speaking for you, Oh,
192
:protector out there in the audience,
but you might think which way.
193
:Um, so let me, let me
put it to you this way.
194
:We're talking integrated training.
195
:And this isn't necessarily talking about
the single unified soldier, and we've had
196
:that on the podcast before, um, and, and
I totally get it if you've come from the
197
:military, J6 instead of A6, N6, and so on.
198
:Uh, Lee, what then does
integrated training look like?
199
:Is it as simple as, now I'm
doing something cyber related,
200
:now I'm doing something physical
related, or, or is there something
201
:more to integrated training?
202
:Kevin Lewis: Um, so what it looks
like is, each, in each section of
203
:our, our training, we're trying to
incorporate some aspect of technology,
204
:and an understanding of technology.
205
:So, um, OSINT, we actually,
like, Take them through the
206
:process of why that's important.
207
:Cause again, like you're saying, what's,
what's important is the why's, right?
208
:Like what's, what's my, why, why
do I need to know this stuff?
209
:The biggest thing is, is, you know,
the client vulnerability, right?
210
:Is like, how, how can we fix that?
211
:And there's millions of examples of
this where, you know, people are using
212
:technology to actually stalk the client.
213
:Right?
214
:Make it there.
215
:Um, a lot of the stalking now
happens, uh, electronically.
216
:Got a number of cases like that where
I've been dealing with people that have
217
:electronic stalking, and then you gotta
go back and figure out who this guy is,
218
:or you gotta pay somebody to do that.
219
:It's kind of, uh, really good for
the client if we can keep all that
220
:in house, and that our guys have the
understanding of How to, how to deal
221
:with those types of situations so we
can start setting up an investigation
222
:or getting a file going on this person,
you know, so that's the, the training
223
:is, um, introducing aspects of the cyber
side to the, to the individual agent as
224
:they're going through training and, uh,
introducing the technology side too.
225
:Like, hey, technology is happening
so fast now, especially with like
226
:AI cameras and stuff like that.
227
:It's kind of hard to keep up, but they
should just have an understanding.
228
:understanding that, hey, you need to learn
all aspects of this field, especially
229
:later on if you want to be a detail
leader or a, you know, a chief security
230
:officer or something like that on the
corporate level, they have to have not
231
:just the cyber, not just the integration,
but also the physical understanding.
232
:Because they all work together.
233
:And like Lee's saying, the weakest
point there is really the people, right?
234
:But, and that can be just egos
between different groups, right?
235
:Where they're, they're
not playing nice together.
236
:And so the client's not
getting exactly what they need.
237
:So when we're integrating training,
what we're trying to do is open the
238
:guy's minds to the fact that, hey,
this Security is more than just you
239
:standing there looking cool, right?
240
:You have to actually get into some
aspects of this other technology and
241
:the cyber side so that you can keep
your clients safe on all levels, right?
242
:So that's kind of how we incorporate it.
243
:Phelim: And, and, and Kevin, I'll
be interested because, you know,
244
:with your background, you, you,
you've got martial arts, you've
245
:got a lot of physical security.
246
:Um, how did, how did, How
do you adapt to all of this?
247
:Because maybe if people put
themselves in your shoes, Kevin,
248
:and sort of, you know, extrapolate.
249
:Kevin Lewis: Yeah, so, um, for myself,
not being a very tech savvy guy, um, I,
250
:and, you know, how we, how I'm always
doing things is looking for how I can
251
:improve myself for my clients, right?
252
:So not just on the physical training side,
but on, on the aspect of learning a little
253
:bit of technology so that, At least I
can have a conversation with the IT team
254
:and I don't look like a complete idiot.
255
:Right?
256
:And that they will, they will be able
to, to, um, understand what I need from
257
:them, uh, as a detail leader or as a
person who's setting up a contract.
258
:Right?
259
:And, um, you know, I've seen so many
things go wrong with, you know, um,
260
:With teams not communicating and
not getting all the help they need
261
:from each other, and then, you know,
when it all falls down, everybody's
262
:end up getting fired, right?
263
:Because, because nobody's communicating,
we have these egos bouncing around.
264
:So, um, for myself, it was
more just about, you know,
265
:this is a weakness I have.
266
:I need to fix this.
267
:Uh, the industry is growing.
268
:Um, I had left the industry
and came back, had to retool.
269
:Um, and, and, you know, so it's an
ongoing learning for EP or physical
270
:is a lifelong process, and it doesn't
include just the physical stuff.
271
:It's one of the problems with The
training in the United States is
272
:it focuses on what I call the big
sexy, driving, shooting, fighting,
273
:you know, all that kind of stuff.
274
:But Lee and, and I can tell you that the
people that are really successful are
275
:the ones who have that high emotional
intelligence, who understand where they
276
:have a weakness and they can fix it.
277
:Um, and then, you know, okay, we
need to add integration training.
278
:We need to add some cyber training,
and it can be enough just so that
279
:they're able to just have that
conversation with the other teammates
280
:and know what they need to do, right?
281
:So that's kind of how I look at it.
282
:My philosophy is always to bring my
best person to the client, because
283
:if it's just me out there, And I need
to find ways of force multiplying
284
:by these other team members that we
all got to be working together to
285
:make this happen every day, right?
286
:And to do that, you got to
have some understanding.
287
:Phelim: And for that understanding,
Lee, how do you translate that, uh,
288
:because I'm sure, Lee, you go to a
lot of cyber conferences and, uh, you
289
:know, you're prolific in that side of
the world, but how do you translate it
290
:so that, let's say, an EP operator who
has no background, uh, can benefit?
291
:Lee McWhorter: Well, I think one of the
things that I've tried to do with some
292
:of the times I've gotten to speak to some
of our classes on that side, or even some
293
:of the things when I do go to like ASIS,
GSX, or more of a physical, though they're
294
:growing the cyber side, and I'm glad to
see that, that whole holistic approach,
295
:but you know, like Kevin references,
we're not trying to turn the world.
296
:You know, an EP protector into an IT
person, per se, we're trying to give
297
:them the knowledge they need to, to,
to help, you know, minimize that risk,
298
:you know, like, does the client have
a guest Wi Fi set up at their house?
299
:Is that a vulnerability, um, you
know, are the cameras isolated and
300
:secure and patched so that people
aren't looking in and spying on them?
301
:Um, do they have an, you know,
and they don't have to know
302
:how to set up that camera.
303
:They don't have to know
how to set up that Wi Fi.
304
:Okay.
305
:That's technically for the IT or cyber
team to do, but they have to know at
306
:least that there's risk there that need
to be discussed and to make sure that that
307
:team has done the things they're supposed
to do to keep things updated and safe.
308
:And it's sort of like on the other
side, I'm not trying to turn an
309
:IT cybersecurity analyst or a pen
tester or whatever role they take.
310
:into a protector, um, but I want them
to be aware, you know, about how things
311
:that we do affect that side of the house.
312
:Camera placement, uh, VLANs to keep
devices and smart devices off of
313
:the network for security purposes.
314
:It's, you know, and so that's that
integrated approach of training.
315
:And one of the things I know that
Kevin and I both want to do in future
316
:is even more integrated exercises.
317
:Um, you know, where the teams work
together to actually solve a problem,
318
:um, you know, and, and both cyber
and EP physical teams could work
319
:together to solve those challenges and
320
:Phelim: problems.
321
:No, I like that because immersive
learning, uh, tabletop exercises, um,
322
:very, very much bring teams together.
323
:Many people have said pen testing is
the ideal, uh, scenario, although,
324
:you know, how, how, how, how red
team, how red teams do you want to
325
:be is up to the client, I suppose.
326
:Um, but, but we mentioned in, in,
in our prequel that some of the
327
:skills are as simple as OSINT.
328
:And we've had OSINT sessions on the
podcast before, and many of them
329
:concluded, right, I'll take it this
far, but beyond that, I need an expert.
330
:What are some of the tools that
you're teaching that sort of take
331
:them far enough to be dangerous, but
there's a drop off point, isn't it,
332
:where they have to actually say, no,
I need the TSCM expert or something?
333
:Well, I mean, I,
334
:Lee McWhorter: you know, it's funny.
335
:I think some people
have an aptitude for it.
336
:You know, a lot of it's research
and, and sort of the, the mental
337
:gymnastics of sometimes coming
at a problem differently, trying
338
:different searches, different things.
339
:And so some people can go
much further than others.
340
:But yeah, if you're, depends on what
level, I guess, the client needs and,
341
:you know, from, I think, from a protector
and even from a base analyst point of
342
:view, um, a basic understanding to sort
of stay abreast of, you know, the threat
343
:landscape, you know, we use it in the
cyber side for threat hunting, keeping
344
:up with what threat actors are out there,
what they're doing, what they're tactics
345
:and procedures are, um, you know, and we
want the protectors to be aware of, you
346
:know, threats that are being made against
their principals, uh, the locations
347
:they're guarding, whatever that might be.
348
:So, um, you know, they're, we're not
trying to get necessarily, um, People
349
:all the way down to an OSINT expert,
but I think there's a beginning to
350
:intermediate level depending upon
some of the aptitude of some of the
351
:Kevin Lewis: students.
352
:Yeah, and as far as for myself, you
know, entering into this and working
353
:with Lee on developing a little bit
of my skill set, I mean, I, I start
354
:very simply with, um, a, a Google, uh,
A Google, um, a Google alert, right,
355
:for every client that I start, right?
356
:So I'm going to start gaining
a little bit of intelligence on
357
:what's out there with the client.
358
:Then I do a quick OSINT search
with some of the tools that Lee
359
:has set up for us, just to see
what's out there on the client.
360
:And then, you know, we'll, we'll toss it
up to someone with a lot more experience
361
:and they'll go do a deep dive and see
where the client is vulnerable, right?
362
:So, in my case, I'm just
looking really quickly, you
363
:know, what is there out there?
364
:Is there already someone stalking them?
365
:How can we get access to those?
366
:Covered 6 is very
proactive in our approach.
367
:So if there is someone stalking one of
our clients, you know, we'll want to
368
:know where they're at and we may even
go put surveillance on this person
369
:versus sitting back and kind of waiting
to see and the typical strategy.
370
:Um, we like to, we like to stick a guy
right next to them wherever they're
371
:at, you know, just in case and be more
proactive and, um, I think that as As we
372
:progress and the threatscape continues
to change, you're going to have to be
373
:more and more proactive with the holistic
approach of this because, you know,
374
:one or two guys can't get the job done.
375
:Right?
376
:I mean, if you're already waiting for
the attack to happen, you're too late.
377
:Right?
378
:So, um, we need to make sure that we're
ahead of the curve as much as we can.
379
:And we have things locked
down tight enough that, yeah.
380
:That, uh, if someone does a breach,
they gotta have some skill set, right?
381
:And then that narrows down the
field of who can do that, right?
382
:When you have, uh, you know, celebrities
that are, you know, someone's
383
:taking the data, the metadata off
a photo that they've taken, uh, off
384
:a reflection off their eyeball, and
followed them to the train station
385
:they saw, uh, listed on that, right?
386
:I'm sure you've heard of that.
387
:that situation, right?
388
:This is stuff that can happen now with
people without hardly any training, right?
389
:So, you know, if they can get that close
to my client, then I gotta have some
390
:effective strategies in place to make
sure that those things don't happen.
391
:Phelim: Yeah.
392
:It seems, it seems everybody's,
uh, uh, now got the gift of OSINT.
393
:Um, high, high profile things.
394
:Um, I think on one high profile
occasion, which we don't need to
395
:worry about, but someone was, uh,
discovered a lot from a zip tie.
396
:Um, just, just one zip tie told
them an awful lot of information.
397
:Um, yeah.
398
:But where does this then leave
the idea of maybe the technical.
399
:EP Professional.
400
:I, uh, is this your education for all
EP professionals or do you think it's
401
:gonna kind of push us into something
that Christian West likes to bring
402
:up a lot, which is the technical EP
professional, um, that, that, that
403
:one extra, uh, skill set on the team?
404
:Kevin Lewis: Personally, I think that
it's going to require both, right?
405
:So everyone should have a base
level of understanding that so that
406
:they can look for vulnerabilities.
407
:And then we have that guy who
can go deeper and do all that
408
:and handle the deeper part.
409
:But still, the EP team is going
to have to be aware of all that.
410
:They're going to have
to write the reports.
411
:They're going to have to
help with the investigation.
412
:So, you know, they need to
be knowledgeable as well.
413
:But, but, like you said, they're.
414
:There does need to be someone who can do
that deeper dive and, uh, has the, the
415
:higher skill set, you know, so, and, and
the more demanding the client is, or the
416
:more demanding the threatscape is for that
client, the more that's needed, right?
417
:But on a base level, I can be a solo
operator for a celebrity and I can
418
:get some really good information
and deal with someone on a stocking
419
:basis and not have to go there.
420
:Right?
421
:And like I said, you know, I'm not.
422
:The most tech savvy guy in the world.
423
:In the world, so if I
can do it, anybody can.
424
:Lee McWhorter: Well, Kevin's not
giving himself enough credit.
425
:I think a lot of people, they're better
than they think they are when it comes
426
:to tech, even if they're not tech.
427
:But I, I think that, you know, there's
a couple aspects here, you know.
428
:Kevin talked about putting, you know,
somebody to watch, you know, surveillance.
429
:That can happen digitally.
430
:Kevin and most executive protectors
need to be able to find that
431
:and go, okay, that's a problem.
432
:But they're not necessarily going
to have the skill to go build a
433
:sock puppet and follow that person
digitally and join their groups,
434
:but a more advanced person would.
435
:Um, and that, you know, and one of
the things that I've been really happy
436
:and proud to see within our training
programs is that while we, in each
437
:program, touch on aspects of the other.
438
:So in the EP and physical side, Kevin
and his team are teaching some cyber
439
:and some hygiene and some OSINT,
and we're teaching locks and access
440
:controls and basic stuff on our side.
441
:Um, one of the things that we're seeing a
lot is actually dozens of students cross
442
:and take parts of different programs.
443
:Um, and, and I think that
there's two possibilities that
444
:are going to happen out of that.
445
:One is exactly what you said, sir, you
know, that some of these people are
446
:going to be able to move into that.
447
:technical EP role, um, and then some
of them are putting it in their back
448
:pocket for later, so when they someday
move to, say, Director of Security,
449
:they can talk both sides of the house
and, and have that understanding.
450
:And so we've had dozens of students,
we actually had one this May, who
451
:was the first student who has both.
452
:Oh, I shouldn't say both.
453
:He has all.
454
:So he has physical, security program,
AP program, and both our intro
455
:and intermediate cyber programs.
456
:So he's the first student
this year that has all four.
457
:We have maybe a dozen that have three,
and then we have dozens that have, you
458
:know, physical and cyber, cyber and AP.
459
:And so that's something we're seeing
a lot of, a lot of crossover, uh,
460
:to take it up to that next level.
461
:So, so maybe,
462
:Phelim: I don't know, it sounds
like a funny question, but
463
:I think a useful question.
464
:What's not?
465
:In the integrated training remit, like
what's, what's not, uh, for you to teach?
466
:Um, because, because in a way, again,
it might sound very appealing to,
467
:to, to do an integrated training
course, but I, but I wonder where's
468
:the, where's the, where's the limits?
469
:Where's the, the edge of, of what people,
uh, as, as EP professionals should not be
470
:Lee McWhorter: trained?
471
:If I can add, I would say a couple,
like, that without additional training,
472
:and um, and I preach this across the
board, you really shouldn't be playing
473
:around with fake identities, sock
puppets, um, you know, if you're not very
474
:well versed in, in building that out.
475
:building out a virtual environment
where you can keep that isolated,
476
:you run the risk of causing
more trouble than you gain.
477
:You, you're giving away to, to your
adversaries that you're watching them.
478
:Also, to be honest with you, the, what
we call the dark web, the underbelly
479
:through Tor sec, you know, IPsec,
those things are once again, not
480
:something that even the beginning
cyber people need to go down into.
481
:Um, and we need to be aware of it.
482
:But I would not be teaching that in,
in any of those types of programs.
483
:That's a more advanced for the technical
side only, and, and there are tools
484
:actually as well, um, you know, a number
that are in a sense, you know, Darkal,
485
:Echosec, others that are basically,
um, Sort of the Google of dark web.
486
:If that's really a need because your
client is so high profile or your, your
487
:industry is so targeted by, you know,
advanced persistent threats that you're
488
:going to need to be checking that all
the time, then you're going to want
489
:to license one of those products where
you don't have to go there yourself.
490
:You can run like a Google search
and have a safer way to, so there's
491
:different ways to approach that.
492
:Kevin Lewis: And
493
:Phelim: safe, I think is key, isn't it?
494
:Because.
495
:Just from my limited impression,
if a novice went somewhere on the
496
:dark web, they may go somewhere
they're not supposed to go.
497
:Lee McWhorter: Absolutely.
498
:With one click, they can see something
that they just broke the law.
499
:They saw an image they weren't,
and that's on their computer now.
500
:So, I mean, that's something that we
very few, even in the cyber community,
501
:some very few of the most experts
go down and play in that world live.
502
:Because you're taking a lot of risk
of viruses, malware being uncovered
503
:and being attacked, and not to
mention, they're not safe for work
504
:and illegal stuff that you might want
505
:Kevin Lewis: to do.
506
:Yeah, I would agree with
that a hundred percent.
507
:There's, there's some places I'm not going
to go, uh, with my limited skill set.
508
:And I have to, I have to, uh, be
smart enough to say, Hey, I need to
509
:pass this over to that other person
or other, other team member that can
510
:handle this, who has the experience.
511
:Um, and also, you know, for EP
specifically, um, I don't want to
512
:have a bunch of fake identities
and all this kind of stuff.
513
:It just doesn't sit well with clients.
514
:I think if they were to find about
that, you know, it's the kind of the,
515
:you know, a double edged sword for us
in the sense that we have to maintain a
516
:high level integrity, and so I may hand
off some of that, I may be able to, you
517
:know, fly a drone, I may be able to pop
a drone if we need it, I may be able to
518
:do a quick OSINT search and, and just,
you know, ask questions about the cyber
519
:side, make sure everything's locked down.
520
:But as far as doing the heavy lifting
in that area, it's not my role.
521
:Right?
522
:And, and I need to be smart enough to
understand that and let the people who
523
:do specialize in that handle those deeper
dives and not put the client at risk.
524
:Right?
525
:So it all comes down to that risk thing
again, you know, do is what I'm going
526
:to do a bigger risk to the client than
what information I'm going to get.
527
:Right?
528
:So, um, yeah.
529
:I, I always, we always have
to hedge our betts that way.
530
:Right.
531
:And, and err on the side of being
conservative, letting the people
532
:who do that job do that job for us.
533
:And, and that's how you, that's
how you maximize your time as well,
534
:Phelim: right?
535
:Yeah.
536
:And, and we've had, I think Sandra ti
um, who I think you, you know, right?
537
:Uh mm-Hmm.
538
:Lee McWhorter: and yeah, we
know her very, very well.
539
:Good friend.
540
:She's on our, our website as well.
541
:Partner of ours.
542
:Yeah,
543
:Phelim: I think, I think one of the, one
of the things she once said on one of
544
:the sessions was sometimes a client might
say, do your worst, and they have no idea
545
:what you can definitely come back with.
546
:So then I wonder, I mean, on the one
side, I've asked what's the remit, you
547
:know, what's the edge of your remit,
but is there a danger that you're too
548
:successful, especially on the OSINT side?
549
:Um, do you, do you, do you have to
manage client expectations and say, This
550
:is not for me because you don't want
your bodyguard running around with an
551
:enormous amount of personal information.
552
:I mean, is there something
there to consider?
553
:Lee McWhorter: I would say,
I guess, maybe by client.
554
:I defer to Kevin with
his experience on that.
555
:I mean, if you've got a good
relationship, my assumption, and maybe
556
:it's a little bit romanticized, but
that you've got a relationship, you
557
:already know so much about that client
that them, they may not be upset.
558
:They, they, you're, you're, with them
24 7, you're living at their house,
559
:you're, all these things that could be
possible, but other clients are very,
560
:you know, people are very private.
561
:So, yeah, I could see that
that could be its own line.
562
:It's not even your skill line,
but what the client will tolerate.
563
:Kevin Lewis: Yeah, I think the way
that you're presenting that, that
564
:could be a double edged sword for the
executive protection specialist, because,
565
:you know, um, There are things the
clients don't want you to know, right?
566
:And there are, compartmentalization is
not a bad thing in terms of safety, right?
567
:So maybe, you know, one, you know,
the detail lead and, uh, company
568
:owner are aware of some of these
things, but not every guy on the
569
:detail needs to be aware of it, right?
570
:They need to be able to do their job
and, um, not get put at risk of, you
571
:know, like, if so, they do have all that
information, then what you do with it.
572
:Phelim: Lee, what would
you advise a protector?
573
:Looking to get into this space, should,
should, should it be a course that
574
:they do as part of their basic training
or can they still get on courses that
575
:are focused on integrated training?
576
:Lee McWhorter: Well, I mean, obviously
there's like ours, you know, some
577
:programs, I'm sure others that are trying
to do this or have, you know, electives
578
:or ways to put together that type of
training from different other companies.
579
:Um, I know it's not a huge
amount out there just based on
580
:knowing the space a bit, but.
581
:I also do know that even if you went
through a more traditional program,
582
:and then you're wanting to add that you
could definitely round it out yourself.
583
:As you know, or very well, Sandra has her
courses, there's tons of people that, you
584
:know, different types of models, whether
it's, you know, Uh, e learning or, you
585
:know, self paced that you could add some
skills in some of those areas when it
586
:comes to OSINT and even basic hygiene.
587
:We have a free hygiene class
off our website, for example.
588
:You know, so there's materials out there
and that's one of the things I know
589
:we throw some of our students through
is just to here, take this with you.
590
:You can give this and show it to
your other people you work with or
591
:your client and their staff so that
they have the same basic knowledge.
592
:So there's definitely ways to
add it on even if you didn't
593
:get An integrated program
594
:Kevin Lewis: to begin with.
595
:Yeah, I.
596
:I think the thing is, is like,
finally back up, sorry, um, is that,
597
:that we're, is that we always have
to work towards integration, right?
598
:Um, we're going to give the guys
enough that they can kind of start
599
:to understand about the, the, the
other aspects, but on a higher level,
600
:if they, if they want to grow in the
industry, they're going to need to
601
:expand their area of expertise, right?
602
:And, and their knowledge level.
603
:Uh, consistently, uh, moving forward,
especially into if you're been a physical
604
:guy, you need to kind of, you need to
step over there and start learning about
605
:drones and start learning what those
capabilities are, because not only is
606
:it a threat, it's also can be an asset.
607
:Right?
608
:Same thing with cyber.
609
:It can be an ad.
610
:We got a really good cyber team.
611
:They're going to protect us on that side.
612
:So there are, there are teammates, you
know, that we need to be able to make sure
613
:are working as effectively as they are.
614
:So having some knowledge in that
is going to be very important.
615
:And
616
:Lee McWhorter: I think everybody's going
to have to learn a little bit about AI,
617
:um, you know, as it comes down because
especially for higher end, um, you
618
:know, celebrity type, uh, principles and
high net worth, people who have a lot
619
:of data out them, seeing what AI says
about them, what it has available is a
620
:simple OSINT search in a sense now that
will potentially give you some pointers
621
:as to where you need to dig deeper.
622
:Um, yeah.
623
:And then definitely we want to make
sure the teams are working together.
624
:Um, like I said, I, I'm not expecting
one of our cyber guys to, you know,
625
:per se, jump out and take a bullet or,
you know, do something, but they should
626
:know where, where their piece is and how
they support that team and vice versa.
627
:Phelim: I like it.
628
:I think, I think that maybe
is a much better way to focus.
629
:Uh, our efforts, because rather than who
you're going to be, it's who you're going
630
:to call, but maybe you need to have an
appreciation of the other discipline as to
631
:why you want to call them, much as you may
not be a TACM, uh, specialist, uh, but you
632
:know why you might want to call one, um,
which, which I think is, is a bold, a more
633
:bold and, uh, less timid kind of approach.
634
:I, I, I worry that in years gone by,
people have said, I don't understand it.
635
:Therefore it's not me.
636
:I But we're not saying it's you.
637
:We're saying you, you, you want
to know why you would call such
638
:a person, um, a limo driver.
639
:You don't have a limo, but you know
why you'd call it a limo driver.
640
:Right.
641
:So, so, so what's next
for you and COVID 6?
642
:Um, where are we next going to see you?
643
:What, what, what are you next up to?
644
:Lee McWhorter: Well, I, um, have just
passed the bulk of the conference season,
645
:though I guess we'll probably be at SHI
show as we head into the new year, and
646
:then things will start to pick up for me.
647
:It's the usual RSA, Black Hat, DEF CON,
I do try to make JSX, even though we may
648
:send some different people this year.
649
:We've been trying to get, I've been
going because of some cyber stuff
650
:that they're growing, but we really
need to have Jacob and Kevin, our
651
:physical side, get to get there too.
652
:Um, and so hopefully
we'll do a lot of those.
653
:We've been working on, I hope we're
going to be able to heavily talk more
654
:about it next year, but even some VR, AR
type of stuff, um, which I think helps
655
:us integrate some of this training.
656
:So, you know, we're, we're just
constantly trying to innovate.
657
:And, uh, we also have our tech integration
program, which is, we're talking here,
658
:tech integration, we have a whole nother.
659
:Vertical, and that one is focused.
660
:It's sort of a hybrid between our two
houses that we have now because the
661
:person that takes that class will come out
with a guard guard, uh, even in setting
662
:in a GSOC, you got to have that under
California law, but you're going to come
663
:out with some secure, you know, like an
A plus and a cabling cert, a drone cert.
664
:So it's, it's kind of a, it's
really, it's kind of geared toward
665
:that role, that person who's
going to set between those things.
666
:So we're excited to launch that.
667
:Kevin Lewis: Yeah, on the physical
side, we're getting ready to launch
668
:in January, our next year of training.
669
:Um, but then also, uh, like he said, we
have the tech integration, uh, academy
670
:that's sitting there waiting to get going.
671
:Um, and, um.
672
:You know, that's, that's kind
of where we have to go now.
673
:We have a drone program that's
in progress now, uh, with, uh,
674
:you know, so we're incorporating
that into to all of our stuff.
675
:We have, uh, virtual patrol officers with
a major metropolitan police department.
676
:So, you know, the, the role
of security continues to grow.
677
:And along with that, the, the, um,
Executive Protection on the physical
678
:side need to be able to grow with that.
679
:You know, it's always going to come down.
680
:You've got to have people, right?
681
:But at the same time, we have to,
we have accounts that have robots.
682
:We have accounts that have G socks.
683
:We have accounts that have, um.
684
:that have a full cyber team.
685
:We have our OSINT side, you know, and all
of this is happening at the same time.
686
:We're, we're popping drones for
surveillance on, you know, communities
687
:that we work with because, you
know, people are trying to crawl
688
:into their backyard, you know, so.
689
:It's a, it's a much, you know, easier way
to be sitting at a house on a residence
690
:and pop a drone who has some night vision
on it and be able to track somebody
691
:who's trying to get on the property.
692
:So this is where all of this is going now.
693
:And, you know, the, the, the
physical side needs to kind of
694
:step up their game and, and start.
695
:Uh, looking at how to make this
a fully integrated, holistic
696
:approach to security all the time.
697
:Not just, you know, hey, I need
you to go do, fix this problem.
698
:It needs to be working
together all the time.
699
:Phelim: And I want to pounce, I
know this is not the topic of this,
700
:uh, podcast, but January 2020, I do
remember I got on people that trained
701
:UAV flying, drone flying, and some
other people who had dabbled in it.
702
:And back then we said, you know
what, maybe we'll need an FAA
703
:license for every operator.
704
:Are we talking about that type of UAV
or are we talking about one that's
705
:permissible under municipal law
that you don't need an FAA license?
706
:Lee McWhorter: I would say both.
707
:I mean, our program is going to
do the FAA license for, for larger
708
:drones, um, for the tech integration.
709
:Um, but the capabilities of these
small drones have grown so much
710
:just like the military is doing.
711
:I mean, I'm sure this is happening with
Kevin and our team already, but I mean, if
712
:I imagine myself, I'm just a geek, but if
I'm an executive protector and I can get
713
:an 89 4K little drone that I can carry.
714
:I'm going to have that bad boy with me.
715
:I don't know when it might come out,
but I don't have to have any rules.
716
:I can pop it up, see over that
hill, see what's coming at me.
717
:You know, so, you know, and so I
could, I would probably have one.
718
:And they've gotten so capable.
719
:It's like I have everything in tech.
720
:You know, it doubles and
gets smaller and faster
721
:Kevin Lewis: every year.
722
:Yeah, I mean, that's the integration.
723
:We were learning how to now, uh, not just
do the quick, you know, pop the drone,
724
:look at the residents, make sure there's
nobody around the area, but also like,
725
:you know, hey, the client wants to be,
you know, you'd be more low profile,
726
:so how can we do that with left bodies?
727
:Well, we can pop a drone, we can set
it over on a light pole, it can watch
728
:the client from there, you know, we
can set up, uh, surveillance cars,
729
:we can do all kinds of stuff now
that we didn't have access to to,
730
:uh, before, but I, I do agree with
Lee that it's going to take both.
731
:I mean, you do have to have your,
your FAA license to fly a drone.
732
:So a lot of, uh, the residential
security teams now are requiring that.
733
:Um, I notice, uh, World Protection
Group, they, they've been asking
734
:for that for years now, right?
735
:And, uh, and I took notice of
that because I'm like, Ooh, well,
736
:there's another aspect, right?
737
:This is a place where an EP guy can
specialize too, like a TCSM, but
738
:also be able to do, you know, the
drones and things like that as well.
739
:I mean, it just kind of opens up, you
know, you to get hired better, right?
740
:So, so we always encourage the guys
like, hey, get in, do extra training
741
:on stuff that's going to get you
hired, you know, security driver's
742
:certificate, a medical, right?
743
:If you're an EMT, that's, everybody
wants one of those on their teams.
744
:Everybody wants a guy that can
handle the cyber and the drone and
745
:all that kind of stuff too, because.
746
:When we're traveling around the
world, we need all that, right?
747
:We need to
748
:Phelim: be able to That's definitely
something I need as a, as an
749
:extra podcast session, I think.
750
:I think we need to do that.
751
:Would you be able I'll find some,
I'll find, I'll find some trainers
752
:and some operators and we can, we can
do an entire Maybe I'll ask Kent from
753
:WPG and, uh, we can we can all do it.
754
:Sounds cool.
755
:Sounds good.
756
:All right.
757
:Well, thanks very much for coming on.
758
:I appreciate, uh, this is a bit different
because we're talking integration.
759
:Therefore there's two of you and we're
integrating the, uh, the, the talk.
760
:Um, I know you've, uh,
supported the number of virtual
761
:events, uh, over the years.
762
:So, so thank you very much
for, for, for doing this.
763
:Um, I really appreciate you coming on and,
uh, I, I feel this actually will help the
764
:Protector, which I think is what we're.
765
:We're trying to, I shouldn't be so
surprised, but I, but I, but I, but I, but
766
:I do think this will help the community.
767
:Um, Kevin and Lee, thanks
very much for coming on.
768
:This has been another fantastic edition
of the Circuit Magazine podcast.
769
:Lee McWhorter: Thanks
so much for having us.
770
:It's been a
771
:Kevin Lewis: blast.
772
:Phelim: Well, thank you
very much, Lee and Kevin.
773
:I've really waited a long time
to get them on the podcast.
774
:So I'm really, really.
775
:pleased about today's
integrated EP trading session.
776
:I'm back with Shaun West.
777
:Shaun, what are some of the
high level things you've taken
778
:away from today's session?
779
:Well,
780
:Shaun West: it's really interesting
actually, because I've done a lot of
781
:awesome training myself, and I love
the tools that it gives you, and
782
:it becomes really quite addictive.
783
:So it's really interesting to hear
how Lee and Kevin spoke about it,
784
:the tools that they're developing and
training individuals in, and to get
785
:their, their take on the OSINT space.
786
:So no, I actually really enjoyed it.
787
:And yeah, lots of stuff for
788
:Lee McWhorter: discussion.
789
:Phelim: Maybe again, our, our
listeners will think, well,
790
:this would be very interesting.
791
:And, uh, the, the, the, the whole circuit,
the whole EP community are very good at
792
:doing courses and are very diligent at,
you know, self improvement, but, but
793
:maybe it's, it's worth, as we discussed
with Lee and Kevin, you know, seeing the
794
:parameters of that, because, um, you know,
what does your principal expect of you?
795
:Uh, what would be a nice to
have and what would be totally,
796
:totally out of the wheelhouse?
797
:Like, would, would, would your principal
expect you to fix his very expensive car?
798
:Uh, it would be a nice
feature, wouldn't it?
799
:You know, to have, to have a
mechanic on board, but it's,
800
:but it's not quite, your job.
801
:Do you see where I'm
going with that, Shaun?
802
:Shaun West: No, I do.
803
:And I think it depends what sort of end
of the market you operate in, because
804
:if you're working with the ultra,
ultra high net worth individuals,
805
:they don't employ a bodyguard to,
I don't know, cook their main meal.
806
:They have a chef.
807
:They don't employ bodyguards
to trim the garden.
808
:They have a gardener.
809
:They have the money and the funds.
810
:to employ the best people in the game
who are specialists at what they do.
811
:However, when you go down the market,
maybe there's some people that,
812
:you know, are very wealthy or very
shrewd with their money and the
813
:more value add you can bring, the
more valuable you become to them.
814
:So there is a space for broadening
your knowledge and bringing that value.
815
:But I think at that top end of
the market, it's always going
816
:to be specialists that are
817
:Phelim: seeked out.
818
:Yeah.
819
:And, and, and so maybe your,
your value and, and a, and a
820
:lot of the community kind of.
821
:advertise themselves as
concierge services as well.
822
:And in some geographies, that's all
one can be technically, a concierge
823
:service, a signpost, um, a facilitator.
824
:You, you know, you, do you remember
that episode with Kenji Okamoto
825
:just before the Tokyo Olympics?
826
:Um, he, he sort of said, Well, I'm not
allowed to have any use of force at all,
827
:so one of the magic features he manages
to do is make sure the penthouse lift
828
:is reserved for the penthouse guest.
829
:It's just such a small thing, but it's
totally within the signposting agenda.
830
:Have you come to have
to signpost yourself?
831
:You know, has anyone said, oh,
Can you tell me about AV or IT or
832
:TSCM and, and then you're like,
aha, I know the right person.
833
:Shaun West: Absolutely.
834
:And that's come to me many times.
835
:And I've seen it as my duty, as I
went up through an organization in a
836
:past life where I became the director
of security in a family office and
837
:was being the director of security.
838
:I didn't need to be an expert
in all things security because I
839
:brought in subcontractors that were
specialists in different fields.
840
:And one of my duties, which I found was
whilst gaining knowledge in different
841
:areas, whether that's, you know,
the capabilities of canines who are
842
:providing canine security, whether it's
cyber specialists, whatever it may be,
843
:TCSM specialists, I'd always increase
my knowledge in all of these areas.
844
:But exactly what I said,
I was also a signpost.
845
:I had a very good black book of vendors
that I invented a new specialist in
846
:that field, and we're good at that task.
847
:So whilst growing that knowledge
yourself, whilst you're not the expert,
848
:you have enough knowledge to be able to
question the experts and also to know
849
:they're not pulling your pants down as
850
:Lee McWhorter: well.
851
:Phelim: That's, that's right.
852
:You need to be dangerous enough,
but without actually being
853
:that, uh, that, that expert.
854
:Wonderful.
855
:No, I think, I think this is good
because, because honestly we have had.
856
:Very good questions at events that
have literally gotten to the, you know,
857
:cut to the chase and they say, right?
858
:What am I supposed to learn
in the world of cyber?
859
:What is it?
860
:Um, so, so, so today's session
I think goes a longer way to,
861
:to, to, to helping us with that.
862
:OSINT skills, research skills, signposting
skills, appreciation of who you're going
863
:to call, which Which I think is a lot more
honest than saying, right, well, now you
864
:need to learn to code in Python, because.
865
:Because, fun as that could be, if you
are so inclined, it's not your day job.
866
:So, what's next?
867
:What's coming up for the magazine
and the community as a whole?
868
:Shaun West: As always, we're
working on the next issue, and
869
:we've got some more podcasts.
870
:Guests lined up for interview.
871
:Um, and also it was great to see you
at the Coast Protection World event.
872
:That was an excellent event where
we met up with many people, many
873
:of our readers, subscribers,
and yeah, what a fantastic day.
874
:Phelim: Yeah, actually, sorry, um,
I should have mentioned, thank you
875
:listeners who came up to us and said,
You like, uh, what, uh, what we're doing.
876
:Um, uh, I don't know if you
wanted your names broadcast,
877
:so we'll just say thank you.
878
:Uh, it was really a great pleasure.
879
:Some people came up with specific episodes
they liked, uh, some people came up
880
:with, uh, other very nice things to say.
881
:Um, it was very much appreciated.
882
:Um, so, so thank you for stopping by the
Circuit Magazine store and of course thank
883
:you to CP World for hosting us, uh, again.
884
:Always, always lovely to,
uh, to, to, to see everyone.
885
:I'm very much looking forward to the
9th Annual Executive Security and
886
:Close Protection Technology Forum
on the 25th of January in London.
887
:Uh, many, many people actually
will People know about it.
888
:Many people took postcards and details
and if you want to take a trip across
889
:the pond, if you're in the States, then
please get to get your booking in now.
890
:A common question, I know this
is, I'm doing an extended plug.
891
:Sorry, the extended plug for this.
892
:A common question is, Um,
does it clash with Davos?
893
:No, it doesn't.
894
:It is after Davos, so you're, you're all
good, if anybody was in fact wondering.
895
:I thought I'd just do
frequently asked questions.
896
:But yeah, integrated protection, an
honest look from COVID 6, Lee and Kevin,
897
:thank you very much for coming on.
898
:Shaun West and myself have very
much appreciated the time you've
899
:spent with us at the podcast.
900
:So, Thank you very much, and this
has once again been another fantastic
901
:edition of the Circuit Magazine podcast.
902
:Kevin Lewis: You have been listening
to the Circuit Magazine podcast.
903
:Be sure to subscribe and be
sure to not miss an episode.