“I learned a ton…that will make me a better instructor.”

-SGM (Ret.) Kyle E. Lamb, Author of Green Eyes & Black Rifles

Because of current events, we’re going to discuss some tools to analyze security-related information. In this effort, we will attempt to avoid politics and look purely through the prism of security-based analysis to reach data-supported conclusions. 

Our focus here will be largely on the process (or more accurately a process—there are many) of analysis itself. We believe that thinking and analytical skills are at least as important for instructors in this field as hard skills are. 

Analysis before action (to include things such as development of tactics and curriculum) almost invariably leads to a vastly superior outcome than the alternative. Even operationally, while there are exceptions, thinking tends to be more important than hard skills at the point where the rubber meets the road.

Regardless of anyone’s personal, ideological bent, let’s acknowledge that not all violence (to include gun violence) is either unjustified or bad. Violence is a tool. It’s a method of affecting an outcome. It may be a tool with a limited, justified application, but when it’s required, nothing else will do. 

Sometimes violence, up to and including killing other people, is the right thing to do, morally, legally, and tactically. We assume here that no reasonable person wants to interfere in or prevent morally, legally, and tactically right actions, so we will ignore justified violence in this discussion.

Positive outcomes from the formulation and implementation of things like tactics, methods, curriculum, or policy rarely occur if we have not accurately defined the problem(s), so let’s start there. 

With respect to gun violence (and other methods of inflicting violence), the causes are not singular in nature, any more than “redness with swelling” is indicative of a specific medical issue. Therefore, attempts to address these issues as such are unlikely to produce successful outcomes. 

It is also important to point out that there is a significant discrepancy that exists throughout much of the national discussion on these topics—specifically the bifurcation of gun violence from other types of violence that lead to identical outcomes such as serious bodily injury, death etc. 


A firearm is fundamentally a tool that, like most tools, enhances the capability of the user. It is an effective tool and, as it happens, the ONLY tool that accomplishes the task of establishing physical equality between persons of varying individual physical capability.

However, firearms are certainly not the only tool for applying violence. Therefore, any worthwhile analysis of these issues must consider the broader scope of the problem set, not just the components of violence that involve use of a specific tool type or subset of tool type.

Speaking of tools, we will start by introducing a simple analysis tool: dissection of a topic to its relevant, root components.

This is important because once you get beneath the surface, events that appear to be the same can sometimes be completely different, with different root causes or characteristics, and therefore require different prevention and mitigation measures. 

For example, a trash can fire can be effectively put out by dousing it with water. An oil or grease fire in a kitchen, while it may appear similar, and may be described in similar terms (heat, light, smoke etc.) probably won’t be put out successfully with water. Water will, in fact, usually spread a grease fire. So, in this example, the performance characteristics of the fuel type comprise the “scalpels’ through which we can effectively dissect the problem of fire and thus seek to prevent and control it.

At a national debate and public policy level (for any topic), we are horrible at doing this, especially in the age of social media communication mediums that serve primarily to project, amplify, and reward emotion and hyperbole while stifling substance. Nuanced analysis and complexity are hard, largely incompatible with the chemically addictive emotional engagements and responses that frame much of our modern communications methods, and time-consuming to conduct. They are also absolutely necessary to generate successful outcomes.

When using this particular tool (dissection) as a component of security-based analysis, we find it helpful to take an event (problem-set) such as mass-murder and dissect it using motivations and objectives as the “scalpels.”

Why are these two things important? They provide us the necessary information to make valid assumptions about why things happen, as well as the potential capabilities and other characteristics about the people who do them. These are all important if one hopes to find effective ways to address security risks. 

This brings us to the second tool we will look at here: define the essential elements of each dissected component.

Once we have dissected something to its root-level components, preventing it from occurring requires an understanding of the essential elements that comprise each component. What are the things that it cannot exist without?

For example, in basic firefighting and fire prevention classes, students learn about something called the “fire triangle.” This is comprised of the essential components necessary for a fire: fuel, oxygen, and heat. Remove any one of these components and fire cannot exist.  

We can look at violence prevention and mitigation through a similar lens. Before taking action, we should seek first to understand and define the essential elements that are required for the violence to occur. Any policy actions taken should succeed in eliminating at least one of these elements. Any actions that do not do so should then be eliminated from further consideration.

Action simply for the sake of action—the we must do something approach—is not just a political red herring, it is both dangerous and foolish. In 1967 a fire on the aircraft carrier USS Forrestal killed 134 sailors and injured 161 more. During their response to the fire, the deck crews properly coated the flames with AFF (film forming foam that is intended to remove the fire’s access to part of the fire triangle—oxygen—thus smothering it). 

While these sailors were attempting to fight the fire with the best tools they had available, other sailors, to include those on the escort ships, could not stand by during a fire and do nothing—they had to “do something.” 

And they did. 

They sprayed continuous streams of seawater into the flames, washing the foam away and assuring continued access to oxygen for the fire. They did something—they made a bad situation worse. 

During any risk management efforts related to life and death subject matter (for which violence certainly qualifies), we propose as an accepted axiom, for any individual of any preexisting dispensation towards any outcome, that making things worse should be considered automatic “no-go” criteria for any proposed policy or course of action. First, do no harm.

When we apply these simple analysis tools to the problem set of mass murder, we see that non-justified violence can roughly be distilled to the following categories: suicide, gang violence, domestic violence, crimes against persons (other), and the still statistically insignificant yet abhorrent, culturally shocking, and politically supercharged mass murder attacks. 

If we zero in on mass-murder attacks and dissect by motivation and objective, what we see are at least four different types, or categories, of mass murder: terrorism, mental illness related violence, domestic (interpersonal) violence, and workplace violence. 

While current events are now shining a spotlight on the mental illness category of these attacks, in looking at both countermeasures implementation and policy development, it is ultimately important to consider the impacts of any interventions on every aspect of the problem, not simply one, acute, aspect of it. 

Note: In the following paragraph, we provide an educated assessment of the motivations and objectives for an attack category component as defined using the simple tool above. We believe this assessment to be accurate for these purposes; however, we make no claim to be (and are not) mental health professionals, social science, or criminal justice researchers. We also acknowledge that further refinement or modification to the parameters identified here may lead to additional considerations and/or courses of action.

For the purposes of this article (introducing the assessment process) we will look just at the mentally-ill category of attack. 

These attacks tend to be driven through a warped sense of self-worth, or lack thereof. “I have no social worth—I must achieve some.” There is no requirement for said worth to be positive in the eyes of society.

Because the root causes of these attacks stem largely from the individual’s perception of their relationship with society, the objective can be loosely understood as the desire to change this relationship. 

It is important to understand that, while the mentally ill may, in fact, be “crazy,” mental illness is not an all or nothing, black or white, on or off proposition. Just because someone has an irrational belief or motivation or carries out an irrational act does not mean that the act itself will not be planned and carried out rationally.

**Note: To benefit from some well-researched insight into the motivations behind these types of attacks, we recommend noted security professional Gavin DeBecker’s classic text, The Gift of Fear as a good place to start.**

If we apply the second tool (identifying essential elements of the attack component), our assessment (feel free to do your own) provides the following picture of the requirements for this category of mass murder attack:

1) Existence of Mental Illness
2) Existence of severe problems in relationship with society
3) Knowledge of a time/place predictable, concentrated body of potential victims
4) Possess tool for repeatedly applying lethal force (or applying it to multiple people in a single application)
5) Mobility (ability to move to the site where the victims are concentrated)
6) Ability to infiltrate the tool for applying force into the attack site
7) Physical access to concentrated body of potential victims
8) Physical (or other) capability to conduct the attack

If any one of these eight items is missing, the attack itself cannot occur. While not geometrically accurate, this can be thought of as the “mass murder triangle,” at least as it relates to attacks carried out by the mentally ill.

Note: In illustration of the function of the analysis tools, consider that a terrorism-based attack will not contain the requirements for mental illness, or severe relationship problems with society. However, it will require the presence of a “cause” and a network of other people who provide support (material or otherwise) for that cause.

We also see, through the assumed motivations and objectives, that this attacker wants, above all, to be known, at any cost. He or she wants to matter in some way to society. 

Both our simple assessment above and any cursory review of the history of these types of attacks will show that they are not spontaneous in nature, nor are they carried out on a whim. These attacks are meticulously planned, sometimes over months or years, using largely rational thought and planning processes, to include effective target selection, surveillance, risk assessment, tool selection, tool gathering/preparation, and operational planning.

Why is this important to our assessment? Because it tells us that the attacker does not want to fail in his or her objective. In fact, failure may be the only thing such a person fears within the context of their attack. This tells us that the potential for failure is likely to impact the attacker’s decision-making during the target selection and planning process.

It is noteworthy here that, at least partially due to this desire to succeed, virtually all successful mass murder attacks (98% according to recent data) occur within so-called “gun free” zones, where there is virtually no chance of being stopped before creating a news-worthy event. Ignoring politics and ideology, avoiding becoming a victim of mass murder attacks is, statistically, as simple a matter as avoiding entry into gun free zones.

Let us re-cap quickly. 

We have introduced two simple analysis tools. The first is dissection of an issue to its relevant root components. For security related issues, two useful “scalpels” are motivation and objective. The second is identification of the essential elements of each of the root components of the problem. What can this component of the problem not exist or occur without?

We will now introduce a third tool into this equation, something that we call the protective model. There are several different versions of these; however, the long version of the one we prefer using is: 

Passive Avoidance – Avoidance through planning. Avoid being the target.

Passive Deterrence – Deterrence through planning. Create a profile that indicates an attacker should look elsewhere.

Detection – Use of a combination of awareness, active, and passive detection methods to detect a threat or potential threat, preferably at the an extended time and distance range.

Active Avoidance – Take action to avoid a detected threat or potential threat.

Active Deterrence – Take action to increase posture to deter a potential threat or threat, increase readiness and preparation for defense.

Delay – Slow an undeterred, unavoidable attacker down. Can involve methods such as barriers or creating distance in the case of a physical attack.

Defense – Typically involves fighting in a physical attack. Note that this is the only component of the protective model where hard skills apply.

Mitigation – Planning ahead to reduce the impacts of a successful attack. If all other methods have failed, how can the harm be reduced?

Recovery – After a successful attack has occurred. How can the person or entity move forward effectively and resume previous activities?

The protective model is an algorithm for identifying security countermeasures, based around the theoretically complete process of protection as applied against a threat’s engagement sequence. In layman’s terms, it’s a list of stuff to consider before you “do something.” Please note that all parts of the model may not apply to every part of every problem.

With this model in hand, using the information from our assessment we can now begin formulating potential methods of addressing the problem in a structured, methodical, and logical way. Apply the protective model to each of the eight essential elements of the event; this will inform a list of policy actions and countermeasures to begin evaluating (please note that not everything that ends up on the list at this stage will be a good or actionable idea).

For a quick example of how this works, let’s go back to essential element 6 of the mentally ill component of mass murder attacks, as defined in the analysis above. Specifically, this is the ability of the attacker to bring the tool for deadly force application into the attack site.

Avoid – In some settings you could plan to avoid this by perhaps keeping the location of the site unknown to anybody fitting the description. Typically however, avoidance is more applicable to mobile security applications.

Deter – A passive method of deterring bringing a weapon into an area could be the use of an entry control point where people and/or bags are searched.

Detect – Detection is a critical component of security and response. Generally speaking, the sooner detection happens, the less severe the incident will be and the less extreme of a response will be required. Detecting a potential attacker with a rifle, 50 yards away across the parking lot is a problem that is far easier to address than detecting the same problem already inside a building full of people.

Detection can happen through a variety of means including intelligence gathering, observation of behavior, searches etc. We would encourage you to be as thorough as possible when evaluating potential methods of detection to implement. In this case, two methods of detection could be an entry control point (notice it’s now on “the list” twice), and parking lot surveillance.

For the sake of brevity, we’ll stop there. This article is about analysis tools, not about solving a specific tactical problem (for which a unique terrain analysis will also be required). Hopefully you get the point about how this model is applied to develop countermeasures.

When you’re done, you can take these potential actions and line them up with control measures identified for each of the other essential elements, such as presence of mental illness and physical capacity to cause the violence. If you have done more than one component, each consisting of multiple essential elements, the list grows a lot bigger.

Some of the potential countermeasures and actions on this list will be unique. In most cases though, you will see a pattern as the same actions show up again and again as potentially being effective at reducing the risk across multiple areas. From here you can do other things outside the scope of this article such as apply metrics, compare the relative effects of controls across the system, etc. 

Interesting how using a few very simple tools can produce so much granular detail, isn’t it?

These tools work, and they work very well. However, a word of caution. Like any tool, they can be misused.

Application of a protective model to each individual essential element of each dissected component of a security problem provides a very thorough method of evaluating risks and formulating effective responses. However, prior to implementing policy or countermeasures, each proposed countermeasure or policy should be evaluated, not just against the granular area of risk it was originally formulated to address, but also via its impacts on other risk areas as well as the entire system in which it is applied.

If you want to have effective security countermeasures and policies, (ie. if you want to do stuff that actually works) you need to understand the impacts of your proposed actions on the whole system. It’s not enough just to look myopically at a single component of a problem.

For example, if an even more acute assessment than the one above was conducted – one that focused only on mass murders carried out with firearms – it would not be unreasonable to conclude that eliminating firearms will solve the problem. In fact, we would accept this as an axiom. If there are no guns, there can be no mass murder attacks involving guns.

However, while this assessment is technically accurate, it is far too granular to be useful because it ignores the systemic impact of guns both on other areas of the problem set and on the bigger picture of violence. For example, such a policy would eliminate the potential for individual physical equality and also result in the loss of the criminal deterrence value this equality provides. This would most likely increase, not decrease, violent crime (to include murder)—which is borne out historically in places where similar policies have been applied.

The point here is not to discuss politics or specific policy actions (it’s extremely important stuff, we just don’t do it here). Rather it’s to point out the dangers of misusing and/or misunderstanding information based on a haphazard and incomplete analysis of a problem.

We find that is one of the benefits of having structured analysis tools and processes, such as the simple ones described in this article. Nobody (us included) dives into this level of detail on everything. It’s not practical or reasonable.

However, when extremely important, very complex, or highly contentious issues arise, these types of tools can be very effective at helping to reduce the bias and emotional noise associated with complicated and emotionally charged issues. Sometimes people who disagree vehemently at the outset will even start agreeing with each other once they both start answering the same questions.

We make no claims that the tools described in this article are “the best,” nor that they are the only way to analyze information for security applications. They aren’t. There are plenty of ways to do it that work well and there are many models and tools that can apply in various environments.

It’s not important that you learn or use the specific methods described above (though you are welcome to do so). What is important is that you both learn and learn to use one or two analysis methods that work.

While conducting detailed analysis of problems is not sexy, high-speed, or exciting, applying a structured process of analysis for difficult and complex issues is a skillset that should be in the toolbox of every serious firearms and tactics instructor.

Subscribe to our Newsletter

Share this post with your friends

"The clearest, simplest, most well-founded psychomotor training program I have seen for developing shooting skills."
-Dr. Bill Lewinski
Executive Director, Force Science Institute
"Easily one of the more important books of our time when it comes to preparing police, military and armed civilians for armed lethal combat."
-Kenneth Murray
Author, Training at the Speed of Life
Co-Founder of Simunition