Video: The Search For the Perfect Door - Deviant Ollam

If there's just one video you watch today, you should watch this one. Deviant Ollam, a physical security penetration tester was at ShakaCon, an information security conference talking about how to pick the perfect door. I won't spoil the video but he covers way more than just doors. It's both insightful and illuminating. Well worth a view.

The Good, The Bad, & The Ugly - The Tale of A Gun Store Robbery

I have A LOT to say about the video below. The video below is of a robbery of a Tampa, Florida gun store, Tampa Arms. The robbers made entry into the establishment by DRIVING A TRUCK THROUGH THE FRONT DOOR. Yeah, an entire pickup truck and made off with approximately FORTY firearms - Glock handguns, shotguns and AR-15 rifles. I heard that, by the way and I totally agree "Damn." The video lasts about five minutes and the quality is rough to say the least.

So, let's get to the good, the bad, and the utterly atrocious.

The Good

1. There was video and it worked. I know. That's not saying an awful lot but...given my professional experience, this is very good. It appears to be a DIY install and the quality (we'll address that later) is well, crap. But it was positioned where it could capture the entirety of the event. It didn't - mostly, because the quality was crap. Did I mention the quality is crap?

The Ugly

1. Did you notice I only had one "good" thing to note?

The Atrocious

1. The quality is HORRIBLE. Holy smokes! Seriously, if you're going to install a camera over an entryway to capture theft, it should either ALWAYS have good lighting or have infrared lighting during hours of limited visibility (like when robberies are more likely to occur).
   
   
   
2. The position of the camera sucks. Like it sucks REALLY, REALLY, REALLY, REALLY, REALLY, REALLY, REALLY bad. When you're doing a DIY install, it is super-duper easy to miss what actual security professionals notice. Stuff like whether a camera is positioned at an angle to capture faces from multiple viewpoints. For example, the camera at the front doorway only caught the suspects' faces as they turned around. Perhaps, there should be a camera actually facing the door unobstructed. A simple test done in complete darkness after the install would have revealed what we now see - this video is useless.
3. NEVER EVER EVER EVER EVER have firearms not locked in a secure container after store hours. Period. There is absolutely ZERO sound reasons why those weapons were out of containers. They need to be locked up. Remember the name of the game isn't just detection - there's delaying attackers as well.
4. TEST YOUR SECURITY SYSTEM REGULARLY. The attackers had a lot of time on this particular robbery. This tells me either the alarm failed or notification was entirely too slow. Business owners should do monthly or quarterly checks with their alarm companies, to determine any issues. You should also have a good working relationship with your local police department. You store guns for crying out loud - the cops who patrol your area should have a working knowledge of your alarms and security measures.
5. Conduct an annual vulnerability assessment. Take a moment once a year to walk through the business and see what vulnerabilities that need to be shored up. Don't think in terms of how you would hit your store. Instead, pay attention to areas that create ways for an attacker to gain access. Then, call a security consultant and have them walk you through what they see. It's also a really good idea to read industry standards pertaining to securing storefronts like yours. Tampa Arms had no excuse to not call a consultant. There's literally one around the corner and also internationally recognized, Stanley Security Solutions.
   
   
   
6. Get a video alarm verification system. Had the alarms gone off, the front door sensors would have went off, surely. The motions may have caught multiple intruders too. Then again, if your installation was crap which it probably was, you may only get one of those sensors to go off. To cut down on false alarm fines (it's a HUGE deal in Tampa and probably why a system may not have been install if it wasn't) and to give responding law enforcement more situational awareness (cops respond a whole lot faster on alarms they know are legit), ask your alarm provider to talk to you about alarm verification. If they rely on you to respond or if they don't offer it, take this small piece of advice - consider a different provider.
7. There were no physical barriers in front of the front entryway. You ever driven by a WalMart? Of course you have - you're American, probably. What's the first thing you notice in the front of most WalMarts? They have bollards by every entryway. Why is this? Take a look at the video below and you'll see why. Call the city, get a permit, dig in the ground, fill some metal pipes with concrete, and plant them in each hole. Problem solved. Also, check out the trees.
   
   
   
       
8. Approximately, FIFTEEN people robbed these guys. Let that marinate. They brought multiple vehicles, had a plan, executed it, and were in uniforms. Yeah, this ain't their first rodeo. They'll hit more places. Forty guns is a great grab but the proceeds don't split that well among fifteen people and not with that much considerable risk. I know the area well where this happened and I know this shop. This was a team that knew their target and prepared for it. We'll see them again.

Terrorism Attribution in the Age of Social Media - The Struggle is Real

Update (11-28-2016 1904): A few reports have emerged from the media stating various talking points derived from the suspect's Facebook timeline, though with little independent confirmation the account indeed belongs to the suspect. He seemed to believe Muslims were mistreated by the West and also disliked it's meddling in Islamic affairs. There were also noted jihadi luminaries quoted throughout. Again, this information has not been corroborated by official law enforcement sources but could speak to motive and ultimately whether this was a terrorist attack. 

Another mass casualty incident has occurred and I engaged the tried and true method of triggering my compulsion to smash my face with my palm by looking at Twitter. Yep, it was that bad. It never ceases to amaze me that no matter how many times I tweet or blog about the painstaking work of attacker attribution, people continually participate in oversimplified and error-prone "analysis". They're often trying to do this without being at the scene, with no prior investigative experience, and in real-time. To say the least, the amount of wrong is significantly higher than actual "I called it", despite what the authors say.

You're probably wondering why I'm so passionate about the inclinations others have toward this kind of "analysis". I believe it speaks volumes about how much we value the arduous work it takes to do the investigations needed to make accurate attribution claims. It's also a HUGE part of the myth that "anyone can do security". Over the years, I have been practically screaming how false that is. What we as professionals do, takes time, significant knowledge, limited resources, and countless hours of practical experience.

Yet, here we are. Today, I have seen tweet after tweet proclaiming the attack was immediately the work of jihadist invaders or lone wolf extremists of some variety. These suppositions have come in the early moments of reporting on the attack. As it developed, we were informed of a suspect, a Somali refuge named Abdul Razak Ali Artan. As of this writing, there are tweets claiming this is conclusive "evidence" of terrorism. The actual cops working the scene haven't made one statement, as far as I know, yet about any determination of motive. But Twitter says otherwise. A population where 99.99% of people with zero to any relevant law enforcement or security experience have done in hours what it will take seasoned and ordained professionals weeks to do. Yeah, it's crap.

So, if not terrorism, then what is it, Mr. "Security Professional"? Glad, you asked. I don't have a clue and neither do you unless you're on the scene actually investigating this incident. I should know. I used to do this thing all the time. Speaking from firsthand experience, I can confirm how easy it is to engage in this hasty sort of "analysis". What I can tell you is that we often make the mistake, as amateurs, of reaching conclusions about violent mass casualty incidents with little to any information. We do this based on what we either know of the attacker or the incident. This happens with minimal confirmation from official sources or reading too much into either first reports from witnesses, police scanner traffic, or what's told in early press conferences and releases. The often-ignored practice of "wait and see" has turned into "Holy crap! Something bad happened. Let me get my initial reaction out into the Twitterverse so my followers can give me reaffirmation for the sake of my ego and incessant desire to be first to comment on all-things tragic."

There are a few ways we can fix this.

1. Stop assuming race, ethnicity, or religion can explain why people commit acts of violence. While these things can play a role in attacks, it's unlikely they can explain every single one. Instead, disregard them initially until other information develops that establishes motive or crime typology (act of terror or just a crazy person).
2.  No one has an exclusive monopoly over non-sanctioned violence. Just because an attacker uses a pipe bomb or even their vehicle doesn't mean the attack is terror-related. Let me put it bluntly - there are no "exclusive" tricks of the trade among bad guys. For example, looking at just the initial information we knew about Christopher Dorner's attacks and his weapons of choice, we could have assumed the attack was probably carried out by militias or other extremists versus an ex-cop with a grudge.
3. It's too easy to get caught in the brutality of an attack and high casualty numbers and assume the attack was terrorism. Don't get caught in the weeds here, folks. Take a deep breath. Examine what we have and nothing else. When bad things happen, we naturally allow fear and our ever-incessant desire for immediate vengeance to cloud our thinking. Attribution is a game of facts and truth not emotion.
4. Attack attribution requires more than just your gut feeling. A great example of this is a scene from Designated Survivor. It's a show about a newly, fired HUD Secretary being the "designated survivor" for a State of the Union address by which most of government  is killed in an explosion. The newly, sworn President, played by Keifer Sutherland, is doing his best to determine who the attackers are. His advisers are pleading with him to name a known group as being responsible. Much of their evidence is based on wild speculation, self-interested political jockeying, and warhawking. The Chairman of the Joint Chiefs asks the president to name this group. The President asks the FBI how sure they are of the identity of the attackers and they respond "75 percent, sir." Sutherland's character declines making the call to name the attackers. When pressed by the Chairman of the Joint Chiefs how much more certainty he needed, the President responds with "Give me 25 percent more." I won't lie. This was by far the best dialogue I've seen in a fictional television show regarding attribution. There are dire consequences when we rely on anything other than empirical data when making attribution calls.
   
   
5. The likely suspects could be people you like and it's not wrong to not rule them out. So much of the attack attribution that occurs on social media is wrought with people trying to make the facts fit their narrative. If a person is overtly political, this is more telling than they're ready to acknowledge. In fact, they often dismiss other possible and probable theories outright. Many times, I've seen the "expert" credentials of various participants in this crazy dialogue come into play. Stop it. Take long deep breaths and remember if you're not on-scene, you know absolutely nothing. 
6. Analysis is not a crystal ball. One of the most often over-played narratives is the intelligence community or law enforcement missed "something". Why? They assume those in these professions have to be right all the time as a part of what they do. It's as if some of us are expected to have superhuman abilities to predict the future accurately. Sometimes, like all things we think we understand, we get things wrong. It sucks when we do but it happens. Stop asking "How could they have missed this?" and start asking "What led them to believe this person posed no discernible danger?"
   
   Every time law enforcement does a threat assessment on supposedly dangerous persons, an interview with the subject is conducted if possible. Given our legal framework and the very imprecise art and science of "reading" people, some actually dangerous people are missed. It happens. Not often but it does. A more poignant avenue to approach is the examination of how law enforcement and security professionals have been inadvertently incentivized to go after "low-hanging fruit" rather than being given sufficient resources to investigate and mitigate these threats.
7. The most important component to any terrorism attribution work is understanding what legally constitutes terrorism. I know the US Code is such a drag but it is the legal framework for which cops use to determine whether something is or is not an act of terror.
   
   Most people assume a car bomb is immediate evidence of a terrorist attack. Yeah, not quite. Other people use bombs to commit murder for a variety of reasons. They were used quite often by the mob and other organized crime networks. Yet, none of these bombers were charged with terrorism. Why? Because their motives were not terror related. Terrorism is one of the few crimes which require motive in the "elements of the offense".
   
   Remember that "legal framework" I mentioned in the US Code? Here it is:
   
   "18 U.S.C. § 2331 defines "international terrorism" and "domestic terrorism" for purposes of Chapter 113B of the U.S. Code, entitled "Terrorism.”
   
   "International terrorism" means activities with the following three characteristics:
1. Involve violent acts or acts dangerous to human life that violate federal or state law;
2. Appear to be intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and
3. Occur primarily outside the territorial jurisdiction of the U.S., or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to intimidate or coerce, or the locale in which their perpetrators operate or seek asylum.*

         "Domestic terrorism" means activities with the following three characteristics:

1. Involve acts dangerous to human life that violate federal or state law;
2. Appear intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination. or kidnapping; and
3. Occur primarily within the territorial jurisdiction of the U.S.          

         18 U.S.C. § 2332b defines the term "federal crime of terrorism" as an offense that:

1. Is calculated to influence or affect the conduct of government by intimidation or coercion, or to retaliate against government conduct; and
2. Is a violation of one of several listed statutes, including § 930(c) (relating to killing or attempted killing during an attack on a federal facility with a dangerous weapon); and § 1114 (relating to killing or attempted killing of officers and employees of the U.S.)."

I don't have all the answers and neither do you. Let's all take a deep breath and allow the cops to do their jobs.

Some Sage Counterintelligence Advice For Political Parties and Their Candidates

NOTE:

I am NOT an intel dude. I have never been an intel dude. I have never been a counterintelligence dude. Never. These are my OPINIONS. 

If the adage that "all politics is war" is true, then this past election could certainly be proof of that. I won't get into specifics about candidates, their positions, or even their actions or culpability. This advice specifically for the Democratic National Committee is nonpartisan and exactly the same counsel I would give the Republican National Committee. In fact, the reason I wrote this post was in response to the DNC leaks/hacks. Also, there will be ZERO discussion about attribution and motives. To me, answering why something happens doesn't always help you mitigate how it happened in the first place. These "rules" apply to anyone who is a target of espionage by any actor, state or otherwise.

You're the active target of an intelligence apparatus. Given the result of this election, we can assume they achieved their objective and will see their success to continue their activities against you. So it is imperative that you and your staff operate as such. Knowing this, let's be clear - these agencies have a great many resources directed at you and will see any and all information as potential actionable intelligence. This means they'll be seeking out any vulnerabilities you have and will exploit them to get that information and will encompass both physical and virtual realms. Ultimately, assume you've been compromised on all of these fronts. For the foreseeable future, your survival in the political arena will be dependent on your acknowledgement of this.

Let's get to what you came here for - the "rules".

Physical Security

1. Assume every room you felt was "secure" is not. This may sound a bit paranoid but we already know the DNC suspected their offices were bugged by an unknown entity and sent a TCSM team in to investigate. Though, no active bugs were found, we know electronic surveillance is an ongoing tool used by intelligence agencies against targets especially political ones. If you haven't already, have a TCSM team inspect every office, bathroom, closet, etc. regularly. When they're done, assume you're still being bugged and be careful when discussing confidential information.
2. Assume your cars, homes, and hotels are also compromised. Yeah, I'm paranoid. I know this. That said, if I were to compromise you, I'd hit the places where most people engage or discuss things that make exploitation possible. These are also places you can't sweep every day for bugs. Don't take work home and don't discuss work at home. Also, assume whatever "dirt" you do in these places is being photographed, videoed, and audibly recorded. I shouldn't have to say this but....STOP DOING "DIRT".
3. You're being followed everywhere. Conduct surveillance detection routes regularly and pay attention to new vehicles in your neighborhood. Talk to your neighbors. Notice vehicles which you can never seem to shake. I have a rule I follow when inspecting vehicles for contraband - anything new and shiny in a sea of filth is not normal. If you're one of those people who use Uber or some other service, think about having the driver drop you off a block or two away from your destination and look to see who gets out when you do.
4. Consider every potential or new "intimate" encounter to possibly be a "catfish" or a honeypot until proven otherwise. Yeah, it sucks to say this but sex is still a proven way to gain secrets and access. I'm not saying you don't have "game" but you should be very suspicious of something that "sounds too good to be true". I'm not telling you to shun relationships but just be wary of new people wanting more access and information than they should have. Also, imagine these contacts suddenly being blared across social media for the world to judge. Foreign Intelligence Services have a long history of exploiting these encounters. 'Nuff said (Note: In case, I didn't make it clear enough - don't be stupid and don't do "dirt").
5. Invest in a good safe that's bolted in the ground, high security door locks, dog, burglar system, and a few nosy neighbors. Same crime prevention advice I give everyone applies in the counterintelligence world. You need early detection and you need it yesterday.
6. Follow the Moscow Rules.
1. Assume nothing.
2. Never go against your gut.
3. Everyone is potentially under opposition control.
4. Do not look back; you are never completely alone.
5. Go with the flow, blend in.
6. Vary your pattern and stay within your cover.
7. Lull them into a sense of complacency.
8. Do not harass the opposition.
9. Pick the time and place for action.
10. Keep your options open.
7.  Adhere to the ever-wise directives of Notorious B.I.G.. Seriously, regardless of how awesome this track is, the truths contained in it are essential to the success of any campaign. Though it's not a literal translation of acceptable ethical rules of conduct, interchange the words to fit a typical political campaign and it's very illuminating. 

Information Security

1. You need a security classification program. The federal government has a security classification program that's been somewhat successful at compartmentalizing information and preventing some data leakage. You don't have to mirror theirs but you should implement something similar. The first step in this process should be the development of a risk management process. Look at what information you could never lose without seriously compromising your objectives, the information you could lose with some compromise of your objectives, and information that is safe for some data leakage or available for public release. This classification should known and enforced organization-wide. Any and all of your policies and procedures to safeguard this information should encompass the physical and virtual realms.
   
   This classification could look something likes this:
   a. Confidential - this could include documents or communication that should never leave the organization.
   
   b. Sensitive - this could include information  that if discovered could have an impact on day-to-ops or the overall reputation of the organization
   
   c. Close Hold - this could include information that is normally only discussed between as few members as possible. This should also be treated as Confidential if it warrants.
   
   d. Publicly Releasable - this is information discussed in the organization that could be disseminated for public release with little to any approval.
   
   Note: All security classifications should be used sparingly and reviewed regularly to mitigate against hyper-vigilance and overclassification.
2. Consider being more transparent and don't be "dirty". The DNC leaks proved in many ways that transparency could be a great mitigation tool. When you're seen as being overly sneaky, people assume you have "dirt" to hide. How you do this is up to you but it cannot be denied the impact transparency can have with preventing further leaks.
   
   Political parties are, by their nature, involved in some "dirt". They're either digging for "dirt" on someone else or trying to hide their own. Perhaps, it would be more prudent to limit these activities to lessen the number of attack platforms that can be used against your organization. Just a thought.
3. Assume you have an informant in your organization. This doesn't mean you have to treat everyone as if they've been compromised. It does mean you should never assume they haven't been. Don't go on an organizational "mole hunt" but you should always be aware of what you say to who you it say it to.
4. Don't trust any outside communication that isn't part of an existing conversation. Move the conversation offline. Have a gatekeeper handle these when possible. The gatekeeper should be the only person who has direct unsolicited access to communications with key personnel. To say the least, the gatekeeper must deploy a mitigation-first mindset.
5. Consider building a "secure" room at your HQ. The Intelligence Community calls them SCIFs. They're rooms in which permanent workstations and secure phones are located and are regularly swept for bugs and access control is very strict. Consider only discussing strategic information here and here only. This aids in figuring out how you've been compromised if this leaks, as well as protecting against inadvertent leaking.
6. Consider ways in which the mundane could be damaging if exposed. For political parties, imagine your entire donor database being leaked. Got any donors who would rather not have their personally identifiable information leaked? How about your call sheets or talking points to donors? Could they be useful for an adversary in figuring out how to counter you? My personal favorite - internal polling. Think the other side or an FIS wouldn't love to know how you're projecting a path to victory? How about areas your constituents feel you're weak in? What if the adversary not only used that information themselves but then leaked it, especially at a moment when you're trying to project strength?
7. Consider a breach a serious incident. Data leakage happens. Some secrets are difficult to contain. Look at the stealth bomber and the Predator drone. Things happen. That said, there should be severe ramifications for even inadvertent leakage of seriously compromising information. Whatever those consequences are for those parties, they should be swift, consistent with existing policy, and indiscriminate. Period.
   

The Week's Hilarious Law Enforcement-Related Tweet

You may have noticed that I'm pretty heavy into sarcasm. While going through Twitter, I came across this gem of hilarity. Enjoy! I did.

🚦"I think I can make this light"
Traffic Cameras : #DriveSafe pic.twitter.com/XThmnmuY8G

— DC Police Department (@DCPoliceDept) November 16, 2016

UPDATE: New FOIA Requests Are Updated!!!

Sooo, I'm kind of back on my Freedom of Information Act "grind". This time, I've grown curious about how Reedy Creek Improvement District aka Disney World interacts with law enforcement. I've heard various reports that most law enforcement-related dispatches are relayed through Florida Highway Patrol and Orange County. I'm less curious about shoplifting dispatches (I'm surely, mostly klepto-tourists seeking crimes of opportunity) and more curious about the more serious incidents that either go reported in the media or that don't.

Here are snippets of the new requests so far:

Title of Request	Agency	Date Submitted
FHP Emergency Dispatches	FHP	11/19/2016
Orange County Emergency Dispatches	Orange County Sheriff’s Office	11/19/2016
Disney LEA Mutual Aid	Reedy Creek Improvement District	11/19/2016

I'll keep you posted should something more concrete develop. The plan is to write a piece on what I find in the FOIA documents to give more a robust picture of Disney's security via publicly available information. If anything, I'm sure there will be a number of interesting data points to be discussed in the replies.

As always, the best place to keep up-to-date on any FOIA requests I do is here or the link above. Also, Muckrock is an AWESOME place to discover not just my requests but other people's as well. If you see anything noteworthy in my requests, please feel free to reach me via the "Contact Me" link above.

Why Murder-By-Semi-Truck Could Be A Thing You Need To Mitigate

I'm not an alarmist. Or at least, I try not to be. Personally, I prefer a rather "Vulcan" approach to many things in security. As the youngsters say, "Logic rules everything around me." Actually, that may not be the "exact" wording but you get the drift. That said, I do have a fair amount of "Holy sh*t!" moments. While reading Rumiyah #3 (An English-language e-magazine for ISIL) and coming up on their murder-by-semi-truck tutorial, I tried to suppress having such a moment. I succeeded, mostly because I realize the tutorial was somewhat incomplete from a tactical perspective. That's not to say the message isn't effective or wouldn't possibly motivate ISIL members to strike. I see its inclusion as both for propaganda and potential triggering for an upcoming attack.

Oh, you read that whole "murder-by-semi-truck" bit correctly. Here's what they actually said - "Though being an essential part of modern life, very few actually comprehend the deadly and destructive capability of the motor vehicle and its capacity of reaping large numbers of casualties if used in a premeditated manner. This was superbly demonstrated in the attack launched by the brother Mohamed Lahouaiej-Bouhlel who, while traveling at the speed of approximately 90 kilometers per hour, plowed his 19-ton load-bearing truck into crowds celebrating Bastille Day in Nice, France, harvesting through his attack the slaughter of 86 Crusader citizens and injuring 434 more."

There's a lot we, as security professionals, can glean from this. Have no worries, I won't be divulging "state secrets" or imparting tactical clues. There are merely my observations. Take them for what they're worth, as your mileage could very well vary.

1. Large vehicles are vogue for jihadis still. In fact, one of the key criteria they attribute for an "ideal vehicle is a "load-bearing truck". Even though, speed and "controllability" are also highly desirable, they suggest operators steer clear of SUV's and small cars. Obviously, they're looking for something that can handle a lot of weight.
2. The Nice attack is seen as successful. Notice the vehicle should have "double-wheels" because it gives "victims less of a chance to escape being crushed by the vehicle's tires". Also, I noticed the inclusion of having a secondary weapon as a means of ensuring additional casualties and "increasing terror". Pretty telling.
3. Crowd mitigation is really freaking important, stupid. Look, folks. I know I harp on this a lot. I get it. I do. But they pretty much say it - "In general, one should consider any outdoor attraction that draws large crowds." Notice the bit about crowds.
   

   

   Image include in Rumiyah #3. Notice the large crowd. Just saying.

4. Attribution is really freaking important, stupid. The last few ISIL-related attacks (either by the group or attributed by them) have included language using the phrase "soldier of the Islamic State". Almost every attack committed by a Western-based attacker who hasn't gone to Syria, ISIL has claimed responsibility using this phrase. So no surprise here when you see it in Rumiyah #3 - "I am a soldier of the Islamic Sate!" Why do they do this? To sum it up - they're a holy anointed apocalyptic cult whose proximity to Allah can only determined by their ability to seemingly kill at will. If that's not clear enough, they do it for street cred. You gotta have bodies to make it in the terror game, folks.
5. Large crowd size does not always equate to certain specific targets. Located in the fine print was this gem - "All so-called “civilian” (and low-security) parades and gatherings are fair game and more devastating to Crusader nations." If you're a security professional who has to mitigate threats to a parade route but you're not in New York, you may assume you're in the clear. Yeah, you're dead wrong about that. It's about the casualty count. If your parade route could have a large number of people along it with limited egress points and insecure access control to the street, you could be in the same boat, if not worse than New York. As I always say - it's not a matter of IF but WHEN. Mark my words. Be vigilant.
6. It's not just about parades, stupid. What other "targets" are they looking at? Glad you asked. ISIL says "Outdoor markets, festivals, parades, political rallies (We got any of these coming up soon? Asking for a friend.), large outdoor conventions and celebrations (Got any tree-lighting ceremonies?), and pedestrian-congested streets (High/Main streets)" are all legit targets. Yep. Here comes your "Oh sh*t" moment. Stop it. Relax. Now, go mitigate.
7. Fail to take this kind of attack seriously, at your peril. Let me put it bluntly. Nope, let me just leave what they said here - "The method of such an attack is that a vehicle is plunged at a high speed into a large congregation of kuffar, smashing their bodies with the vehicle’s strong outer frame, while advancing forward – crushing their heads, torsos, and limbs under the vehicle’s wheels and chassis – and leaving behind a trail of carnage."

Vehicle Assaults in Terrorist Attacks
Create bar charts

Product Review: Sighthound

One of the first topic areas that caught my eye was video analytics. As a video surveillance monitor for a lot of my career in physical security, I felt I had a good grasp on why most surveillance systems fail to detect bad guys as much as they should. If you're a physical security professional, you know where that weak link is as well - the monitors. Yup. It took me less than six months looking at video screens most of my day to understand most irregular events fail to go noticed or are properly assessed. This happens for a variety of reasons:

• Monitor fatigue. This happens when a monitor stares at a screen for too long and either falls asleep or becomes easily distracted. We're humans and no one likes gazing at an empty parking lot for hours on end. So, the mind begins to wonder and bad things can happen. If you'd like to learn more about monitor fatigue, this is a great resource. - https://en.wikipedia.org/wiki/Alarm_fatigue (I know it's Wikipedia but as a primer, it's not too shabby)
• Monitors are expected to recognize irregular events in a huge ocean of regular benign events. That parking lot I mentioned before could have 400 cars in it and thousands of people coming and going. If mixed in with benign events, irregular events can appear to be okay and fit with the norm. This explains why some folks can get robbed right in front of a camera and no one notice.
• There are too many "rules" to remember and act upon on too many feeds for a single monitor. Sometimes, with human monitors, too much video is just as bad as driving into someone else's headlights.

Where else are all these problems more demonstrative than in a home security environment? I have friends who have 6 or more cameras on a home and they call themselves "monitoring" those feeds constantly. No, you're not. What I find most often is the direct opposite - they're monitoring one or two cameras, maybe. The others go either unwatched or constantly recording over each other. So what's the solution to ensure all the feeds are being monitored and reporting and recording events as they occur?

Sighthound is a software application that acts as a monitoring platform with an embedded analytics package. You can not only monitor your feeds from various cameras but you can also have those feeds report only when "rules" are broken which include:

• A person entering a zone.
• Someone leaving a zone.
• Motion inside a zone.

The feeds can be viewed remotely. You have to pay for that feature, though, there is a trial version which includes this for 14 days. Given recent issues with Internet of Things being exploited for DDOS attacks, I highly recommend changing whatever default passwords that are on your cameras, ensuring the firewall on your router is working, and updating the firmware on the device. If you can run a scan to see what ports are open on your machine using the scanner at https://iotscanner.bullguard.com and close them, if possible. Also, check out routing the camera through a DNS provider like DynDNS.

I digress. While you can have the software email you or send a notification to the smartphone app, you can also have it do a myriad of options through IFTTT. The possibilities are almost endless from there. Oh and perhaps the most creative option and one I particularly like is the ability to execute a command should an event be triggered. For example, you could set it to send you a snapshot of the event and then shutdown your computer. Why is that cool? If your PC is full-disk encrypted, then you have just ensured a key mitigation piece is activated. You also have a picture or video of the event and can determine if you need to respond further.

What I like most about Sighthound is how quickly it responds to events. Almost 5 or 10 seconds after an event, I received a notification of the event and was able to view a snapshot. That's pretty cool when you consider how costly an enterprise system can be offering the same service.

There are some things I'd like to see it offer in the future:

• Security options. I'd like to password protect my remote feeds. This maybe here already and I just missed it. If so, I feel like this is kind of an understated feature.
• More event triggers. It covers the basics but I'd like to see triggers for things noise detection with those cameras that offer audio in their feeds.
• Possibly some interoperability with other devices. I'd love it if it could network with other sensors through the home and capture those events as well. Some proprietary device systems already do this but I'd like to see something that would allow me to work with events involving a smoke detector and my camera.

Overall, I THOROUGHLY love Sighthound. It has tremendous potential and is extremely affordable. I hope this is a new movement within the home security surveillance sector. I'd like to see less machines that can't or won't cooperate with other devices to successfully mitigate potentially dangerous events. It isn't perfect but I find it is certainly a great step in that direction.

As of now, I haven't reached out to the Sighthound team for an interview. I will soon, though. I'd love to hear what more they have to offer.

If you know of any other physical security applications or devices you'd like me to review, contact me via the "Contact Me" link above.

How To Get Your Family Interested in Security

A question I get asked sometimes is "How do I get my family interested in security?" The question, surprisingly enough, comes from security professionals who are passionate about what they do but find that their families either don't share their affinity for our trade or are rather lackadaisical about upholding mitigation techniques. Come on. Don't kid yourself. Your family could probably care less about security too. Your spouse probably says "That's why I have you, Mr./Mrs. Security Dude. That's your job." Yeah, I roll my eyes too.

As I stated in my previous podcast, you could pay $10,000 for the world's greatest door lock and have your entire mitigation ruined by a spouse or absent-minded child who forget to lock the door. It happens more than we like to admit. I also surmise it's why some of us are so passionate about security awareness training at work. Given that we view them sometimes as the "weak" link, let's look at how we can get them better at not just maintaining mitigation but also becoming independent security stakeholders.

1. Chill out and recognize who you're working with. You don't get to always hire friends and family. So, we're stuck with people who wouldn't know the difference between a padlock and deadbolt at times. And....why should they? "That's what you're here for" is a phrase I've heard countless times. Recognize the role you've taken as the security person of the house and how that has enabled them.
2. Don't scare them. We know things about the world in which we live that our families should never be exposed to. It's kind of why we do what we do, right? But ignorance isn't always bliss. In sales, I learned a term called "finding pain". It's a term used to describe learning what someone's personal security nightmare is and then exploiting that to get them to buy a proudct you sell to alleviate that "pain". Sounds pretty awful, huh? But it works. Do the same with your family. Ssssssssssllllllllllooooooowwwwwwwllllllllyyyyyy. This is where you explain to them how they could lose things they care about very easily if mitigation isn't there to stop the bad guy or at least aid in getting their valuables back or replaced. I have found explaining value and risk in its most basic and pure form has been very helpful with getting children on early as stakeholders. It takes a lot of time and patience but it is well worth it.
3. Invite them along to do a risk survey of the home. This sounds like something a bit too intense for your home but it's really not and rather easy to do.
• Give each person an area they're responsible for like their rooms or designated work/play areas.
• Have them inventory all of the items in that area they place value on. Tell them to ignore easily disposable items and clothes (absent something truly expensive).
• Also have them include photos of the most expensive items and to include any serial numbers if possible in the inventory.
• Give them value parameters. I make mine rather simple - irreplaceable, replaceable but painful to lose (cost too much or would take forever to get back), replaceable with very little to any pain. For smaller children, this could be a challenge so I encourage you to explain this a bit more in-depth and accompany them throughout the process.
4. Do your vulnerability assessments with them. We've identified things of value and the amount of pain it would create getting them back if it were possible. Now, have them look at all of the ways someone or something could make that risk a reality. For kids, you're going to have be patient and listen to every "ninja scenario". With boys, you'll hear this threat profile thrown around a lot. Get used to it. Explain the difference between a likely exploitable vulnerability and one's that will probably always remain vulnerabilities (Bad guys cutting a hole in your roof). Get out a map or overlay and have them articulate the vulnerability.
5. Address threats. Be sure to caution them to stay away from "thinking like a wolf" mentality. Most often, your family is a mix of really good people. So have them look at likely threats instead. With smaller kids, explain that because it's "likely" doesn't make it real. A bad guy could walk down the street and decide to randomly steal your kid - that doesn't mean every stranger is the bad guy. Explain that because we don't know every person who could be down the street means we can't exclude all of them as potential bad actors for certain crimes. This is also a good time to explain that most violent crimes occur when victims already know their attackers. If we know all good people, then we can reasonably say our probability of meeting harmful attackers is minimal. Crimes of opportunity can be more difficult to simply dismiss because the likelihood exists that you could be a victim of a stranger. Thus we have to mitigate that threat, as well. Discuss any sort of special security issues you face (i.e. any jilted lovers, enemies from prior jobs, stalkers, etc.). 
6. Buy door and window alarms from the Dollar Store and have them work through a variety of home security projects. My absolute favorite activity to do with children is building "booby-traps" with these Dollar Store gadgets. I have them take a map and examine their likely avenues of approach, chokepoints, and areas of final denial. Then, I talk about how the gadgets serve one purpose only - detection. Afterwards, we mark where the gadgets are on the map. Finally, it's time to deploy them. An old trick I learned was fishing line attached to magnet on the "alarm" and securing the sensor/annunciator to the object it's resting on. When the bad guy trips the wire that's wrapped around another object and attached on the other end to magnet, it will then yank the magnet from the sensor it's resting on and sound the alarm. Trust me. Kids love this activity.
7. Go over "secret" codes and how the alarm system at your home works. Sounds pretty basic but you'd be surprised how easy it is to get them on-board by having them understand how the control panel works. Maybe, you don't share the activation code but you can show them how to work the duress code and how to call for help. I like the idea of a "secret" code that's for everyone in the family only, as a way of building into the family a living duress code system for everyday use.
8. Next, go over contingency plans. Where do we go? What do we do? Who do we call? What are our "actions on contact"? Again, we're not making everyone in the house Jason Bourne but are making everyone in the house prepared for other events than just a house fire. Having a plan and even rehearsing that plan are absolutely key to having a comprehensive home security program.
9. Address access control. Growing up in my house, my mother would call this "Don't you let anyone in my house I didn't invite". Yeah, it was that serious. It's almost as if she was grooming me for this trade. Explain the rules for allowing people into the home. BE VERY FIRM HERE, ESPECIALLY WITH SMALL CHILDREN (WHO SHOULDN'T BE ANSWERING THE DOOR ANYWAYS).
10. Teach them situational awareness. This can be very challenging for some members of the family. Be patient and make it fun. I like to start with memory games by asking questions like "What was the color of the car outside as we pulled up?" or "What kind of hat did the guy walking down the street have on?" Do this enough times and you'll be in amazement with how fast they catch on.

Your experiences with this will certainly vary. I've had a lot luck here but I would be seriously remiss, if I didn't disclose that it's been challenging. The key is patience. Take your time. Understand the lay of the land. Most importantly, make this about us rather than about something you do.

Let me know if you have any ideas of your own.

How to Pick A Legit Professional Security Certification aka How Not To Get Scammed In Ten Easy Steps!!

One of the cornerstones of any successful career is training. It's no different in security. Whether you're at a seminar or enrolled in a course, you're doing so because you want to move forward professionally. What better way to demonstrate you're prepared for the "next step" than to take a course or two and learn a new skill? Yeah, it often sounds cooler than it is. What's even worse, in my opinion, is that for many of us the price of pursuing professional development ain't cheap.

I love the American Society for Industrial Security International (ASIS). It is awesome for all-things professional development in security. It has networking, great conferences, expos, a reference library, and its own bookstore. ASIS is also host to some of the most sought-after professional certifications around the world for security. There's one catch - it's pricey. It'll run you about $400 dollars including annual dues to pursue their Physical Security Professional (PSP) certification. It's recognized even by the United States government in the SAFE Act and also has ANSI/ISO 17024 Personnel Accreditation.

ASIS isn't the only horse in the stable offering professional certifications in security. My only problem is almost none of them require the breadth of knowledge, professional recommendations, and experience levels ASIS requires. Many are purely paper-mills.

There is a professional certification body that has a horrific reputation in our industry. I've heard from numerous of their certificate holders all that was needed for their certification was a check and they received a lapel pin, t-shirt, a CD with reference materials which were mostly outdated, and a diploma. In fact, if you go to their site and attempt to pull up their "sample" certification test, you get a 404 error code. There have been a number of articles written on the founder as well.

Getting a professional certification or even getting good training from reputable people can be difficult. My advice?

1. Ask around on security, tactical, or law enforcement forums. There are lots of forums on the Internet that cover these schools and certifications. You're not the only person who wants to grow professionally. Be careful - look for guys who have a solid reputation in the group. My favorite sources are the folks who don't have to tell you what they do every post but you have an idea.
2. Find a mentor to ask. Seriously, if you don't have a mentor in security, you're doing your career all-kinds of wrong. Get a mentor and ask about training and certifications.
3. Search LinkedIn. I know. I know. LinkedIn can be seen as the worst place to network. I get that which I said "search". That's right - look at the qualifications of folks who are where you want to be professionally and see what certifications they have. See if the certification passes your "sniff test". Basically, if it seems legitimate and checks out with other reputable sources, then it might just be okay. Be careful - even "legit" folks fall for the trap of easy paper-mill certifications.
4. Investigate who recognizes certain certifications. The easiest way to spot a fake certification is to which, if any government bodies formally recognizes them. By "formally", I mean look for statutory and regulatory citations of the certifications. If they won't recognize it on "official letterhead", then already have a good idea it may be something you don't need or want. 
5. Check to see if a certification is needed for jobs similar to a job you're wanting but on another employer's site. It sounds shadier than it sounds. Okay, it does sound a bit shady but let me explain. We're not looking for a new job - yet. We're looking to see if other employers require a certification for that position. For example, the other day I saw a job listing for a job I would give my left arm and my dog's favorite bowl for. Yes, it was that serious. That job listing had a certification I had never heard of and certainly not one I had seen on other listings. I scour the Internet and sure enough, it's really cool and legitimate certification. Psssst. If anyone knows a guy who knows a guy who can get me to a Lenel certification, I'd greatly appreciate it.
6. Check the price tag. I hate to tell you this but security training and certification ain't cheap. Personally, I have spent well over a few thousand dollars of my own money to get certifications and training. These certifications and training have given me a "leg up" on the competition in some ways and have afforded me new skills but they did not come cheap. Most of the legitimate stuff that is out there is expensive. If you can't get your employer to pay for it (because they're either too cheap or you're not employed), then I suggest saving up and paying later. Trust me. If it's cheap and supposed to be amazingly career-enhancing, chances are it's probably not one of those things.
7. Read and research the testimonials. A lot of places brag about having "security directors" and "officials" but often, this is just pure fluff. Wait. I misspoke - it's just a flat-out lie. I suggest you read the testimonials. I'm not saying some certification bodies don't have management and executives getting their certifications. There are some who definitely are not honest, though. Find out more about the people who laud the body - who they are professionally, do they actually exist, and whether they have a bias. You shouldn't base your decision on testimonials but they can be a key component in the process.
8. Check the reference materials needed for the course. I love any certification that requires industry-standard texts (ahem, ASIS....That's why I love how you certify). I also like certifications that have online instruction materials as well. Most paper-mills will furnish you with a text and have you take it open-book. Nope. Kind of a red flag for me.
9. Avoid open-book certifications. Not all open-book certifications are bad. Most are very cool. This was my preferred method of certification in the military. That said, I'm a grown-up now and employers like something that forces you to study and come away with industry-standard competence in both skill and comprehension. In other words, an open-book exam doesn't "teach" you anything.
10. Any respectable training or certification vets its students. Any program that doesn't ask you any questions beyond your credit card is probably not the kind of place you want a certification from. ASIS has you submit references for the PSP exam and sign a "blood oath". Just kidding, ASIS. No, just the references. I know if I was going to certify a person on a skill-set that could get people killed if not applied properly, I'd want them screened beforehand so I'd know if they could handle that responsibility. Pain in the butt for us going for the certification? No doubt. Make you feel like you belong to an elite group of professionals? No doubt.

Here are some legit certification and training bodies in security (PLEASE, NOTE THIS LIST ISN'T ALL-INCLUSIVE. I PROBABLY LEFT OUT YOUR FAVORITE TRAINING OR CERTIFICATION. BREATHE DEEP AND CHILL OUT):

• International Foundation for Protection Officers
• American Society for Industrial Security International
• International Information System Security Certification Consortium 
• American Society of Civil Engineers
• National Tactical Officers Association
• National Rifle Association
• Federal Emergency Management Agency
• Federal and State Law Enforcement academies
• Private tactical operations schools
• Government Training Institute
• Tactical Energetic Entry Systems
• Executive Protection Institute
• Executive Security Institute (it's been around for ages - I was once a student)
• Law Enforcement Learning
• TEEX

There are other thoughts I'm sure on this. The simple truth is getting certified is no easy task and if it were easy, you wouldn't like it very much.

OPINION: The Ten Things We Can Expect To Happen In Security For the Next Four Years

So....the election is finally over!!! There's a lot to be said about the politics of this election and what that means for insert-the-name-of-your-special-interest-group. Have no worries - I'm not going there. In the vein of "staying in my lane", I'd like to discuss what the next four years will look like for those of us in security.

1. Expect more protests. Seriously, nothing with respect to protesters and how they feel about a litany of political issues will change except they'll find more reasons to protest. There is little that can be done about it. Accept it. Monitor it. Hope to mitigate it. Move on.
2. Expect ISIL to show up more. Given the aggressive nature of how the next administration plans to engage ISIL, there will inevitably be more attacks either from the group or its sympathizers and ad-hoc members aka lone wolves in retaliation. Expect more attacks against soft targets during periods of high crowd frequencies or surges like major U.S. holidays. Why? Simply put: ISIL and most jihadi organizations are holy anointed apocalyptic cults who are actively trying to bring on the apocalypse and any conflict with the "West" is objective towards that goal.
3. Expect violence against minorities. The new administration has found its campaign rhetoric resonates with people who share ideologies that encourage violence against minorities. Not saying that message came directly from their campaign; just that the rhetoric resonates. How much more violence is unknown at this time. Seriously, it's been a few days since the election and while we've had a number of attacks reported, it's still much too early to see how far this develops as a long-term trend. That said, be very freaking vigilant.
4. Cyber security could get really interesting really fast. There could be more cyber attacks against this administration and groups who contract with them. Also, we could also see counter-attacks from groups who sympathize with the administration. Has there been any indication of this happening? I haven't seen anything yet but we should know soon enough. If public outcry continues, then we can expect potential cyber attacks in response or in tandem.
5. Border security could spawn a growth in physical security. The wall that is being discussed and presumably implemented will require an immense amount of physical security to augment surveillance and protect the wall. How many cameras and sensors will need to be installed? Who gets that contract? What about construction security? What about the wall itself? Lots of things to be hammered out but I expect some growth in the physical security sector if the wall comes to fruition.
6. More stringent controls on immigration and background checks needed for visas. This was a central part of the campaign and cannot be ignored. I suspect the new administration will rely on the hearings that have been held in Congress previously on visas and travel documents, as a guide. My suspicion is that not much will change for those who immigrate from countries we already share travel document information with. Much stricter guidance will come about for countries which have a history of poor identification documentation controls and who have poor passport security.
7. Police officers will continue to die in the line of duty. I mention this because there seems to be some mythology that exists which says tougher penalties on cop-killers means more deterrence. Time and time again, we've found that not to be the case. Yet, this is also a theme with the current administration. I do not argue that tougher sentencing is warranted for any murder; I do have issues when we infer a harsher penalty will bring a greater reduction than focusing on what drives the crime to begin with. Fix what drives people to kill and you will see long-term results in dramatically reducing the number of line-of-duty-deaths for cops.
8. Crowd mitigation will become a bigger issue than is being discussed in the security industry. If you've heard me speak on this topic before, I apologize but this needs to be said. We're not doing enough to mitigate crowd surges which serve as target-rich environments for bad guys. Unless the new administration hires national security people who understand the importance of mitigating this issue, my fear is this will continue to be exploited in a significant way.
9. Gun control and marijuana will continue to be big-ticket issues. Weed is legal in more states than before which means many of these states will be looking to Colorado and others to determine what should be their guidelines for security. I suggest if you live in a new weed state, brush up on this stuff. There's a big opportunity for growth.
   
   Active shooters will continue to murder people. Fixing this in the short-term is never going to happen. Again, expect this trend to continue until we discuss what drives it. Thus, gun control will grow as a hot-button political issue.
10. Criminal justice reform is not going to happen. The new administration has stated one of its primary objectives is the restoration of the rule of law and has taken on a very pro-law enforcement stance. Expect little in the way of discussing reducing or eliminating mandatory sentencing. It could happen but not for the next two years.

So that's how I see the next few years. It's not an entirely optimistic view but I believe it to be an honest view of what we can expect. I'm not going to take a pro or con position on the administration here but I would like my readers to begin the process of determining how they plan to mitigate some of these things. No matter who is president we have a profession that demands we place public safety above our political leanings. Let's do what we can to achieve just that - public safety. Perhaps, when we do this, rather than embrace fear and anger, the American people will embrace hope again.

Update: New Podcast Episode Is Up!!

Welp, as you may have noticed, activity here has spiked. Don't be fooled. I'm still very busy with work and family. But I do have some spare time every now and then. Today's latest podcast episode is a result of that. It's well worth a listen, as it's a rarely if ever discussed topic. Enjoy!

Episode 05 - Risk Management and Home Security
In this episode, I cover the missing link to traditional home security advice - the risk management process. After a year or longer absence from blogging and podcast, I'm back to go over the three major components of the risk management process and how to conduct them.

By the way, this month I have a free Kindle book giveaway. Give it a go at https://giveaway.amazon.com/p/2b809221600b8ab2#ln-pl. Contest ends on November 17, 2016!!

New Feature!!

So I'm adding a few new features to the blog. If you look up, you'll see I've changed the menu bar a bit. We've added page exclusively for my FOIA requests. Why? Well, if you've been a long-time reader, you'll remember I do a lot of Freedom of Information Act requests on security-related topics. Many of you have asked if I would add a feature or link to my requests. There you have it, right above the title of this post. Not good enough for you? Click here, you lazy sap. Go ahead and do it, even if it would be way cooler if you didn't and just clicked the space in the menu bar I made just for this very reason. No? Your loss.

Okay, let me fill you in on one of the requests I'm doing. Currently, I've been waiting for almost six months for the State Department to get off its rear and deliver on a request for all correspondence on false passports. I figure this could be an interesting find, especially given the topics relevance to many things covered in the media for the last year or longer. The request was completed but the records I requested haven't been released yet. I'm in a bit of a "holding pattern".

I have some other requests I'll be doing. If you have any suggestions or ideas, drop me a note in the "contact me" box.

My Guide To Understanding What Constitutes A Solid Source Of Information

Well, I think we can all agree this election needs to be over yesterday. The deluge of crazy we've witnessed has been extraordinary. It seems like everywhere you look there's a post or an article containing what should be valuable information and have very little to any. The endless cycle of crazy reactions and hysteria that happens with every new "update" has eroded what little credibility many of us in security who depend on this information have in sources. There are good sources, though, still out there.

I have created the following guidelines to sort through the chaff. This list is not just for political news, even though seemingly everything has become political.

1. If it hasn't been reported in the news yet but some insert-the-name-of-a-group-you-identify-with's page has the "scoop", Google the keywords in the story. Also, for goodness sake, check Snopes.com. Most of the time, most of the "stories" I see on social media are debunked first by Snopes. Some have been debunked for years.
2. Not every site with the words "news" or "breaking" is actually a news site. Treat these sources as GARBAGE.
3. Any site that is run by people who share your exact worldview is also GARBAGE and so are its "sources".
4. Any stats in a meme are also GARBAGE if they don't give a source.
5. Most people on social media have ZERO clue how to sort and analyze stats. If your buddy is giving his arguments on stats with mostly his opinions, he's probably full of sh*t.
6. Life is full of gray. Not everyone is evil who shares ideas that are different than our own. Be careful of sources who want to inject their own morality in what's supposed to be an objective account of a story.
7. Be careful of "triggers". These include images or words used in connection with an often poorly sourced and highly-opinionated piece that are often irrelevant to the piece but there to gain your reaction.
8. It's often full of "damning evidence" discovered in just days to tell a story of a conspiracy that's been happening for decades.
9. The site or publisher have a SIGNIFICANT interest in the story being told the way it is by them. Often, for their own profit and gain. Treat these as garbage too.
10. Treat any source that can't be named or won't name other sources to corroborate its information as potentially garbage too.

I use something a bit different for shootings, bombings, and other "breaking" security-related news.

1. Never trust first reports. Trust me when I tell you that eyewitnesses sometimes have terrible memories. I have seen shootings which witnesses report what they believe to be multiple gunshots resembling machine guns to be resolved to a single to a few shots from one shooter. Eyewitnesses can and do distort shooter identifications. Active shooters often have multiple first responders on-scene and some are in plain clothes carrying guns. Imagine being frightened and knowing a shooter is out there and you come across from the distance an armed man scanning for targets. You can't see a badge or uniform so you naturally assume that person is a probable shooter.
2. Scanners are great but most civilians have little to any clue what they're listening for. 10-codes are department-dependent. Suspect descriptions are often given with little verification (they need to be transmitted quickly so the bad guy can be neutralized). Scenes described by first responders can also be subject to perception - a description heard over the radio of "blood everywhere" means something different for new rookies versus veteran officers.
3. ANY loud noise will surely be described as on-going gunfire.
4. EVERYONE has a political agenda except for responding cops and victims. Seriously, refer back to previous guidelines about sources and who you can trust. Hint: no one you like.
5. If your source touts an immediate conspiracy afoot that would benefit them politically, you should ALWAYS ignore them.
6. Anyone trying to be "first"to report will almost always give you bad information. Real pros take their time and vet their sources.
7. Video is great but it doesn't always tell the complete story. Most video of an event will often be edited and cropped to show what the publisher believes is relevant for his/her audience. In other words, they may have little clue what they're looking at but are deciding for you what you should see. That's crap. I want all of the video or none of it.
8. With bombings, "experts" will often claim sophistication in order to claim an actor they believe did the act without actually having evidence they did do it. "Sophistication" is a term used to describe an assortment of things about a device. If an "expert" won't describe what that constitutes in comparison to other bombings of similar ilk, I tend not to trust that analysis. In my limited experience, "sophistication" is often attributed to big name groups to events that have high casualties. I find that the likelier explanation is much better. A simpler device placed at the right time and place with enough targets does as much damage if not more than one "experts" claim is "sophisticated".
9. Don't trust "experts" who have commentary than actual facts. I'll happily take analysis from a guy with bad facts than from a guy who has no facts but thinks he's right all the time.
10. Bad acts are not exclusive to any one group. There are a lot of bad things that happen in our small world to a lot of people. Just because a cop gets shot by someone doesn't mean that someone is of a certain race or belongs to a certain group. Watch out for the agendas of your sources here.
11. Terrorism is a fairly simple thing with a very simple description. Use it before you belittle or demean an entire group for acts that aren't terrorism. Simply saying things we don't like or even disgust us doesn't make them terrorists. Sure, it makes them jerks but it doesn't make them the ultimate jerk.
    
    Here's how the FBI defines it:
    
    "the unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.”
12. Trust anyone who thinks "we should wait this out and see where this leads". These guys are probably pros and make a living being right a lot about these things.

That's it for now. I hope this helps you out.