Left of Bang: Why Your Workplace Violence Prevention Program Is Already Too Late

[00:00] Speaker A: Imagine walking into your corporate headquarters tomorrow morning, right? [00:04] Speaker B: Just a standard Tuesday. [00:05] Speaker A: Exactly. You swipe your RFID badge at the turnstile, you hear that familiar beep, and you nod to the security guard at the desk. You get on the elevator, head up to your floor, and you know. As you walk into the break room to grab a coffee, you pass a brightly colored poster pinned right next to the OSHA compliance sheets. [00:23] Speaker B: Let me guess, it says Run, Hide, Fight. [00:27] Speaker A: That's the one. And you check your phone, knowing your company just invested heavily in a brand new mass notification app that will ping you if there is an emergency. [00:36] Speaker B: So you look around and you feel secure. [00:39] Speaker A: You do. The perimeter's protected. The protocols are in place. But what if I told you that every single piece of that multi-million-dollar infrastructure you just walked past is functionally useless for preventing a tragedy? [00:51] Speaker B: Well, what if all of that technology, all those protocols, and all that budget are actually just a very expensive airbag? [00:57] Speaker A: That is the exact delusion operating at the heart of most enterprise security models today. And that's what we're digging into for this Deep Dive. [01:05] Speaker B: Right, because organizations build these massive response mechanisms and convince themselves they have built a prevention program. But an airbag only deploys when the metal is already bending. [01:16] Speaker A: By the time it activates, the collision is actively happening. [01:18] Speaker B: Exactly. And that is what we are dismantling today. We are pulling from an incredibly grounded, tactical piece of source material. It's an exclusive article by Mickey Middaugh, the founder of Grey Matter Ops, titled — [01:31] Speaker A: "Why Most Workplace Violence Prevention Starts Too Late." And look, this requires a specific mindset from you, the listener. [01:40] Speaker B: Yeah. If you are tuning into this Deep Dive, you are not looking for theoretical fluff. You operate in what we call Left of Bang. [01:47] Speaker A: Right. And for anyone newer to that specific terminology, it actually originates from the Marine Corps Combat Hunter program. The bang is the critical incident — [01:56] Speaker B: The moment the IED goes off. Or in our corporate context, the moment the act of violence begins. [02:01] Speaker A: And everything that happens after the bang — so on the right side of the timeline — is purely damage control. It's trauma medicine, it's police response, it's crisis PR. [02:09] Speaker B: But everything that happens before the bang, on the left side of the timeline, is where you actually have agency. That is where you have the power to change the outcome, provided you know what to look for. [02:19] Speaker A: That is the essence of the Red Dot Mindset. It is the core philosophy that awareness is armor, and that preparation rather than panic is the true mark of a protector. [02:31] Speaker B: So we are going to deconstruct Middaugh's framework for recognizing and intercepting threats before they ever materialize. But before we get into the architecture of how these corporate systems fail so spectacularly, we really have to establish the exact scope of the threat profile we are analyzing. [02:48] Speaker A: Yes, because workplace violence is a massive umbrella term. Treating all violence as if it stems from the same root cause is exactly how organizations build failed policies. [02:57] Speaker B: So to be unequivocally clear, our focus today is strictly on targeted workplace violence. [03:02] Speaker A: We are talking about the insider threat — the employee, the former employee, or the vetted contractor who develops a specific grievance and methodically walks a chronological pathway toward a violent resolution. [03:14] Speaker B: We are explicitly excluding things like a spontaneous robbery at a late-night retail store. We are excluding random customer-on-employee violence. [03:24] Speaker A: Right. Like a frustrated patient assaulting a triage nurse in an ER, or someone throwing a drink at a barista. [03:29] Speaker B: And we are also entirely excluding domestic violence spillover, where an abusive partner brings outside violence into the victim's workplace. [03:37] Speaker A: While those are massive, critical issues that require robust security models, they just don't follow the specific behavioral escalation pathway we are analyzing today. [03:47] Speaker B: No, they don't. Targeted insider violence follows a very detectable pattern: grievance, fixation, leakage, planning, and escalation. [03:56] Speaker A: So let's dig right into Middaugh's central argument, because he comes out swinging against billions of dollars in corporate security spending. The core thesis is that response is not prevention. [04:07] Speaker B: We mentioned the airbag analogy earlier. I mean, if you are driving down the highway, an airbag is critical. You would be foolish to drive a vehicle without one. [04:14] Speaker A: But calling it a collision prevention system is absurd. It does not stop the crash. [04:18] Speaker B: Yet corporate leaders consistently point to their mass notification systems, their lockdown drills, and their staged trauma kits and call it their prevention strategy. [04:29] Speaker A: When an organization does that, they are making a fundamental error in timeline mapping. [04:34] Speaker B: They really are. By the time your automated software sends out an active shooter text alert, or your employees are executing a Run, Hide, Fight protocol under their desks, the adversary has already completed their entire decision cycle. [04:46] Speaker A: They have already chosen the time, the location, the target, and the method. [04:51] Speaker B: Right. Your prevention window did not just close — it slammed shut and locked weeks or months ago. You are now entirely at the mercy of your response protocols. [05:00] Speaker A: I can hear the pushback from executives, though. I mean, I've had these conversations. A CEO will say, look, I understand we are building response mechanisms, but we have to. [05:09] Speaker B: Because these attackers just snap, right? [05:11] Speaker A: Exactly. They say one day they are fine, and the next day they come in with a weapon. They argue we can't predict human behavior, so our only logical play is to build faster response times. [05:21] Speaker B: That snap narrative is so pervasive, it is literally the plot of every movie. But the actual data entirely dismantles it. [05:29] Speaker A: It absolutely guts it. And this is not anecdotal. This is based on exhaustive FBI behavioral analysis of active shooter incidents. [05:37] Speaker B: When the FBI studied the pre-attack behaviors of these individuals, they found that 77% of attackers spent a week or longer actively planning their attack. [05:45] Speaker A: Wait — let's pause on that. A week or longer? Think about what a week means in an organizational setting. [05:51] Speaker B: It's five full business days. [05:53] Speaker A: Yeah. That is an individual walking into the lobby, riding the elevator with colleagues, sitting in status meetings, replying to emails — all while maintaining a massive cognitive load of actively organizing a mass casualty event [06:06] Speaker B: in their mind, which completely destroys the idea of a sudden, uncontrollable impulse. It is a methodical, deliberate, cognitive process. [06:15] Speaker A: And the data goes deeper into the physical realm, too, doesn't it? [06:17] Speaker B: It does. The FBI found that 46% of attackers spent a week or more in active preparation. Now, planning is abstract, but preparation is kinetic. [06:25] Speaker A: This is when an individual is acquiring weapons or conducting physical surveillance on your facility, right? [06:32] Speaker B: They are probing the security desk to see when the guard takes a bathroom break. They are mapping the exits. They are rehearsing. [06:39] Speaker A: This is physical behavior occurring in real time, in the real world, right in front of people. [06:44] Speaker B: Which naturally leads to the most damning statistic for the response-first mindset. If they are planning and preparing, are they hiding it perfectly? [06:52] Speaker A: The answer is no. 51% of the active shooters in the FBI sample engaged in what threat assessment professionals call leakage. [07:02] Speaker B: They explicitly leaked their intent to commit violence to a third party before the attack. [07:07] Speaker A: More than half — they literally communicated their intent. [07:10] Speaker B: And you know, when you look at attackers age 17 and younger — which obviously applies heavily to school environments, but is relevant to the broader behavioral model — that number skyrockets to 88%. [07:21] Speaker A: Let the gravity of that settle. The signal was broadcast. They told a coworker. Or they posted a manifesto on an obscure forum, or they made a highly specific conditional threat to a supervisor. [07:32] Speaker B: So if 77% are planning for at least a week, almost half are physically preparing for a week, and over half are explicitly telling someone about it — While the narrative that violence comes out of nowhere is just an organizational defense [07:46] Speaker A: mechanism. The signals are always there. The intervention window is often months wide. [07:50] Speaker B: The average attacker in these studies displayed between four and five concerning behaviors that were entirely observable to the people around them. [07:58] Speaker A: So the issue is never that the information was invisible. [08:01] Speaker B: No. The issue is almost entirely architectural. The information exists, but the systems built to process it are fundamentally broken. [08:09] Speaker A: Let's map out exactly where those systems break. Middaugh outlines four structural failures. And I love his framing here, because he refuses to let the C-suite off the hook. [08:19] Speaker B: Right. He explicitly states that these are not security department failures. These are leadership problems masquerading as security problems. [08:26] Speaker A: So the first one he identifies is recognition failure. [08:29] Speaker B: Recognition failure occurs because employees do not have a defined baseline. Imagine you are managing a team, and one of your direct reports starts acting differently. [08:40] Speaker A: Like, they seem agitated, maybe their hygiene is slipping. Their responses are curt. [08:44] Speaker B: Exactly. Because the organization has never trained its workforce on what a meaningful behavioral shift looks like, the observer files that data under a benign category. They rationalize it. [08:55] Speaker A: They say, "Well, Dave is just having a really rough month," or "Sarah's just a difficult personality," or "He's just dealing [09:01] Speaker B: with a lot of stress at home." [09:04] Speaker A: But practically speaking, if I'm a middle manager with 40 direct reports, I barely have time to get my own deliverables out the door, let alone establish some deep psychological profile for every single person on my floor. [09:17] Speaker B: Right. You're not a therapist. [09:18] Speaker A: Am I supposed to be a trained psychologist? Yeah. I mean, how does a manager actually scale that kind of observation without becoming an invasive micromanager? [09:25] Speaker B: That is the exact friction point most managers feel, and it is a complete misunderstanding of the objective. You are not asking managers to diagnose a mental state. [09:34] Speaker A: You are asking them to observe a behavioral delta. [09:37] Speaker B: Exactly. A supervisor does not need to know why Dave is suddenly exhibiting aggressive outbursts or why he is obsessively talking about tactical firearms in a way he never did for the past three years. [09:50] Speaker A: The supervisor only needs to recognize that this behavior is a severe deviation from how Dave acted six months ago. [09:56] Speaker B: You are not reading minds. You are reading patterns. [09:59] Speaker A: Okay, so it's about spotting the deviation from the individual's own normal baseline. Let's say a manager or a peer actually spots that delta. They recognize that Dave is spiraling. We immediately slam into the second structural breakdown: reporting failure. [10:14] Speaker B: And this is where the system truly bleeds out. Recognition without reporting is functionally identical to blindness. [10:21] Speaker A: The FBI data is incredibly frustrating here. Even when concerning pre-attack behavior was clearly observed by bystanders, those bystanders did absolutely nothing 54% of the time. [10:32] Speaker B: Over half the time, people look at a flashing red flag, rationalize it, and just keep walking. [10:37] Speaker A: Why? I mean, we talk so much about "See Something, Say Something." Why aren't they saying anything? [10:41] Speaker B: Because organizations actively construct barriers to reporting — usually by accident. When you interview people after an incident and ask why they stayed silent, the answers are profoundly human. [10:52] Speaker A: Like a deep fear of overreacting and looking foolish. [10:54] Speaker B: Right. And there is the classic bystander effect — the assumption that if Dave is acting this erratic, surely HR or security already knows about it, so I don't need to get involved. [11:04] Speaker A: But the most powerful silencer is empathy. [11:07] Speaker B: Empathy. That sounds counterintuitive. [11:09] Speaker A: It does. How does empathy cause a security failure? [11:12] Speaker B: It happens when empathy collides with a rigid, punitive corporate policy. Middaugh highlights the zero-tolerance paradox. Almost every modern corporation has a zero-tolerance policy for workplace violence. [11:25] Speaker A: On paper, it sounds strong, decisive, and safe. [11:29] Speaker B: But let me put this into a real-world scenario. Let's say I sit one cubicle over from a guy named Mike. I've known Mike for five years. We go to the same company picnics. I know his kid's name. [11:38] Speaker A: Okay, you have a real connection. [11:40] Speaker B: But recently, Mike has become incredibly erratic. He is furious all the time. He's making vague, unsettling comments — "the VP of sales is going to pay for what he did." [11:52] Speaker A: So you are genuinely worried about Mike's mental state. And honestly, your gut instinct is telling you you are not entirely safe around him right now. [11:59] Speaker B: Exactly. But I also know my HR department. I know they have a hyper-rigid zero-tolerance policy. If I go to HR and report Mike, I know they aren't going to get him help. [12:09] Speaker A: Security's going to march down there, pack up his desk, frog-march him out of the lobby, and fire him. [12:13] Speaker B: He will lose his livelihood, his health insurance, and his ability to feed those kids I know about. Because I have empathy for Mike, I will stay silent. [12:21] Speaker A: You will justify your silence by telling yourself you can manage him, or that he'll calm down on his own. [12:27] Speaker B: And you just articulated the exact mechanism of the zero-tolerance paradox. By creating a system where the only guaranteed response to a report is a catastrophic, punitive consequence for the subject, you have guaranteed that your employees will hide threats from you. [12:41] Speaker A: Zero tolerance applied to actual violence — like someone throws a punch in the cafeteria — is absolutely necessary. You terminate immediately. [12:49] Speaker B: But zero tolerance applied to pre-violence warning signs destroys the very reporting mechanism you are relying on to stay Left of Bang. If people think reporting equals ruining someone's life, they will swallow the key. [13:02] Speaker A: So the first failure is we don't recognize the signals. The second is we recognize them, but the culture actively discourages us from reporting them. [13:10] Speaker B: And if a report actually does make it through that gauntlet, we hit the third breakdown: connection failure. [13:15] Speaker A: Connection failure is the silo effect. It is the lack of a central nervous system within the organization. [13:21] Speaker B: Remember, these individuals are exhibiting four or five distinct concerning behaviors over a timeline of weeks or months. But they rarely exhibit all of them to the same person. [13:31] Speaker A: I want to visualize this for the listener. Let's build out a timeline of what this actually looks like in a compartmentalized corporate structure. Week one: HR logs a formal performance concern because an employee's output has completely tanked over the last month. [13:45] Speaker B: Week two: a floor supervisor privately documents in his own personal notebook that this employee had an unhinged screaming outburst during a remote Zoom meeting — entirely disproportionate to the topic. [13:59] Speaker A: The automated physical security system flags an anomaly where this employee's RFID badge was used to try to access the executive suite on the 14th floor at 2:00 a.m. on a Sunday. [14:11] Speaker B: And week four: a peer in the parking lot hears the employee make a deeply dark, nihilistic joke about the company burning to the ground, which leaves her feeling physically nauseous. [14:21] Speaker A: You have four incredibly distinct data points, but look at where they live. [14:25] Speaker B: One is in an HR performance file. One is in a manager's private notebook. [14:29] Speaker A: One is buried in a server log in the physical security control room. And one is just a gut feeling trapped in a coworker's mind. [14:36] Speaker B: I'm going to borrow an analogy here. It's like throwing a coin into a dark wishing well. You toss it in, you hear a distant splash, but you have no idea how deep it went, if it hit anything else, or if it changed anything at all. [14:47] Speaker A: Exactly. If the organization has no architecture to fuse those fragments together, every single one of those data points stays below the threshold for escalation. [14:56] Speaker B: HR views the absenteeism as a coaching issue. The supervisor views the outburst as a bad attitude. [15:02] Speaker A: Security views the 2:00 a.m. badge swipe as an IT glitch or a lost employee. The peer views the parking lot comment as a bad joke. [15:11] Speaker B: Individually, they are puzzle pieces scattered across different rooms. The pattern only becomes visible when you put them on the same table. [15:18] Speaker A: And the reason nobody builds that table is the fourth and final structural breakdown: leadership failure. [15:23] Speaker B: Leadership failure is the gap between policy and practice. It is the paper tiger. An organization might have a beautifully bound, 100-page policy manual on a shelf that mandates a multidisciplinary threat assessment team. [15:36] Speaker A: It looks fantastic on an organizational chart when the insurance auditors come by. [15:40] Speaker B: But in reality, that team never actually convenes. Or leadership rolls out a mandatory one-hour workplace violence training video that every employee mutes and clicks through as fast as possible to get their annual compliance checkmark. [15:53] Speaker A: It's treating security as a legal liability shield rather than an operational reality. [15:58] Speaker B: Precisely. And employees are incredibly perceptive. They watch what leaders do, not what they email. [16:03] Speaker A: If the C-suite does not visibly and actively champion the prevention process — if they don't resource it, if they don't normalize talking about it in quarterly meetings — [16:12] Speaker B: then the workforce learns instantly that the policy is just corporate theater. They learn that escalating a concern is more likely to damage their own career than fix the problem. [16:22] Speaker A: This requires a total paradigm shift. If you are a leader listening to this and you realize you have these failures operating in your building right now, the natural question is: how do I build a framework that actually works? [16:34] Speaker B: We have to move away from rigid, punitive checklists and toward a deeply human understanding of behavior. [16:40] Speaker A: And to do that, you have to define a framework that is legally defensible, ethically sound, and practically executable. This brings us to the core of how you train people to look for threats. Baseline versus anomaly. [16:53] Speaker B: The focus must strictly be on observable deviation from a workplace norm — not clinical diagnosis, and absolutely not demographic profiling. [17:02] Speaker A: We have to hit this hard because it is the most common trap managers fall into. They want to play amateur psychiatrist. [17:08] Speaker B: It is legally disastrous to do so. You cannot train a manager to view depressed mood, social awkwardness, or poor hygiene as standalone triggers for a security investigation. [17:19] Speaker A: That framework immediately invites discrimination lawsuits, violates medical privacy laws, and creates an incredibly toxic culture. [17:26] Speaker B: And beyond the legal liability, it feeds into the most pervasive, damaging myth about workplace violence — that it is inherently a product of severe mental illness. [17:35] Speaker A: We have to kill the mental illness myth entirely, because it creates a massive operational blind spot. The empirical research is loud and clear: mental illness is not the primary explanatory variable for targeted violence. [17:47] Speaker B: Let's bring the FBI data back in. In their exhaustive sample of active shooters, what percentage actually had a formally diagnosed mental illness prior to the attack? [17:56] Speaker A: Only 25%. [17:57] Speaker B: 25%. That means 75% of the individuals who carried out these horrific attacks had absolutely no diagnosed mental illness. [18:06] Speaker A: If your organization's entire threat recognition strategy is built around trying to identify the mentally ill or troubled people in your workforce, you are proactively blinding yourself to three-quarters of your actual threat matrix. [18:20] Speaker B: Furthermore, tens of millions of people manage mental illness every single day — depression, anxiety, bipolar disorder — and they are completely nonviolent, highly productive members of society. [18:31] Speaker A: Categorically labeling them as potential threats is deeply offensive. And tactically, it is entirely useless. You generate endless false positives. [18:40] Speaker B: The framework must be deviation from the individual's own baseline, combined with specific behavioral indicators. [18:46] Speaker A: Middaugh provides a brilliant comparative case study in the article to demonstrate exactly how context changes everything. Let's really flesh this out. [18:53] Speaker B: Right. We are going to look at two hypothetical employees. If you run them through a standard 1990s-era HR checklist, they look identical. [19:00] Speaker A: Let's start with Employee A. Over the last four weeks, Employee A has become increasingly withdrawn. He used to be vocal in brainstorming sessions. Now he sits in the back and stares at his laptop. [19:11] Speaker B: He has missed three consecutive weekly check-ins. Two days ago, he uncharacteristically snapped at a junior coworker over a very minor typo in an email. [19:21] Speaker A: That is the behavior. But here's the context: the team is broadly aware that Employee A is currently navigating a highly contentious, devastating divorce. [19:31] Speaker B: Okay. Hold that profile. Now let's build Employee B. Employee B is also suddenly withdrawn. He is also missing weekly check-ins. He also snapped at a coworker. [19:40] Speaker A: But let's look at the context for Employee B. For the past two months, he has been sending escalating, multi-paragraph emails detailing obsessive grievances directed at the Director of Operations. [19:49] Speaker B: He claims the director is stealing his ideas and orchestrating a plot to ruin his career. [19:53] Speaker A: Security flagged him trying to access the server room — where he has no clearance — at 9:00 p.m. on a Friday. [19:59] Speaker B: And yesterday, a female coworker told her manager that something Employee B muttered to her in the elevator bank left her feeling deeply disturbed, though she couldn't pinpoint exactly why. [20:09] Speaker A: Put those two profiles side by side. [20:11] Speaker B: If my only tool is a rigid reporting form that asks: is the employee withdrawn? [20:16] Speaker A: Yes. Is the employee missing meetings? Yes. Is the employee irritable? Yes. [20:22] Speaker B: Both of these men get the exact same three checkmarks. On paper, they generate the same threat score. [20:28] Speaker A: And that is why context converts a flag into a pattern. Employee A is not a threat profile. Employee A is a human being enduring one of the worst years of his life. [20:37] Speaker B: The deviation from his baseline is severe, but it is entirely explained by a known external stressor. [20:43] Speaker A: The appropriate leadership response for Employee A is empathetic and supportive. A good manager pulls him aside, asks how he is holding up, offers to adjust his workload, and quietly provides a referral to the Employee Assistance Program for counseling. [20:56] Speaker B: You do not involve corporate security. [20:58] Speaker A: But Employee B is a fundamentally different matrix. You have the withdrawal, yes — but the context is terrifying. You have intense grievance fixation targeted at a specific leader. You have physical security anomalies that indicate probing or preparation. [21:12] Speaker B: You have leakage that is triggering the primal survival intuition of a coworker. [21:17] Speaker A: And here is the critical failure point for most: no single one of Employee B's actions, viewed in isolation, crosses the threshold for termination or calling law enforcement. [21:28] Speaker B: Missing a meeting isn't illegal. A weird comment in an elevator isn't a crime. Swiping a badge at the wrong door is a policy violation, not a felony. [21:37] Speaker A: This goes back to the silo effect. If HR only sees the missed meetings and security only sees the badge swipe, nobody realizes they are looking at the same bomb. [21:47] Speaker B: Exactly. But when you fuse those fragments together through a central architecture, they describe a clear, escalating pattern of targeted threat behavior. [21:54] Speaker A: Employee B does not just need a manager's empathy. He demands a structured, formal threat assessment — and he demands it today. [22:02] Speaker B: This proves that leadership is not about memorizing a list of warning signs like a robot. It is about understanding the baseline of your people well enough to spot a deviation and having an organizational architecture robust enough to route that deviation to the [22:16] Speaker A: right experts — which is the perfect pivot to the operational phase. Recognizing these patterns is a vital human skill. [22:24] Speaker B: But a skill is entirely useless without a systemic mandate to act on it. What must leadership actually build to ensure Employee B is intercepted before [22:33] Speaker A: he acts? Middaugh outlines five specific actions that scale. I want to pause here for our listeners in different-sized organizations. [22:41] Speaker B: You might be the head of HR for a Fortune 500 company with 10,000 employees. Or you might be the plant manager for a 150-person regional manufacturing shop. [22:50] Speaker A: Do not tune out thinking you don't have the budget for this. These principles scale perfectly. The mechanism and the discipline matter infinitely more than the headcount. [22:59] Speaker B: And to implement these actions, we first have to retire a phrase that has been beaten into our collective consciousness since 2001: "See Something, Say Something." [23:07] Speaker A: It is on every billboard, every airport intercom, every subway wall. Why does Middaugh argue it's a failure in corporate security? [23:14] Speaker B: Because it is fundamentally reactive, and it entirely shifts the burden of security onto the lowest-level employee. "See Something, Say Something" implies the threat is an abandoned backpack left on a park bench. [23:28] Speaker A: It relies on ambient suspicion. But in the workplace, the threat is a slow-burning psychological shift in a colleague you have known for [23:37] Speaker B: years. Middaugh argues that leadership must replace that phrase with a proactive mandate: "Know Your People." [23:43] Speaker A: Now — wait. "Know Your People." Let's define the boundaries of that, because some managers will hear that and think, great, I'm supposed to monitor their social media, track their weekend activities, and pry into their marriages. [23:54] Speaker B: That sounds like an invitation to create a dystopian, paranoid surveillance state in the office. [23:59] Speaker A: It really does. [24:00] Speaker B: But it is the exact opposite of that. Establishing a duty of care does not mean invading privacy. "Know Your People" simply means that a supervisor understands their team's professional and behavioral baselines well enough to notice when something fractures. [24:14] Speaker A: It means building relationships built on trust, not surveillance. It means your internal departments are deeply familiar with each other's capabilities before a crisis hits. [24:25] Speaker B: Let's systematically work through these five operational mandates, because this is the actual playbook. Action number one: build the cross-functional infrastructure. [24:34] Speaker A: This is how you fix the connection failure. You must stand up a multidisciplinary threat assessment team. [24:40] Speaker B: Right. And it cannot just be three guys from physical security. Physical security personnel are trained to lock doors and respond to kinetic threats. You need cognitive diversity in the room. [24:51] Speaker A: The team must include security, human resources, legal counsel, and critically, a behavioral health specialist or someone from your Employee Assistance Program. [25:01] Speaker B: Walk me through how this team actually functions day to day. I mean, if I'm building this tomorrow, what does the architecture look like? [25:07] Speaker A: First, they need a formal charter and a regular meeting cadence. They should meet monthly, even if there are no active cases — just to review processes and build operational trust. [25:18] Speaker B: When a case like Employee B surfaces, they have a defined intake process. They pull all the fragments onto the table. [25:25] Speaker A: HR brings the performance file. Security pulls the badge access logs. The behavioral expert analyzes the language in his emails to assess grievance fixation. [25:34] Speaker B: Legal ensures the organization's response complies with labor laws. They synthesize the data, assign a threat level, and design a coordinated intervention plan. [25:43] Speaker A: The team is the central nervous system. Action number two: equip supervisors for threshold judgment. We touched on this. But middle managers are the absolute frontline. [25:54] Speaker B: They see the micro-changes in baseline behavior that executives will never see. How do we train them if a one-hour compliance video is useless? [26:02] Speaker A: You integrate threat recognition into their core management training — right next to conflict resolution and performance evaluations. And it has to be intensely scenario-based. [26:11] Speaker B: You put them in a room, give them the Employee A and Employee B profiles, and make them debate the correct response. [26:17] Speaker A: Crucially, supervisors need to know exactly what the escalation mechanism is. Is it an internal portal? A specific phone number? [26:24] Speaker B: And they must know what will happen after they push the button. If they fear a draconian response, they won't escalate. [26:31] Speaker A: Which flows perfectly into action number three: reframe reporting as risk recognition. Stop framing reporting as an accusation or a betrayal. [26:40] Speaker B: This is a massive cultural shift. When an employee doesn't report a concern, it is rarely because they don't care. It is because they are operating in an environment that has not provided safe, destigmatized channels. [26:53] Speaker A: Leadership has to constantly reinforce that raising a hand is an act of care, not an act of punishment. [26:58] Speaker B: How does an executive practically do that, though? A company-wide memo from the CEO isn't going to change human behavior. [27:05] Speaker A: It requires visible, continuous reinforcement. An executive should use a quarterly all-hands meeting to briefly discuss an anonymized success story. [27:14] Speaker B: Like saying, "Recently, a team member noticed a colleague was struggling under immense stress and raised a concern. Because of that, we were able to provide that colleague with time off and resources, and they are doing much better." [27:24] Speaker A: You normalize it. You make it a standing agenda item. In one-on-one reviews: "Is there anyone on the team you're worried about right now?" You make the conversation routine. [27:33] Speaker B: Action number four — this is where I always see the biggest friction between security and HR: close the feedback loop. [27:41] Speaker A: Going back to the wishing well analogy — if an employee gathers the courage to report a terrifying comment their coworker made, and they throw that coin down the well, and then — [27:51] Speaker B: Nothing happens. They never hear back. The coworker is still sitting next to them. [27:55] Speaker A: The employee learns instantly that the system is a black hole. They will never report anything again. [28:00] Speaker B: But I'm going to push back hard on this from the HR perspective. My HR director would have a heart attack if I told an employee, "Hey, thanks for reporting Mike. We investigated, found out he has severe financial issues, mandated he attend anger management, and put him on a final written warning." [28:16] Speaker A: Yeah. That is a massive violation of privacy, confidentiality, and potentially sets the company up for a defamation or hostile work environment lawsuit. [28:24] Speaker B: Yeah. [28:24] Speaker A: You cannot disclose disciplinary outcomes to peers. [28:27] Speaker B: Your HR director is absolutely correct. You can never disclose the outcome, the disciplinary action, or the medical details of the subject. [28:36] Speaker A: But closing the feedback loop does not require disclosing outcomes. It requires acknowledging the input. [28:41] Speaker B: There are three specific elements you must communicate to the reporting employee — and the law entirely permits them. First, confirm the report was received. Second, confirm it was reviewed by the appropriate function. Third, explain the general process moving forward. [28:58] Speaker A: Give me the exact script. What does a legally bulletproof closed feedback loop sound like? [29:03] Speaker B: It sounds exactly like this: "Thank you so much for bringing this to our attention. I want you to know that the threat assessment team has received your report. We have reviewed the information thoroughly, and the matter has been routed to the appropriate departments for management according to our protocols." [29:18] Speaker A: "While I cannot share specific details for privacy reasons — please let us know immediately if you observe any further concerning behavior." [29:25] Speaker B: That is incredibly simple. It doesn't identify the outcome, but it validates the employee. It tells them: we heard you, we took it seriously, the machine is working. [29:34] Speaker A: Exactly. Silence is the enemy of a reporting culture. You must close the loop. [29:40] Speaker B: Finally, action number five — which ties everything together: use early, proportionate intervention over reflexive termination. [29:47] Speaker A: This goes back to the danger of the zero-tolerance policy. Firing an employee who is exhibiting early warning signs of targeted violence might look like strong, decisive leadership to the board of directors. [29:59] Speaker B: You remove the immediate problem from the [30:01] Speaker A: floor — but you likely just created a vastly more lethal problem in the parking lot. Let's dig into the psychology of expulsion. [30:09] Speaker B: For an individual who is already spiraling — who has developed a deep grievance fixation, who feels entirely marginalized — their job might be the very last load-bearing pillar in their life. [30:20] Speaker A: It provides them with a daily routine, income, health insurance, and perhaps their only remaining social interaction. [30:26] Speaker B: If you terminate that person abruptly, without any transitional support, simply to get them off your books, you strip away their last coping structures. [30:34] Speaker A: You create a desperate individual with nothing left to lose and an abundance of free time. [30:39] Speaker B: The termination itself becomes the inciting incident. It becomes the trigger for the violence you are ostensibly trying to prevent. [30:46] Speaker A: Precisely. Intervention preserves your options. Expulsion eliminates them entirely. If your cross-functional team catches the behavioral deviation early, your triage options are broad and proportionate. [30:58] Speaker B: If the issue is severe interpersonal friction, maybe you move them to a different project team. If it is a personal crisis, you leverage the EAP and offer a leave of absence. You de-escalate. [31:10] Speaker A: And if you see the severe pattern — the grievance fixation, the leakage, the probing — you initiate the formal threat management protocols. [31:18] Speaker B: You might still have to terminate them eventually, but you do it with a coordinated plan involving security escorts, severance packages to soften the blow, and potentially coordinating with local law enforcement [31:28] Speaker A: if a direct threat was made. You manage their exit. You don't just kick them out the door. [31:34] Speaker B: The overarching truth here is that the pre-attack timeline is long and the behaviors are observable. [31:40] Speaker A: The failure is almost never a lack of data. The failure is a lack of organizational discipline to gather the data, a lack of culture to report it, and a lack of architecture to synthesize it. [31:51] Speaker B: We have spent the last hour deconstructing the failures, the psychology, and the framework. We have laid out the mandates. Now we are shifting the focus entirely. [32:00] Speaker A: We are dropping the theoretical discussion and we are speaking directly to you, the listener — whether you are a CEO, an HR director, a facility manager, or just someone who refuses to be a victim of organizational incompetence. This is for you. [32:14] Speaker B: It is time for the executive audit. Middaugh provides five brutally direct questions in his piece. You cannot outsource these answers to a consultant. You must answer them honestly yourself. [32:25] Speaker A: Question 1: Do you have a standing cross-functional threat assessment team with a regular meeting cadence? Or do you only scramble to assemble a crisis committee after an incident has already occurred? [32:36] Speaker B: Question 2: Do your supervisors know specifically what behavioral deviations warrant escalation? And more importantly, do they know exactly what happens after they hit the escalate button? [32:47] Speaker A: Question 3: When an employee takes the risk to report a genuine concern about a coworker, do they receive a structured acknowledgment — or does the report vanish into a bureaucratic black hole? [32:58] Speaker B: Question 4: Has your organization explicitly defined reportable behavior in concrete, observable terms? Or are you relying on the subjective, amateur psychological judgment of your managers without any shared framework? [33:13] Speaker A: The ultimate budgetary gut check: when you audit your total security investment — your actual dollars and your actual man-hours — how much is dedicated to recognition and early intervention versus response and recovery? Are you funding a human architecture, or are you just buying more airbags? [33:28] Speaker B: I want to leave you with one final thought. Consider the difference between a whisper and a crisis. A crisis is deafening. It demands a reaction. It forces the hands of leadership, law enforcement, and the media. [33:38] Speaker A: But a whisper is quiet. It is easy to ignore. The true test of your organization's security culture is not how swiftly it responds to the deafening bang. It is how diligently it builds the architecture to capture, analyze, and act upon the whisper. [33:54] Speaker B: If you cannot confidently answer those five audit questions with a yes, you need to recognize a hard truth: you do not have a prevention program. You have a response plan wearing prevention's clothes. [34:03] Speaker A: Yeah. Waiting for the bang is not a strategy. Train the mind. Win the fight.