In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Bringing Shadow Practices to Light: Executive Targeting,” presented by Jennifer Holcomb, CPP, PSP, Vice President at Accenture. Read on for what she had to say and don’t forget to register for GSX 2025!
Q: How did you become interested in your topic?
A: The industry is well aware of how the physical and cyber worlds are integrated given the networked nature of physical security platforms. It’s only logical that we extend this to our assessments in other ways. To that end, I’ve been working more with our cyber team to integrate our approach to security. It’s a natural evolution given the impacts on our daily lives through social media and threats from the dark web. From security breaches, social media attacks, disinformation, etc., our digital and physical worlds have merged. The medium may be virtual, but the threats are real.
Q: Tell us about your presentation and why security professionals should have this topic on their radar.
A: Executive protection often lacks an integrated approach, failing to connect digital threat signals, physical vulnerabilities, and inner circle exposure to an actionable security posture. Integrating the digital, physical, and inner circle threat intelligence with aligned threats to an executive’s role, exposure, and industry risks yields an executive-centric protection approach. This presentation will focus on digital threats, especially those on the dark web, to provide an understanding of how malign actors carry out attacks to better counter the effects.
Q: What advice would you give security professionals interested in this topic?
A: The dark web is complex and not a space to venture if you don’t know the pitfalls and traps that could put you in legal trouble. Find experts legally authorized to work in that space, who can engage with bad actors to gather intel, and coordinate with law enforcement accordingly to address concerns. Additionally, there is a potential deluge of information if you choose to explore this space. Working with knowledgeable organizations or teams can help you focus on the data that matters most to securely support high profile targets.
Q: How do you see this issue evolving in the next 2-5 years?
A: From a general perspective, we will continue to see the integration of cyber with physical and subsequent threats. However, I do think that threat actors will continue to develop platforms, methods, and encryption coding to evade security providers. Data breaches and unauthorized information sharing will continue to create greater risks—more subversive threats (anti-government), more indirect attacks (swatting, bomb threats), and more direct attacks (the shooting of the UHC CEO). Specifically, a newer concern is sophisticated AI-enabled attacks, like deepfakes. We need to ensure the complex stacks (think security-in-depth for cyber) are designed to protect against targeting across the cyber and physical domains. As these threats continue to evolve, we need to keep up. Learning what you can now means you have less to catch up on later if you are not in the cyber industry and working in the shadows.
Q: Why do you attend GSX?
A: There are many reasons why I attend. The educational sessions, the comradery, networking with industry professionals, and seeing new technologies. It also gives me an opportunity to meet with my fellow members on the ASIS Professional Standards Board. I’m looking forward to attending GSX in New Orleans and presenting on this increasingly important topic.