The Defuse Podcast: Beyond Security - The Science of Feeling Safer

Countering Extremism with Guy Mathias - Part 2

Philip Grindell MSc CSyP

Share episode

Send us a text

"Countering Extremism with Guy Mathias" – The Defuse Podcast 

This two-part podcast features an in-depth conversation between Philip Grindell and Guy Mathias, a renowned security expert with extensive experience countering extremism, particularly in the pharmaceutical and research sectors.

Episode Summary

In this fascinating discussion, Guy Mathias shares insights from his distinguished career addressing extremist threats, particularly from animal rights groups in the UK during the 1980s through the 2000s. The conversation explores the evolution of extremist tactics, sophisticated intelligence gathering methods, and how organizations can prepare for and counter modern extremist threats.

Guy discusses how extremist groups evolved from direct action like arson attacks to more sophisticated operations involving infiltration, data mining, and targeted pressure campaigns. He emphasizes the importance of preparedness, risk assessment, and understanding both direct threats and supply chain vulnerabilities.

Key Topics Discussed:

  • Guy's background and entry into security without traditional military/police experience
  • The evolution of animal rights extremism in the UK, particularly the SHAC (Stop Huntingdon Animal Cruelty) campaign
  • Sophisticated tactics used by extremist groups including: 
    • Direct action (arson, liberation of animals)
    • Infiltration and insider threats
    • Intelligence gathering and targeting
    • Supply chain disruption
  • How extremist tactics have transferred to other causes and evolved with technology
  • The importance of preparedness and risk assessment
  • Challenges of screening and vetting employees
  • Protecting organizational leadership
  • Current and future extremism trends

Notable Quotes:

"The tactics were a local level. They were at a national level. They became an international level tactic." - Guy Mathias

"I would certainly argue that there is a requirement for those of us working in the sector be that security risk or resilience, to be prepared. What does preparedness look like?" - Guy Mathias

Practical Advice for Organizations:

  • Develop and maintain a dynamic risk register that is regularly reviewed
  • Understand your organization's supply chain vulnerabilities
  • Implement thorough pre-employment screening
  • Consider ongoing screening for high-risk positions
  • Educate leadership about potential threats
  • Conduct vulnerability assessments for executives
  • Prepare resilience plans for disruptions

The podcast provides valuable historical context and practical security insights for organizations facing potential extremist threats in today's complex environment.

Guy Mathias - https://www.linkedin.com/in/guy-mathias-19555673/

Support the show

Subscribe to 'Defuse News', our weekly update of the week's events on our website.

Follow me on X /Twitter

Connect with me on LinkedIn


Speaker 1:

Welcome to the Diffuse podcast with host Philip Grindel, CEO and founder of Diffuse, a global threat and intelligence consultancy that blends psychology and intelligence to mitigate threats and risks to prominent people and brands.

Speaker 2:

Welcome back to the Diffuse podcast and we're in part two of what was previously a fascinating conversation with Guy Mathias around extremism. But if you didn't listen to the first one, then I would firstly suggest that you do, because it was a really fascinating discussion around the history, particularly the UK, the kind of 80s, 90s, 2000s, around domestic extremism, single-issue extremism. So let me introduce again my good friend and I don't use the word lightly mentor Guy Mathias, who is a renowned security expert and recipient of the UK Security Manager of the Year Award for Services to industry back in 2016. His distinguished career spans directing counter-extremist operations amidst significant public order threats in the research and pharmaceutical sectors, including at Huntingdon Life Sciences, and serving as a corporate security advisor to GSK, where he audited facilities and authored Extremism Past, present, future. As chair of numerous prestigious organisations, including the UK Pharmaceutical Industry Security Forum, food and Drink Security Association and the Security Commonwealth, guy has built vital relationships across industrial, academic, police and government sectors. A fellow of the Security Institute, where he served as the Validation Board Chair and Strategy Director, guy now contributes to the Security Industry Authority's Strategic Forum on Public Protection Initiatives and was recently appointed to the Risk and Security Management Forum Council in 2024.

Speaker 2:

He hates the term but I'm going to use it. For me he is one of the most significant and probably the kind of real influencer in the UK security industry, not because he set out to be it but because of his, as you've just heard, his, his, his background, his wealth of knowledge, his experience and and his, his, his kind of sort of popularity around a certain events where you go. If it's a good event, you can pretty much guarantee he's going to be there and everyone will know who he is. And I think, um, I think many people I know the influencer terms of kind of not one he wants, but many people try and be influencers, um, and I think in the modern age that's kind of an industry in itself. But I think to be a real influencer you just have to. It evolves and guy is certainly that. So, um, the first podcast, we talked very much about guy's history working in security, how he got into security, but, more importantly, how he got into this area of combating the domestic extremism, which is which is an interesting term, and guy talked about the difference between kind of extremism and terrorism and whether that was a political term or a kind of technical term.

Speaker 2:

On the last podcast, but we're not going to waste any time because I think we're going to get into the nuts and bolts now of where are we now 2025,? Over the last I I don't know a few years, we've seen a real rise in very targeted, single issue extremist campaigns and again, as always, we need to emphasize the fact that the vast majority of people that protest are decent, law-abiding people who have passionate views on whatever the subject might be and are expressing their lawful right to protest about organisations, government policy, whatever it might be. But within those organisations, within those groups, there is a cohort of what I'm going to say, quite dangerous individuals, and they are dangerous because they target organisations, governments, politicians and individuals and they seek to cause reputational, financial, psychological and, in some cases, physical harm. And I know the debate is being on about are they terrorists? Well, I think, in my view, they are terrorists, but that's up to other people to have different views. So, guy, welcome back. Thank you for coming back.

Speaker 2:

We talked last time around the history and some of the complex issues around the intelligence picture, around the funding, the professionalism, the sophistication, the insider threat, the challenges and, I think it's worth saying, the challenges that many, many security personnel face, notwithstanding the fact they're often not necessarily the highest paid people in the area and, I think, often are not given the respect that they probably deserve from the public and from either other employees, because some of these people are very much the kind of the last line of defense when tackling and keeping all the people safe in an organization. So, you know, it seems to me what we've got is a climate now where the defence industry is being targeted. We've got an ongoing campaign as we speak between Ukraine and Russia. We've got the Israeli government still bombing Palestine and Gaza, and what have you? Or bombing Palestine and Gaza, and what have you? We've got various other kind of I suppose you'd call it micro-conflicts going on in Africa and other parts of the Middle East. So the defence industry is very much being targeted.

Speaker 2:

We've got the talk, the discussion at the moment about the third runway at Heathrow now being re-energised, and I certainly have had personal experience of that. We've got the ongoing debates around oil and the environmental, climate change and all those other issues that go on that. And then we've also got other single issues, smaller issues around subjects such as abortion or other topics like that. What do we need to learn now that maybe we've forgotten from the past and from your experience and background of tackling these issues. I thought I'd start with a nice, easy question. Thank you.

Speaker 3:

Thanks, phil, good to be back. Some background of tackling these issues. I thought I'd start with a nice, easy question. Thank you. Thanks, phil, good to be back. How do we do that? And it's so easy? Yes, it's a definite one to look at from.

Speaker 3:

I guess I would answer it initially by saying it has to be preparedness, it has to be getting ready for what could come around the corner, and I'm very conscious that that's very easy to say, because often in those circumstances it requires an investment. It requires certainly an investment in time to prepare and it certainly may well have a financial piece to that as well, because it is incredibly complex. And I think the world of protest and I say the world of protest because it's global protest, global protest. You've just very eloquently outlined a series of issues that are affecting here in the UK, but they are global aspects of geopolitics that are ongoing and will be undoubtedly, even if resolved now, replaced by other geopolitical issues that will affect the UK. So I would certainly argue that there is a requirement for those of us working in the sector be that security, risk or resilience to be prepared.

Speaker 3:

What does preparedness look like? There's a very true concept of understanding where the risks are. So you would probably expect me to say and certainly having had my last sort of 11 years working as an operations and risk director build the risk register. I think there is a requirement to understand what the risk is. How do you capture those risks, identify those risks, calibrate and interpret those risks as well. So yeah, risk register. Get out there, talk to other people who are running risk registers, try and learn from people as to what they're doing. Be agile and nimble around those risk registers, because it will be very easy potentially to build up literally a three-figure sum of risks. So in, in the ideal world, what's those top 10? What are the top 20?

Speaker 2:

And when I talk about agile or agility.

Speaker 3:

It's making sure that they are revisited. So in addition to the risk piece as well, there has to be a governance piece that you regulate the risk register that's in play for you as well. But it's picking up whether you as an organization or as a person that you're representing in an organization, which areas do you sit in? Are you in a immediate area so we've talked about armaments do you work in the defense industry in its many shapes or forms, within the uk or globally? Do you work in the defense industry in its many shapes or forms within the uk or globally? Do you work in life sciences? Do you work in oil and gas? Do you work in nuclear? Albeit the protest against nuclear thus far, seemingly, is slightly moribund. I think there's an evaluation piece going on there. But what do you do around working in those areas and then also to prepare, are you also involved in something that's part of the supply chain for some of these sectors that would be perceived as controversial and difficult to deal with and difficult to deal with and that would be bridging? Perhaps the previous podcast we spoke about. But it's that transferable piece that goes on, and by transferable I use the phrase transferable terror tactics, but it's also what was and is a primary target in protest, but when does it then become a secondary, associated target group or a tertiary or a quaternary? Now I'm sounding terribly eloquent, but it's that second line, third line, fourth line, and I've stopped then because I can never remember the fifth. I'm sure it's a pent based one as well, but what you've got there is, and that comes down to, if you I don't know if we take um protests, uh, particularly that are out there now with palestine solidarity you know you're getting a lot of very, uh, well researched targeting going on. It's quite quite actually intimidating, quite threatening, quite hostile when you are the recipient or you are a collateral part of that particular targeting as well.

Speaker 3:

So if you are then seeking to go to a armaments facility or a set of offices that are being targeted and you're unfortunate enough to be going to those offices at the time, are you the recruitment firm that's involved in helping them pull people in? Are you the person taking in the water cooler? Are you the person taking in toilet rolls? Are you the person that's providing the catering opportunity for them? Are you doing the cleaning? Because one thing that history, certainly in this subject, does teach us. You will be targeted, and you will be targeted significantly because by association, by culpability, you are intending or are providing a service that is deemed to be part of something that's not acceptable to the people who are protesting against it. So the portentous comment there is have you essentially sorry, have you as the end user let's call us the armaments organization or the office of life sciences have you determined who are your service providers?

Speaker 3:

What does your supply chain look like? What are you reliant upon? That is an inconvenience. So if Philip and I are doing this podcast, are suddenly interrupted because our sandwiches can't be delivered, because there's a Just Stop Oil protest going, or orange paint has been put over our prawn cocktail sandwiches, what are we doing to deal with that? That's okay, but then what are we doing if that person is attacked or what are we doing to secure the reputational damage that may well come from that? We can live without the prawn cocktail sandwich. Can we live without the necessary key elements of that supply chain piece? So if it is ironically an energy delivery, if it's a facility is still using a gas or oil fired power system, but we can't get that in and we have to then cease trading or cease work because of that issue. What's our mitigation plan? What's our resilience plan for that?

Speaker 3:

Philip and I spoke offline about the recent outage and fire at Heathrow. You know that's, I believe, classified as a critical national infrastructure facility. Where was the resilience plan? And I think these are the questions that are being asked topically in the media now as to why didn't that resilience plan kick in? If indeed there was a resilience plan, I'm sure there was for the purposes of litigation, but certainly in terms of what we've got as supply chain, what's our critical supply chain?

Speaker 3:

So have we identified again? So we're doing already talking about the need to have a risk register to establish what's the upcoming threat, what's the velocity and the impact and the trajectory of that risk to us, but that's not just directly to us. That's what's part of that supply chain. What's that supply chain look like and people are part of that supply chain. What's that supply chain look like and people are part of your supply chain? So if your people are, either, as existing employees, inhibited or petrified or threatened by not coming to work, the argument in today's world is well, well, they work from home. But again, as talking around social engineering, are those people? Have those people at work? Have they already been identified as to where they may live, where they may work? What reasonable steps do we have in place to reassure people? And, in a world of cyber threat, have we as an organisation or as a company, carried out the due diligence piece and ensuring that they are fully aware of what they're dealing with? And that's the basic stuff that we all look for for when we may deal with malware and or phishing attacks.

Speaker 3:

But if we're then working in what is deemed to be potentially something that is deemed fit for protest in this country, are you taking appropriate measures because of your risk profile and trying to understand that there is documented and well rehearsed procedures whereby the bad guys, the bad girls, are already getting this information? So what are you doing to reduce your heat map signature and your imprint in terms of the amount of information we can find out? Philip has been very kind in talking to me in his introduction about my background. If I was working for British Nuclear now, would I really probably be taking steps to minimise that profile piece that I've got, because that's information about me so you can harvest information potentially then target me. So I think it's that awareness of where do we sit, what are we prepared to put out there into social media, because social media, again, is phenomenal, as we know, in terms of the information that you can harvest and we're're all, in a good way, genuinely trying to provide an opportunity.

Speaker 3:

By the way, here's my email address, here's my contact details, here's my LinkedIn. You know the wonderful phrase even I've started using hit me up on LinkedIn. You know it's this concept that you're saying, yeah, it's okay. And we're already saying, and we're being told by various government agencies well, be careful about that person whose link you accept from, from Southeast Asia, or from Africa, or even from just down the road. You know, I think, again fascinatingly at the moment, if I'd have accepted a hit from somewhere in great yarmouth in a guest house, that too could have an impact on me in terms of where I might have to deal with I think, um, you've touched on linkedin.

Speaker 2:

Now, one of the things that always fascinates me is when people advertise they've got a new role. I've just, you know, delighted to announce I've just started as the x at Y company or whatever it's completely, and I can talk about, you know, without naming the company for litigation purposes, much like you said. But I can remember dealing with someone where that exact scenario had happened, where they contacted, or a person purporting to be that person contacted, the CEO secretary to say I've just started as a financial director. Oh, yes, lovely to meet you. I've lost the CEO's number. Can you share it with me? And yeah, of course you know, and of course he wasn't who he said he was, but he did then get the CEO's phone number and they effectively DDoS the CEO's phone number and stopped him operating. So I think you know you mentioned our social media and social engineering. What strikes me is and I know you touched on this resilience piece but we're in a climate, aren't we, where lots of our security is very technical now and we rely a great deal on this technical ability.

Speaker 2:

And we talked in the first podcast a little bit about insider threats and I'd like to talk a bit more about that because you know, I think that's that's something that lots of people talk about. Probably few have the same level of expertise and experience in real time of you had. And how do you manage all those you know? You talked in the last podcast around um all those you know. You talked in the last podcast around um due diligence, but now, of course, due diligence is a whole different subject compared to what it was in the 1980s. So let's kind of touch again on the insider threat and, with your extensive background and history, what lessons can we learn? Can people learn from? Okay, there's. How do we stop there being an insider threat, if that's possible?

Speaker 3:

Sometimes people will go out to be horrible and that's a shock to the system. But people will do it. They'll either do it because they want to subvert their own personal reasons and sometimes I don't think. Certainly my experience of the insider threat it was often about the ego and not necessarily about the cause. And, again, fascinating to relate and think about people who sort of literally did a 180, so sort of infiltrating to protest against a particular type of issue that they felt they had and then almost became a cause célèbre in terms of turning around and saying well, actually, look at me and you can now learn lessons. So it's poachy gamekeeper type territory as well, I think, in today's world. And it's very interesting again, having stepped out from a large corporate and even if you look at sort of my role and you pointed out about not naming, but I have to sort of name because we're supposed to be a security company but if you think about some of the work I'm trying to do with Dardan as a strategic advisor, when you step into a very different sector that hasn't got the resource of large corporate and I came from very large corporate it's the challenges. So what? I guess? Sorry, philip, I guess what are you saying what? What group are you working in? What size organization are you working in, if it's a small entity or an SME? What's your resource? Again, what's the funding budget? Have you persuaded the CEO or the CFO what money you need to attribute to the budget? Where's your planning for the budget that goes into security, risk and resilience? So that should be part of what's the insider threat. So is there an education piece around that? Can you persuade people and articulate the threat that could be there? Who in those groups whether it's small, medium or a large corporate or an organization such as the military and policing who has responsibility for dealing with the insider threat? Is there a step up for people to acknowledge that there is a phrase that is called the insider threat, and what again are people looking at to try and prepare against that as well? So all the things you would expect me to say are there.

Speaker 3:

You know it's to have a policy at the risk of being bureaucratic. Is there a policy for insider threat? Is there a policy for pre-employment screening? What's the standard that you're going to adhere to policy for pre-employment screening? What's the standard that you're going to adhere to for a pre-employment screening perspective, and what questions will you be asking people who come to work for you? Is it determined in terms of the role? Is it determined in terms of the discipline for the role that they are applying to and have? Again, you establish that you are part of the armaments industry or the oil industry or life sciences or actually, if you're none of those, are you part of that supply chain that we've touched on or are you a service provider in any shape or form to another organization that could be targeted? So you quite rightly point out how it's incredibly wide-reaching. It's a shrinking world and by association, protest and activity has narrowed that down sufficiently.

Speaker 3:

So the insider threat piece is to try and learn, go and determine what or who is the person responsible for the insider threat? Many organizations it sits with people and culture or human resources and, fortuitously for us, most of those departments want to see great good in people because they're very interested in people. So they're perhaps not coming at it from a professionally jaundiced perspective that you or I would come for, or many of our listeners to this podcast, and I think on that basis it's who's got the responsibility? Is there a policy? What's the appetite for the pre-employment screening which is your sort of basic entry level? You know, and what does that mean? And, by the way, what are you screening against? You know the normal due diligence measures are in place for is this person who they say they are? Do they have a sort of reasonable background in terms of fiscal elements and career history? But ultimately, are they going to cause potential reputational damage? And again, we've touched on social media. How much previously have they sort of put out on social media that you would think this could be a risk to us from a variety of aspects in terms of what you got?

Speaker 3:

So I think it's who's the responsible person, who's going to take on the onerous piece around being the person who pulls together a policy. And, as I say, I would strongly advocate I don't think it needs to be more than a one pager, but there has to be a concept around what is an organization going to do around its screening, and then the procedures can sort of follow from the policy and you can determine where they are and talk to people, go and reach out. You know, philip and I have developed a good friendship because I think we are prepared to talk to one another. But, more importantly, I've now learned from people that Philip knows and advises and vice versa. So connectivity piece is there.

Speaker 3:

Who else you know? Ask the person who's in risk or resilience. What do you do about insider screening? What do you do in terms of insider threat? And I think those opportunities are there. And also, probably we shouldn't forget, philip referenced a number of groups that I've been involved in over the years, either chairing or being involved as member groups or pay to play groups. But often they will have the right sort of speaking programs for subject matter expertise in so much of what we've touched on in the podcast and I know philip has done in his other podcasts.

Speaker 2:

So reach out and, if possible, try and find a good member body to be associated with one of my bugbears has always been the concept of pre-employment screening or vetting, depending on what organisation you're in, and then this assumption that that's it. Yep, you're being screened, you're being vetted, job done. How did you, as a senior security professional in a huge global organisation, if you did persuade the people with the purse strings to look at ongoing screening or ongoing vetting or repeat vetting or repeat screening? Because it seems to me that we have this almost like an obsession that we'll do some screening and that's it. Job done. And organizations where I've worked it's been kind of ongoing or it's being repeated. And, yeah, people change. People's vulnerabilities change. They're suddenly going through a messy divorce or that you know they've got financial issues or whatever else, or they've, or they've, you know, suddenly started following people in certain groups that they had no interest in previously. So how do you tackle that and how did you do that as a senior security professional?

Speaker 3:

You're right and you've outlined it. It's challenging because, again, it's sometimes based around the financial perspective of you know, because it's a snapshot in time, isn't it, philip? You know your check, your validation is that snapshot in time. It's the old piece around trying to ensure that the driving license has been updated, if any points have gone on to the driving license, and has that been declared in the annual return within a corporate for you to drive company vehicles Often not. I think it is important to first and foremost sorry to address yes, retrospective screening is incredibly difficult to bring in.

Speaker 3:

I did it back in the day in life sciences, with very tough budgets, to persuade people that we don't take that snapshot in time, that we took a dip sample use an old fashioned phrase and I think it was something like 50% building to 10% that we looked back. We looked at people who might move to a role whereby the risk element was exceeded. So I spoke about people possibly working I don't know within stores or procurement who might move into a more frontline activity. So I think it's understanding why are people moving? I think it's also an education piece in terms of part of the thing that I could do, whether it was intentionally well received or not, was in the annual training and awareness. I was very fortunate, I was very big in pushing for awareness seminars to preface any actual incident management training and that was quite an expensive investment both in terms of people and time to get that message across. But it was always bringing to people's attention that there was a requirement for the next level, so the intermediate or the senior management groups between the board but actually also boards themselves that would be aware as leaders and managers of changes within personnel. So to try and I think some of the work that's been done you'll be aware of Philip within law enforcement trying to understand when people might start to show early incipient signs of radicalization but translate that within a corporate perhaps or a civvy organization along the basis of what pressures are they under. So he's making sure that managers have those coffee point conversations and immediately putting an asterisk in there and saying that's difficult because often now we've got people working from home. So the coffee point conversation is always a good point to start with when you're in the office or the environment you're working in physically. But actually do you have those check-ins on a Teams school? You know, is it a file resume, call visit a five-minute conversation more difficult to read. So that's understanding the people that work for you, with you as colleagues, as the people that you're responsible for.

Speaker 3:

What changes to the piece you outlined in the question was changing in their dynamic in terms of how they approach things. Are there obvious signs of strain, stress, fatigue, and how may that affect them? How would that potentially again trying to get that risk register piece going and that risk profile, without being exhaustive, is that going to change? Change, are they the person putting the widget on the atomic weapon, and is that an obvious one that we need to look at? So I do think it's trying to get the message out there to colleagues and managers that you have that responsibility to be aware first and foremost of people's mental health and well-being and physical well-being. But how does that then potentially impact? What could affect you as an organization?

Speaker 3:

Then trying to get to often you would expect me to say the chief financial officer to say I'd like to have this conversation with you because I'd like to have some more money, and then I'd like to get that money budgeted.

Speaker 3:

And then I'd like to talk to the HRr director or the people and culture director to say, oh, I'm thinking about doing some retrospective checks and also trying to advance the argument that says, uh, you pay me to be, in a good way, your natural police and person and cynic. I want to continue to do that for you in my role and responsibility, whilst at the same time engendering a belief that everybody is not who they say they are and, in the course of their employment, may change the person narrative as to who they say they are, what they believe in or what they may feel passionate about, enough to potentially subvert and damage the very people that they work for. And we can also talk about disaffected actors, because disaffected actors, to your point, if I've been passed over, if I haven't had the pay review or the bonus review that I've had, and I'm working in a small firm in Louisville and saying, well, we produce widgets for the Albanian defence industry, I can compromise that and that will teach them, won't it?

Speaker 2:

Yeah and that's a huge market in itself, isn't it? The kind of disaffected employee, or even the former employee who's been, who's been sacked? What about? What about the next level, when we're talking about and I've dealt with these specifically around extremist groups who target the C-suite, yeah, yeah, c-suite, um, deep joy, it's the, it's that, uh, ability to engage with the c-suite.

Speaker 3:

People often say this to me at many conferences I go to, and I've always answered by the fact that I've been fortunate or, yeah, I think, fortunate generally in my career. I've generally always had access to the c-suite. Um, now, sometimes that's been at the invitation of the C-suite, sometimes that's been because I'm me. So, as a well-known nag, I utilize those, and we talked about T-point meetings or coffee point meetings, touch points. I always use, or did use, certainly in my corporate career, the ability to talk with people. So, for as far as I was concerned, it was an egalitarian approach. We're all created equal, I believe, and we are all have the ability to talk to one another. Now, understandably, the c-suite in today's world are incredibly busy, incredibly pressure, but there are opportunities. There are opportunities whether you are a early worker at the office, or you're on some training course, or you're in some touchpoint piece, or it's an evening thing, or you've seen them in the car park and it's break ring, sorry, brokering the relationships which are hi, how are you Philip, how's your wife, or what's going on with the family. But actually, before you get to those points oh, nice car, nice bicycle. Look a little bit. Oh, you've gone to the gym. Oh yeah, you do this. So it's establishing those areas of touch point and from that I think you can start to find universal areas of conversation that then engender that ability to say thanks.

Speaker 3:

Anyway, by the way, I'm thinking about putting on this this week, or I'm thinking about an annual training exercise, or I'd like to raise a heightened awareness of what the outside world could do to us.

Speaker 3:

They could be geographical location you may be I know I've talked already about are you working in a potentially environment where there is protest that could be there or are you part of the supply chain? It could be as simple In a previous life I sat between one facility that would now and has been targeted by Palestinian Solidarity and I sat between another one that was in Life Sciences. So even if my facility and my people were not deemed to be controversial or being targeted, guess what? We could potentially be bracketed by being associated or on the same business park or in the same geographical location as well. So it is important to get that investment and buy investment from C-suite, both financial from C-suite, both financial, but also the approval or the agreement to say again, we can have a policy for what we need to do and how we respond to the issues that we may have to face.

Speaker 2:

Do you think, in your experience, they understand? Or recognise perhaps that they are a target.

Speaker 3:

Yes and no. I think the yes will depend sometimes, obviously, on the particular sector that they work in. I think there is often a pressure that develops because they are high-earning, high-pressured roles that they've got. They don't have time to think about whether they are at risk or whatever. But I do think again, that's part of a gentle persuasion and a gentle education piece and I think it could be incremental as well, philip.

Speaker 3:

I think it can start from well, let's review our travel policy, because we've got here the standard elements. You won't all, as an executive board, travel on the same plane, for obvious reasons. Do you get that concept without patronising them? Do you get the same concept that you're not going to go in the same minibus into London for a night out with the board or you're going to go on to the same carriage in a train? It's that element around travel.

Speaker 3:

Are you going to countries of high risk? Are you actually determining that, understandably, there are accredited countries that are deemed to be high risk, but if you get the wrong sort of day and the wrong sort of time and you'll know this from your background, philip being in London or being in an urban environment such as Manchester can be very dangerous if you're caught out. So it's trying to understand the basic principles of general sort of travel security or something that can act as an introduction to take them into personal awareness and personal security. Do they get it? No, because I think there's a degree of invulnerability piece that is there. So I think it is the measure for us as professionals, if we are involved in those positions, that part of our role and our remit is to gently educate people and to say, much as it pains me to say, you do have a vulnerability, and then to identify that vulnerability and assess it, mitigate it if required, and then to register it again. So back to the all-important register and profiling piece.

Speaker 2:

And would you then advocate that you know when you get a new CEO or a senior leadership position, would you conduct a vulnerability assessment on them as they join the organisation? Yes, I would.

Speaker 3:

Yes, I would and I think, yeah, no, I would absolutely do that. I think you know you've got got. If you look at the c-suite or the executive suite, you've got. The argument is turned back in a very simple way to say you've got five, ten, fifteen people, perhaps maximum. What happens if we take them out? How resilient are we in terms of taking them out? What happens if it's a bit illness induced be, if it's a travel accident, if it's a pair, peer or family pressures? What do we do if that person goes down, man down, fall down? What do we do to do that? So there is a vulnerability assessment piece. I think this that has to come into place there and I think if and it's not always possible I think it's to ensure, where possible, that a risk or security function person, whatever you want to call it has the ability to influence inductions and that's inductions at that C-suite and executive suite.

Speaker 3:

More difficult, sorry, it's difficult both ways. It's very difficult I managed it and somehow achieved it to get to be part of the induction process for every new starter. So I could talk about travel security, I could talk about personal security awareness, I could talk about some of the associated risks that I felt were part of them working for a multinational. So I'm okay. Yeah, lucky me I was able to achieve that. But the bigger picture and the bigger challenge to your question is could I persuade those E-suite people to do it? And even if there was resistance or there is resistance formally to that, that? That then comes to me what is part of being a pretty reasonably good professional in doing this. You then take control of the narrative.

Speaker 2:

You make the opening, you do the introduction, you broach the subject and you deliver the subject awareness to that person, even if it's over a coffee I could honestly sit here and chat with you all day long, as you as you know from our previous discussions, but we're going to have to draw to a close because time is against us. But I wondered, you know, with all of your experience and it's vast and and it's you know, it's kind of translated the introduction of our digital world that we now live in and the internet and the sophistication that we use on social media and the vulnerabilities that that causes, etc. I mean, I guess, two questions. One is are you kind of optimistic or pessimistic around the challenge that's ahead of us from a security perspective to combat domestic extremism, and have you got, secondly, any predictions for what you think are going to be the future risks?

Speaker 3:

the kind of future risks. I was going to respond to the first part of the question, optimistic in a pessimistic way, which doesn't help your listeners or indeed you. I'm still optimistic because I think the quality of the people that I meet continuously doesn't surprise me but reinforces that there are some remarkably good people continuing to come out and be that second career, so existing military or policing, or in corporate or organizational careers as well. So I think there's still ability there. I think the challenge is persuading people, and I think we've touched on this in the podcast and perhaps the previous podcast is around understanding the threat, understanding the awareness of the threat and, I think, conflicting and competing demands for resource. Financially, we live in incredibly pressured and straightened times. So how do you persuade people to invest, either from a law enforcement perspective and I'd stretch that to something I touched on previously in the first podcast which is what about the judiciary? What about the CPA piece as well? What do you do around educating people, I guess, and I think the second piece really is. So I'm sort of optimistic, in a guarded, measured way, but I don't think we've got.

Speaker 3:

I suppose the analogy would be it would be easier to draw the analogy, isn. You know, we've had many, many years of the peace dividend, and rightly so. From you know, the 50 years of the Cold War and, in many respects, the right thing arguably to do, which was to take funding and put it into other, much more worthy and needed causes. We're now in a position where we've got to look at that and change that dynamic quite significantly. So we're going to spend more on defence, seemingly where we'll find the money to do that. I think this is a sort of similar parallel I would have. I think extremism and activism has the potential to be significant, still has the potential to be incredibly impactful, and I'm not sure we are anywhere near where we need to be in terms of resource at a state or government level, and I think hopefully, possibly a podcast such as this could at least trickle out or influence your phrase in influencing People just may want to think about what they're doing corporate in terms of how they prepare and develop for potential threat. I think key elements will be we've got a majority administration that's in power in the UK that is pushing ahead with many, many, many worthy initiatives to try and address the financial challenges we have as a nation state and to try and ensure that we're fit for purpose in the future by association. Many of those policies, many of those government edicts and initiatives potentially could lead to protest or reinforce protest, be that fossil fuels, be that nuclear, be that even in the spread of renewables, and it's how the message is taken Protests for me, over the years, philip, has always been what would and what does motivate me as an individual to go online to protest, to vent my comments or make a moan, and I'm old school so I tend to do that within the confines of legislation and morally acceptable behavior.

Speaker 3:

But what I do know is whichever pushes the button on people to protest, if it's significant it will be there, and we've talked around the fact that there is real transferable pieces and technology. It's very easy now to build up and organise a protest group to motivate people through influence and through social media, sometimes artificially change the boundaries of what's being put out there as information and thus misinformation and disinformation. So I think the potential is there, whether that manifests itself in real protest. We've spoken about the third runway, heathrow. We've talked about, or could talk about, nuclear power stations you know I'm talking to people across the piece here and everybody's sort of sitting and waiting to see what could happen.

Speaker 3:

There's been a lull in things like just stop oil and fossil fuels and there's been some reasonable tariffs of protests.

Speaker 3:

But again, if you're giving reasonable tariffs and reasonable convictions and in the meantime the prison system is saying actually we've got to cut those prison sentences back to martyring, back to people prepared to go to prison in the meantime to protest about what they don't like, whether it's the wind turbine or the solar farm in my back garden or the new road building programme that's going to obliterate my blissful country Adil and I think they are things that we can't answer. Certainly I can't answer on this podcast, but I do think activism and extremism in the UK is poised and it's a lovely get out for me because it's been poised and seems to have been poised for a number of years and could be. But I think for me as a professional in this world, the threat implication potential is still there and it could manifest itself. So I would certainly say you know this comes back to awareness, education of what the threat is. No difference there to anything that we all look at as professionals.

Speaker 2:

Guy, thank you so much. That's been so educational and so relevant to what we're all facing, wherever we are, whether you're a security professional or otherwise. Before we conclude, my thanks, obviously to Guy for A his time and B his wisdom. Remember to subscribe to the podcast and review it if you can. If you haven't listened to part one, do, because it's a real fantastic history of what the threats are and why are they and how are they manifested. And then we've got lots of other podcasts of interest.

Speaker 2:

A reminder to subscribe to our newsletter, diffuse News, which comes out every Monday morning, and I look forward to seeing you all again and hearing you again in the next podcast. But for now, guy, mathias, we will make sure that Guy's LinkedIn profile, et cetera, are on the show notes. So if anyone wants to make contact with him, I would highly, highly, highly recommend. If anything in this conversation grabbed your attention or was making you think actually I need a conversation, get in touch with Guy because he's a worthy consultant in this area. So for now, guy, thank you very much. Thank you, philip.

Speaker 1:

Thank you for listening to the Diffuse podcast with host Philip Brindell, CEO and founder of Diffuse. Please rate, review and subscribe on your favorite podcasting platforms.

People on this episode

Head Shot

Philip Grindell MSc CSyP

Host