The Watch Blog

Chris Klossner | May 4, 2026

The Origin and Meaning of Protective Intelligence

Analyst studying a protective intelligence case board with photographs, maps, and connecting lines linking persons of interest to locations

Why a thirty-year-old discipline still defines how we keep people safe

In the security industry, the term protective intelligence gets thrown around constantly. It shows up in vendor pitches, on websites, in conference talks, and in service descriptions that sometimes have nothing to do with what it actually means. Most people who use the term have never read the document that defined it, and very few know where the discipline came from. That gap matters, because the term is not marketing language. It names a specific function with a specific output, and the work behind it has saved lives.

If you do this work for a living, or if you are responsible for choosing the people who do it for your organization, the history is worth understanding.

Where the term comes from

In July 1998, the U.S. Department of Justice published a research report titled Protective Intelligence and Threat Assessment Investigations: A Guide for State and Local Law Enforcement Officials. The authors were Robert Fein, a psychologist with the U.S. Secret Service, and Bryan Vossekuil, then Deputy Special Agent in Charge of the Secret Service Intelligence Division. The full guide is still publicly available through the National Institute of Justice and the U.S. Secret Service.

The document was the published result of the Exceptional Case Study Project, a five-year study that examined the thinking and behavior of 83 individuals who had attacked or come close to attacking prominent public figures in the United States since 1949. The findings were significant. Attackers did not fit a single profile. They followed observable behavioral pathways. They could be assessed before they acted. The work created a framework for preventing targeted violence by collecting and analyzing intelligence about people who posed a threat.

That same year, the Secret Service established the National Threat Assessment Center as a permanent component of the agency. NTAC is still operational today and continues to publish research on targeted violence in workplaces, schools, public spaces, and government settings. The discipline that started with the Exceptional Case Study Project is now thirty years old and has expanded well beyond protecting public officials.

What protective intelligence actually is

Protective intelligence is the collection, analysis, and dissemination of intelligence in support of protecting a person, asset, or event from targeted violence. The output is decision-useful information for the people responsible for security, not raw data and not generic threat reporting. It answers specific questions about specific risks to specific protectees.

The function has three parts. Collection involves gathering information from open sources, internal records, behavioral indicators, and direct investigation. Analysis means evaluating that information against the protective requirement, separating signal from noise, and identifying patterns that indicate intent or capability. Dissemination is delivering the finished product to the people who can act on it, in time for them to act on it.

It is not a buzzword for monitoring social media. It is not a marketing label for a software platform. It is a structured analytical discipline with a thirty-year history and an established methodology, and the people who do it well treat it that way.

The relationship to threat assessment and risk intelligence

Protective intelligence sits alongside several adjacent disciplines, and the distinctions between them matter.

Threat assessment is the behavioral analysis of individuals who may pose a risk of targeted violence. It draws on the same Exceptional Case Study Project research and uses many of the same investigative methods, but its focus is the person of concern. The Association of Threat Assessment Professionals treats threat assessment and protective intelligence as integrated disciplines, because in practice, they are. You cannot do protective intelligence without threat assessment, and threat assessment without a protective application is just academic research.

Risk intelligence is broader. It encompasses strategic-level analysis of organizational risk, including operational, financial, geopolitical, and reputational factors. It is useful at the enterprise level, but it is not protective intelligence. The two terms are sometimes used interchangeably in marketing material, and they should not be. Protective intelligence is operational and behaviorally focused. Risk intelligence is strategic and organizationally focused. They serve different decisions and different audiences. Neither is a subset of the other.

Some practitioners have started arguing that protective intelligence as a term should be retired in favor of broader vocabulary. That argument tends to come from outside the discipline rather than from within it. The agencies, associations, and researchers who built the field still use the term because it names a specific function with a specific output. Renaming it does not change what the work is. It only obscures what the work is for the people who need it.

Why this matters operationally

The reason this history is worth knowing is that the discipline exists for a reason. Protective intelligence saves lives because it produces decision-useful intelligence about people who pose targeted risks, before they act. The Exceptional Case Study Project demonstrated that targeted attackers do not act impulsively in most cases. They plan. They prepare. They show observable behavioral indicators on the pathway to violence. Intervention is possible if someone is looking at the right things, in the right way, in time.

That is what protective intelligence does. It looks at the right things, in the right way, in time. Done well, it identifies the warning signs that other functions miss. Done poorly, or not at all, the warning signs go unnoticed until the attack happens.

This is the work we do at Convoy Group. It is downstream of a thirty-year intellectual tradition that began with the Secret Service and the National Institute of Justice, and the methodology we apply to corporate executives, faith communities, schools, and public figures is the same methodology Fein and Vossekuil documented in 1998. The names of the protectees change. The threat actors change. The platforms and tools change. The discipline does not.

When someone tells you protective intelligence is a small portion of something else, or that the term is minimizing, ask them which part of the Exceptional Case Study Project they disagree with. The answer will tell you whether they have done the reading, or whether they are selling something.

Related posts:

  1. When Public Information Becomes a Pre-Incident Indicator
  2. How Protective Intelligence Enhances Corporate Executive Protection
  3. How Priority Intelligence Requirements Enhance Executive Protection Services
  4. Global Executive Protection: Navigating Security Challenges in International Business Travel

Tags

Categories

About

The Convoy Group is your trusted source for all things security-related, from insider safety tips to insights into industry innovations. Our team of global security and intelligence experts is committed to providing top-notch personalized security solutions because safety always comes first.