The tragic shooting attack at First Baptist Church, Sutherland Springs, Texas, prompted renewed consternation among security professionals regarding soft target risk mitigation and defense strategies. This deadliest church shooting in U.S. history generated renewed questions from our friends, family, and neighbors who either work at or frequent soft target locations, from sidewalk cafes to movie theaters and churches, and who expressed a feeling of helplessness in the face of increasing assaults on our most vulnerable sites.

When faced with such questions, security professionals often respond by huddling among ourselves to double check and wrestle with our strategies for response plans, perimeter security, access control, cameras, and staffing. Yet, although counterintuitive, we must also inclusively embrace those who question us and view them not just as constituents but as soft target stewards who represent our best chance to: “Deter, Detect, Delay, and Deal” with the next attack.

Soft target security thinking has evolved in a linear fashion to make softer targets harder by expanding perimeters, adding cameras, hiring guard staff and drafting response plans where none previously existed. This strategy served us well where appropriate and viable. For example, shopping malls, stadiums, and arenas have been increasingly hardened while preserving free-flowing access for those with a reason to be there.

Webster’s Dictionary offers a definition of stewardship that includes, “…especially the careful and responsible management of something entrusted to one’s care.” Restaurants, taverns, recreation centers, amphitheaters, corporate offices, and churches, all entrust employees with cash management, key customers, sanitary laws, and in the case of churches, the spiritual lives of parishioners. Yet, in many cases, security awareness and security training for these stewards remains limited to superficial levels.

But what of the truly soft target which by its very nature must remain publicly accessible with minimal impediments to patronage? The sidewalk café, the church or synagogue, the election polling site, all represent well known but fragile public-private hybrids of a necessary human interface. Increasingly, the corporate open source intelligence sector finds itself facing similar challenges as they struggle to design lobby area hybrid spaces to permit public crowd-sourcing and computer coding, community meetings, and first-floor dining options open to employees and the public. Such mixed-use space within corporate facilities is on the rise as cities and states mandate them as part of tax subsidy packages offered to relocate companies. This challenge calls for rethinking what it means to harden soft targets, and, to fully view the task through the lens of stewardship.

Soft target stewards, including security officers, can and should gain deeper understanding of security plans and procedures via existing tools and techniques such as short, animated video clips during meal breaks, and assignment of certain roles and responsibilities such as evacuation, 911 calling, communication of observed risk indicators to other employees and managers, handling of suspicious packages, and other critical actions. Waiters and waitresses, ushers and umpires, lifeguards and leasing agents must now become a part of a security policy and procedure development so that their role in the efficient management of an incident is rehearsed, focused, and instinctive.

Security Training Must be Inclusive

Those responsible for securing soft targets are familiar with the need to establish processes, procedures, roles, and responsibilities within security plans. Security leaders often correctly assert that they “own” these plans for the entity they are securing. Accountable security leadership is essential and advisable. However, security cannot occur in a vacuum and soft targets uniquely call for a more holistic, inclusive approach than currently employed.

Soft target defense is ill-served by a traditional binary approach that views security professionals as sole owners of security planning and execution, and constituents as solely those we protect. In fact, the softer the target, the more we must view every employee, vendor, contractor, and in some cases guest, as stewards of the security of that site.

Communication is Key

The best methods to implement a stewardship approach will vary with the nature of the location and the associated risk, but the concepts of “Deter, Detect, Delay and Deal” can be taught to employees who learn how to identify threats early, communicate and disseminate information efficiently, and react positively. Employees of all stripes can be taught process and procedure designed by professionals and instilled through scenario-based exercises and discussions that prompt independent thought and focus. When it comes to soft targets, protecting the crowd must, more than ever, incorporate the wisdom of the crowd, beginning with all employees and staff.