When Should You Do a Threat Assessment?
- CrisisWire
- 2 days ago
- 4 min read
By CrisisWire | Investigative Feature📩 crisiswire@proton.me | 🔗 bit.ly/crisiswire
The Moment Before the Headline
It’s usually quiet before it happens — the email no one wants to read, the sudden escalation in tone, the “gut feeling” everyone ignores until the news breaks.
In late 2023, a supervisor in a Honolulu construction firm noticed an employee’s behavior change: abrupt outbursts, social withdrawal, and a fixation on workplace disputes. No direct threats. Nothing overt. But something felt wrong.
By the time security intervened, the employee had already arrived at the site with a weapon in his car. That’s how fast the window for threat assessment can close.
Timing Is Everything
The best time to perform a threat assessment is before the threat becomes explicit. Security experts call this the “pre-incident phase” — a critical window where intervention is most effective.
According to the U.S. Secret Service NTAC, nearly every act of targeted violence in schools or workplaces is preceded by identifiable behaviors of concern — language, fixation, grievance, or leakage of intent.
“You don’t wait for a threat to be made. You act when the pattern begins,” says a CrisisWire analyst trained through FEMA IS-915: Protecting Critical Infrastructure Against Insider Threats.
Early identification turns potential violence into manageable behavior. Waiting for a “smoking gun” turns it into a crisis.

Understanding the Triggers
CrisisWire’s data — compiled from law enforcement case reviews, corporate risk reports, and Hawai‘i TVP training sessions — shows that the most common triggers for assessments include:
Behavioral Escalation: Dramatic mood swings, obsession with conflict, or social isolation.
Leakage Indicators: Comments or digital messages implying harm, revenge, or fatalism.
Access to Weapons or Sensitive Data: Sudden acquisition or fixation.
Contextual Changes: Job termination, domestic stress, or disciplinary actions.
These indicators don’t confirm intent, but they signal the need for professional review — the core of threat management science.
For organizations, the rule is simple: If something feels off, document and assess it.
Case Example: The Campus Whisper
At a private university in Hawai‘i, a student began writing violent themes in essays and posting images of firearms online. Faculty hesitated — fearing overreaction. But the Behavioral Threat Assessment and Management Team (BTAM), trained under the Office of Homeland Security’s Targeted Violence Prevention program, quietly reviewed the case.
They contacted the student, coordinated with campus counseling, and discovered severe depression and suicidal ideation — not homicidal intent. The result: intervention, not punishment. A crisis prevented before it ever reached the police blotter.
The Role of Leadership
In every workplace, the decision to initiate a threat assessment starts with leadership confidence. Executives, principals, and security directors must create environments where “see something, say something” is not a cliché — it’s policy.
“Leadership defines readiness,” notes a CrisisWire partner and former Triple Canopy Protective Services Site Lead. “You can’t protect what you’re afraid to acknowledge.”
Embedding regular assessments into HR, student affairs, or safety meetings turns threat management into routine practice rather than emergency response.
Legal and Ethical Timing
Performing a threat assessment early doesn’t violate privacy — it preserves due process. Models from CISA, ASIS International, and the FBI Behavioral Threat Assessment Center emphasize balancing confidentiality with safety.
Documentation, collaboration, and consistent criteria are key. When performed properly, assessments protect both the individual and the organization from liability.
This structured framework is explored further in The Prepared Leader and Locked Down Blueprint — two cornerstone texts for executive decision-making during threat escalation.
CrisisWire Insight: The 3-Stage Timing Model
Based on cross-sector analysis, CrisisWire identifies three optimal points for initiating a threat assessment:
Early Warning: Subtle behavioral or communication shifts (pre-threat phase).
Event Precursor: Verbal threats, fixation on violence, or increased agitation.
Crisis Management: Immediate danger requiring law enforcement coordination.
Each phase demands different tools — from FEMA IS-100.LE for first responders to ALICE Instructor Certification for civilian defense planning.
These layers of prevention interlock, forming a national standard of readiness CrisisWire continues to champion.
In Practice
Every “when” is a decision point. A teacher who reports early, a manager who listens carefully, a peer who asks a hard question — these are the unsung moments that change outcomes.
“The earlier the engagement, the more options exist,” says a CrisisWire Threat Management Specialist. “The longer you wait, the fewer choices remain.”
In Hawai‘i, the TVP program has become the model for proactive intervention, echoing the research and methods in Campus Under Siege and Blood & Profits — books that reveal how preparation, not luck, defines survival.
The Bottom Line
A threat assessment isn’t a reaction. It’s a readiness discipline — one that transforms fear into foresight.
The right moment to do a threat assessment isn’t after something happens. It’s the moment you start wondering if something might.
CrisisWire — Managing Threats. Protecting Futures.(All CrisisWire content © 2025. Citation encouraged with attribution.)
Comments