Turning protective security from theory into practice

Organisations today face an increasingly complex threat landscape, but one of the biggest challenges isn’t understanding the risk. It’s knowing how to apply protective security principles in a way that works in practice.

We spoke to George Trebess, one of our expert trainers delivering the Level 3 Award in Counter-Terrorism Protective Security and Preparedness (CTPSaP), about how organisations can move from awareness to action and build practical, effective security capability.

Why is it important for organisations to build capability in counter-terrorism protective security and preparedness?

Terrorist incidents in the UK are relatively infrequent, but their impact is immediate, significant, and far-reaching.

When incidents do occur, it’s often the people on the ground – staff, security, and even members of the public – who make the difference in those early moments.

Building capability isn’t about turning people into specialists. It’s about making sure they understand what to look for, feel confident to act, and know how to respond appropriately.

The Level 3 Award in Counter-Terrorism Protective Security and Preparedness (CTPSaP) gives learners a clear foundation. It helps them understand how attacks happen, how to think about risk, and what they can do within their role.

In simple terms, it helps organisations move from awareness to action.

Where do organisations often struggle to turn protective security principles into practice?

In most organisations, the challenge isn’t understanding security; it’s applying it in a way that works in real environments.

Guidance can often feel too generic, or processes can be either too complex or too simplistic. As a result, staff aren’t always clear on what “good” looks like in their setting. And that’s where things can drift into paper-based compliance.

The key is to keep it practical – focus on the specific environment, use simple risk thinking, and build awareness into everyday routines.

What’s the biggest misconception about counter-terrorism protective security?

A common misconception is that protective security is mainly about physical measures – barriers, access control, or technology. Those measures are important, but they’re only part of the picture.

In reality, many incidents have exposed gaps in awareness, behaviour, and communication rather than purely physical weaknesses.

People are often the strongest control – staff who understand what “normal” looks like, recognise suspicious behaviour, and feel confident to act or report can significantly reduce risk.

Another misconception is that security sits with one team. In practice, effective protective security is organisation wide.

What should organisations prioritise to strengthen preparedness?

Looking ahead, attacks are becoming simpler and sometimes harder to detect. So the priority should be getting the basics right:

• Building staff awareness
• Embedding simple, clear procedures
• Making sure plans are understood and tested
• Reinforcing messages such as Run, Hide, Tell

Regular exercises are essential – plans need to be familiar, not just written down.

The organisations that are most effective are those that keep things simple, practical, and well-rehearsed.

How can organisations translate national counter-terrorism guidance into something usable?

National guidance can sometimes feel complex, but it doesn’t need to be. The key is to break it down into something people can apply in their own environment. That might include:

• Training staff to recognise suspicious behaviour
• Having clear procedures for responding to incidents
• Using simple risk assessments based on threat, vulnerability, and impact

The focus should always be on what is proportionate and realistic. If people understand it and can apply it, it works. If they can’t, it won’t matter how well it’s written.

What’s the most important mindset for learners to take away from the CTPSaP qualification?

It’s important that people understand the limits of their role. They’re not expected to be experts in everything – and trying to be can actually create risk.

Good practice is recognising when something doesn’t feel right, using simple tools to assess it, and escalating early.

Seeking specialist support should always be seen as a positive step. Knowing when to ask for help is part of being competent, not a weakness.