THE CRISIS READY INSTITUTE BLOG

Establishing an Effective Threat Management Program (Part 3 of 5)

Part 3: Properly Assessing a Threat and Analyzing its Risk

While the terms ‘threat assessment’ and ‘risk analysis’ have been frequently used interchangeably, they are not the same.

Threat assessment is focused on determining what the associated potential harm could be (how could it hurt me?). Threat assessment focuses on possible consequences vs. probable consequences. When completed, a threat assessment will contribute directly to a risk analysis by identifying the consequences that will drive the related vulnerability analysis.

Risk analysis is focused on the effect of an event or incident on specific objectives or activities. Risk is recognized as a factor of probability (will it happen?) and vulnerability (can it hurt me? / do I care?). Effective risk analysis requires an understanding of what the likely consequences of an incident or event are, and the impact of those consequences on your organization’s ability to function. The best risk analysis that I have seen or participated in have two levels to their analysis – the overall probability and vulnerability to a specific threat, and then additional analysis of likelihood and vulnerability to focused consequences related to that threat.

Who Should Be Involved In This Process?

The cliché is that it takes a village to raise a child. Well, it takes a team to accurately assess a threat. Applying a multi-disciplinary approach towards threat assessment and risk analysis is perhaps the single most crucial feature of a practical threat assessment and risk analysis. A threat assessment team will provide the analysis that an organization requires to effectively quantify and prioritize the threats that they face. A well-rounded team includes a versatile group that can bring a variety of perspectives, capabilities, and backgrounds to play.

Threat assessment and risk analysis depend on the synthesis and analysis of both administrative and operational points of view. The assessment team should be comprised of staff that possesses fundamental knowledge across the range of functional disciplines and departments within the organization. They should be experienced individuals who can understand the possible cascading impacts associated with a threat and their potential consequences.

The Threat Assessment and Risk Analysis Process

Because of the foundational role that threat assessment plays in a threat management program, I strongly recommend the use of a standardized approach across an organization. There are any number of focused threat assessment models out there. I use one based on best practices introduced by ASIS, the Association of Threat Assessment Professionals (ATAP), and the National Behavioral Intervention Team Association (NaBITA)

Threat Assessment / Initial Screening

Threat assessment is accomplished through a process of compiling and analyzing information about a threat to quantify the associated potential for harm. This boils down to determining what the possible consequences of an incident or event could be and identifying how those consequences may be mitigated. When dealing with human-centered threats, this involves consideration of interest, motive, and intention driving the potentially harmful action. For natural or technological threats, where there is no discernable intent involved, the focus is solely on the potential for disruption or level of lethality, which may result from an identified threat.

The goal of the initial threat assessment is to ascertain in a gross or general manner the urgency presented by the threat. The assessment team should consider all information available with the intent to determine if the threat is valid, a risk analysis is appropriate, or if emergency intervention is required. There are no standards for deciding which path to follow. The decision is based on the culture and tolerance for risk in an organization.

The Threat Assessment Process

Threat assessment involves an investigation into the identified threats, which consists of:

  • Gathering information regarding the threats;
  • Analyzing that information within the context of the organization; and
  • Generating a list of possible impacts on the organization which the threat may inflict.

The assessment begins with seeking and collecting information to identify possible consequences associated with a threat. While the direct effects may be easily identified, a valid assessment looks at cascading impacts—secondary and tertiary disruptions, which may threaten an organization’s capability or capacity to operate. Once an understanding of the possible consequences associated with a threat has been established, an analysis should be undertaken to determine how those consequences could directly or indirectly impact the organization.

There are a variety of evaluation frameworks or models, rubrics, and analytic tools that can be used in this initial threat assessment, depending on the type of threat in question (violence, cyberattack, severe weather, theft, etc.) and customized to an organization’s threat criteria and tolerance. These tools should be used to initially assess, and then regularly reassess, the possible harm associated with a threat and determine if more in-depth risk analysis is warranted.

A standardized tool should be applied to objectively assess identified threats, regardless of how serious or trivial the threat may seem, and consistently use a rating system to indicate whether a threat is a low / medium / or high priority within an organization. Assessing the level of concern in this manner will enable the organization to identify its concerns and contribute directly to the vulnerability elements of a risk analysis process. I recommend that organizations document the determined priority level each time a threat is assessed, with the level potentially shifting over time as the environment evolves.

When the Assessment Reveals that Concern is Unwarranted

If based on the initial assessment, it is determined that concern regarding an identified threat is unwarranted, then no additional action may be necessary. That does not necessarily mean that the attitude toward the threat will not evolve or that environmental conditions will not change, resulting in a different assessment outcome in the future. If the assessment team determines that concern is unwarranted, then that decision should be recorded and revisited on a regular (at least annual) basis for reassessment.

When the Assessment Reveals that Emergency Intervention is Required

If the assessment team determines that emergency intervention is required based on the initial screening, then immediate action should be taken by the organization. In cases involving natural or technological threats, direct action may include the evacuation of personnel, deactivation of systems or networks, or other measures necessary to rapidly mitigate the potential for harm that was identified. For a human-centered threat, that action may involve a request for assistance from first responders or law enforcement, or activation of an organization’s focused incident response plan.

Conducting the Risk Analysis

Up to this point, we have solely been thinking about threat in terms of what is possible. Risk analysis brings probability into the discussion. As with a threat assessment, risk analysis should be conducted by a multi-disciplinary team using a standardized approach. While I can share best practices that I have found to be helpful, every organization needs to determine its own appetite for risk.

Traditionally, risk is defined as the probability of an incident occurring multiplied by the vulnerability of an organization to the harm associated with the threat being assessed.

Risk = Probability x Vulnerability

In most cases, that approach will provide an adequate level of awareness of the associated risk—and it can easily be visualized and provided to your team on a simple risk chart. Let’s evaluate each of these factors.

Evaluating Probability

Probability is the likelihood of something happening. Where base probability is usually expressed as a percentage, getting that detailed for a risk analysis does not necessarily provide additional value and a debate over a single percentage point for a probability score can quickly derail your entire threat assessment process. I recommend using a simplified five-point scale:

ScoreProbability RangeDescription
Very Low (1)1 in 100Happens every 100 years (Catastrophic Flooding / Structural Collapse)
Low (2)1 in 10Happens every 10 years (Earthquake / Solar Flare)
Medium (3)1 in 5Happens every year (Tornado / Burglary)
High (4)1 in 2Happens every month (Lightning Strike / Robbery)
Very High (5)≥ 1 in 2Happens every week (Thunderstorm / Cyberattack)

Evaluating Vulnerability

Vulnerability is a consideration of how badly a threat can harm an organization. Like probability, a five-point scale should provide an adequate level of detail to support risk analysis.

ScoreLevel of HarmDescription
Very Low (1)NegligibleWill not impact operations (Laptop Failure With Backup)
Low (2)MinorDisruption measured in hours (Injury Requiring Medical Attention)
Medium (3)MajorDisruption measured in days (Local Evacuation Due to Weather)
High (4)SevereDisruption measured in weeks (Wildfire)
Very High (5)CatastrophicDisruption measured in months or greater (Pandemic)

Calculating your Risk Scores

Risk analysis is usually represented as a discrete risk score, computed by multiplying the probability and vulnerability values. If you had a risk that was identified as having a high probability (4) and medium vulnerability (3), it would result in a risk score of High (4) x Medium (3) = 12.

Using a standardized five-point scale for risk analysis allows for the risk scores to be further defined into categories such as Catastrophic, Serious, Moderate, and Low based on the calculated rating.

  • Catastrophic ≥ 15
  • Serious ≥ 10
  • Medium ≥ 5
  • Low ≤ 4

In cases where a threat can have multiple vulnerability scores (for different locations, or different operational units within an organization), there are two conventional methods to calculate a single risk score:

  1. Probability x Highest Vulnerability where only the highest vulnerability score is used to calculate the risk score.
  2. Probability x Average Vulnerability where the vulnerability scores are averaged before being multiplied with the probability score

Additional Dimensions of Risk

Traditional risk analysis is meant to provide insight into whether there is a need to mitigate a threat, or whether it can be tolerated by an organization without compromising operational capability or capacity. Simplifying risk as a factor of only two variables (probability and vulnerability) allows for rapid analysis and relatively easy discussion of the results. While this quick and easy approach can provide an adequate quantification of risk, it does not necessarily provide the depth of understanding that may be needed in order to come to conclusions that drive the best possible outcome for a threat management program.

The complexities of a modern threat environment, especially when considering technological and human-centered threats, may require consideration of additional dimensions of risk to provide a more granular understanding of a threat’s potential within an organization, focusing on the interaction of the threat with an operational concern. As I discussed in my post about defining threat, this interaction is a hazard.

These additional risk considerations include the ability to detect a threat before it becomes a hazard or harm actually occurs, and the ability of an organization to correct the harm caused by a specific threat or hazard.

Evaluating Detectability

Threat detection is the likelihood of discovering and correcting a threat before it intersects with operations and becomes a hazard. For example, if an organization has facilities located in a known flood zone, there are several options to increase the detection of flooding before it negatively impacts operations. They can monitor weather forecasts, or interface with local flood sensor networks to provide warning of rising water levels. Through the same consideration, if there was not a flood detection sensor system in the area, then the detection value for the organization would be lower, resulting in a smaller value towards managing vulnerability and not providing as much value in reducing the risk score.

A detection value can be used as a modifier for the probability measure, with moderate detectability having a neutral value and not affecting the risk score. Values above and below refer to poor and good threat detectability, respectively.

ScoreLevel of DetectabilityDescription
Almost Certain (0.5) < 100%Hazard is easily visible / obvious to most people
High (0.75)< 80%Hazard is visible to most people
Moderate (1)< 50%Hazard is visible to knowledgeable people
Low (2)< 25%Hazard is visible to experts / specialists
Remote (3)< 10%Hazard is not visible without specific investigation

To continue the earlier example of a risk that was identified as having a high probability (4) and medium vulnerability (3), adding a detectability rating of low (2) will modify the probability from 4 to 8 (4 x 2), resulting in a risk score of 24 (8 x 3).  A detectability rating of high (0.75) would reduce the probability value from 4 to 3 (4 x 0.75), resulting in a risk score of 9 (3 x 3).

Evaluating Correctability

Threat correctability is related to the relative ease of mitigating a specific risk. It includes consideration of the feasibility and effort required to minimize associated vulnerabilities. This consists of both technical and economic concerns, i.e.: “can it be done?” and “can you afford to do it?”

This factor allows for the prioritization of threats that can be managed relatively easily, regardless of their degree of importance. The easier the mitigation, the higher the correctability score, which results in a higher risk score and an indication that action should be taken. However, the reverse is not valid. If mitigating the hazard is difficult, the risk score should not be decreased. Additionally, an unacceptable risk should not be tolerated just because corrective actions are impracticable.

ScoreCorrectabilityDescription
4Highly PracticalMitigation can be done very easily and at low cost
2Moderately PracticalMitigation is feasible. The solution requires additional resources but is achievable at an acceptable cost
1ImpracticalMitigation cannot be done easily. The solution is not available or needs significant resources at an unacceptable cost

Once again working from the earlier example of a risk with a probability rating of high (4) and a vulnerability rating of medium (3), adding a correctability factor of moderately practical (2) will modify the vulnerability score to 8 (4 x 2 = very high). That score is elevated not because the vulnerability is increased, but to artificially raise the priority of mitigation efforts because they are feasible.

While a combination of probability and vulnerability is commonly used to assess risk, it can be useful to consider additional factors that may also impact the determination if a risk is acceptable to an organization. For increasing risk scores for higher probability and vulnerability, a high detectability should be scaled to decrease the risk score, giving a more acceptable risk. A higher correctability should increase the risk score, demonstrating higher risk, and highlighting the need to implement mitigation procedures.

Visualizing Risk

Numbers are just numbers, but a colorful picture can capture the attention of an audience faster than almost any other approach. Visualization of your risk scores will help stakeholders understand risk on a more intuitive level. It allows people to see relationships between the various threats presented, making connections, and identifying patterns in the data which they otherwise may not have been able to.

BLACK: Catastrophic
DARK BLUE: Serious
LIGHT BLUE: Medium
PEACH: Low

Risk analysis information has traditionally been presented in a two-dimensional matrix, with probability and vulnerability as the axes.

Using a five-point scale allows for the clear charting of unmodified risk scores. Applying modifiers for detectability or correctability will require you to expand your matrix to support a larger scale. I also recommend including at least half-point indicators for increased fidelity.

Threat assessment and risk analysis are challenging disciplines that are best addressed through the use of a team of individuals to determine the scope, intensity, and possible consequences associated with an identified threat. To support the mitigation of that threat, an organization must decide if the threat is valid by assessing the potential impact of the threat, the probability of the associated hazards, and the organization’s vulnerability to those hazards. While there is no one-size-fits-all approach to this process, it should be holistic and focused on providing information and recommendations to manage the threat effectively and efficiently.

Read the other parts of this 5-part series on developing your Threat Management Program:

Part 1: Defining and Categorizing Threats for your Organization
Part 2: Designing the Ability to Properly Detect a Threat
Part 4: Best Practices for Threat Management
Part 5: Building Your Threat Management Program

  • Subscribe to the Crisis Ready® Blog

  • Recent Posts

  • Blog Categories

  • Upcoming Crisis Ready Course:

    Developing Your Crisis Communication Program

    Join us, September 21st and 23rd, to take your crisis communication skills to the next level.

    Take the first step towards your
    Crisis Ready® Certification

    Course: Mastering the Art of
    Crisis Communication and Leadership

    Our next cohort kicks off soon!

    The Crisis Ready® Coaching Program

    The new ‘normal’ is both complex and here to stay. More than that, it offers opportunities into a new way of engagement.

    The Crisis Ready® Coaching Program provides professionals with access to leading experts, ongoing support, and best-practice strategies for confidently navigating the complexities of today’s ever-changing world. All while elevating your team’s skills and your brand’s overall resilience for the security you need into an even stronger tomorrow.

    Click here to learn more.
    Author

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Newsletter Signup

    Paul Damaren

    Paul Damaren is the Global Director of Strategic Accounts for LRQA, a global Assurance Provider. Paul also holds the position of Chief Commercial Officer and Partner at StepUp Solution Services. Paul has worked as a Senior Executive in the Certification space for 10 years and has over 39 years’ experience in the Hospitality, Certification, Service, Retail agri-food and Technology sectors. Damaren is skilled in sales, marketing, certification, operations and software applications and he possesses an MBA from McGill University.

    Mr. Damaren has worked with many companies across multiple sectors in supporting their food safety, supply chain, health & wellness, front & back of house operations, brand protection, quality, environmental, health & safety, GMP/GDP compliance, automotive, aerospace, medical, information security and technology requirements.

    Paul was formerly a board member and Treasurer for the Ontario Food Protection Association (OFPA) and is a currently an Advisor & Council Member with The GW University School of Business and the Crisis Ready Institute.

    Before working in the Certification industry, Damaren was a professional Chef/consultant for 20+ years working in major hotel chains, restaurants, private golf courses and food service organizations. Further, Damaren was a member of the National Canadian Federation of Chefs and Cooks (C.F.C.C.) for 14 years, member of the Region of Waterloo Culinary Association (R.W.C.A.) for 14 years, President of R.W.C.A. (Region of Waterloo Culinary Association) for 3 years, special Events chairman - R.W.C.A. – 1998 – 2000 and National Culinary Ambassador to Russia for 5 years.

    Paul’s wealth of knowledge and experience across the span of our services supports his commitment to the ongoing success of our customers.

    As Executive Vice President and Managing Director in the BCW Public Affairs and Crisis practice, Licy drives healthcare and social impact policy and strategy, and helps shape strategic direction on diversity, inclusion and belonging for the firm and its clients across North America, in public and corporate affairs, government relations, communications, crisis and reputation management. Licy also leads the BCW Healthcare Team in Washington, D.C.

    An expert in public affairs, policy and diversity and inclusion, with over twenty five years of experience at the international, national, state and local levels across the nonprofit, philanthropic, corporate and government sectors, Licy is an accomplished, values-driven leader with unparalleled experience in developing and leading integrated public affairs campaigns combining strategic communications, public relations, political/legislative initiatives, policy, coalition building, grassroots efforts and advocacy.

    Before joining BCW, Licy built and lead a nationally recognized minority owned strategic public affairs and communications firm, served as Health Practice Chair and Principal at The Raben Group, was the Chief Executive Officer of The AIDS Alliance for Children, Youth and Families, and managed and helped set the leadership direction for strategic policy, communications, and advocacy investments in executive and senior government affairs roles for the American Cancer Society and the nation’s Community Health Centers.

    Before joining the private sector, Licy was domestic policy advisor to U.S. Congressman Barney Frank and served in several capacities in the Office of Senator Edward M. Kennedy. During his extensive tenure in Washington, D.C., Licy has played a leading role in efforts to draft, shape and enact legislation and policy to improve the public health, health care safety net and the lives, livelihoods and well-being of the nation’s disadvantaged and underserved communities. 

    Licy also has worked with Moet Hennessey to drive diversity and inclusion on Wall Street and corporate America. He has partnered with Vice President Al Gore, senior government officials, scientists, NGOs and activists, on global climate change impact and sustainability across Africa. And he was appointed by Republican and Democrat governors to oversee the conservation, preservation and management of a prominent U.S. national historic landmark.

    Licy is a graduate of Duke University and holds a certificate in public health leadership in epidemic preparedness and management from the University of North Chapel Hill—School of Public Health and Kenan Flagler Business School, and is the recipient of multiple industry awards and citations for his leadership, policy and public affairs acumen, including being named to The Hill Newspaper list of most influential  leaders in Washington, D.C. consecutively over the last ten years. As a global citizen, Licy has lived in Turkey and Spain, and is fluent in Spanish and Cape Verdean Portuguese.

    About the Inaugural Membership Feedback

    As we get this membership off the ground, we’re looking to our 2022 inaugural members to be a part of helping us strengthen and tailor this program to meet your needs.

    This will involve regular communication with the Crisis Ready Team to provide feedback, share requests for additional ways to support you and your business, etc.

    About the Crisis Ready Courses

    Each Crisis Ready Course is designed to help you strengthen your Crisis Ready® Expertise. Course subjects will include crisis communication, establishing governance, crisis leadership, storytelling for crisis comms, DEI integration, and more.

    Each course is complete with:

    • Anywhere from 4-15 hours of virtual learning that you can do at your own pace
    • Knowledge tests
    • Worksheets and resources to help you bring these valuable learnings and use them within your client work (applicable solely to those who have the license through this membership)
    • A Certificate Of Completion upon successful completion of each course

    Opportunity for Individualized Coaching and Support

    If you:

    • Sometimes feel as though you’re in over your head with your clients’ issue and crisis management needs
    • Could use support and coaching to help you prepare for and have business development discussions with prospective clients
    • Wish you had more behind-the-scenes support as you serve and support your clients
    • Would benefit from personalized coaching and support as you take your Crisis Ready skills and services to the next level...

    ... then you will benefit from Crisis Ready Institute's 1:1 coaching and support. This opportunity is retainer-based and is offered exclusively to our consultant and small agency members.

    This offering provides personalized coaching and support in:

    • Managing client issues and crises as they arise. We support you as you support your clients so that you can feel confident in the recommendations and advice you provide.
    • Integrating the Crisis Ready Model into your business and client work.
    • Helping you strategize business development conversations and close more deals.
    • Gaining buy-in from existing clients. We can be your frontward-facing partner or remain behind-the-scenes, whatever the situation calls for.

    Two Packages Available:

    Monthly retainer*
    Hours of support per month

    $2,500 USD
    Up to 5

    $5,000 USD
    Up to 10

    * This is in addition to the annual membership fee.

    Before you go to checkout...

    Sign up to demo this course!

    We're excited to be sharing Sustained Resilience: Building Tomorrow's Leaders with you. Fill in the form below to gain access to demo this course. Once you fill in this form, we'll send you an email with further instructions.

    Thank you for the honor of considering this important course for your curriculum. We look forward to sharing in the experience with you!

    Melissa Agnes

    FOUNDER AND CEO, CRISIS READY INSTITUTE

    • Recognized globally as an expert, thought-leader and visionary in the field of crisis communication.
    • Has worked with global players, including NATO, the Pentagon (DoD), Ministries of Foreign Affairs and Defense, financial firms, technology companies, healthcare organizations, cities and municipalities, law enforcement agencies, aviation organizations, global non-profits, etc.
    • Author of “Crisis Ready: Building an Invincible Brand in an Uncertain World”—ranked amongst the leading crisis management books of all time and named as one of the top ten
      business books of 2018 by Forbes.
    • Creator of the Crisis Ready® Model–which is recognized and being taught as leading industry best practice in universities and higher education curriculums around the world,
      including at Harvard University.
    • Leading international keynote speaker on the subject and TEDx alumna.
    • Sat on the panel tasked with developing the International Standard for Crisis Management— ISO 22361, Guidelines for developing a strategic capability.
    • Sits on the Board of Directors for ZeroNow, a non-profit on a mission to bring school violence down to ZERO.
    • Sat on Police Professional Standards, Ethics and Image Committee for the International Association of Chiefs of Police.
    • Founder of the Crisis Ready® Community.

    Build for a stronger tomorrow by strengthening your team’s skills in issue management, crisis management, and crisis communication.

    Between the demands of our social impact economy, the divisiveness of society and the many other challenges in front of us, embedding a crisis ready culture is more important than ever before. Having a team that is trained, poised, and empowered to effectively respond to risk, controversy and other threats, will strengthen stakeholder relationships and increase the brand equity of your organization. This is a powerful opportunity. The Crisis Ready® Coaching Program is specifically designed to equip your team with the tools needed today for launching into a stronger tomorrow.

    Effectively manage through today’s challenges with the help of a diverse group of experts.

    From best practices around re-opening, to diversity and inclusion, to managing through the impacts that 2020 has left on your business, the Crisis Ready® Coaching Program is designed to support you through the challenges of today, in order to recover faster and stronger for an even better tomorrow.

    Gain strategic foresight into the coming months, giving you the tools you need to better anticipate and plan for a stronger future.

    COVID-19 continues to affect a great majority of professionals and businesses, leaving them blindsided by its impact and all the uncertainty that came with it. The Crisis Ready® Coaching Program provides you with access to a diverse group of experts, each with unique areas of insight, to help provide you and your team with strengthened foresight to better anticipate and plan for both the risks and opportunities that lay ahead of us all.

    Licy Do Canto

    Licy Do Canto, is a veteran of public policy, corporate strategy, health care communications and diversity and inclusion, is managing director of APCO Worldwide’s Washington D.C. office headquarters and mid-Atlantic region lead. Licy is also a Global Advisory Council (GAC) member here at the Crisis Ready Institute and a highly recognized African-American public affairs, lobbyist and communications strategist— recognized by TheHill newspaper for the 11th consecutive year as one of the most influential leaders in Washington, DC.

    As Executive Vice President and Managing Director in the BCW Public Affairs and Crisis practice, Licy drives healthcare and social impact policy and strategy, and helps shape strategic direction on diversity, inclusion and belonging for the firm and its clients across North America, in public and corporate affairs, government relations, communications, crisis and reputation management. Licy also leads the BCW Healthcare Team in Washington, D.C.

    An expert in public affairs, policy and diversity and inclusion, with over twenty five years of experience at the international, national, state and local levels across the nonprofit, philanthropic, corporate and government sectors, Licy is an accomplished, values-driven leader with unparalleled experience in developing and leading integrated public affairs campaigns combining strategic communications, public relations, political/legislative initiatives, policy, coalition building, grassroots efforts and advocacy.

    Before joining BCW, Licy built and lead a nationally recognized minority owned strategic public affairs and communications firm, served as Health Practice Chair and Principal at The Raben Group, was the Chief Executive Officer of The AIDS Alliance for Children, Youth and Families, and managed and helped set the leadership direction for strategic policy, communications, and advocacy investments in executive and senior government affairs roles for the American Cancer Society and the nation’s Community Health Centers.

    Before joining the private sector, Licy was domestic policy advisor to U.S. Congressman Barney Frank and served in several capacities in the Office of Senator Edward M. Kennedy. During his extensive tenure in Washington, D.C., Licy has played a leading role in efforts to draft, shape and enact legislation and policy to improve the public health, health care safety net and the lives, livelihoods and well-being of the nation’s disadvantaged and underserved communities. 

    Licy also has worked with Moet Hennessey to drive diversity and inclusion on Wall Street and corporate America. He has partnered with Vice President Al Gore, senior government officials, scientists, NGOs and activists, on global climate change impact and sustainability across Africa. And he was appointed by Republican and Democrat governors to oversee the conservation, preservation and management of a prominent U.S. national historic landmark.

    Licy is a graduate of Duke University and holds a certificate in public health leadership in epidemic preparedness and management from the University of North Chapel Hill—School of Public Health and Kenan Flagler Business School, and is the recipient of multiple industry awards and citations for his leadership, policy and public affairs acumen, including being named to The Hill Newspaper list of most influential  leaders in Washington, D.C. consecutively over the last ten years. As a global citizen, Licy has lived in Turkey and Spain, and is fluent in Spanish and Cape Verdean Portuguese.

    Melissa Agnes

    Recognized globally as an expert, thought leader and visionary in the field of crisis communication, Melissa Agnes has worked with global players, including NATO, the Pentagon (DoD), Ministries of Foreign Affairs and Defense, financial firms, technology companies, healthcare organizations, cities and municipalities, law enforcement agencies, aviation organizations, global non-profits, and many others.

    In 2020, Melissa founded Crisis Ready Institute, a public benefit corporation dedicated to teaching advanced crisis communication skills.

    She's currently passionate about providing dedicated support to crisis communication consultants. Through her programs, she’s focused on helping them strengthen their crisis communication skills and credibility in the market, and supporting them in growing and scaling their business. The work they do is important and she's passionate about helping them amplify the positive impact they have in the world.

    Her book, Crisis Ready: Building an Invincible Brand in an Uncertain World, is taught in dozens of universities around the world, including at Harvard University; is ranked amongst the leading crisis management books of all time, by Book Authority; and was named one of the top ten business books of 2018 by Forbes.

    Melissa is the creator of the Crisis Ready® Model, which is recognized and being taught as leading industry best practice in the fields of crisis management and crisis communication.

    As an in-demand international keynote speaker and a TEDx alumna, Melissa has traveled the world helping organizations and leaders further strengthen their crisis ready mindset, skills and capabilities.

    In 2019, Melissa founded the Crisis Ready® Community, a space for professionals to come together to support one another, collaborate and strengthen their crisis ready skills.

    Melissa sits on the Board of Directors for ZeroNow, a non-profit committed to ending harmful events in schools.

    She also sat on the Board of Trustees for D'Youville University for four years until the end of her term, where she also serves as a visiting scholar for the course she co-created and co-teaches on Crisis Leadership.

    Passionate about serving law enforcement and bridging the trust divide between agencies and the communities they serve, Melissa is a former member of the International Association of Chiefs of Police (IACP). In 2021 she co-chaired a committee tasked with developing a strategy and plan of action to begin resolving the trust crisis in the U.S.

    In 2019 and 2020, Melissa sat on the panel tasked with developing the International Standard for Crisis Management— ISO 22361, Guidelines for developing a strategic capability.

    Born and raised in Montreal, Quebec, Melissa currently lives in New York City and enjoys weight-lifting, sailing, and exploring new cities, countries, and cultures.

    Erick Anez

    Erick Anez is the Global Head of Business Resilience at Finastra. Erick is a proven leader with well over a decade of experience leading change and transformation in the Operational Resilience field.

    His hands-on approach focuses on operational learning, culture, and reputational management. Erick holds a Bachelor of Emergency & Homeland Security, Graduate studies in Security and Disaster Management, is a Certified Business Continuity Professional (CBCP), Certified Risk Management Professional (CRMP), graduate of the FEMA institute in Incident Management and Command, and is a respected member of Public-Private partnerships within the Department of Homeland Security (DHS), Federal Bureau of Investigations (FBI) and  the Federal Emergency Management Agency (FEMA).

    Some of his most notable achievements in the field include leading the private sector response to Hurricane Maria as well as working with the Department of Homeland Security (DHS) in Continuity of Operations (CCOP) projects for mission-critical facilities in the United States. Erick has also trained with the Center for Disease Control (CDC) in Infectious Disease Planning and community response, including Point of Dispensing initiatives.

    From 2016 to 2019, Erick held several roles at Crowley and, most recently, was the company’s Managing Director of Safety & Resilience. During this time, he was responsible for resilience operations supporting all business segments as well as leading the organization’s safety culture improvement journey. At Crowley, he led the Occupational Health & Safety, Business Continuity, and Crisis Management teams.

    Before joining Crowley, Erick held similar roles at Southwest Gas and Third Federal Savings & Loan.

    Aaron Marks

    Founder and Principal, One Thirty Nine Consulting
    Global Advisory Council Member, Crisis Ready® Institute

    Aaron Marks is the founder and principal of One Thirty Nine Consulting, providing services for small and large businesses in Risk, Crisis, and Consequence Management.

    Supporting both domestic and international clients, he provides operational and subject matter expertise in readiness and preparedness, crisis and incident management, and business and operational continuity for complex systems and organizations.

    Aaron has provided in-depth review, assessment, and analysis for technology, policy, and operational programs for clients in healthcare, critical manufacturing, and entertainment and hospitality, as well as for state, local, tribal, territorial, and federal governments in the United States, Europe, and the Middle East. He is a recognized authority on the application of nontraditional techniques and methodologies to meet the unique requirements of training, evaluation, and analytic games and exercise.

    Prior to entering the readiness and preparedness field, Aaron was the Director of Operations for a commercial ambulance and Emergency Medical Services (EMS) provider in western New York State where he participated in the integration of commercial EMS and medical transportation resources into the local Trauma System.

    During his 30-year career, Aaron has worked in almost every aspect of EMS except fleet services. This includes experience in Hazardous Materials and Tactical Medicine, provision of prehospital care in urban, suburban, rural, and frontier environments, and acting as a team leader for both ground and aeromedical Critical Care Transport Teams.

    Aaron is a FEMA Master Exercise Practitioner and received a B.A. in Psychology from Texas Tech University in Lubbock, Texas, and a master’s degree in Public Administration with a focus in Emergency Management from Jacksonville State University in Jacksonville, Alabama. He is also a Nationally Registered Paramedic and currently practices as an Assistant Chief with the Amissville Volunteer Fire and Rescue Department, Amissville Virginia.

    Chris Hsiung

    Chris is the 11th Police Chief of the Mountain View Police Department, located in the heart of Silicon Valley. For more than 25 years, he has served the Mountain View community, and as the department’s leader, is passionate about maintaining MVPD’s role as a progressive law enforcement organization in the 21st century.

    Chris is an internationally recognized speaker and columnist on the areas of crisis communications, critical incident management, leadership, and engagement with stakeholder groups. In his time with Mountain View PD, Chris has held a variety of investigative, tactical, and leadership roles, serving in every division in the organization. He is a graduate of the Harvard Kennedy School of Government Senior Executives in State and Local Government program and has a master’s degree in eBusiness Management from Notre Dame de Namur in Belmont, CA.

    Chris also serves in several leadership positions on multiple boards, including as president on the Government Social Media Leadership Council and committee member on the IACP's Professional Standards, Ethics, and Image Committee. Previously, Chris served as a board member for the Peninsula Conflict Resolution Center and two terms as a commissioner on the City of San Mateo Community Relations Commission.

    You can connect with him on Twitter @Chief_Hsiung or LinkedIn.

    Ashley Davis

    Ashley is a Brand and Marketing Strategist who partners with CEOs, executives and solopreneurs to grow their personal and professional brands. After spending over a decade working in strategic communications for multimillion dollar brands and startups, Ashley knows what truly drives conversations, builds mutually beneficial relationships between organizations and their stakeholder groups and attracts strong strategic partnerships.

    Ashley has helped organizations and leaders increase employee awareness and overall understanding of the company vision. She has strong experience / knowledge of social media tools and techniques for driving awareness, reputation and brand—and is known for advancing a company's messaging in the marketplace by growing the following of now multiple multimillion dollar brands and startups.

    Ashley has served as the Editor of monthly all employee publications by managing the planning, writing and production. She is an integral part of new product launches and is frequently engaged to train entire sales teams along with channel / distribution partners on new product launches. In addition to her extensive experience, Ashley is a trained business coach.

    Ashley holds a BA in Global Business Management from the University of Phoenix.

    Newsletter sign up

    Stay informed and at the forefront of your Crisis Ready Mindset, Skillset, and Capabilities. Subscribe to the Crisis Ready Newsletter.