Smarter Security: How AGS Protect Redesigned a Multi-Brand Corporate Headquarters Program in Response to Escalating Executive Threats

The engagement brief: escalating threats, a publicly visible target

The client is the corporate headquarters of a major multi-brand consumer goods company a publicly identified, prominently branded 11-story Class A office tower in West Los Angeles that serves as the named headquarters for six distinct consumer brands. The combination of public address, public branding, publicly known ownership, and public executive identity places the property in a materially different risk category than an ordinary Class A office building. When social-media monitoring identified escalating threats against company ownership, the client engaged AGS Protect not to fill more posts but to answer a harder question: is the existing security program capable of detecting, escalating, and responding to a threat that originates online and arrives at the front door?

The answer, after a structured assessment of every security domain, was: not yet. But it could be without a permanent increase in guard hours by fixing the orchestration.

Assessment finding: the problem was orchestration, not headcount

The baseline security program was not absent. The site had 24/7 officer coverage across day, swing, and graveyard shifts; a weekday Post Commander; a staffed lobby; a swing-shift rover; and a limited armed-officer presence during weekday business hours. For a corporate headquarters receiving threat intelligence, that sounds like coverage. The AGS assessment found something different: a program running with reasonable staffing and poor operating discipline. Ten specific structural gaps were identified across guard deployment, lobby operations, camera monitoring, access control, tailgating and door discipline, visitor management, vendor and loading access, parking garage, communications infrastructure, and reporting and analytics. Every domain had the same underlying diagnosis: the site was spending on presence and getting passive deterrence, when it needed orchestration and active detection.

The most structurally damaging gap was the lobby officer serving simultaneously as concierge, access-control lead, visitor processor, and passive camera monitor. Those are competing functions. An officer managing visitor queue, answering calls, and checking credentials will not reliably perform live video monitoring. That setup created a persistent false sense of surveillance: the cameras existed, the feed was visible, but no professional was watching it with a defined protocol and an SLA. AGS's characterization of this gap was precise: the site was paying for hardware without fully buying down the risk.

Phase 1 — Digital-to-physical threat escalation framework

The first deliverable was not a technology deployment it was a protocol. CISA's convergence guidance makes clear that organizations are exposed when cyber and physical security operate in silos. At this site, the silo was explicit: social media threat monitoring existed, but there was no defined trigger for that intelligence to change anything about the physical security posture at the front door. AGS designed a three-tier threat-notice protocol as the bridge.

Tier 1 Advisory Notice: Vague or non-specific online activity; generalized brand commentary; no time, place, or actor nexus. Distribution to Post Commander, site leadership, and AGS account lead. Action: situational awareness only no visible change unless the pattern grows or escalates.

Tier 2 Elevated Notice: Threat content that references the company, the address, a named executive, a time window, a specific arrival pattern, or a credible suspicious-behavior nexus (photography, probing, repeated loitering, badge or door testing). Distribution expanded to property manager, client security/leadership contact, AGS operations lead, and SOC supervisor. Action: camera watchlist activated, visitor pre-registration tightened, lobby verification strengthened, garage and curbside checks increased, armed officer repositioned to the most exposed zone for the relevant window.

Tier 3 Protective Action Notice: Specific, time-bound, or behaviorally credible threat with nexus to the site, a person, or an event; threatening communications paired with travel indicators; attempted intrusion; suspicious delivery; or protest intelligence with violence indicators. Distribution expanded to include LAPD and any executive-protection lead. Action: access rules tightened, nonessential visitors limited, armed coverage moved to a protective-response posture, hosts and reception briefed, law enforcement and executive protection coordinated as needed.

Phase 2 — SOC camera monitoring program

The SOC program was designed in four phases. Phase 1 is a complete camera audit: inventorying all cameras by zone, confirming fields of view, testing retention and export capability, identifying offline or degraded units, and confirming VMS compatibility with a professional monitoring platform (Immix-class architecture). Phase 2 connects priority cameras to the SOC starting with main lobby and exterior entries, garage entry/exit, garage elevator and stairwell lobbies, service and vendor doors, chronic door-prop locations, executive arrival and departure zones, and after-hours employee entrances. Phase 3 introduces AI-based exception alerting: person detected after hours, loitering, vehicle or person presence in the garage outside operating hours, door held open, door forced open, restricted-area access, vendor entry outside approved windows, camera tamper or offline, and panic/duress events. Phase 4 evaluates selective audio intervention in zones where it is operationally useful and legally supportable under California Penal Code section 632.

Phase 3 — Visitor management and access control modernization

The existing visitor process was manual and fragmented slow throughput, weak audit trail, no pre-screening, no host accountability, and no watchlist capability. For a building that may be targeted by individuals who have seen the company's public address and ownership identity, this was an unacceptable gap. AGS recommended Envoy as the visitor management platform if access-control integration was viable: pre-registration with host approval, customizable sign-in flows including ID verification and watchlist/blocklist screening, temporary credential and badge printing, digital NDA and policy acknowledgment capture, and emergency accountability through occupancy tracking. California CCPA/CPRA notice-at-collection requirements for visitor personal data were built into the kiosk workflow from the start.

Access-control assessment ran parallel: identifying the existing system brand and integrator, reviewing the door schedule, auditing access groups and admin rights, confirming door-held-open and forced-door alarm configuration, reviewing badge issue and expiration rules for employees, visitors, vendors, and former staff, and establishing monthly exception reporting across all critical event categories.

Phase 4 — Parking garage security program

The 300-space covered parking structure was assessed as its own operating environment not an extension of the lobby. Primary camera coverage was specified for vehicle entry/exit, gate-control points, elevator lobbies, stairwell landings, dead-end corners, pedestrian transfer points, and after-hours congregation zones. Patrol schedules were redesigned to combine fixed accountability minimums with randomized path and timing to eliminate the predictable sweep windows that characterize static patrol models. Radio coverage was tested on every level, with repeater placement specified for confirmed dead zones. Garage-specific TrackTik incident categories were created persons sleeping in vehicles, trespass, suspicious person, vehicle break-in, property damage, escort request, and after-hours occupancy generating a data stream that did not previously exist and enabling monthly trend analysis.

Phase 5 — Communications infrastructure modernization

The outdated radio environment was identified as critical infrastructure, not a commodity accessory. Poor audio quality, weak garage and stairwell coverage, no duress alerting, no audit trail, and no SOC visibility meant that a rapidly developing incident had no reliable communication backbone. AGS specified a hybrid model: Motorola MOTOTRBO digital radio for onsite tactical reliability, plus broadband PTT (WAVE PTX or equivalent) for dispatch visibility, supervisor awareness, armed-officer escalation, and garage/stairwell backup. Implementation followed five steps: site radio survey; pilot on the worst coverage zones (garage level P2, stairwells, lobby-to-exterior transitions); final device selection; channel plan and call-sign discipline; and training with duress drills, emergency-call procedures, and escalation codes. The selected system supports lobby-to-rover communication, garage coverage, armed-officer priority calling, emergency all-call, GPS/location for broadband users, dispatcher/SOC visibility, and redundancy for carrier or internet degradation.

The 90-day implementation roadmap

Days 1–30: Full site walk, workbook validation, access-control brand identification, complete camera audit, radio coverage testing, post-order rewrite, tailgating and vendor quick-fix policies, digital-threat escalation matrix launch, and weekly scorecard standing up.

Days 31–60: SOC monitoring pilot on priority cameras, radio/PTT pilot on highest-friction zones, Envoy workflow design and integration path, door-prop and forced-door reporting standing up, garage patrol matrix and camera-priority map, officer retraining on visitor enforcement, vendor control, threat escalation, garage response, and incident quality.

Days 61–90: Full integrated recommendation delivery with costed options, visitor management and access-control integration finalized, monitored camera zones expanded, communications platform deployed, monthly dashboard and QBR package launched, armed-officer schedule reviewed against real activity and intelligence, and a leadership-level review presented to the client.

Days 90–180: Program optimization based on data. Patrol and lobby workflows adjusted. Analytics and audio intervention added where legally supportable. Garage physical improvements implemented where the audit supports them. Executive-risk protocols formalized for elevated periods. Mobile response or off-duty law-enforcement overlays evaluated for defined high-threat windows only. Annual security review established.