The Risky Business of DIY School and Business Security:

There is a better way

The can-do American Spirit

Americans are resourceful. The current rise and popularity of DIY (Do-It-Yourself) is phenomenal; it’s more than a movement about crafting and cooking. Americans are willing to take on virtually anything to save time or money, to meet a legitimate need, or simply for the thrill of a challenge. A serious pitfall is the temptation to tackle a project that should be entrusted to professionals. Legal contracts, medical consulting, construction management, etc., are complex endeavors with big risk factors and far-reaching ramifications. Without regard for potential harm and liability, and despite limited training or experience, highly motivated and well-intended DIYers do take on these and other traditionally professional or technical activities.


There are exceptional DIYers who have had applicable training or experience and produce impressive, functional results. We applaud their creativity, hard work and good intentions. However, if their perspective is skewed or their skills fall short, the welfare of their families, businesses, and communities is at risk. Such is the case of self-directed and sometimes self-performed––DIY––security programs in schools and businesses across America.


As the home chef does, corporate and administrative executives and their teams find information-rich programming on television and the internet. They are inundated by education and parent associations, boards, trade magazines, and government studies and publications from FEMA, the Department of Justice, Department of Homeland Security, and the FBI. They receive articles, checklists, suggested products and procedures, and quasi-standards for institutional and personal security.


Part of this information overload and reaction is the reality of America’s increasingly violent society. Local, national, and international news broadcasts make it very clear that the need for effective prevention, appropriate security and reliable protection is greater than ever. Virtually every week there is a report of a mass shooting, detailing random or targeted violence at a school, business, or public venue.

The DIY Dilemma and outdated Business As Usual

The typical approach to security concerns in the past was to be aware of possible threats, provide a safe environment as best they could, and rely heavily on a little help from their friends in law enforcement. Despite widely publicized intense security issues in targeted violence scenarios, little has changed in the approach at the local level. Staff training is provided and incremental physical improvements are made with the hope that they will be effective. Unfortunately, this well-meaning, hands-on approach is inadequate for such critical needs, but it is still the norm due to many factors.


The reality of both random and targeted violence in schools, businesses, entertainment venues, and houses of worship in the United States is undeniable. Sometimes denial gives way to a resolve to “do something about it.” Inadequate security budgets and in-house resources are stretched. Reactionary thinkers offer unproven tactics. Familiar vendors push trending safety products to facility managers. Law enforcement and volunteer groups are directed to “do their best” even though they are not properly trained, educated, or experienced. The DIY security solution is launched on a wing and a prayer.


At this point of awareness, it’s imperative that those in positions of authority and influence cease doing Business As Usual. They must take an honest look at their community, facility, and personnel’s current and past approaches to the issues of security and safety. Consequently, their priorities are forced to shift from protection of property, to protecting human life.


A comprehensive assessment of current conditions must be performed. Recommendations for a reasonable process and implementation schedule must be developed and approved. This daunting task cannot be taken on with the former Business As Usual outdated methods, or with a DIY mentality, but rather with a mindset of The New Business As Usual.

The NEW Business As Usual

The New Business As Usual takes a mindful approach to security, safety, and protection of property and life. Rather than piecemeal solutions involving incremental purchases and physical improvements, it employs a comprehensive yet systematic approach. Project-based processes are inherently systematic and begin by engaging professionals. Project programming, design, and management are best performed by certified professionals. Security-specific assessments, design, and project management are necessary to a successful outcome and should be performed by a board-certified security consultant.


The project-based approach of The New Business As Usual can be highly cost effective compared to incremental spending. Without a complete campus and facility-wide plan for guidance, low-priority, incremental improvements can be poor and risky investments. Involvement of staff at multiple executive and administrative levels can be time-consuming, costly and cumbersome and may still yield ineffective solutions.


A professional security design consultant will use results from a Comprehensive Security Risk Assessment (CSRA) to produce a specific scope of work for competitive bidding. This method will result in procuring the exact services and products needed, from qualified contractors, on a specified schedule, for the best price. Procedural changes, communication advancements, and capital improvement projects can add significant long-term value to the facility. These successful projects produce tangible, potentially life-saving results as well as evidence of the leadership team’s engagement and accountability.


In addition to a professional and superior design, this more responsible and accountable approach can be shared with all stakeholders. The foundational CSRA prioritizes all needs. Once the Assessment is complete, a long-range masterplan of implementation can be established in conjunction with projected funding of the recommendations. The Assessment and its action plan provide credibility of the findings, feasibility of implementation, and evidence of committed leadership.


What does the Comprehensive Security Risk Assessment entail? Simply stated, a board-certified consultant experienced in security risk assessments, performs an in-depth site, campus and facility survey of the client property––school, business, church, entertainment venue, etc.––conducts interviews, collects data and defines potential issues. The client or owners’ representative receives a report with prioritized recommendations to maintain and improve the security and safety policies including operational and best security practices, safety and security procedures, physical security measures, and site hardening projects. 


This approach involves much more than the infrastructure alone. It includes Prevention, Policies, Procedures, Personnel, Compliance, Infrastructure, Technology, Response and Recovery preparations. Much of what is needed is about communication and operations. For instance, there is much optimism regarding prevention options and technology from reporting and tracking software like


Some initiatives will cost little or no extra money and can be enacted quickly. Part of this holistic approach requires coordination of all aspects in a systematic, reasonable, and balanced way.


Essentials of a COMPREHENSIVE SECURITY PROGRAM Implementation Process

  1. Name an internal Security Team composed of main stakeholders and a certified security consultant as facilitator.

  2. Commission a Comprehensive Security Risk Assessment (CSRA) throughout the facility/campus.

  3. Obtain a record set of facility’s architectural drawings and conduct a Comprehensive Preliminary Architectural Security Study (ComPASS) of the site and plans for use by the Security Team in cooperation with the Assessment.

  4. Identify priorities and estimated cost ranges associated with each project.

  5. Develop and institute operational, organizational, policy and procedure recommendations.

    • Establish emergency operations plans.

    • Provide staff and occupant training.

    • Develop prevention programs and staffing.

    • Create and coordinate recovery plans and processes.

    • Ensure coordination and communication with all levels of law enforcement and other first responders including fire department and EMS, as well as regional medical services, prevention coordinators, recovery team, and others as appropriate.

  6.  Achieve required governmental and district compliance.

  7.  Develop long range masterplan of project implementations.

  8.  Begin the first project design of the masterplan using a professional security design team consisting of the district   administrator and security director, project architect/security designer, board-certified security consultant, and   other key personnel.

  9.  Competitively bid and execute the first prioritized project.

  10.  Repeat the process, project by project, year by year as annual budgets permit.

Board-Certified Security Design Professionals

Board-certified Physical Security Professionals (PSP) are generally individuals involved in the security industry, in design, installation, training, assessment, architecture, etc.  Licensed architects with PSP certification are in a unique position to consider the physical infrastructure’s security concerns. With expertise in Life Safety and Fire Safety code compliance and implementation, a licensed architect routinely deals with aspects that are closely related to security concerns in the planning, design and construction of buildings. A licensed architect who is also board certified as a security professional brings a unique and valuable combination of essential skills and experience to the tasks of comprehensively assessing facility security risks, developing successful solutions to address and mitigate those identified, and preventing those and others in the future. The outcome is two-fold:  preventing loss of valuable assets, and more importantly, the protecting from harm and saving of human life.

Dennis Elledge, RA, PSP, AIA, is a principal at DE/SL LLC, Architecture & Security Design. Registered in the State of Missouri, Mr. Elledge has been practicing architecture for over 30 years. His specialties are houses of worship, K-12, and secondary schools. He is a board-certified Physical Security Professional (PSP), internationally credentialed by the American Society for Industrial Security (ASIS). Dennis Elledge’s architecture and security business is located in the Greater St. Louis, MO metropolitan area.