COUNTERESPIONAGE.com.au
Home  /  The field  /  Choosing a provider

How to choose a counterespionage or TSCM provider

You are about to give this person uninhibited access to your most sensitive spaces and information. That alone should set the bar for how carefully you check them.

Definition

Vetting a counterespionage or TSCM provider means independently verifying their experience, credentials, integrity and standing before granting access, rather than relying on what they tell you.

Why the stakes are unusually high

Few suppliers are given the access a counterespionage practitioner receives. A TSCM team inspects your most sensitive rooms, often unsupervised, with the tools to examine everything in them. A behavioural or insider engagement involves candid access to your people and confidential information. Engage the wrong person and you have not reduced your risk; you have handed it to a stranger.

This is precisely why the field attracts a share of charlatans. The work is discreet, the clients are discreet, and claims are rarely challenged. That combination lets some operators overstate their experience for years without consequence, and the damage they can do, to your information, your people and your trust in the process, is real.

Common red flags

Treat the following as reasons to slow down and verify. They are not proof of bad faith, but they are signals that warrant scrutiny.

  • Unverifiable claims of experience or longevity. Be specific: ask where, for whom and for how long, then check it.
  • A newly registered company trading under a name very similar to a previous one. This can indicate a business wound up to shed debts or liability, then restarted. Company history is public, and worth checking.
  • Multiple undeclared trading names or websites that do not acknowledge one another. Honest operators are transparent about their related entities; concealment is a warning.
  • Little or no genuine, verifiable training. For behavioural work, postgraduate credentials in the relevant disciplines are a reasonable expectation. For TSCM, look for training completed at a recognised facility that vets who it admits, not a weekend course or self-certification.
  • Heavy self-promotion on LinkedIn or other unverifiable forums, with little independent corroboration. Visibility is not the same as standing.
  • A 'sweep' that amounts to one person walking the floor with a single handheld detector. Proper TSCM is methodical and layered, and a single gadget covers very little.
  • Vague answers about who actually attends. Ask who will be on site and what they are trained in, rather than how many people are billed.

The checks worth making

Most of the verification a client needs is straightforward, and a provider's willingness to support it tells you a great deal.

Ask for, and contact, referrals

The strongest validation is a referral from a client comparable to you in sector and sensitivity. Ask to speak to one, and actually make the call. A credible provider will arrange it within the bounds of their own confidentiality obligations.

Verify government claims independently

Providers who claim to service government can usually be checked. In Australia, government contracts and tenders are commonly published, through gazetted notices and tender records, so significant government work tends to leave a public trail. Look for it rather than taking the claim on trust.

Check the company and its history

Australian company and business-name records are public. Confirm the entity you are dealing with, how long it has genuinely operated, and whether it relates to other entities the provider has not mentioned.

Examine credentials, not just titles

For behavioural and credibility work, look for genuine postgraduate qualifications in fields such as behavioural science, credibility analysis or forensic linguistics. For TSCM, ask where the practitioner trained, and whether that facility is selective about who it admits.

Look for genuine professional standing

Credible practitioners tend to be active in the professional community at home and internationally: members of legitimate associations and, more tellingly, active contributors who attend conferences and networking events and often speak as subject-matter experts. Passive membership means little; active, verifiable contribution means more.

Run a background check

Given the access involved, a background check on the provider and the individuals who will attend is reasonable and proportionate. A professional will expect it, and will not be offended.

Ask how findings are substantiated

A credible practitioner can show and explain what they find, and how. It is fair to ask how any result would be documented, and to be wary of anyone whose findings cannot be substantiated, or whose method you are not allowed to understand.

A note on integrity

Integrity is the whole of this work. A practitioner who is loose with the truth about their own background is not someone to have inside your sensitive spaces or your confidential matters. The questions above are not about distrust; they are the ordinary diligence you would apply to any supplier granted extraordinary access, and a genuine professional will welcome them. The practices behind this site are happy to be held to all of it; you will find them on the find a specialist page.

Related topics

Topic

What is counterespionage

Topic

TSCM

Topic

Behavioural intelligence