Tips & Suggestions For Surveillance Detection Operators


This article is a follow-up to some of my earlier articles on the subject of surveillance and surveillance detection. For those of you who haven’t done so, it might be best to start with those earlier articles, since they explain more about the fundamentals of SD and covert operations. For those who have read my earlier articles, those who already know all about SD, or those who would rather skip the theory and just get some of my field recommendations, feel free to jump right in and read away.

The following tips and recommendations come from actual operational experience, and address a few common points that come up in private sector surveillance detection operations. The recommendations I give here are not, strictly speaking, focused on covert protection, but on surveillance detection. Neither I nor anyone else knows everything there is to know about surveillance detection, but if you disagree with what I wrote, or want to offer a correction, please feel free to express this in the comment section below (I’ll be very grateful for the feedback).

As always – no article, book, or seminar can actually teach people how to perform surveillance detection. Though some of the wording in this article might seem instructional, please keep in mind that this article is not intended to teach anyone how to execute surveillance detection operations.

Old Habits

undercover 3Cell phone 2

Old habits die hard. For many of us with military, law enforcement and security backgrounds, it’s hard to stop operating the way we’re used to. At some situations, we still tend to take positions close enough to be in control of the client, or fall into the habit of patrolling around the client. It’s important to keep reminding ourselves that SD is not physical security – it falls in the realm of intelligence. It’s got a protective function to it, which makes it a part of protective intelligence, but it’s not security, and the distances, actions and postures we need to assume should reflect that.

By falling back into old security habits, you’ll actually be providing your client a much less effective – and therefore less valuable – field intelligence service. If the client wanted another security officer, they’d have hired one. You’re there to provide a function that security cannot; to be the eyes and ears that security cannot have; to detect and report what security cannot detect and report. And though it might feel odd, and go against old security habits, to do such things as sit back and play with your phone (or at least appear to do so) at some cafe’ a block away from where your client is, keep in mind that you’ll be much less effective as an SD operator if you revert back to your old security habits.



Most people (especially security professionals), when told they’re going to spend a considerable amount of time outside on a covert operation, tend to take this to mean that they should “dress the part”. I’ve seen people go with jeans, hoodies, all black clothing, 5.11 gear, and “casual/covert tactical” clothing and apparel. Needless to say (or unfortunately not so needless), this is not the best look for the job.

One of the most useful aspects of the business-casual look (which I always advocate for) is the fact that it can cover the widest range of environments and do so without attracting attention, looking suspicious or even getting noticed. It easily blends into downtown/financial district environments, but it also works very well in residential areas (especially in quiet high-end ones), where people tend to be more suspicious of an unfamiliar person in their neighborhood. The business-casual look works in most city parks, cafes and restaurants (where most other appearances work as well), but it can also easily get you in and out of high-end hotels, stores, boutiques, galleries and the all important office or apartment building lobby. Business-casual isn’t a guaranteed pass into any location of course (nothing is), but on the whole it can give you the advantage of looking harmless and uninteresting to the widest range of people – from police officers on patrol to hotel lobby employees, shopkeepers, homeowners and most people on the street.

There’s a bit of a range to what’s considered business-casual, but what I mean by it is a buttoned-up business shirt tucked into slacks with dress shoes or possibly nice walking shoes. A full suit and tie will overshoot the mark, and might make you more noticeable rather than less. You can scale it down by replacing slacks with jeans, but make sure it’s a nice/dressy pair. Don’t wear sneakers or hiking shoes, don’t untuck that shirt. There aren’t all that many people who can detect it, but those who know what to look for (which also includes street-smart criminals) will immediately notice the combination of comfortable or sporty shoes with an untucked shirt (the kind that’s good for concealing a weapon or a radio).

Doesn’t this mean you won’t be able to conceal your weapon in the way you’re used to concealing it? Yes, it does; which is another reason why I suggest not carrying weapons when conducting SD. You won’t need it to protect anyone else, since you’re job isn’t security, it’s field protective intelligence; and if you personally feel too uncomfortable going out on a covert operation unarmed, then I recommend you either work on getting more comfortable with it or consider whether or not private sector field intelligence is the right fit for you.

Don’t wear any tactical gear: no comfortable tactical boots (yes, we can see what they are, no they don’t just look like ordinary black shoes – not even when they’re half covered by your pant legs), no 5.11 “Covert” shirts, pants, vests or jackets (please don’t trust 5.11 to tell you what is or isn’t covert in the real world. If the product has “Covert” in its title, it usually isn’t). If it looks like a sharp piece of clothing or gear that you think will look good on you during a covert operation, you should probably leave it at home.

Yes, it’s true that lots of normal people out there wear jeans and hoodies and untucked buttoned shirts, but those people don’t have to worry about occupying vantage points, covertly detecting correlations, spending hours on end in the same area and possibly having to wander in and out of stores, hotels and office buildings at various times of the day. Whenever there’s a choice between appearing cool and operational or nerdy and businesslike, the latter should always win. The fact that this doesn’t suit your taste, and doesn’t represent who you are, is exactly the point. Stop trying to look good. You’re not trying to impress anyone here – look good on your own time – right now you need to be bland and boring in order for no one to notice and remember you.

One objection to all of this is that clothes you’re not used to wearing might feel uncomfortable, and if you feel uncomfortable you might look uncomfortable, which can attract attention and suspicion. My first reply to this objection is that even if you do insist on wearing the clothes you’re comfortable in, all the comfort in the world isn’t going to cover up the fact that you’d be modelling some classic version of the low-profile or “casual tactical” look. Comfort is important, but appearance is even more so. Secondly, if you can’t get comfortable, or even just appear to be comfortable, in something like business-casual, or in anything that doesn’t perfectly represent who you are and what you’re actually doing, then covert operations might not be the right thing for you. Much of this work, including many of the locations, actions and movements that are required, tends to be weird and uncomfortable. And if you can’t find a way to get comfortable with this, then clothes you’re not used to might be the least of your problems.

Correlation to the target – Yes or No?


This fundamental rule of SD becomes very apparent when trying to determine the degree of suspicion we should attribute to an individual. As soon as you start looking for hostile surveillance, you start seeing lots of people doing lots of strange and suspicious things around the target. It’s a classic form of Confirmation Bias (the reason why ghost hunters keep “finding” ghosts), and if you let it get the best of you, you’re going to drown in a sea of false-positive white noise.

The defining factor you need to look for in people is correlation to the target. No correlation – no positive detection, and it doesn’t much matter how strange someone’s actions or appearance might be. I’m not saying you should ignore strange or suspicious looking people, I’m saying that if your mission is to conduct surveillance detection (as opposed to physical security or covert protection) then the only thing you should be looking for is hostile surveillance, and the parameters for establishing suspicion of hostile surveillance have to do with correlation to the target.

SD is a pretty crazy business, and the hyper awareness that operators have to get themselves into can really play with your mind. I’ve seen operators getting themselves worked up to the point of paranoia – reporting multiple positive detections of everything from hostile surveillance to other mysterious SD units every single hour. I don’t pretend to be completely immune to this, nor is it impossible that such detections might be accurate. Practice and experience can help sort through the white noise, but the most useful way to calm the SD demons in your head and to stay on track with your mission is to simply ask – is there a correlation to the target, and if so, what is it? If you can’t answer these questions, and can’t frame your suspicion in the context of correlation to the target, then you can’t establish a positive detection. No correlation – no detection. Make a little mental note of the person you’re suspicious of, and if you see them again, or see them correlating in any way in the future, you might want to elevate your suspicion level. But for now, let it go and move on.

Over-observing and over-reporting


Whenever a suspicious person is reported for actually correlating to the target, It’s very tempting for security professionals (and I’m not excluding myself from this) to not let them out of your sight, and to keep collecting as many details about them as you can. The problem with this is that the mission of an SD operator is to detect and report correlations to the target in order to determine if there’s hostile surveillance on it. This means that after a strong correlation is reported, it’s not usually the job of the SD operator to stay on top of the suspect, and keep collecting and reporting more and more details on them. That job might belong to counter surveillance, or (more often than not) to conventional security or law enforcement.

Unless your SD mission also has a protective or counter surveillance component to it, report the correlation, give a description of the individual and his/her actions, and move on. It’s not that we want to ignore them, on the contrary, we’ll keep reporting if we keep seeing them in the future. But after they’ve been reported, there are sharply diminishing returns to watching them closely and reporting every little detail you can see. You’re not usually going to collect additional important information that hasn’t already been reported, and you’re risking exposure by correlating to the correlating individual. Report the individual, and move on. If there’s more to report later on, report it, but don’t hover or roost over individuals who’ve already been reported.

Most clients are almost as worried about their SD operators getting exposed, and embarrassingly splattered all over social media, than they are about hostile surveillance. SD is culminated in the detection and reporting of a correlation to the target, not in an incessant collection and reporting of details.

Following suspects


When suspicious individuals who spend long periods of time at a vantage point start moving, security professionals (and, once again, I’m not excluding myself from this) have a natural inclination to follow them. In most cases, this is an unnecessary and risky move that should be avoided.

When SD operations are properly planned, and the area is mapped out in advance, SD operators have the ‘home field advantage’. We know where the target’s vulnerabilities are, and we know where all the surveillance vantage points are. We don’t need to follow anyone to see if they’re leaving the area or moving from one VP to another. We can break visual, take a different route from that which the suspect took, make our way towards another SD vantage point, and see if we can detect the suspect at any of the other surveillance VP we know are available to them. You can do this by going the opposite direction from the one the suspect took, circle around the block and pop out behind some other surveillance VP you know of. And you can do this while avoiding the risk of conducting mobile counter surveillance on a suspect within a limited area, in proximity to the target. You only go mobile on a mobile individual if you don’t know where the individual is going. And since we already know where all the points of interest are, there’s no need for us to correlate to a suspect by mirroring their movements. They’re the ones who have to work hard to hide their movements. All we need to do is pop in and out of the picture to check the surveillance vantage points for correlations to the target.

Vantage Points (VP)


So you found a nice spot where you can sit comfortably and maintain visual control over the target – congratulations, you’ve just put yourself in a surveillance vantage point. The problem with this is that surveillance VP are where surveillance operatives want to be. If we want to detect these surveillance operatives, we would be wise to not sit right on top of them, but at some angle where we can detect them without them detecting us (preferably behind them). If you have to find an SD vantage point behind the surveillance VP then in most cases there will be quite a bit of distance between your SD vantage point and the target. Moreover, by doing this, you’ll be allowing a potential enemy to be closer to your client than you are – something that makes many security professionals uneasy. It’s at this point that you have to keep reminding yourself that if your mission is to strictly conduct SD then you’re not, strictly speaking, doing security, you’re providing a function of field protective intelligence; in which case you can calm down about the distance factor.

In the not very rare cases where there’s no good SD vantage point behind the surveillance VP (or even at any other angle to it), it’s possible you’ll have to put yourself in a surveillance VP. In these uncomfortable cases, keep in mind that what you should be focusing on (covertly, of course) are the people around you, not the target.

Mistakes and lousy vantage points


So you found yourself in a lousy SD vantage point, or found yourself enacting a classic mistake you were taught to avoid during SD training – welcome to the real world of operational SD. For those who received training in SD, you probably remember some of these classic mistakes: jumping from one vantage point to another, using bus stops as vantage points without eventually boarding a bus, correlating to the target, etc. (I’ve discussed these mistakes in a number of my previous articles).

Should you be happy about making any of these mistakes? Of course not. But should you abort the entire mission after realizing you’ve just made a mistake? No, not usually. There might be cases where a small mistake can indeed jeopardize the entire mission, or thoroughly expose an SD operator, but in most private sector operations this will not be the case. You’ll just need to move on, avoid appearing nervous about making a mistake, and try to avoid making it in the future.

The one good thing you have going for you is that for the vast majority of people, it’s very difficult to detect surveillance, let alone surveillance detection, even when mistakes are made. If this were not so, SD operators would be detected right and left because it’s very rare to find someone who’s never made a mistake. The reason why it’s difficult to detect such things is actually quite simple. Humans have a very limited attention span and focus spectrum. That’s why it’s so important to train in surveillance detection. It doesn’t come naturally to most people.

I’ve conducted dozens and dozens of SD exercises over the years, and from my experience, I can say that it’s extremely difficult, even for skilled SD trainees, to actually detect a covert role-player, even when they know there’s one out there. When you transfer this to the real world, where there aren’t any dedicated trainees that are looking for you, you’ll find that the relatively few people who aren’t consumed by their cell phones are usually consumed by other thoughts and distractions, and are miles and miles away from ever noticing your mistake, let alone concluding that you’re an SD operator. I’m not suggesting you abandon your abundance of caution, and take it for granted that you’ll never get exposed. I’m simply saying that in the inevitable cases when you’re going to break a rule of SD methodology, 99.999% of the population is still going to be completely oblivious to it. Always try to avoid mistakes, but don’t panic when they inevitably happen.

Get my book, Surveillance Zone to learn more about this topic and many others.
Go behind the scenes of corporate surveillance detection & covert special operations. Get a first-person account of actual covert operations I’ve participated in. Learn the secrets of the trade and discover a hidden world that’s all around you.


11 thoughts on “Tips & Suggestions For Surveillance Detection Operators

  1. Thanks for sharing this interesting article. I agree in your suggestions but in others not like: (SD operatives without weapons) Since the surveillance investigator perspective is necessary to blend into the enviroment and have a natural cover for a part-time or full time stationary surveillance operation, the eyeball/trigger will play this role blending into the enviroment.

    2nd point: correlation to the target: it depends if the area a quiet place like residential area or congested area like México city. If not the same that the SD operative to detect correlation of one follow car during the principal´s arrival or depature than a sophisticated surveillance team.

    3third point: I understand the sd operative work full time in dedicated sd unit , only to observe, detect and report but what if the principal is victim of attack or kidnap?

    1. Thank you for your comment.
      I didn’t quite catch what your first point was, but let me address the second and the third ones.

      2nd point:
      Correlation to the target always depends on the environment, and there are various kinds of possible correlations too. The point still stands that correlation to the target is the key.

      3rd point:
      SD provides a function of intelligence, looking for indicators of hostile planning that might lead to hostile attacks. If the attack already happens, it often means something was missed earlier on. Not everything is necessarily detectable or preventable, but providing physical protection/close protection/covert protection is not the same thing as providing SD. It would be great if the same people could provide both simultaneously (and it’s not theoretically impossible in every case), but in most cases, distances, postures and types of attention are different depending on the category.
      I know of cases where both SD (preventive intelligence) and covert protection (reactive counter-measures) are deployed around a single principal, but they are executed by different teams, at different distances.

  2. […] This article will cover some of the more common misconceptions I’ve encountered among non-practitioners of covert operations (mainly those who want to employ covert operators). For those interested in getting tips for field operators, please check out my previous articles, Tips & Suggestions for Covert Operators and Tips & Suggestions for SD Operators. […]

    1. Thank you very much, Jim. I really appreciate it. It would really help me out if you wanted to post a review of it on the Amazon page and/or let people know about it.
      Thanks again.

  3. This is another riveting masterpiece. Thanks, Ami.

    Just a thought here: what happens when the SD team is also working Close protection for the same client, especially when you consider that some clients are budget-conscious and hence not disposed to funding multiple teams? Will arming the SD team then be an issue?

    Thanks again.

  4. I am looking forward to reading this book. I have a real interest in this type of work having already obtained training on Covert Surveillance. Good job!

Leave a Reply to Jim GCancel reply