Good morning and welcome. Thanks for being here. I hope you are comfortably seated with a nice cup of coffee or tea. My name is Maz Camé. My background is 20 years in the Danish defense. I joined the Navy in 2002. Later transitioned into the military police and finally did 13 years in special operations as a frogman. Retired in 2022. And after that did three and a half years in a US based physical security company. Retired in 2022. I was in Nashville for one and a half year as a program manager, primarily working with high net worth families and Fortune 100 companies. After that I did two years as a managing director in Europe for the same company. And today I'm with the Tech Collective where I bridge the gap between physical and cyber security for the exact same people, executives and high net worth families. Let me start out by saying this. Security is about one thing. Living your life normally without thinking about it. When protection starts to feel like a burden, something has already gone wrong. So over the next 30 minutes, I want to give you a calm, practical view of where personal protection sits in 2026. And here's how we'll spend the time. Threats are almost never random. They begin with research and patience. And that logic has not changed. What happens has. So we'll look at the principle, the shift, what is actually visible about you right now. The framework I use when I think about protection. And some takeaways. One note up front, David was unfortunately not able to participate. I'm not a technical specialist or expert. So I won't pretend to be and I won't be diving into what David was supposed to cover. My job is simply to translate what we see operationally into a human risk in a language that I hope you'll be able to act on. Physical and digital threats aren't two separate concerns anymore. And I'll try and teach them, treat them sorry, as one discipline throughout. So in my experience, it's not really about watching the person or the target. It is to understand the environment. Who moves around them, where they are predictable, where the surface is solved. Every serious threat begins with research on a person, not a system. And the numbers back that up. Verizon reports that 60% of breaches involved the human element. And the FBI reported that 85% of all cyber crime losses came from cyber enabled fraud, not technical exploits. In these threat landscape, over 80% of phishing campaigns are now AI supported. Let me put that into a wider number. Or let me put a wider number on what is actually, or what this actually costs. So the FBI's 2025 Internet Crime Report released this April, recorded the total reported cyber crime loss of just over 20 billion US dollars in 2025. A 26 % increase from the year before. And the first time in 25 years of tracking that, complaints exceeded over 1 million in a single year. That is the US reported data only. Globally, cyber security ventures estimate cyber crime damages reached around 10 and a half trillion dollars in 2025. That's obviously a projection, but the direction is unambiguous. So, to put that in perspective, if cyber crime were an economy, it would be the third largest in the world. Only behind the United States and China economy. So these are not IT losses, they are human losses. It's fraud, impersonation, social engineering. So people being deceived, not systems being hacked. So imagine this, a building, locked doors, alarm is set, security camera at the entrance. Now imagine someone stands across the street for five mornings in a row. The same person arrives, same entrance, same time, every day. On the sixth day, they are not breaking in. They are simply walking in at the right moment. The lock was never the problem. The pattern was. So predictability is the vulnerability, not the absence of security measures. And this matters because most executives have invested in the lock. Good advisors, legal structures, secure premises, and a careful staff. And all of that is real, and it matters. But a lock only protects if someone has to pick it. If they already know when the door opens, the lock is irrelevant. The instinct here is to say, well, I keep a low profile. This probably doesn't apply to me. And I want to push back gently on that. In my experience, the most exposed people are usually the most careful in the ways they can see. They have thought about the lock. They have not thought about the street outside. It is the surface they cannot see that carries the risk. And that surface is what this session is about. Let's try and put it into an even bigger picture. Because the 2025 numbers are striking. The Security Executive Council study covering more than two decades of attacks on senior corporate executives reported executive targeting incidents doubled in 2025. That's the highest level on record. One in three of those incidents resulted in death or physical injury. The Allied Universal World Security Report reported 42% of corporate security chiefs a significant rise in threats of violence against executives. And this is not abstract. We see the same patterns. Reconnaissance turns into the address, the routine, the knock on the door. Ransomware groups are now mailing threatening letters to executives. And leaked data enables swatting calls. The cyber side and the physical side have stopped being two separate problems. So the discipline has to be one thing. Three layers. Digital. What's visible about you. Physical. Where are you present. And people. How your team responds when something doesn't feel right. So remove any of these and the two other fails. Now, how did we get here? Five years ago, this kind of operation required serious resources. Organized crime, state level access, time, money and physical proximity to the target. Today, that is not the case. A motivated individual with a few hours and an internet connection can assemble most of what they need. No special access. No physical presence. It used to leave traces. Now it leaves none. And I'll be careful with my wording here. I'm not saying that anyone can do this. It still requires competence. But the threshold has dropped significantly. Obscurity is no longer a defense. So what has not changed is the logic. Every operation still begins with research on a person. The target is still the human, not the system. The work is still patient, methodical and invisible. The danger. You will not know it happened until someone uses what they found. So what is actually visible about you right now? Well, the answer is most than most people expect. So what's out there? Well, home addresses from property registries and company fillings. Family members, names, locations, sometimes daily routines inferable from social activity around them. Travel patterns, readable from aviation tracking and hotel references. Financial picture estimated from property data. Your assistant name and contact details often on your own company website. So in Denmark specifically, property records are public. Company registration list, home addresses. And CVR, the public business registry, fully searchable by name, directorship, registered addresses and ownership structure. I'll stay at a level here of what's visible and what it means. Not the technical details of how it's gathered. That's where it matters most for you today. No single source is dangerous. The assembly is the danger. So what took a reconnaissance team days now takes one person, a screen and an afternoon. Okay, so let's make this a little bit more concrete with three cases that we've seen. These are not hypothetical. It's anonymized versions of real cases. Same underlying logic across all three. Research first. Person first. Low signature until the movement of execution. Cost to the adversary. Minimal. To case one, flight tracking. A private aircraft team number is publicly searchable on the same open tracking sites used by journalists and investigators every day. A motivated individual cross-references it with hotel arrival patterns and social activities around the travel dates. Within a week, they have a movement profile detailed enough to predict travel weeks in advance. Nothing was hacked. No law was broken. Everything was public. The aircraft registration was the only starting point they needed. Case two. Voice cloning. A financial director takes a call from what sounds exactly like the chief executive. Same voice. Same in iteration. Urgent tone. The voice is synthetic chained on a few seconds of audio from public available sources. A webinar like this. A conference clip. A media interview. And I'll say it again. A few seconds. Not minutes. Seconds. The CEO authorizes the wire transfer. The financial director has no reason to doubt it. The voice passed every mental credibility check. The technical capability is now off the shelf. What has evolved is the operational tradecraft around it. The defense is not technical. It's process. Any instruction with financial consequences should require verification through a second independent channel always. The company had been hit by a ransomware attack. And they made a decision not to pay. What followed was not a technical escalation. It was a personal one. The group had the executive's home address from a routine data breach. It had nothing to do with the executive personally. Be it a loyalty program, supply database or hotel chain. An emergency call is placed to the local police claiming an active shooter at the executive's home address. Armed response units shows up at the family home in the middle of the night. Children is in the house. Spouses at the door. Weapons are drawn. Luckily, no shots are fired. In most jurisdictions, the caller commits no crime. They can be easily prosecuted for. The message is unambiguous. We know where you live and we are willing to use it. One note on the geography. This pattern is best documented in the US. But the underlying logic is not geographically specific. The home address is the asset. Where it gets used depends only on the motivation of whoever holds it. This is why we also treat data breaches as physical security events, not only IT events. The breach had nothing to do with the executive. The address was the only thing that mattered. And it was available because nobody had thought to protect it. So, three different methods. Same logic. Research first. Person first. Low signature until the movement of execution. And in all three, the cost to the adversary was minimal. The cost to the target was not. All right. The model I use when I think about all of this. The Oterloop. And some of you out there probably already know about it. The Oterloop was developed by Colonel John Boyd from the US Air Force in 1976. Boyd was a fighter pilot and a military strategist. He observed that the pilot who won the most dog fires was rarely the one with the better aircraft. It was the one who could process information and react faster than the other. And this has since become one of the most widely used decision frameworks in military, the Air Force and law enforcement, intelligence agencies and so on. So, it's four steps. And I want to give each one a concrete meaning. So, step one. Observe. Taking in raw information from the environment. In our context today, someone researches your name, finds your address in the company filling, finds your assistant on LinkedIn, finds your aircraft tail number on a tracking site. They are simply observing. You're not aware of any of it. Second step. Orient. Make sense of what they found. They cross-reference the sources. A pattern emerges. Say you leave on a Thursday. You stay in the same hotel. Your spouse drops off the kids at school at 8am every day. They're building a picture and you still have no signal. Step three. Decide. Choosing a course of action based on what they know. Do they approach physically? Do they clone your voice and call you a finance director? Do they impersonate your lawyer in an email? Do they know that? The method is chosen based on what the research revealed, not before. And the last step. Execution, or act. The call is placed. The letter arrives. The police show up at your door. This is the first moment most people become aware any of this is happening. But by this point the adversary has completed three steps without any friction. So, in any situation the goal is always the same. Move through the loop faster than a threat does. But the better goal in my opinion, the smarter goal is to break the loop before it completes. So break it at step one, observe. If they cannot find you, they cannot orient. They cannot orient, they'll never reach, decide or act. So, here's an example. Two executives, similar profile, similar wealth, similar public presence. One has managed the digital surface. Limited data exposure. Family members not searchable. Travel patterns unclear. Assistant not named publicly. The other one has not. Address is visible in three registries. Spouses routines are on social media. Regular restaurant tags and photos. Assistant name on the website. The adversary starts with both. And within an hour, they have a full picture of one and almost nothing on the other. So, they move to the easier one. Not because the other one is invisible. But because friction and observe made the return on effort too low. So, you don't have to be invisible. You just have to be harder than the next person. So, Boyd's insight was about speed. My application is about friction. Create enough friction and observe. And most adversaries will never reach you at all. Okay. So, let me describe what a professional protection actually requires at an executive level. Not what any specific provider does. But rather what the discipline demands. It's three layers. All three working together. The first layer is the digital layer. Understand and reduce what is visible. Start with an honest exposure assessment. Your name, your family, your properties, your company structures. What that process finds is almost always surprising. Even for careful people. Data broker exposure needs to be active. Ongoing management. Not a one time action. Not be direct. This is, you know, a specialist discipline. And it requires specialist tools. It's not something an individual can manage manually. Monitoring needs to be continuous. For your details appearing where they should not. And for impersonation attempts. For domains that mimic yours. Early warning is the gold. Reaction is almost always too late. Layer 2. Physical. Reduce predictability. Travel should be briefed in advance. Not managed reactively. Your residents should be assessed from the outside. Not as a home. But as a potential surveillance target. Protection should be sized to the actual threat picture. Not a default template. This does not require a permanent close protection detail at all. It requires a professional assessment. And a proportionated response. If you do not have someone who can do the assessment. Find one. It's a one time exercise. That changes how you think about your space permanently. Layer 3. Brief and drill. This is the layer most organizations overlook. And often the one that matters. Most in the first seconds of an incident. Imagine your assistant, your driver, your family. They should understand what an approach looks like. Not frightened, but briefed. A well briefed assistant who pauses and says, hey, let me call you back on your direct line. Has stopped more attacks than any technical system. This does not require a large program. It requires conversation. Simple protocol. So start there. Okay. So three layers. Remove any one of them. And the two other are compromised. Digital without physical misses the moment of execution. Physical without people fails the softest part of the perimeter. And people without digital means you are reacting, not preventing. None of this needs to be visible to you on a normal day. The cost of doing this right is that you don't notice it. The cost of doing it wrong is the one day you do. Okay. So three things I want you to leave with today. First. Threats begin with the research. Not with an approach. Not with a breach. Listen with someone paying attention to you long before you're aware. The earlier you manage that surface, the less useful research becomes. Secondly. Good protection should be invisible to you. The professional layer manages the surface. You live your life. If you're thinking about security every morning, something is wrong. And third, the people around you are part of your perimeter, your family, your team, your driver, your assistant. Their exposure is your exposure. The strongest individual security still fails if the people closest to you are exposed. Thank you. Our team will be in touch individually over the coming days. No obligations. Simply an honest look at where the gaps are. Specific to you and your situation. Again, thank you for attending. I hope you have a great day. Stay safe out there. Stay safe out there.