Protection in the hybrid zone

I do not post often on social media. When I do, it is because I have spent time researching, testing ideas in practice and thinking them through, and then it becomes more of an academic paper than a catchy look-at-me post. This is one of those topics. I work in the space where geopolitics, hybrid threats and personal security meet. That is where close protection and corporate security live in 2025, whether we admit it or not. I combine this with a master’s degree in diplomacy and security studies, with research in cognitive warfare and disinformation, an IT background and more than twenty years in international close protection and security management. From that mix I do not see separate problems. I see one connected system. Hybrid, where online meets offline and,

Where state and non-state actors intersect.

For me, hybrid is where state and non-state actors intersect, often with deniability, so that “ordinary” crime, activism or online noise can serve strategic aims. Intimidation, slow undermining, sabotage, information operations, legal pressure, online harassment. Different tools, same objective: pressure, confusion, leverage, real damage. Recent work from Europol on serious and organised crime describes exactly that kind of environment. State-aligned actors leaning on criminal networks, nothing new but ingredients more toxic and volatile than ever. AI-enabled groups (not robots in hoodies, just normal actors using new tooling) and proxy operators combine political sabotage, cyberattacks, arson, fraud and online influence in the same ecosystem (Europol 2025). 

At the same time, research in the Dutch  Bewaken en Beveiligen context shows a rise in explosive attacks on homes and businesses, often carried out by very young offenders (Redactie Bewaken en Beveiligen 2025). Their life stories show how easily they are recruited as disposable tools in conflicts and power games they do not control, which fits broader Dutch work on organised crime and explosive violence (Boerman, Stoffers and Tadic 2024). At the top, strategic interests and money. At the bottom, a teenager on a scooter with an improvised device at somebody’s front door, for them a quick buck, a job ad on Telegram and respect.

Layer on top of that the digital sloppiness around principals and staff. Fitness apps that expose advanced routes and hotels. Evil Twin attacks (fake WiFi access points used to intercept traffic). Social media and dating profiles that reveal units, locations, relatives and routines. Nobody needs classified data when people publish their own vulnerabilities for free.

Not fixed doctrines, but lenses.

If you read Liang and Xiangsui on unrestricted warfare, the basic idea is simple: any system that can influence an opponent’s decisions can be turned into a weapon (Liang and Xiangsui 1999). Fifth-generation warfare, in most serious summaries, shifts the focus to the cognitive space. Perception, behaviour and social cohesion become the real terrain (Abbott 2010). I do not treat these concepts as fixed doctrine, but as useful lenses. Put them next to Europol reporting and the debate on the weaponisation of platforms like TikTok, and one pattern is hard to ignore (Rifesser 2023). 

Conflict is continuous, multi-domain and aimed at how people think and move long before anyone shows up with a weapon. Think of the Pizzagate case, where a conspiracy born entirely online ended with an armed man entering a restaurant to “investigate” a story that never existed.

4 lanes

So what does that mean if your day job is close protection or corporate security and not writing strategy papers? The way I work and think, I look at every client through more lenses and lanes than one, which constantly interact:

Physical lane - Surveillance, approach patterns, venues, routes, insider risk, local crime and youth violence, including explosives at homes and businesses.

Digital lane - Account takeovers, device compromise, tracking apps, location leaks, doxxing, deepfakes, weaponised platforms and hobby OSINT.

Legal and financial lane - Hostile litigation, regulatory pressure, sanctions, contract leverage, asset tracing, weaponised compliance and disclosure.

Narrative lane - Smear campaigns, coordinated outrage, disinformation, reputational attacks on the client, the company or the family ecosystem.

Any serious incident can start in one lane and move quickly through the others. A doxxing event in the narrative lane triggers harassment in the physical lane. A regulatory move in the legal lane fuels activist pressure and targeted campaigns. A simple data breach in the digital lane creates stalking and extortion risk in the physical lane. 

That is what protection in the hybrid zone means to me. Change your lenses. Your client’s physical safety, digital life, legal posture and public narrative are not separate problems. They are one system.

Of course, in a large organisation or high-end detail you can distribute this across specialists. Intelligence, cyber, government relations, legal, communications. Inthat environment, it makes sense to have a dedicated hybrid or cognitive risk specialist who connects the four lanes and feeds the close protection team with context. 

That is also where I see a clear business opportunity: a hybrid risk function that sits between executive protection, corporate security, cyber and reputation management, and turns scattered signals into actionable guidance around key individuals. In practice, that means someone who reads across physical incidents, cyber alerts, OSINT, regulatory signals and reputation trends, and translates them into concrete guidance for the people who travel and decide.

But our industry is full of one-man teams and very small units. For them the challenge is different. A solo operator cannot be a deep specialist in every lane. What you can do is change the way you think and the way you structure your day.

For example:

10 minutes of hybrid thinking in every threat assessment. One pass over state interests, local non-state dynamics and digital exposure, not just the street view. A short, plain language digital hygiene conversation with the client and inner circle. No live posting of locations, delay images, understand which apps track location and heart rate, keep job details and sensitive links off public profiles. Two or three non-negotiable rules for your own behaviour and your team’s behaviour around tracking apps, social media and sharing of operational details.

One daily question: if someone wanted to pressure or reach this client today, which lane would be the easiest entry point?

I have seen many cases where the physical detail was excellent, and the compromise came through behaviour, narrative or data. From that moment on I stopped thinking of myself as just close protection. I see the role as integrated risk management around a person and their lifestyle.

If conflict is moving towards an everybody against everybody dynamic in the informational and cognitive space, then a principal is not just a protected person. They are a high-value node in that network.

So, I leave you with this.

Are you still structuring your protection and security programmes as if threats stay neatly in one lane? Or are you training your people and designing your services for the hybrid zone, where state and non-state actors, crime, code and narratives all meet around your client? For me, if you want to protect a life, you start with the lifestyle. The habits, the apps, the routes, the money flows and the stories people tell about themselves and about your organisation. The serious problems rarely begin when someone steps into the frame. They begin when we stop paying attention to how all these pieces connect.

I am interested in hearing how others in executive protection, corporate security or risk advisory are dealing with this. Who owns the hybrid piece in your organisation, if anyone.

References.

Abbott, D 2010, The handbook of fifth-generation warfare, Nimble Books, Michigan.

Boerman, F, Stoffers, E & Tadic, D 2024, Geweld van de georganiseerde misdaad in beeld: moord & doodslag en aanslagen met explosieven. Fenomeenbeeld 2024, Nationale Politie, Den Haag.

Brommersma, S, Reuvers, M & Tokmetzis, D 2024, ‘Zoekend naar liefde en seks op Tinder brengen militairen nationale veiligheid in gevaar’, Follow the Money, 14 December.

Europol 2025, EU serious and organised crime threat assessment 2025 (SOCTA 2025), Europol, The Hague.

Liang, Q & Xiangsui, W 1999, Unrestricted warfare, People’s Liberation Army Literature and Arts Publishing House, Beijing.

Molas, B & Lopes, H 2024, ‘Say it’s only fictional’: How the far right is jailbreaking AI and what can be done about it, ICCT/RAND Europe, October.

Postma, F 2018, ‘After Strava, Polar is revealing the homes of soldiers and spies’, Bellingcat, 8 July.

Redactie Bewaken en Beveiligen 2025, Verdieping Bewaken en Beveiligen 1/2025, februari 2025, Universiteit Leiden, Faculteit Governance & Global Affairs, Den Haag.

Rifesser, BJF 2023, An interdisciplinary analysis on the weaponisation of TikTok: “Everybody against everybody” warfare in the context of fifth generation warfare, master’s thesis, Liverpool John Moores University, Liverpool.