The CARVER Vulnerability Assessment methodology is an easy-to-apply security assessment tool that is used to conduct security vulnerability assessments throughout the Critical Infrastructure Sector. CARVER can be used by police departments and facility security professionals to assess the vulnerabilities at the asset-level, a critical system or infrastructure to an attack based upon detailed analysis of the six attributes of CARVER. By conducting such a vulnerability assessment and identifying vulnerabilities in your security program, you can then more accurately dedicate your mitigation strategies, limited resources and funding to protecting valuable assets and your business operations.

CARVER is an inexpensive and adaptable open source risk management methodology that is used by numerous military, Federal, state and local agencies and requires no expensive software to implement. This workshop provides your organization a practical methodology to improve your existing security program and aid in evaluating the effectiveness and efficiency of your existing security processes.

Who Should Attend

  • Port and Local Police Officers, Training Mangers, and Law Enforcement Command Staff
  • Facility Security Officers
  • Facility MTSA Regulatory Compliance Managers and Staff
  • Purchasing Managers responsible for Security Equipment Acquisition and Security Manpower Contract Management
  • Private Security Contractor Managers and Training Managers
  • Critical Infrastructure Security Managers
  • Vessel Security Officers
  • Federal, state and local security risk management regulatory agencies
  • School Resource Officers

What You Will Learn

  • How to use the Carver Assessment Process to improve overall faculty safety
  • How to identify security gaps and elusive root cause security issues in your security processes and security plan
  • How to communicate security risk to senior management
  • How to evaluate the actual effectiveness of your existing security program
  • How to determine the effectiveness of your security manpower contractor
  • How to improve physical security without spending more money

After the course is complete, all students will receive the forms and spreadsheet necessary to perform their own CARVER based assessments.

Instructor: Tom McCoig, CPP, Senior Consultant, Global Security Leader of ABS Group

Mr. McCoig is a senior risk management consultant with 42 years of combined military, law enforcement, safety, training, physical security, and security risk management expertise.

For over 8 years, Mr. McCoig has provided technical guidance to the Department of Homeland Security (DHS) supporting the implementation of the Chemical Facility Anti-Terrorism Standard (CFATS).  Specifically he has provided guidance and quality assurance oversight in the review of security vulnerability assessments and site security plans.  He was the lead instructor and supported the course development for four separate 10-week Chemical Security Academy’s for the Department of Homeland Security CFATS program.  These 10-week academies provided regulatory and job-specific training for over 110 Chemical Security Inspector new-hires.  Additionally, he provides technical support for special program needs as requested by DHS that pertain to CFATS implementation and developed the draft version of the Chemical Security Inspector Handbook.

A former U.S. Air Force Security Police Officer, he also served as a certified law enforcement officer in the state of Tennessee between 1977 and 1980. In addition, he served as a reserve police officer for 10 years after leaving full-time law enforcement. 

For 24 years, Mr. McCoig worked for the Lockheed Martin Energy Systems Safeguards and Security Division at the Department of Energy (DOE) Y-12 Defense Nuclear Weapons Manufacturing Facility in Oak Ridge, Tennessee.  At Y-12, Mr. McCoig served as a Special Response Team (SRT) Commander and as the Environmental, Health, and Safety Officer (Range Safety Officer) for the Protective Force Central Training Facility and directly managed the safety program for a facility that provided for over 850 armed security force officers firearms, tactics, SRT live-fire shooting house training, and all other facets of DOE protective force requirements.  

Highlights of his experience in assessment team facilitation include conducting physical security and vulnerability assessment technical services for the National Institute of Health Campus in Bethesda, Maryland; Panama Canal Authority; numerous chemical and petrochemical facilities; research facilities; hospitals; schools; domestic and international port/terminal facilities; domestic and international water/wastewater treatment plants; and rail yard facilities. Mr. McCoig has also conducted a sensitive insider threat assessment at a major U.S. airport.

Mr. McCoig has numerous years of security audit and inspection experience in evaluating armed and unarmed security force effectiveness, security force safety and firearms/live-fire range programs, day-today site security operations and evaluating integrated physical security systems performance objectives.  Mr. McCoig is skilled in using numerous security and risk assessment methodologies and adapting those methods to meet client objectives. He is a gifted teacher and conducts security workshops domestically and internationally. He has been actively teaching security risk management training courses and workshops since 1983.

His diverse background represents a unique blend of operational, tactical, technical, and managerial skills that provide practical solutions for the security risk issues facing industry and government. He is a member of the American Society of Industrial Security (ASIS) and has served two terms on its Crime Prevention Council.  He is the former vice-chairman of the Knoxville, Tennessee ASIS chapter.

Some highlights of Mr. McCoig’s experience include:

International and Domestic Seaport and Airport Security

  • In 1996 he provided radiological detection training using the “radiation detection pager” technology to more than 2,200 U.S. Customs Inspectors across numerous domestic seaports and airports
  • In February of 2012 he provided a 1-week Port Security auditing workshop for the European Union Port Security Compliance team in Brussels, Belgium
  • Provided International Ship and Port Security Code (ISPS) port police training in St. Lucia, West Indies, for the Organization of America States (OAS)
  • Conducted a port security workshop and tabletop exercise for managers and personnel with security duties for Bay Ferries Corporation in Rochester, New York. Bay Ferries operates a 700 passenger fast ferry between Rochester and Canada in Lake Erie (June 2005)
  • Provided Facility Security Officer Training and other training workshops for the Port of Baltimore to assist in compliance with 33 CFR Part 105. (2004)
  • Provided technical support to Moffatt Nichols Engineering in Baltimore, Maryland, in the development of a technical request for proposal that totals over $7 million for vendors to design and implement a wide area network CCTV system, vehicle barrier deterrent system, and a perimeter intrusion detection system for five Port of Baltimore shipping terminals
  • Conducted Facility Security Officer Training workshops for Port Facility Security Officers in Halifax, Nova Scotia
  • Conducted more than thirty Port and Vessel Security Officer workshops for the American Bureau of Shipping
  • Provided Port Security Auditing and Inspection Training workshops for Transport Canada in St. John’s, Newfoundland
  • Provided maritime security officer training and ISPS security assessment technical services for the Government of the British Virgin Islands (February 2003)
  • Provided ISPS Code maritime security officer, exercise’ and drill training; developing security procedures and providing security assessment technical services for the cruise ship terminals at the Port of Bahamas in Nassau, Bahamas (March 2003)
  • Facilitated and led the onsite security team conducting the threat and vulnerability assessments for the Panama Canal Authority (January thru April 2003)
  • Provided maritime security officer training and ISPS Code security compliance reviews for  the Government of the Grand Cayman Islands (July 2003)
  • Provided security risk management support to a large inland river public port located on the Mississippi River near St. Louis (under a Transportation Security Administration [TSA] grant award of $100,000 that Mr. McCoig co-authored)
  • Participated on an American Bureau of Shipping consulting team that assisted the Port of Baltimore in complying with US Coast Guard (USCG) security requirements for facilities covered under 33 CFR 105, the main result of which was the development and submittal of a facility security assessment (FSA) and facility security plan (FSP) to the USCG (2003)
  • Developed FSAs and FSPs for the British Petroleum Toledo Refinery and Newark, New Jersey, terminals; the Panama Canal Authority; and the Tri-city Regional Port District in Granite City, Illinois
  • Served as a senior security analyst to the TSA’s Proof of Concept Project for the Ohio River Secure Port Infrastructure Center of Excellence at the Port of Huntington in West Virginia; developing the grant concept and co-authoring the grant to the TSA for this prospect (grant award was $750,000 (2002 and 2003)
  • Conducted a physical security survey for the Port of Charleston (South Carolina) Police Department (1998)

Tennessee Valley Authority

  • Developed and conducted a two-week Security Risk Management Course for the Tennessee Valley Authority Police Department.  This course provided training to 35 TVA Inspectors and law enforcement staff that are responsible for managing security risk across the TVA power grid system

Water Treatment Plant and Waste Water Treatment Plant Assessments

  • Led security vulnerability assessment team conducting the assessments for the Island of Trinidad Water and Sewer Authority (WASA) December 2005)
  • Conducted technical and operational review of security policies, procedures, employee training and emergency and critical incident response protocols for the Knoxville, Tennessee Utility Board water treatment system (April 2005)

Transportation Systems

  • Provided security subject matter and vulnerability assessment expertise to the National Safe Skies Alliance (Safe Skies) supporting the Transportation Security Administration (TSA) Employee Access Control Screening project (May thru September 2006)
  • Conducted security survey of the Charleston, West Virginia and Niagara Falls rail yards for Olin Corporation chlorine tankers stationed at the rail yards

Department of Energy Security and Safety Support

  • Conducted small arms safe weapons use analyses for enriched uranium storage facilities and a toxic waste disposal facility
  • Conducted post firearms accident technical support and provided mitigation recommendations for the United States Enrichment Corporation (USEC) Paducah Gaseous Diffusion Plant (June 2004)
  • Provided security force firearms and live fire safety subject matter expertise to the DOE Headquarters Tiger Team Assessment at the Idaho National Engineering Lab (INEL) (1991)
  • Conducted live-fire training facility risk analysis surveys and completed safety analysis documents for Idaho National Engineering Laboratory (INEL) and the Department of Energy Central Training Facility in Oak Ridge, Tennessee
  • Provided security force and safety operational readiness review for reactor startup activities at the Savannah River K-reactor in Aiken, South Carolina (1990)
  • Provided security force firearms and security operations safety analysis support for the United States Enrichment Corporation protective forces at the Portsmouth, Ohio, and Paducah, Kentucky, Gaseous Diffusion Plants (2003 and 2004)
  • Provided security force firearms and security operations safety audit and inspection team support for DOE at the strategic petroleum reserve facilities in Texas and Louisiana (1989)


CarverSummary and Registration