A high-risk individual leaves one ​county or campus. The next team starts from zero.​

The risk didn’t reset—only the information did.​

It can quickly result in tragedy.

 

---

Key Takeaways

• Risk doesn’t reset—information does. When individuals move between counties, campuses, or systems, critical context is often lost—forcing teams to start from zero.
• The signals are there—but they’re fragmented. Most threats don’t emerge suddenly. They build over time through behaviors that are rarely connected across teams.’
• Early intervention depends on full context. Without a connected view of behavior across environments, teams are forced to react instead of intervene early.’
• The gap isn’t effort—it’s infrastructure. Teams are doing the work. But without systems that connect and carry information forward, prevention becomes harder than it should be.

 

---

Over the past few decades, the threat landscape has become faster, more complex, and increasingly interconnected. But one issue has remained the same: the information needed to prevent risk is often siloed. When data isn’t connected and actionable, even the best intelligence falls short.

One of the clearest examples of this came after 9/11. When investigators looked back, it wasn’t that information didn’t exist. It just wasn’t connected. The State Department flagged issues with visas and passports. The FBI was tracking individuals inside the U.S. The CIA was monitoring threats abroad. But those signals tragically never came together in time. As the Brookings Institution later put it, “the failure was simple: the government couldn’t “connect the dots.”

More than twenty years later, that same challenge still exists, except on a different scale. It’s no longer just a federal issue. It happens every day across counties, campuses, and organizations where critical information is scattered across systems and teams.

And when the dots don’t connect, risk grows.

Below are three examples of what happens when those connections are missed, and what changes when they’re made.

 

---

When Information Doesn’t Follow the Risk

Sergeant Krystyna Feola, a 14-year veteran of the Madison County Sheriff’s Office Criminal Division, notes that while threat assessment teams have improved information sharing amongst agencies, critical gaps remain, especially between agencies that lack shared systems or formal agreements.

Today, effective information sharing often depends on a patchwork of MOUs, established threat assessment protocols, and privacy frameworks (FERPA, HIPAA, etc.). When aligned, teams can securely transfer case information, maintain real-time visibility, and coordinate across law enforcement, mental health, and school personnel.

But when they’re not, teams fall back on manual workarounds: emails, phone calls, and personal relationships. These methods are slower, inconsistent, and fragile, especially when individuals move between jurisdictions and background information doesn’t move with them.

“Without shared systems, we’re relying on emails, phone calls, and personal relationships—and hoping the right person responds in time.”

Even when information does get passed along, it’s often incomplete. Teams receive fragments—enough to signal concern, but not enough to understand the full trajectory of risk.

In one case, information about an individual engaging in concerning behaviors, frequenting gun ranges and consuming active shooter content, eventually reached the Threat Assessment Team. But the information did not move as quickly as it could have.

“If that information had come later, the outcome could have been very different,” shares Feola.

 

---

You Can’t Act Early If You Can’t See the Full Picture

That gap is exactly why threat assessment teams have become so critical, especially in higher education. Captain Pablo Vargas of the University of Central Florida (UCF) describes a fundamentally different environment than even five years ago.

“Universities are no longer isolated campuses—they’re connected, fast-moving communities,” he explains. “Someone can live in one city, work in another, and attend school somewhere else. Behavior doesn’t stay in one place anymore.”

At UCF, that means managing risk across a population of more than 68,000 students, with constant movement between environments. The challenge isn’t just identifying risk. It’s identifying it early, before it escalates. But early intervention depends on having the full context.
Without that connection, teams are making decisions with blind spots.

“In threat management, timing matters. If you don’t see the full picture, you’re always reacting instead of staying ahead.”

It’s also important to note that most cases don’t begin as crimes. They begin as behavior, or subtle signals that, on their own, may not seem urgent such as a concerning communication or fixation on an individual or grievance. Individually, these signals are easy to overlook. But when connected, they can point to a trajectory that requires attention.

This is where threat assessment plays a critical role. It creates space to intervene early, before behavior escalates into violence or requires a purely law enforcement response. But that kind of intervention is only possible when teams can see the full picture.

 

---

The Pattern Starts Earlier Than You Think

The challenge doesn’t stop at universities. It starts even earlier. Holly Ryan, a Threat Assessment Specialist and School Psychologist with over 20 years of experience in Lakeville Area Schools, sees the same pattern play out in K–12 environments.

Students today are navigating a very different world—one shaped by social media, online communities, and increased isolation. “The online environment makes it incredibly easy for students to find connections,” she explains. “But not always in safe ways.”

At the same time, younger students are still developing the ability to distinguish between environments. What feels acceptable in informal settings—like online games or social media—doesn’t always translate to school. That gap shows up in how students communicate, regulate emotions, and respond to conflict.

As a result, schools are seeing earlier and more complex signals. And those signals rarely live in one place. Information about a student is spread across teachers, counselors, administrators, and families, each holding a different piece of the picture.

Subtle, but crucial signs can include:

• Lack of meaningful relationships with peers and adults
• Changes in behavior patterns / baseline
• Lack of social engagement
• Lack of impulse control
• Low distress tolerance; lack of resilience
• Substance use

“The goal isn’t just to respond to the initial concern,” Ryan explains. “It’s to understand the student in context.” That’s where most systems fall short, and where the right infrastructure makes a difference.
In Lakeville, that shift came with the adoption of structured threat assessment processes supported by TIPS. Instead of relying on emails, documents, and disconnected notes, multidisciplinary teams can document, track, and assess behavior in one place using evidence-based frameworks like CSTAG that often aid in decreased liability.

CSTAG is a model for conducting threat assessments in schools, aimed at helping educators and law enforcement professionals identify, assess, and manage threatening situations specifically within school environments.

 

---

We Keep Repeating the Same Mistake

Across law enforcement, higher education, and K–12, the pattern is consistent:

• The warning signs are there
• The information exists
• But it lives in different places

Research on targeted violence—including findings from the U.S. Secret Service—has reinforced this for years: individuals often exhibit observable behaviors before an incident. The issue isn’t a lack of signals. It’s that those signals aren’t connected in time.

 

---

What “Connected” Actually Looks Like

So what changes when systems are connected? Instead of starting from zero, teams see a continuous story:

• Prior assessments
• Behavioral history
• Escalation patterns over time

New information doesn’t sit in isolation. It builds on what’s already known. At UCF, centralized case management has changed how teams operate. “Before, information lived in reports, emails, conversations,” Vargas explains. “Now it’s all in one place. When new information comes in, it connects immediately to the existing case.”

 

---

 

Closing the Gap

Closing that gap isn’t about asking more of teams that are already burned out. It’s about building systems that allow information to move as seamlessly as the risk itself. 

That shift starts with a few critical changes:

• Move from isolated cases to continuous profiles: Track risk over time—not as one-off incidents
• Invest in connected case management systems: Ensure information follows the individual, not the system
• Enable permission-based data sharing across jurisdictions: Balance privacy with timely access to critical context
• Standardize documentation and processes: Improve consistency, coordination, and defensibility

Tools like TIPS help make this possible by enabling real-time updates, shared case visibility, secure role-based access, and a complete, structured case history that captures timelines and escalation patterns.

The people responsible for preventing harm are already doing the work. They’re identifying risks, coordinating responses, and stepping in before situations escalate. The gap isn’t effort. It’s infrastructure.

And until that infrastructure changes, the same patterns will repeat.

 

---

 

If we want better outcomes, we need systems that connect information as quickly as risk moves—so teams can act with full context, with no blind spots. If you’re ready to move in that direction, let’s talk.