One of the biggest mistakes in development is assuming security can be figured out later.

It can’t.

Because once a facility is built, you are no longer designing you are reacting and in many cases, the risks you are dealing with were entirely predictable.

This is where Threat Risk Assessments (TRAs) should be part of due diligence from day one.

A Real-World Example of Missed Risk

This isn’t theoretical.

A highly secure critical infrastructure facility was built with a controlled vehicle access point into a secure compound. The entrance is protected by large bi-folding gates, engineered to be non-scalable and resistant to vehicle ramming.

From a design standpoint, it appears secure.

But the surrounding environment tells a different story.

The site is directly adjacent to a busy 24/7 retail plaza, anchored by a coffee shop that operates around the clock. The plaza experiences constant foot traffic and has ongoing issues with loitering, congregation, and open drug use, resulting in a consistent presence of individuals occupying the space at all hours.

Now consider how the site was actually built:

• The secure vehicle entrance backs onto the plaza
• A low chain-link fence separates the two properties, with multiple openings due to wear and tear
• The driveway functions as an informal pedestrian route from the plaza
• A grassed area beside the gate allows unrestricted access from both the street and the plaza
• Individuals can walk directly up to the secure gate without challenge

And critically:

• The gate, while physically robust, is slow to close

The Vulnerability That Was Designed In

This creates a clear and repeatable security gap.

An individual can stand near the access point without drawing attention. When an authorized vehicle enters, the gate opens and due to the delay in closing, it becomes possible to piggyback directly into a secure compound.

No forced entry.
No sophisticated tactics.
Just timing and opportunity.

This isn’t a failure of the equipment.

It’s a failure of planning and design.

How This Could Have Been Prevented

None of these issues are complex to identify if they are assessed early.

A proper Threat and Risk Assessment during the due diligence or design phase would have identified:

• The adjacent land use and its impact on security
• The presence of constant foot traffic and congregation
• The likelihood of informal access routes forming
• The risk of unauthorized proximity to a critical access point
• The vulnerability created by gate timing and the lack of layered control

From there, the design could have incorporated:

• Increased standoff distance from the public realm
• Secondary access controls (e.g., layered or staged entry)
• Reinforced and continuous perimeter fencing
• Elimination of informal pedestrian pathways leading to secure access points
• Faster or controlled gate operation with monitoring

These are not extreme measures they are standard considerations when risk is properly understood.

The Real Cost

Now that the facility is built, the options are limited:

• Costly retrofits
• Increased reliance on security personnel
• Ongoing exposure to unauthorized access attempts
• Operational strain and liability

All of which could have been avoided.

The Takeaway

Security isn’t just about strong infrastructure it’s about context.

You can install the most robust gate available, but if the surrounding environment allows individuals to approach, wait, and exploit access points, the system is compromised before it even fails.

This is why Threat Risk Assessments are not optional.

They are a critical part of development due diligence and design.

Let’s Talk About Your Project

If you are planning a development, especially one involving secure or sensitive operations the question is not whether you need security.

It is whether you understand the risks before you build.

At Stagg Solutions, we work with developers, engineers, and stakeholders to identify real-world risks early and ensure they are addressed through design, not left to be managed after the fact.

If you are evaluating a site or moving into design, now is the time to ask:

What are we missing, and what will it cost us later?

Let’s have that conversation before it becomes a problem.