In February 2023, Russell D. Heller, a supervisor for Public Service Electric and Gas Company (PSE&G), was shot and killed next to his car in the workplace parking lot in New Jersey. The shooter, Gary T. Curtis, was a former PSE&G employee who had been fired in 2022. According to prosecutors, the attack was targeted—retaliation for workplace grievances.

Curtis’s family members said he had talked about problems at work and they knew Heller was his supervisor, but they had no insight into Curtis’s plans. After the shooting, they described the violence as out of character for Curtis, saying they did not know he owned a gun.

This incident illustrates how a workplace grievance can continue even after a formal separation. Prior to his termination, Curtis voiced his grievances to the company and went as far as filing a complaint with the U.S. Equal Employment Opportunity Commission (EEOC), alleging harassment in the workplace.

According to his family members, Curtis felt the company did not take his claims seriously, and even when his employment with PSE&G ended, the underlying conditions and feelings remained. Curtis did not lash out indiscriminately: He returned to a familiar environment to confront a specific person associated with his grievance.

This is what security professionals mean when they talk about a lingering insider threat. The risk is no longer about internal access to systems or facilities. It is about the mix of an unresolved grievance, fixation, and opportunity.

The failure to identify warning signs of targeted workplace violence is painfully common. It is a reminder that threat assessments are necessary to help proactively identify risks.

A threat assessment is often over-simplified as an attempt to predict what may occur based on prior experience and activity. Instead, this type of analysis is far more in-depth and practical. It is a structured way to evaluate behavior, context, and change over time, allowing security leaders to make informed decisions that mitigate risk before a situation reaches the point of no return. Rather than depending on intuition or stereotypes, the analysis is based on identifying observable patterns.

For security professionals, the distinction between random acts of violence and targeted attacks matters. Heller’s murder was not an unpredictable act of violence, erupting without warning. What began as a workplace grievance grew even after Curtis’s termination, which occurred several months prior to the shooting.

Most organizations treat separation as a finish line. From a security standpoint, the immediate concern feels resolved, and in most cases it is—but not in all situations. One of the most important and most overlooked patterns in workplace violence is the role of time after separation.

Time Doesn’t Heal All Wounds

The overwhelming majority of people who are laid off or have their employment terminated never engage in violence. They may experience anger, disappointment, or embarrassment, and then they move on. Unlike a termination for cause, layoffs are often assumed to be lower risk because they are framed as no‑fault. They are frequently handled with care, severance packages, and respectful messaging.

In most cases, that approach works. But some instances demonstrate that even a well‑managed layoff can become dangerous when it collides with personal instability. According to the University of Maryland’s 2026 research brief Terrorism and Targeted Violence (T2V) in the United States: Workplace Violence, between January 2023 and December 2025, 40.7 percent of workplace violence attacks were carried out after separation by former employees.

A threat assessment should look for the exceptions to the norms—the outliers, the small number of cases where a grievance does not fade with time but instead deepens. These are instances where separation does not eliminate risk, with the grievance festering in the mind of the separated employee.

Perceived disrespect. Terminations can be particularly volatile when they involve discipline, criticism of job performance, or disputes with supervisors. These experiences can leave someone feeling wronged or deeply disrespected.

The 2015 shooting by Vester Lee Flanagan II, a former reporter at Virginia news station WDBJ‑TV, illustrates how long resentment and anger can remain active. Flanagan had been fired more than two years prior for misconduct and volatile behavior. Following his termination, Flanagan filed a complaint with the EEOC against WDBJ-TV, alleging racial discrimination. The EEOC investigated and ultimately dismissed the complaint as uncorroborated.

Receiving no satisfaction from the EEOC, Flanagan’s resentment grew as time passed, and he became fixated on the people at WDBJ who he believed were responsible for his termination. In multiple posts on Facebook and Twitter, Flanagan repeated his claims of racial discrimination by WDBJ.

On the morning of 26 August 2015, Flanagan attacked two WDBJ employees and a third person during a live television interview. Having fixated on the employees, news reporter Alison Parker and photojournalist Adam Ward, Flanagan fatally shot both of them and injured their interview subject, Vicki Gardner, before killing himself. In his suicide note, Flanagan repeated his grievances, alleging racial discrimination and sexual harassment and that he believed he was targeted because he was a homosexual black man.

Post-termination timing. Even when a separation is handled well, time can influence risk. Severance packages run out, financial burdens increase, family pressure intensifies. Compounded with workplace disputes, time can transform a workplace grievance into something more personal and dangerous.

Consider a 2012 shooting involving a laid-off employee and a Hazan Imports executive. Roughly one year before the shooting, the company laid off Jeffrey T. Johnson, who was involved in an ongoing conflict with Steven Ercolino, a vice president of Hazan Imports. While they were both working for Hazan, the two men were involved in physical altercations, mutual harassment complaints, and threats, including at least one instance of Johnson explicitly telling Ercolino he would kill him.

Despite this behavior, even after Johnson was laid off in 2011, he was allowed to continue visiting the company and continued having confrontations with Ercolino. The separation itself did not trigger violence from Johnson, but over time, hardships and financial pressures—including an eviction—produced deeper grievances. Johnson ultimately shot and killed Ercolino outside the Empire State Building in New York City.

One of the most common assumptions in workplace safety is that anger naturally dissipates with time. In many cases, it does. But in instances like the shootings that targeted employees of PSE&G, WDBJ-TV, and Hazan Imports, time amplified anger.

Across these examples, the larger failure was overlooking the fact that risk doesn’t always end with the end of someone’s employment. An effective threat assessment recognizes that separation marks a shift and not necessarily a conclusion, that the risk can continue or even escalate. When warning signs like persistent anger or fixation are present, the organization must move beyond routine procedures and prioritize safety, adapting its response to the evolving situation.

Cumulative Strain Theory

Cumulative strain theory (CST) explains that targeted workplace violence is not an impulsive event, but rather the result of several stressors that accumulate and weigh on a person over a length of time. The chronic strain of longstanding problems and a grievance festers with time, and when an acute, single catalyzing event occurs, it can all lead to an increased risk of violence.

CST recognizes workplace environments as sources of strain, including poor performance evaluations, ongoing conflict with supervisors, perceived marginalization, and prolonged employment instability.

Research published in the Journal of Organizational Behavior defines workplace mistreatment as one or more harmful behaviors that have a negative impact on individuals and emphasizes that prolonged mistreatment can create a chronic strain and have damaging effects on employees. When organizations fail to intervene, these stressors are not resolved but instead persist and compound over time. This supports the broader framework of CST, which holds that workplace violence risk is driven not by a single event, but by the accumulation of unresolved stressors that intensify grievance and shape behavioral outcomes.

The reason some workplace attacks occur months after a firing or layoff is that the termination might not be the acute strain. A terminated employee may initially take the decision in stride. Rather than being the catalyzing event that initiates a violent response, it is just one of many stressors the individual is managing. Scholars have linked CST to workplace violence, with termination identified as a potential transition point in risk trajectories, not the end point.

After the termination, additional stressors can accumulate, such as the loss of income, family stress, prolonged unemployment, or housing concerns. The acute strain, or proverbial last straw, can be anything that pushes an individual beyond his or her breaking point and focuses those existing grievances on earlier workplace incidents.

Evolving Response

When workplace separations result in tragedy, a clear pattern emerges: unresolved grievance, mounting stress, growing fixation, and the passage of time.

In numerous delayed workplace violence incidents, individuals exhibited public warning behaviors that signaled growing instability. The goal of a threat assessment is to act before these warning signs become tragic lessons. Advances in social media monitoring provide organizations with tools for identifying ongoing threats as they develop.

Today, responsible monitoring of public social media activity is an important element of threat management, especially when risk is elevated. Open‑source intelligence (OSINT) supports workplace violence prevention by enabling organizations to systematically identify and assess publicly observable indicators of grievance, fixation, threats, or escalating distress. OSINT gathers information from publicly available sources—including websites, social media platforms, news articles, and official government publications—to support informed decision-making. When conducted ethically and in partnership with HR and legal teams, such monitoring is not about surveillance but instead about recognizing open signals of escalation that may require intervention.

One of the main obstacles in OSINT is the overwhelming volume of information; however, modern technology is reshaping the threat monitoring landscape. Artificial intelligence (AI) enhances OSINT by automating the collection and sorting of massive amounts of data from open sources, such as news outlets, social media, discussion forums, and public records. AI algorithms can group similar content, eliminate duplicates, translate materials from other languages, and highlight relevant patterns much faster than manual reviews.

Rather than just focusing on explicit threats, AI-supported analysis can help connect fragmented information from various sources, identifying patterns or red flags that might otherwise be overlooked. This broader awareness is especially important when monitoring former employees or anyone with unresolved grievances against an organization or its people, especially because online interactions can provide early evidence of escalating instability.

AI-powered tools now allow organizations to scan public platforms for patterns that can serve as early indicators of risk, such as scanning for changes in tone or online behavior, which can help identify increasingly hostile language in online posts or sudden rants and rapid manic postings, respectively. Another popular type of scan is for certain keywords, like names, dates, locations, events, and organizations.

By integrating these observations with internal information—such as HR records or past warning behaviors—organizations can create a response plan that bridges the digital and physical worlds. As social media continues to shape communication, the ability to monitor, interpret, and respond to these signals is now a core part of an effective threat assessment strategy.

These tools offer real-time threat detection by continuously scanning platforms like Facebook, X (formerly Twitter), and Reddit for posts that may indicate violent intent, suicidal thinking, or criminal activity. AI-driven analysis helps distinguish serious threats from ordinary content, reducing false positives and directing attention where it matters the most.

Prior to the WDBJ-TV shooting, Flanagan posted on Twitter multiple times, openly voicing his ongoing grievances with the network and both Parker and Ward. Had this red flag behavior been identified prior to the shooting, it’s possible that additional preventive measures or proactive intervention could have mitigated or circumvented the attack.

Monitoring geotagged content adds another level of proactive awareness, allowing security teams to track location-based threats. Geotagging goes beyond the traditional geofencing and GPS-based alerts, which require monitoring a specific device. Scanning and detecting any self-declared check-ins posted by individuals on social media, plus the use of geospatial visualization to analyze visual landmarks in photos or videos posted online, provides location cues and can warn if a potential threat is near.

These solutions also support collaboration by sharing risk information instantly between security, HR, and legal teams, ensuring a coordinated response when credible threats emerge. Automated alerts can speed up a response to changes or threats, while analytics assist with investigations and reviews.

As these technologies improve, organizations will be better positioned not only to respond to threats but also perhaps to develop preventive policies and training that address the underlying factors contributing to workplace violence at the hands of insiders. In this way, leveraging advanced monitoring equips organizations to better protect their people, assets, and reputation in an increasingly complex environment.

 

Joseph Ranucci, CPP, has more than two decades of experience leading high‑impact security, compliance, and risk management programs across the pharmaceutical, energy, and private security sectors. He has built frameworks that strengthen organizational resilience, elevate service quality, and drive measurable improvements in safety and compliance. His expertise spans physical security systems design, insider threat mitigation, critical infrastructure protection, and security awareness program development. He has presented at national conferences, sharing practical strategies on recruiting, insider threat awareness, and active threat preparedness.

 

MOST POPULAR ARTICLES

1. From ‘Send Me the Video’ to Governance: How Privacy Makes Security Systems Defensible

2. Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

3. 3 Tools Providing Privacy Protections in Video Systems