Skip to content
BOSTON, MA - 18 APRIL 2022: A general view of runners approaching the finish line of the Boston Marathon on 18 April 2022 on Boylston Street in Boston, Massachussetts. (Photo by Erica Denhoff, Icon Sportswire, Getty Images)

Training Pre- and Post-Boston: How the Bombing Affected Event Security Training

Daniel Linskey was on vacation in New York City with his family in November 2008 when news broke that a terrorist attack was underway in Mumbai, India.  

Ten gunmen had traveled from Karachi, Pakistan, to Mumbai, docked near the Gateway of India monument, hijacked several vehicles, and carried out attacks on civilians, killing 164 people.

Linskey, then the superintendent-chief-of-police for the Boston Police Department—the highest-ranking police officer in charge of the force—realized at that moment that his city was unprepared should someone attempt an assault on Boston’s largest annual event: the Boston Marathon.

“There was intelligence playing out, so I called my team, and we didn’t have a plan on how to put the infrastructure in place,” recalls Linskey, who is now managing director of Kroll’s Security Risk Management practice. “I realized we had to do something different.”

That realization was further cemented after Linskey had the opportunity to meet with members of the Mumbai Police Department—who visited the United States on a trip sponsored by the U.S. Department of State following the attacks. During the visit, the Mumbai police shared their lessons learned from the experience and what they would do differently. Those conversations made Linskey realize that Boston itself needed to develop a training program that incorporated the police department, fire department, and emergency medical services (EMS).

“I realized that police were training, EMS was training, but we were all in silos. And on a bad day, you’re all showing up together,” he adds. “That’s now the mantra that I preach: Train the way you respond. Respond the way you train.”

To develop that mindset and practice coordinating with other Boston agencies, Linskey worked with local officials to have the Boston Police Department participate in training sessions in Almeda, California, called Urban Shield. During the sessions, they completed 36 hours of realistic SWAT scenarios.

After that initial training, Linskey worked with eight cities and towns in the area around Boston—and their police, fire, EMS, hospital, and federal and state partners—to conduct a 24-hour training for 5,000 first responders. A third training event was then held to review a three-hour consolidated event involving an active shooter, bombs, and chemical weapons response.

“We went through ‘what’s our response? Does the equipment work? What’s our communications ability? What’s our incident command?’” Linskey reviews.

Those training scenarios changed how Boston prepared for mass events. They also helped develop the relationships that would become key to responding to the Boston Marathon bombing of 2013 in an effective manner.

“It’s not about having a perfect plan,” Linskey says. “It’s about having a planning process for when you get hit in the face—that we have seen overseas that’s gone on could come to the United States. All the scenarios we did for Urban Sheild, they were made up by [military] troops afraid of what might happen and training around it.”

Key Best Practices from Boston

After the Boston Marathon bombing in April 2013, authorities put together a project management team made up of representatives of the agencies that responded to the incident to review the response and provide an after-action report.

Their findings were compiled in an analysis published in December 2014, which provided a timeline of the incident, key findings that affected agencies’ ability to respond to the bombings, and key areas of improvement.

We were all in silos. And on a bad day, you’re all showing up together.

One major finding that was highlighted as a best practice was the strong relationships and successfully unified command structure that led the response to the bombings. The relationships that were built between key leaders (commanders, agency heads, and political leaders) allowed a unified command to facilitate collaborative decision-making after the detonations, according to the report.

“Key leaders had the necessary trust and rapport that allowed for Unified Command to make effective, collaborative decisions, execute mission-tasking, maintain situational awareness, and coordinate public messaging,” the report explained. “These relationships also contributed to leadership knowing where to obtain resources, whom to task with missions, how to mobilize mutual aid, how to coordinate communications, and effectively make bold decisions such as suspending transit service and issuing a shelter-in-place request.”

Another major best practice finding was that Boston had a strong all-hazards medical system in place for the day of the marathon. The 2012 marathon was held on an unusually hot day, which resulted in a higher number of runners suffering from heat-related injuries.

In anticipation of a similar event for 2013, Boston stood up a more robust medical system—tents throughout the marathon route with medical personnel prepared to respond to treat runners on the course and minimize the number of people who needed to be sent to a hospital.

“On the day of the bombings, medical personnel supporting Alpha Medical Tent near the Finish Line immediately transitioned to a mass casualty response,” the report explained. “They established triage and treatment groups and designated the tent as a casualty collection point. All critically injured patients were transported to area hospitals within 50 minutes. Although many patients sustained grave injuries, every patient who was transported to area hospitals survived. This can be directly attributed to the rapid triage, transport, and treatment these patients received on scene and at hospitals.”

The project management team also highlighted the planning and organization that went into reopening Boylston Street—the scene of the bombings—after the FBI had collected evidence and processed the crime scene.

Once the Bureau turned the scene over to the City of Boston, local authorities had to clean the street, remove debris, and rebuild portions of the road and sidewalk. The mayor of Boston assigned the Boston Office of Emergency Management to the task, instructing all other city departments to support the effort.

“The restoration of Boylston Street was extremely organized; residents and proprietors were able to access their homes and businesses within 18 hours after the area was released to the city and the street was re-opened to the public in less than 36 hours,” the report said. “The ability to restore and reopen Boylston Street so quickly after the area was released back to the city by the FBI is a testament to the strong planning undertaken by the city.”

As the adage goes, practice makes perfect. In its after-action review, the project management committee highlighted the work that Linskey and others had done in setting up the Urban Shield training scenarios that improved incident response on the day of the bombing. Specifically, Urban Shield exercises that involved practicing response to a terrorism-related mass casualty incident helped prepare Boston first responders for what they experienced on 13 April.

“Many agencies interviewed for the [after-action report] cited Urban Shield Boston as having directly contributed to their preparedness for dealing with the bombings, including exercising interagency communications, dealing with various contingencies, and promoting relationships among the key personnel who work together in an emergency,” according to the report.

Event Security Training

The Boston Marathon bombing response and after-action reviews have changed how event planners and venue managers address security risks, says Mark Herrera, director of safety and security for the International Association of Venue Managers (IAVM). That particular event prompted a reassessment of security protocols around the world on how to prevent attacks in the future—including through increased information sharing about potential threats before an incident.

Along with his role at IAVM, Herrera is also the chair for the Public Assembly Facility Sub-Sector Council of the U.S. Department of Homeland Security’s (DHS’s) Office Of infrastructure Protection. He collaborates with DHS and the Protective Security Advisors to identify capability gaps across soft target communities, counter threats to patterns of life, research technologies to mitigate risks, and provide information to protect public facility assemblies and critical infrastructure.

“Authorities have improved in the sharing of intelligence between law enforcement agencies and increased coordination to identify threats—to respond effectively,” Herrera explains about post-Boston developments. “Post-crisis of the bombing, there are public awareness campaigns to educate the public and community, reporting to law enforcement, and an increase in technology—like CCTV for better coverage of event venues for real-time monitoring.”

Many venues have also improved their crisis management and emergency response by refining their emergency response plans and having evacuation protocols in place with the ability to coordinate among emergency services, Herrera adds.

“When we do communitywide training with local, state, and federal agencies, emergency responders are part of those trainings and discussions because it’s important to integrate them into the planning process—it’s critical,” Herrera says.

This is also an industry best practice, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) releasing a Mass Gathering Security Planning Tool in 2022. The initial steps for using the tool walk event planners through a framework to connect with stakeholders—including emergency responders.

In the 10 years since the Boston bombings, venues have made great strides in ensuring there’s a presence of qualified medical personnel at the venue during both trainings and events to respond to everything from a major incident to a fan being hit by a foul ball during a baseball game.

“Having medical stations in place, first aid rooms, has to be a part of the process,” Herrera says. “And venues are really good about doing that.”

Herrera himself is also often on the road, providing training to venue managers and event coordinators across the globe to improve their incident response procedures. He’s worked with the National Football League (NFL), Major League Baseball (MLB), the National Basketball Association (NBA), and the National Hockey League (NHL). Herrera’s also conducted more than 470 training sessions with venue managers to help them build “elite teams to become very resilient in the midst of crisis,” he adds.

Working with the sports leagues themselves is important because venues that host these athletic teams are often major gathering points for other events—from concerts to galas to charity events.

“We focus heavily on training and vulnerability assessments,” Herrera says. “We conduct assessments on how facilities can be vulnerable—the weaknesses within network systems and devices in their facility.”

Additionally, Herrera will sometimes conduct penetration testing followed by recommendations on how to address the findings, as well as incident response planning procedures to minimize impacts and help venue managers quickly recover.

One key focus for the entire venue management industry, however, is communitywide incident training. This is because while the venue hosting the event might have a hard perimeter—such as walls of a stadium—its security zone extends beyond that perimeter into the streets outside, the parking structures for guests, and even the businesses nearby.

Herrera calls these locations the “third concentric ring” of a venue’s security perimeter.

“The staging area for threat actors is that third concentric ring, where you can affect the crowds coming in while trying to breach the perimeter,” says Herrera, explaining that if you push your security buffer zone out to be inclusive of the businesses and stakeholders outside the venue’s perimeter, you’ll have a stronger and more responsive security posture.

Part of that security posture also includes providing security awareness training for all staff—especially those that interact with guests. These staff members are the “most important asset” a venue has, and it is essential to train them to identify behavioral patterns that are not conducive to the environment, intervene, and remove potential threat actors.

Herrara emphasizes focusing on behavior, not the person, to identify when something is outside the norm. Teaching staff how to identify, intercept, and respond to that person using reality-based training could potentially deter negative behavior at an event, Herrera says.

Another training program that has become popular in the past few years is IAVM’s Near-Miss Program—where venue staff look at the potential negative outcomes of incidents that were narrowly avoided.

“These are valuable opportunities for learning to prevent future incidents,” Herrera says. “And they can be safety and security issues.”

In this training exercise, staff are asked to document near-misses over a period of time. For instance, a situation where someone bypassed a security checkpoint but no harm was done, or an incident where someone almost slipped and fell on staircase at the venue.

Train the way you respond. Respond the way you train.

“Eventually what’s going to happen is you’ll have a box of near misses that have engaged your employees,” Herrera says. “They’re involved in identifying these near misses, bringing it to a post-op debrief.”

Managers then have a chance to talk through what happened, how it can be avoided in the future, and activity to look out for and monitor moving forward. Managers can also look to employees who are regularly catching near misses and approach them to discuss considering joining the venue’s security team, to foster that talent of observation and build a security talent pipeline.

“Reporting and analyzing near misses is crucial for improving safety protocols and preventing future accidents,” Herrera explains. “It helps identify underlying causes and enhance your safety measures. It’s an appropriate preventative measure.”

Areas to Improve

The after-action review also highlighted the need for medical response teams to have adequate supplies of tourniquets and be trained to use them. That finding spurred the formation of the “Stop the Bleed” initiative, said Richard Serino, deputy administrator of the Federal Emergency Management Agency (FEMA) from 2009 to 2014 and former chief of Boston Emergency Medical Services (EMS) in testimony before Congress on the 10th anniversary of the bombing.

Stop the Bleed is an American College of Surgeons program that has trained more than 3 million on how to stop bleeding in a severely injured person.

Additionally, the after-action review assessed the need for providing mental health care and resources for first responders. Immediately after the bombing, Massachusetts state and local mental health resources were made available to the community for several weeks.

But the review found that the mental health needs of healthcare and human services providers, and City of Boston personnel involved in the Boylston Street recovery effort, were not adequately addressed.

[ Stay Aware of Threats. SM7 Newsletter: Sign Up ]

“Many of these individuals had first line interactions with survivors, their families, and others who were greatly impacted by the incident, and committed long hours over many days to provide support services and to restore Boylston Street back to normal,” the review explained.

While resources were provided for public safety personnel, the public, employees of impacted businesses, and family members of those affected by the bombings, there was not the same level of support for healthcare and non-public safety employees.

“While a few city offices and some healthcare and human services employers set up debriefing sessions, some departments did little more than refer staff to an Employee Assistance Program,” the review said, adding that this is not a best practice and that more support should be provided in the future—including considering providing psychological first aid training to managers to help identify signs of psychological trauma in their employees.

In his testimony, Serino said that the experience in Boston taught him and others the value of recognizing the impact trauma has on first responders, families, and their communities, which continues to be needed as the COVID-19 pandemic response moves along.

COVID-19 has left a devastating toll on the workforce we depend on in the aftermath of a crisis.

“Now more than ever, EMTs, paramedics, police officers, firefighters, healthcare workers, emergency managers, and public health workers are in need of that recognition and support,” he added. “COVID-19 has left a devastating toll on the workforce we depend on in the aftermath of a crisis. Without taking care of this workforce, with adequate mental health services, workplace conditions, strong leadership, and cross-functional collaboration so they do not feel abandoned, we are leaving the United States exposed to catastrophic future attacks being left unanswered both in the context of lives and economic well-being.”

Many aspects of the response in Boston went right that day in April 2013, but there were areas that the project management committee identified for improvement—many of which were addressed by Boston agencies ahead of the next marathon in 2014.

These recommendations included creating an integrated, all-hazards public safety operational plan for the marathon each year and enhancing security for the marathon course.

“Because the Boston Marathon is a large, public, family event, there needs to be an appropriate balance between security protocols and the feel of the event,” according to the after-action review. “However, steps could be taken to enhance the overall security of the event, and thereby increase the sense of security felt by runners and spectators.”

These enhancement recommendations included establishment of designated hardened, secured areas, along the course; increasing the staging of law enforcement; and implementing bag prohibitions or screenings.

At the 2023 marathon, for instance, security personnel implemented bag checks, a security plan with representatives from 46 stakeholder agencies at a unified coordination center, and air wing and drone surveillance units, according to


Megan Gates is senior editor at Security Management. Connect with her at [email protected] or on LinkedIn. Follow her on Twitter and Threads: @mgngates.