How to Move Targeted Violence Threat Assessment Beyond Diagnoses
After a mass shooting or other targeted attack, the public conversation usually ends up in the same place: Was the offender mentally ill?
It is an understandable question, but for security practitioners, it is often the wrong question.
Mental health can matter. A crisis can matter. Severe distress can matter. But if the goal is prevention, a diagnosis is a poor starting point. It does not tell an organization whether a person is escalating, fixating, mobilizing, or moving closer to violence. More importantly, it can divert attention from the behaviors that are far more useful for assessing risk and deciding what to do next.
A diagnosis does not explain a pathway to violence. Behavior does.
That is not just a conceptual distinction. It goes directly to whether an organization can recognize risk early enough to intervene.
The Wrong Assumption
One of the most persistent problems after major attacks is the assumption that if the violence was extreme, the explanation must be psychiatric. That may feel satisfying in the aftermath, but it does little to improve prevention.
A person may be in profound distress yet not be on a pathway to targeted violence. Another may have no formal diagnosis at all and still present serious concern because of grievance, fixation, social collapse, violent ideation, or concrete steps toward mobilization.
For security leaders, the practical takeaway is straightforward: Do not let the language of mental illness become a substitute for assessment.
That mistake happens more often than many organizations realize. A troubling subject is described as unstable, unwell, or in need of counseling, and that description quietly becomes the entire case summary. Once that happens, the organization may begin treating the matter as if it has already been handled. In reality, it may only have been rerouted.
A referral may be appropriate. In some cases, it is essential. But a referral is not threat management. Support services matter, but they do not replace assessment, coordination, documentation, or case management when the concern is violence.
What Security Teams Should Be Asking Instead
In practice, a prevention-based approach asks better questions.
What grievance was developing? Was the person becoming fixated on a target, a cause, or an institution? Were there signs of leakage, intimidation, stalking, or attack-related communications? Were there destabilizing losses, humiliations, or rejections? Was there evidence of planning, rehearsal, or seeking a weapon? Were multiple people seeing pieces of a concerning puzzle that never got connected?
Those are not abstract questions. They are the core questions of threat assessment.
They also reflect a broader reality that security teams understand well: Serious cases rarely arrive with certainty. They unfold through accumulation. A manager notices deterioration. A colleague hears retaliatory language. Security learns of unusual access attempts. Human Resources becomes aware of grievances or discipline issues. No single fact appears decisive on its own. Taken together, however, they may reveal a pattern that demands action.
That is why structure matters.
Organizations that handle these cases well are rarely the ones with the most complete information. They are the ones with enough process to act while information remains incomplete. They know how to gather concerns, connect fragmented observations, assess escalation, and manage risk before a case hardens into a crisis.
Why Labels Can Get in the Way
Security professionals are often pulled into cases where others have already framed the issue as a mental health problem. That description may reflect a real part of the picture, but it can also narrow the conversation too early.
Labels can create a false sense that the matter belongs somewhere else or that it has been addressed once a referral has been made. They can also encourage passivity. If the case is defined primarily as a wellness issue, security may be expected to step back just when its perspective is most needed.
That is a problem because support and assessment are not interchangeable. A person can need help and still require a structured violence-prevention response. A person can be struggling without being dangerous. And a person can be dangerous without a formal diagnosis.
Security leaders do not need to resolve every psychological question to act responsibly. They need to recognize concerning behavior, place it in context, and ensure the organization has a disciplined way to respond.
What Effective Prevention Actually Requires
This is where behavioral threat assessment and management (BTAM) delivers its value. BTAM does not promise certainty. It does not claim to predict the future. What it offers is a structured way to interpret concerning behavior, distinguish transient distress from escalating risk, and support proportionate intervention before violence occurs.
That kind of structure matters because most organizations do not fail for lack of concern. They fail because concern remains fragmented.
One office sees conflict. Another sees deterioration. Another sees security violations. Another hears threatening language. Without a mechanism to connect these observations, the organization is left reacting to isolated facts rather than assessing a developing pattern.
Strong prevention programs do the opposite. They create reporting pathways people actually use. They establish multidisciplinary review. They document behavior over time rather than reacting only to the latest incident. They clarify who owns the case. They reassess as information changes. Most important, they understand that the goal is not to label a person. The goal is to reduce risk.
The Leadership Responsibility
For security leaders, this is ultimately an organizational issue, not a rhetorical one. The real question is whether the enterprise has the capacity to recognize concerning behavior, route information to the right people, and then act before warning signs escalate into harm.
That means usable reporting mechanisms. It means multidisciplinary review. It means clear ownership. It means documentation and reassessment. And it means resisting the temptation to wait for certainty when the pattern is already heading in the wrong direction.
The public conversation will likely continue to ask whether a violent offender was mentally ill. That question is not going away.
But security leaders should be careful not to let it shape their prevention model.
If the goal is to reduce targeted violence, the better question is not merely whether a diagnosis was present. It is whether the behaviors were recognized early enough, shared widely enough, and taken seriously enough to prompt action.
That is where prevention either succeeds or fails.
Brian LeBlanc is a PhD student in psychology, law, and public policy focused on behavioral threat assessment, targeted violence prevention, and violence-risk management. He brings 26 years of law enforcement experience, including 19 years in federal law enforcement and seven years in local law enforcement. His work examines how organizations identify warning behaviors, connect fragmented information, and build multidisciplinary systems for early intervention across education, workplace, healthcare, and public safety settings.
