Preserving Institutional Memory
When a senior leader retires, decades of hard-won judgment walk out the door. One Horizon captures that judgment before it goes — and puts it in your team's hands as practical training, real casework, and a live line to the experts behind it.
01
Led, not lectured
Our modules come from the people who ran the operation — not commentators reading about it afterward. Every framework is pressure-tested against events that actually happened.
02
Signed off by the source
Each module and client deliverable is reviewed and approved by the subject-matter expert who built it. No anonymous content — accountability you can stand behind in a boardroom or a courtroom.
03
Expertise on demand, via Visor
Visor, our AI advisor, is trained on the extracted insight of the entire expert network — so your people can pressure-test a decision the moment it lands, then escalate to a real subject-matter expert when it counts.
Former Senior Leaders
Police chiefs & intelligence directors
Security & Risk Specialists
Corporate & operational resilience
Academics
Research-grounded rigour
Legal Experts
Regulatory, privacy & compliance
Thirty-second glimpse, listen, then go deep.
How Professionals Actually Detect Deception
The Science of Catching Trusted Insiders
Carrying Uncertainty — The Ottawa Terrorist Attack
The Project Big Rig Cargo Heist
The Three Million Dollar Stolen Cargo Hub
I'm Visor — the intelligence layer of One Horizon. Ask me what your team is facing, and I answer from 4,907 insights extracted from the casework, debriefs, and teaching of the practitioners on this page — former intelligence leaders, police commanders, investigators, journalists, and academics.
I don't summarize the open web. Every answer comes from that proprietary knowledge base and is traceable to the named expert behind it — and when a question needs more than recall, I bring the right expert into the loop.
For regulated or sensitive sectors I can be deployed inside your environment, under strict governance controls — your organization keeps full control of its data.
When evaluating conflict strategy, prioritize the question of enduring political objective — not the immediate tactical wins available on the battlefield. Strategy that optimises for the tactical window collapses when the political end-state shifts, which is the failure mode behind most modern protracted conflicts.
Verification must move upstream into the workflow before decisions are made, not operate as a downstream reactive fact-check — after claims have already spread and influenced the operating picture. The cost of correction exceeds the cost of pre-decision verification by an order of magnitude in every case we've reviewed.
Public safety incidents follow a four-phase model — Background/Assessment → Engagement → Enforcement → After-Action — with distinct posture and authority for each phase. Confusing the phase boundaries (running enforcement reflexes inside engagement) is the structural failure that ends most major incidents badly.
When a GPS tracker shows no alerts but more than four hours have passed, immediately ping the device on-demand — to retrieve real-time location before any other action. The breadcrumb history is what gives police reasonable and probable grounds for the search warrant, and that window closes fast.
CQ mastery is a layered competency — context first (Indigenous foundations), then definition (peer-reviewed scholarship), then operationalization (workplace) — reversing the order produces the most common organisational failure mode: trained staff who can quote the definition but cannot navigate the relationship, because they were taught the concept before they had the context to hold it.
Adaptive leadership uses a three-step sequence: recognize the bias, admit it, call it out — only then can adaptability follow. A leader who skips the naming step ends up performing adaptability without rewiring decision-making, the most common failure mode in executive development.
Breach scope and impact assessment is the input that calibrates the proportionality of organisational response — not a downstream documentation step. Quantify extent early or you over-spend on low-impact incidents and under-resource the ones that actually carry insider-fraud or regulatory exposure.
In a hardship posting the operative question is not "is this environment dangerous?" — many are. It is whether the country is approaching a tipping point — where conditions can change faster than protective action can be taken. Consequence-severity alone can justify almost any restriction anywhere; trajectory is the variable that separates prudence from reflex.
A common name is an investigative risk before it is anything else — so every subject runs as deliberate parallel passes — base name, name variants with proximity operators, middle names, corporate affiliations, and geographic anchors, replicated across every database. Confirmation must come from independent search dimensions, never a single lucky hit.
Licensing and enforcement must sit in separate entities — not for organisational tidiness — but because conflating issuer and regulator builds in the incentive to conceal defects. When the authority with exclusive visibility of a credential failure also owns that credential, quiet partial recalls replace industry disclosure.
A threat brief is ready for a decision-maker when it answers three things — the current situation, the resources and intelligence already held, and the consultation chain that preceded escalation. What the reviewer is listening for is completeness of the information ecosystem, not just the facts.
The duty to consult cannot be reduced to a checklist — it is different every time — and that is exactly why proponents get it wrong: they treat it as procedural notification when the obligation demands meaningful, good-faith engagement. Searching for a standard recipe is itself the misreading.
Underlying motivations — recognition, grievance, legacy — hold stronger under operational pressure than financial incentives. Reframing engagement from a transactional focus on money to one about access shifts the asset's self-perception from informant to partner, and that single reframing survives the long-cycle handler turnover.
Disinformation influence is driven by reach and narrative stickiness, not raw content volume — Telegram and YouTube deliver higher impact per post than high-volume platforms like X, which is why monitoring optimised for tweet counts misses the actual operations every time.
During engagement, build relationships and gather intelligence — but never debate rights with rights holders. Debating rights is the single most reliable way to collapse de-escalation; the discipline is to consult and pivot to a peaceful-resolution architecture instead of arguing the constitutional ground.
A GPS device pinging at an unscheduled industrial area or warehouse is the signature that a stolen load has reached a stash location — not a routing anomaly. That detection moment is the operational pivot: the window to deploy recovery and coordinate the right jurisdictional response closes within hours, sometimes minutes.
Credible CQ learning pairs peer-reviewed academic sources with direct links to Indigenous-led organisations — scholarly material without community voice produces fluency without competence, and community voice without scholarly grounding produces empathy without epistemology. The combination is the discipline.
Resilience is not "bouncing back" but "bouncing forward" — recovery should advance capability beyond the pre-incident baseline, not restore the status quo. Any after-action that returns the system to its prior state has missed the actual lesson encoded in the event.
Effective insider-risk response begins with securing buy-in from senior executives across all functional areas — not just security — without multi-stakeholder executive alignment, downstream investigative and remediation work stalls or fragments at the first organisational friction point, which is where insider matters actually unravel.
Data measures known risk. Leadership operates in the gap where emerging risk lives — the gradual erosion of stability that no single indicator captures yet. Organisations put people in leadership precisely to assess what the dashboard cannot yet show — and that gap widens as the stakes rise.
When a record can neither be confirmed nor eliminated as your subject, the rule is to pull the primary documents — the certificates themselves carry the identifying detail that dispositions the match. An ambiguous hit left unresolved contaminates the file; a hit ruled out with documented reasoning strengthens it.
In a credentialing failure, the clerical error is never the real story — the disclosure failure layered on top of it is — because a defect known to the issuer but hidden from the industry silently transfers operational, legal, and reputational risk onto the parties least able to see it coming.
The intake cascade that triangulates consensus is the same machinery that hides its blind spots — each compression node between analyst and decision-maker strips out the uncertainty and dissent that would most change the final assessment. The thoroughness of the chain is what makes what it filtered invisible.
When evaluating conflict strategy, prioritize the question of enduring political objective — not the immediate tactical wins available on the battlefield. Strategy that optimises for the tactical window collapses when the political end-state shifts, which is the failure mode behind most modern protracted conflicts.
Verification must move upstream into the workflow before decisions are made, not operate as a downstream reactive fact-check — after claims have already spread and influenced the operating picture. The cost of correction exceeds the cost of pre-decision verification by an order of magnitude in every case we've reviewed.
Public safety incidents follow a four-phase model — Background/Assessment → Engagement → Enforcement → After-Action — with distinct posture and authority for each phase. Confusing the phase boundaries (running enforcement reflexes inside engagement) is the structural failure that ends most major incidents badly.
When a GPS tracker shows no alerts but more than four hours have passed, immediately ping the device on-demand — to retrieve real-time location before any other action. The breadcrumb history is what gives police reasonable and probable grounds for the search warrant, and that window closes fast.
CQ mastery is a layered competency — context first (Indigenous foundations), then definition (peer-reviewed scholarship), then operationalization (workplace) — reversing the order produces the most common organisational failure mode: trained staff who can quote the definition but cannot navigate the relationship, because they were taught the concept before they had the context to hold it.
Adaptive leadership uses a three-step sequence: recognize the bias, admit it, call it out — only then can adaptability follow. A leader who skips the naming step ends up performing adaptability without rewiring decision-making, the most common failure mode in executive development.
Breach scope and impact assessment is the input that calibrates the proportionality of organisational response — not a downstream documentation step. Quantify extent early or you over-spend on low-impact incidents and under-resource the ones that actually carry insider-fraud or regulatory exposure.
In a hardship posting the operative question is not "is this environment dangerous?" — many are. It is whether the country is approaching a tipping point — where conditions can change faster than protective action can be taken. Consequence-severity alone can justify almost any restriction anywhere; trajectory is the variable that separates prudence from reflex.
A common name is an investigative risk before it is anything else — so every subject runs as deliberate parallel passes — base name, name variants with proximity operators, middle names, corporate affiliations, and geographic anchors, replicated across every database. Confirmation must come from independent search dimensions, never a single lucky hit.
Licensing and enforcement must sit in separate entities — not for organisational tidiness — but because conflating issuer and regulator builds in the incentive to conceal defects. When the authority with exclusive visibility of a credential failure also owns that credential, quiet partial recalls replace industry disclosure.
A threat brief is ready for a decision-maker when it answers three things — the current situation, the resources and intelligence already held, and the consultation chain that preceded escalation. What the reviewer is listening for is completeness of the information ecosystem, not just the facts.
The duty to consult cannot be reduced to a checklist — it is different every time — and that is exactly why proponents get it wrong: they treat it as procedural notification when the obligation demands meaningful, good-faith engagement. Searching for a standard recipe is itself the misreading.
Underlying motivations — recognition, grievance, legacy — hold stronger under operational pressure than financial incentives. Reframing engagement from a transactional focus on money to one about access shifts the asset's self-perception from informant to partner, and that single reframing survives the long-cycle handler turnover.
Disinformation influence is driven by reach and narrative stickiness, not raw content volume — Telegram and YouTube deliver higher impact per post than high-volume platforms like X, which is why monitoring optimised for tweet counts misses the actual operations every time.
During engagement, build relationships and gather intelligence — but never debate rights with rights holders. Debating rights is the single most reliable way to collapse de-escalation; the discipline is to consult and pivot to a peaceful-resolution architecture instead of arguing the constitutional ground.
A GPS device pinging at an unscheduled industrial area or warehouse is the signature that a stolen load has reached a stash location — not a routing anomaly. That detection moment is the operational pivot: the window to deploy recovery and coordinate the right jurisdictional response closes within hours, sometimes minutes.
Credible CQ learning pairs peer-reviewed academic sources with direct links to Indigenous-led organisations — scholarly material without community voice produces fluency without competence, and community voice without scholarly grounding produces empathy without epistemology. The combination is the discipline.
Resilience is not "bouncing back" but "bouncing forward" — recovery should advance capability beyond the pre-incident baseline, not restore the status quo. Any after-action that returns the system to its prior state has missed the actual lesson encoded in the event.
Effective insider-risk response begins with securing buy-in from senior executives across all functional areas — not just security — without multi-stakeholder executive alignment, downstream investigative and remediation work stalls or fragments at the first organisational friction point, which is where insider matters actually unravel.
Data measures known risk. Leadership operates in the gap where emerging risk lives — the gradual erosion of stability that no single indicator captures yet. Organisations put people in leadership precisely to assess what the dashboard cannot yet show — and that gap widens as the stakes rise.
When a record can neither be confirmed nor eliminated as your subject, the rule is to pull the primary documents — the certificates themselves carry the identifying detail that dispositions the match. An ambiguous hit left unresolved contaminates the file; a hit ruled out with documented reasoning strengthens it.
In a credentialing failure, the clerical error is never the real story — the disclosure failure layered on top of it is — because a defect known to the issuer but hidden from the industry silently transfers operational, legal, and reputational risk onto the parties least able to see it coming.
The intake cascade that triangulates consensus is the same machinery that hides its blind spots — each compression node between analyst and decision-maker strips out the uncertainty and dissent that would most change the final assessment. The thoroughness of the chain is what makes what it filtered invisible.
Decades of operational judgement, distilled into one intelligent system.
4,907 insights, captured from former senior law enforcement and intelligence leaders, security and risk specialists, academics, and legal experts. Each category below is a distinct way they think under pressure — and Visor weighs all of them, in real time, in every answer it gives your team.
Hover a category to see how that mode of thinking shapes the answers Visor returns to your team.
Membership Options
One annual membership puts the entire catalogue — and Visor, the AI advisor built on our experts' judgment — in your people's hands. Per-participant pricing that aligns to your fiscal year, billed by invoice.
Public Service Membership
Built for government teams. Pressure-test a position before it goes upward — every module and deliverable is signed off by an expert who has held the mandate, so your department gets an in-house reference it can stand behind on the record.
per participant, billed annually.
Corporate Membership
Built for industry leaders. From insider threat to crisis leadership, your team gets decision-grade frameworks verified by the people who have actually done the job — ready to put to work the very next morning.
per participant, billed annually.
Security Guard Course - Province of Ontario
Ministry‑approved security guard licensing course for the Province of Ontario.
$99.99 CAD
Private Investigator Course - Province of Ontario
Ministry‑approved private investigator licensing course for the Province of Ontario.
$119.99 CAD
Expert Directory
Get in touch with one of our team members.
