The structured professional judgment field is small. It contains a handful of recognized instruments, a body of public-domain behavioral science earned through thirty years of FBI, U.S. Secret Service, and academic research, and a community of practitioners who all read each other's work. The dominant instrument for workplace targeted violence assessment is the WAVR-21, and it is the dominant instrument for good reason: it is rigorous, it is grounded in the research, and it has been refined across three editions by authors who are legitimate authorities in the field.
So when we tell people we built our own — the KTI-W, Kestralis Threat Indicators – Workplace — the fair question is why.
This post is the answer.
The instruments are written for one audience and used by another
Most SPJ instruments in current use were designed by clinicians and academic researchers, with the rigor and vocabulary that come naturally to those backgrounds. That rigor is essential. The vocabulary is not always the right fit for the people who end up using the instrument most heavily.
In a typical mid-market workplace threat assessment, the people in the room are an HR director, a general counsel or outside employment counsel, a corporate security lead, and an external threat assessment professional. Of those four, three are operators, not clinicians. They are reading the instrument under time pressure, in the context of a personnel decision, with attention divided between the assessment and the organizational machinery around it.
The translation gap shows up in small ways that compound. Clinical terminology where ordinary language would serve. Behavioral anchors written for a peer-reviewed audience rather than for the supervisor who has to decide whether to authorize protective measures by Friday. Inquiry questions that read like research protocols rather than the questions an experienced investigator would actually ask. These are not failures of the instruments. They are artifacts of who the instruments were written for.
We wanted an instrument written the other way — by people who have sat in the rooms where these decisions get made, in the language those decisions actually get discussed in.
What we wanted to design for
Before we wrote the first factor definition, we wrote down what we wanted the instrument to do that wasn't already being done well. The list was short and specific.
Operator-readable behavioral anchors.Plain language where ordinary language serves. Clinical precision only where it earns its keep. The anchors should read clearly to an HR director on the first read, not require a second pass to decode. The cost of clinical precision is the loss of operational utility for the majority of the instrument's users.
Documentation formats designed for legal and regulatory review from the outset.Most workplace assessments end up reviewed by counsel — sometimes immediately, sometimes years later when an incident triggers litigation. The instrument and the report it produces should be designed for that audience from the first page, not adapted after the fact. The KTI-W's assessment worksheet, risk level determination guide, and report template were each written with deposition and trial review in mind.
Explicit treatment of organizational and contextual factors. Risk in a workplace context is not only a property of the subject. It is also a property of the organization — the conflict that produced the grievance, the response that followed, the culture that determined whether warning signs got reported. Many instruments treat the workplace as background context. We treat it as one of the eight assessment domains, with three factors capturing both the conditions that contribute to risk and the organizational response failures that allow risk to escalate undetected.
Integration with licensed investigative capability. A meaningful proportion of workplace assessments produce findings that warrant additional information gathering — background research, public records review, surveillance, interviews of collateral witnesses outside the workplace. Most threat assessment firms cannot legally conduct that work. Our principals operate a licensed private detective agency; the KTI-W and the case management protocol that surrounds it were designed assuming that capability is part of the engagement.
Defensible reasoning, exposed.SPJ's integrity depends on the practitioner's reasoning being visible in writing. The KTI-W report template requires the practitioner to articulate why the case meets the level selected and not the level above or below. That articulation is the assessment's exposed reasoning — and it is what the assessment offers in deposition, in court, or in any review by a regulator or insurer.
Eight domains, designed around the work
The KTI-W has eight domains: Pathway and Planning Indicators, Fixation and Grievance, Communication of Intent, Destabilizing Life Events, Weapons and Violence History, Mental State and Behavioral Change, Organizational and Contextual Factors, and Protective and Mitigating Factors.
The choice of eight rather than a different number, and the boundaries between domains, reflect deliberate design choices. The pathway-to-violence model — first articulated operationally by Calhoun and Weston (2003) and grounded in the foundational government research of Fein, Vossekuil, and Holden — gets its own domain because pathway behaviors are the substantive concern in operational threat assessment. The warning-behavior typology developed by Meloy and colleagues (2012), and the leakage research synthesized by O'Toole for the FBI, gets its own domain because how subjects communicate intent is operationally distinct from the underlying motivation for that intent.
Mental state gets its own domain because the field has historically conflated mental illness with violence risk in ways that are both empirically wrong and operationally unhelpful. The KTI-W's Mental State and Behavioral Change domain captures observable functional decline, communicated suicidality, and last-resort cognition — the cognitive framework that often precedes catastrophic action — without conflating any of those with psychiatric diagnosis. Where clinical evaluation is indicated, the practitioner refers; the threat assessment does not substitute for the clinical assessment, and the clinical assessment does not substitute for the threat assessment.
Protective factors get their own domain because the SPJ literature is clear that risk is the product not only of accelerating factors but of the absence of stabilizing ones. Treating protective factors as a methodological afterthought — or worse, as a courtesy to the subject — produces assessments that miss the most important operational variable: whether intervention is feasible at all.
What the KTI-W is not
The KTI-W is not a replacement for the recognized instruments practitioners are already trained on. The WAVR-21 is the gold standard for good reason, and we expect threat assessment professionals to continue training on and using it. The KTI-W is an alternative — designed around the way our principals actually conduct assessments, document them, and defend them in the rooms where the work is reviewed. Where another instrument is the better fit for a particular case, we use it.
The KTI-W is not a psychometric instrument. It produces no numerical score. The risk level finding is a structured professional judgment supported by the factor pattern, the trajectory across factors, and the practitioner's documented reasoning. The four levels — Baseline, Elevated, High, Imminent — are operational categories reflecting the management response actually warranted, not equal-interval classifications.
The KTI-W is not a self-service tool. SPJ frameworks are explicitly designed for use by trained practitioners; the integrity of the methodology depends on the practitioner's training, judgment, and disciplined documentation. Applying the instrument without that training produces something that looks like an assessment without the underlying substance. The cost of that mistake — for the organization, for the subject, and for any party harmed if the trajectory continues — is considerable.
The science is shared. The expression is original.
The KTI-W is original Kestralis work. The factor names, definitions, behavioral anchors, inquiry questions, coding worksheet, risk level descriptions, report template, and case management protocol are written by us and reflect our operating choices. The instrument does not reproduce, paraphrase, or adapt the text of any copyrighted threat assessment tool.
The underlying scientific concepts — the pathway to violence, warning behaviors, leakage, fixation, the role of grievance, the SPJ methodology itself — are not Kestralis's. They are public-domain behavioral science earned across thirty years of research at the U.S. Secret Service NTAC, the FBI Behavioral Analysis Unit, the Safe School Initiative, and the academic research programs that feed those institutions. The KTI-W is grounded in that literature and cites it explicitly. SPJ is a public scientific methodology. It is not the proprietary intellectual property of any author or publisher.
That distinction — between the public science and the original expression of an instrument — is the basis on which any new SPJ instrument is built. Every recognized instrument in current use sits on the same shared scientific foundation. What distinguishes them is the choices their authors made about audience, language, scope, and integration.
When the KTI-W gets used in our practice
The KTI-W is the operational backbone of the behavioral threat assessment service line. When a workplace concern surfaces — an employee whose behavior has shifted, a terminated worker who is escalating, a customer or outside party making statements that the organization can no longer treat as ordinary — the KTI-W is the framework we apply to evaluate what is happening and what the organization should do about it.
The KTI-W also informs our workplace violence prevention program design — because a Threat Assessment Team designed without an underlying methodology is a committee, not a capability — and our litigation support and expert witness practice, where the documented reasoning the instrument requires becomes the basis on which expert testimony stands or falls.
Where the case calls for an instrument other than the KTI-W, we use one. The point of the KTI-W was never to claim that one instrument is correct and the others are wrong. The point was to write the instrument we actually wanted to use.
For the structure, factor domains, risk levels, and methodological lineage of the instrument, see the KTI-W reference page. For situations that may warrant assessment now, or for organizations building internal threat assessment capability, schedule a consultation.
