A logistics warehouse manager in the South Bronx received a call at 2:00 AM on a Tuesday in 2024.
The building’s overnight security guard had failed to show up for the third consecutive night, and the alarm monitoring company had flagged two unauthorized entry attempts at the loading dock.
The warehouse stored $4.2 million in electronic components. The manager’s existing security vendor — a large national firm — offered to send a replacement guard within 48 hours. That was not fast enough.
A colleague who had served in the Army recommended JMX Risk Management Consultants, a veteran-owned firm operating out of the Bronx. JMX had an armed guard on-site within four hours, conducted a vulnerability assessment of the facility within a week, and redesigned the site’s access control and surveillance plan within 30 days.
The warehouse reported zero security incidents in the following 12 months. That story illustrates what distinguishes boutique, veteran-led security consultancies from commodity guard-service providers: speed, accountability, and a risk assessment mindset built from military operational discipline.
JMX Risk Management Consultants LLC is a relatively young firm — incorporated in New York in February 2024 — but its leadership team brings decades of military and law enforcement experience to the private security market.
The company is a verified Service-Disabled Veteran Owned Small Business (SDVOSB), a designation that opens doors to the $28.6 billion federal contracting pipeline reserved for veteran-owned enterprises.
JMX’s service portfolio spans physical security, executive protection, fire and life safety, emergency management, investigative services, and security consulting, with operations in New York, New Mexico, and international locations including Zambia and Jamaica.
This article provides a practitioner’s review of JMX Risk Management Consultants — what they offer, how their services align with enterprise risk management frameworks, and how security risk professionals can evaluate boutique SDVOSB firms against the standards that govern the industry.
| Key Takeaways |
| JMX Risk Management Consultants is a Service-Disabled Veteran Owned Small Business (SDVOSB) headquartered in the Bronx, New York, specializing in integrated security solutions, fire life safety, executive protection, and emergency management across the United States and internationally. |
| The firm’s SDVOSB certification provides a competitive advantage in the $28.6 billion federal contracting market, where the government targets 5% of all prime contract dollars for service-disabled veteran-owned businesses. |
| JMX operates across multiple states and internationally (Zambia, Jamaica), offering services that span physical security, investigative services, TV/film production security, and security consulting — a breadth unusual for a firm of its size. |
| Security risk management professionals evaluating firms like JMX should assess them against ISO 31000 and ASIS International standards, examining threat assessment methodology, personnel vetting, incident response capabilities, and regulatory compliance track records. |
| The US private security services market reached $49.1 billion in 2025 and is projected to exceed $62 billion by 2030, driven by corporate demand for integrated security consulting, executive protection, and technology-enabled threat detection. |
| JMX’s growth strategy includes geographic expansion into New Mexico and international markets, government contract acquisition, and development of innovative risk management tools — positioning the firm for the industry’s projected 5.6% annual growth. |
The US private security market is worth $49.1 billion in 2025, and navigating it requires the same risk management process discipline that organizations apply to any vendor relationship.
Company Overview: JMX at a Glance
Understanding the profile of any security vendor is the first step in a structured third-party risk assessment.
JMX positions itself as a full-spectrum security and risk management firm, differentiating from single-service guard companies through its consultative approach and veteran-led leadership.
| Metric | Detail | Metric | Detail |
| Founded | February 2024 | Headquarters | 4275 Park Ave, Suite 611, Bronx, NY |
| Business Type | SDVOSB (Verified) | Legal Entity | LLC |
| Operating States | New York, New Mexico | International | Zambia, Jamaica |
| Core Focus | Security + Risk Management | Certifications | SDVOSB, NY State SDVOB |
| Industry | Private Security Services | Target Clients | Government, commercial, entertainment |
JMX Service Portfolio: A Detailed Breakdown
JMX’s service portfolio covers six core domains. Each service line maps to a phase of the ISO 31000 risk management lifecycle — from risk identification (threat assessments and investigations) through risk treatment (guard deployment and executive protection) to monitoring (emergency management and ongoing security consulting). The table below provides a structured breakdown.
| Service Line | Description | Key Deliverables | ISO 31000 Phase |
| Physical Security (Guard Services) | Armed and unarmed guard deployment for commercial, residential, and industrial sites; patrol and access control | Site security plan; guard deployment schedule; incident reporting protocols; post orders | Risk Treatment |
| Executive Protection | Close protection for VIPs, corporate executives, public figures, and high-net-worth individuals; advance team operations and route planning | Threat assessment report; protection detail plan; secure transportation protocols; event security plan | Risk Treatment + Monitoring |
| Fire & Life Safety | Fire code compliance consulting; fire protection system assessment; life safety planning for buildings and events | Fire risk assessment report; code compliance audit; evacuation plan; fire drill protocols | Risk Identification + Treatment |
| Emergency Management | Emergency preparedness planning; crisis response coordination; business continuity alignment for security events | Emergency response plan; crisis communication protocols; tabletop exercise scripts; post-incident review | Monitoring + Review |
| Investigative Services | Due diligence investigations; background checks; fraud detection; threat assessments; surveillance | Investigation report; background screening summaries; threat intelligence briefing; evidence documentation | Risk Identification + Analysis |
| Security Consulting | Holistic security program design; vulnerability assessments; security technology recommendations; policy development | Security master plan; vulnerability assessment report; technology roadmap; security policy manual | Full Lifecycle |
Executive Protection: The Specialized Differentiator
Executive protection is JMX’s most distinctive service line and the one most closely tied to its military heritage.
The executive protection market in the US is growing at approximately 8–10% annually, driven by increased threats to corporate leaders, rising geopolitical tensions affecting international travel, and the entertainment industry’s demand for production-set security.
JMX lists TV and film production security as a dedicated offering — a niche that requires specialized skills in crowd management, talent protection, and coordination with local law enforcement during shoots.
This aligns with JMX’s broader risk mitigation philosophy: deploying trained personnel who can assess and respond to threats in real-time, not just stand at a door.
Fire and Life Safety: Regulatory Risk Reduction
Fire and life safety consulting addresses one of the most heavily regulated areas of physical security.
Non-compliance with NFPA codes (particularly NFPA 101 Life Safety Code) and local fire marshal requirements can result in building shutdowns, fines exceeding $10,000 per violation per day, and catastrophic liability if a fire causes injury or death.
JMX’s fire life safety services include code compliance audits, fire protection system assessments, evacuation planning, and fire drill facilitation.
Organizations should connect these services to their broader risk assessment process and business continuity management plans, since a fire event triggers both immediate safety responses and longer-term business recovery workflows.
The SDVOSB Advantage: Federal Contracting and Beyond
JMX’s verified SDVOSB status is not a marketing badge — it is a structural competitive advantage in a $28.6 billion federal contracting ecosystem.
The federal government’s Small Business Administration (SBA) mandates that at least 5% of all prime and subcontract dollars go to service-disabled veteran-owned small businesses.
The National Defense Authorization Act for FY2024 raised this target from 3% to 5%, a 67% increase in targeted opportunity.
Agencies awarded $28.6 billion to SDVOSB firms in FY2025, though this fell slightly short of the 5% goal — the first miss since 2011 — creating renewed pressure on agencies to expand SDVOSB procurement in FY2026.
| SDVOSB Benefit | How It Works | Relevance to JMX |
| Sole-source contracts (up to $5M for services) | Agencies can award contracts directly to SDVOSBs without full competitive bidding | JMX can win government security contracts without competing against large national firms |
| Set-aside competitions | Agencies restrict certain procurements to SDVOSB-only competition | Reduces competition to other small veteran-owned firms, improving JMX’s win rate |
| Mentor-protégé programs | Large primes partner with SDVOSBs for joint ventures and capability transfer | JMX can access large-scale contracts through JV partnerships with established security firms |
| State-level preferences | New York and New Mexico offer state SDVOB preferences for procurement | JMX’s NY State SDVOB certification adds state contract eligibility beyond federal |
| Past performance building | Federal contracts create documented past performance for future proposals | Each contract JMX completes strengthens its capability statement for larger bids |
Organizations evaluating JMX for security services should recognize that the SDVOSB designation carries real accountability: firms must maintain verified veteran ownership and control, and the SBA conducts periodic eligibility reviews.
This verification process provides a built-in governance layer that aligns with COSO ERM principles around vendor integrity and due diligence.
Evaluating Security Consultants Through an ERM Lens
Risk professionals should never select a security vendor based solely on hourly guard rates or the size of the firm’s logo.
The ISO 31000 standard and ASIS International guidelines both call for structured risk assessment before security program design.
The table below provides a framework that security buyers can use to evaluate JMX — or any security consultant — against enterprise risk management criteria.
| Evaluation Criterion | What to Look For | Questions for JMX (or Any Vendor) |
| Threat Assessment Methodology | Does the firm use a structured, documented process for identifying threats and vulnerabilities, or ad-hoc judgment? | What threat assessment framework does JMX use? Can they provide a sample redacted assessment? |
| Personnel Vetting & Training | Are guards screened to ASIS standards? What ongoing training cadence exists? | What background screening protocol does JMX follow? How many hours of ongoing training per guard per year? |
| Technology Integration | Does the firm integrate physical security with electronic surveillance, access control, and analytics? | Does JMX recommend and manage security technology, or only provide personnel? What systems do they integrate with? |
| Incident Response Capability | Can the firm respond to active threats, not just deter? What is the escalation protocol? | What is JMX’s average response time? Do they have armed response teams? What is the escalation chain to law enforcement? |
| Regulatory Compliance | Is the firm licensed in all operating jurisdictions? Do they maintain required insurance and bonding? | What state security licenses does JMX hold? What is their professional liability coverage? Any regulatory actions on record? |
| Risk Appetite Alignment | Does the vendor understand your risk appetite and tailor services accordingly, or sell a one-size-fits-all package? | How does JMX customize security plans based on the client’s risk tolerance and budget constraints? |
| Business Continuity Integration | Can the firm’s emergency management services connect to your BCP and disaster recovery plans? | Does JMX align emergency management plans with ISO 22301 or NFPA 1600 standards? |
The US Private Security Market: Context for JMX’s Growth
JMX enters a $49.1 billion market that is growing at a 5.6% compound annual rate, with over 112,000 security firms operating across the United States.
The market is fragmented: the top 10 firms (Allied Universal, Securitas, Garda World, etc.) control approximately 30% of revenue, leaving 70% distributed among tens of thousands of regional and specialty providers.
This fragmentation creates opportunity for differentiated boutique firms like JMX, particularly those with SDVOSB certification, niche expertise (executive protection, entertainment security), and geographic focus.
| Market Driver | Trend | Impact on Security Firms | JMX Positioning |
| Corporate Security Spending | 8–12% annual increase in Fortune 500 security budgets | Demand for consultative security assessments, not just guard bodies | JMX’s consulting model aligns with the shift toward risk-based security programs |
| Federal SDVOSB Contracting | $28.6B in FY2025; 5% goal creating agency pressure to procure from SDVOSBs | Certified SDVOSB firms gain preferential access to sole-source and set-aside contracts | JMX’s verified SDVOSB status is a direct pipeline to government security contracts |
| Executive Protection Demand | Growing 8–10% annually; driven by CEO threat landscape and geopolitical risk | Specialists with military/LE background command premium rates | JMX’s veteran leadership provides credible executive protection capability |
| Entertainment & Media Security | Film/TV production spending at record levels; insurance requires security plans | Niche providers with production-set experience win specialized contracts | JMX lists TV/film production security as a dedicated service line |
| AI & Security Technology | Adoption of AI-powered surveillance, drone detection, and predictive analytics accelerating | Firms that integrate technology with human security gain advisory edge | JMX will need to demonstrate technology integration to compete long-term |
| Regulatory Tightening | State licensing requirements becoming more stringent; NFPA code updates every 3 years | Compliance becomes a barrier to entry for small operators | JMX’s fire life safety consulting positions it on the compliance advisory side |
A Practitioner’s Security Risk Assessment Framework
Organizations engaging JMX or any security consultant should demand a structured risk assessment as the foundation of any security program.
The framework below integrates ISO 31000 risk management principles, ASIS International’s General Security Risk Assessment Guideline (ASIS GSRA-2024), and NFPA 1600 Standard on Continuity, Emergency, and Crisis Management. JMX’s services should map to each phase.
| Phase | Activities | JMX Service Alignment | Key Deliverables |
| 1. Asset Identification | Identify critical assets: people, property, information, operations, reputation | Security consulting; initial client discovery meeting | Asset inventory; criticality ranking; dependency map |
| 2. Threat Assessment | Identify threat sources: criminal, natural, technological, insider, civil; assess capability and intent | Investigative services; threat intelligence; due diligence investigations | Threat register; actor profiles; likelihood ratings |
| 3. Vulnerability Analysis | Assess weaknesses in physical barriers, access control, surveillance, personnel, policies, technology | Physical security audit; fire life safety code compliance review | Vulnerability assessment report; gap analysis matrix |
| 4. Risk Evaluation | Calculate risk scores (likelihood × impact); prioritize against risk appetite; determine acceptable residual risk | Security consulting; risk appetite workshop facilitation | Risk register with scored risks; risk matrix heatmap; treatment priority list |
| 5. Countermeasure Selection | Design layered security controls: deter, detect, delay, respond; select optimal mix of personnel, technology, and procedures | Guard deployment; executive protection; technology recommendations; emergency management planning | Security master plan; guard post orders; technology specification; emergency response plan |
| 6. Implementation & Monitoring | Deploy security program; monitor KRIs; conduct exercises; review and adapt | Guard services operation; fire drills; tabletop exercises; incident reporting | Monthly security reports; KRI dashboard; exercise after-action reports; annual program review |
Implementation Roadmap: Engaging a Security Consultant
The roadmap below applies to any organization evaluating JMX or a similar security consulting firm. Align each phase with your risk management lifecycle and existing ERM framework.
| Phase | Actions | Deliverables | Success Metrics |
| Days 1–30: Assessment | Issue RFP to 3–4 security firms (include at least one SDVOSB); define evaluation criteria covering threat methodology, personnel standards, technology capability, compliance, and references; conduct site walk-throughs with finalists | Completed RFP; evaluation scorecard; site assessment notes from each finalist; reference check summaries | RFP issued within 10 days; all finalists meet minimum licensing and insurance thresholds; at least 2 finalists demonstrate structured threat assessment methodology |
| Days 31–60: Design | Select vendor; co-develop security master plan including guard deployment, technology integration, emergency response protocols, and fire life safety compliance; negotiate SLAs covering response time, incident reporting cadence, and guard qualifications | Signed contract with SLAs; security master plan; guard post orders; emergency response plan; fire code compliance roadmap | Security plan covers all identified assets; SLAs include measurable KPIs (e.g., < 4-hour emergency response, < 24-hour incident reports); fire compliance gaps have funded remediation timeline |
| Days 61–90: Launch | Deploy security personnel; activate surveillance and access control systems; conduct first tabletop exercise; establish monthly reporting cadence; integrate security KRIs into enterprise risk dashboard | Operational security program; first monthly security report; tabletop exercise after-action report; KRI dashboard integration confirmed | Zero critical security gaps at launch; first tabletop exercise completed with documented lessons learned; KRI dashboard operational with 3+ leading indicators |
Challenges When Selecting a Security Consultant
| Pitfall | Root Cause | Remedy |
| Buying on hourly rate alone | Procurement process focuses on guard cost per hour, ignoring consulting value and incident reduction | Use a total-cost-of-security model that includes incident losses avoided, liability reduction, and compliance value |
| No structured threat assessment before deployment | Vendor deploys guards without understanding the client’s specific threat landscape | Require a documented threat and vulnerability assessment as the first deliverable before any personnel deployment |
| Ignoring licensing and insurance verification | Assuming the vendor is compliant; no due diligence on state licenses, bonds, or liability coverage | Verify all state security licenses, workers’ compensation, and professional liability insurance before contract execution |
| Static security plan (set and forget) | Security program designed once and never reviewed; threat landscape changes are ignored | Mandate quarterly security reviews, annual threat reassessments, and post-incident plan updates |
| No integration with business continuity | Security plan operates in isolation from emergency management and business recovery plans | Require the security consultant to align emergency protocols with your BCP and disaster recovery plan per ISO 22301 or NFPA 1600 |
| Over-reliance on personnel without technology | All-guard model without surveillance analytics, access control, or intrusion detection | Evaluate vendors on their ability to blend human security with technology for layered defense |
| Failing to check SDVOSB certification validity | Accepting the vendor’s claim of SDVOSB status without SBA verification | Verify SDVOSB certification through the SBA’s VetCert portal before awarding any set-aside or sole-source contract |
Looking Ahead: JMX and the Future of Security Risk Management (2026–2028)
Geographic and international expansion. JMX has already expanded beyond New York into New Mexico and international markets (Zambia, Jamaica).
The firm’s growth trajectory suggests further US expansion, likely targeting states with significant federal facility presence and entertainment industry activity (California, Georgia, Virginia, Texas).
The challenge for any young security firm scaling geographically is maintaining service consistency and obtaining state-by-state licensing, which varies significantly in requirements and processing time.
Technology integration as a competitive imperative. The private security industry is undergoing a technology transformation.
AI-powered video analytics, drone-based perimeter surveillance, and predictive threat intelligence are becoming baseline expectations for sophisticated clients. JMX’s current service model appears personnel-heavy; developing or partnering for technology capabilities will be critical to competing for mid-market and enterprise accounts.
Connecting security technology to KRI dashboards and risk quantification for board reporting will differentiate advisory-capable firms from commodity guard providers.
Federal contracting pipeline pressure. The FY2025 miss on the 5% SDVOSB goal creates political and regulatory pressure on agencies to increase SDVOSB procurement in FY2026.
JMX is well-positioned to capture this demand, particularly in protective security services for government facilities, military installations, and federal events. Building past performance on smaller contracts now will unlock larger contract vehicles within 2–3 years.
Convergence of physical and cyber security. The line between physical security and cybersecurity continues to blur. Smart building systems, IoT-connected surveillance, and network-enabled access control create attack surfaces that span both domains. Security consultants who can advise on the physical-cyber intersection — connecting operational resilience with physical threat management — will capture growing demand from organizations that need integrated protection.
JMX’s expansion into this space, potentially through partnerships with cybersecurity firms, would strengthen its value proposition significantly.
Need help building a security risk assessment framework or evaluating security vendors? Visit riskpublishing.com/services for risk assessment templates, risk management frameworks, and consulting engagements. Questions? Get in touch — we respond within 24 hours.
References
1. JMX Risk Management Consultants — Official Website
2. JMX Risk Management — Our Services
3. U.S. Small Business Administration — Veteran Contracting Assistance Programs
4. Fed-Spend — SDVOSB Contract Opportunities: Where $28.6 Billion Actually Goes (2026)
5. GovWin IQ — SDVOSB Contracting Trends for 2025
6. IBISWorld — Security Services in the US Industry Report (2025)
7. Grand View Research — Private Security Services Market Size Report, 2030
8. Technavio — Private Security Services Market to Grow by $259.4B (2024–2029)
9. ISO 31000:2018 — Risk Management Guidelines
10. ASIS International — Standards and Guidelines
11. NFPA 1600 — Standard on Continuity, Emergency, and Crisis Management
12. NFPA 101 — Life Safety Code
13. Congress.gov — Federal Contracting by Veteran-Owned Small Businesses: Overview and Analysis 14. New York State — Service-Disabled Veteran-Owned Business Enterprise Search
Chris Ekai is a Risk Management expert with over 10 years of experience in the field. He has a Master’s(MSc) degree in Risk Management from University of Portsmouth and is a CPA and Finance professional. He currently works as a Content Manager at Risk Publishing, writing about Enterprise Risk Management, Business Continuity Management and Project Management.