Talking Threat Intelligence

In corporate security, much of the conversation revolves around exciting new technologies. From AI to drones and robots, these innovations capture the imagination of security professionals. 

But amidst the enthusiasm for these advancements, there's a notable gap in the discussion — few delve into the practicalities of effectively implementing these technologies. 

While the potential benefits are clear, challenges arise rolling out new tech across the organization, including resistance from the public, employees, or management. Overcoming these hurdles becomes crucial, as failure to do so can lead to the organization's reluctance to adopt these promising technologies.

So how do security leaders address this challenge?

This week, we're privileged to have Mark Folmer, President at Robotic Assistance Devices, join us on the podcast. In this episode, we explore the less-discussed aspects of security technology conversations, focusing on where security leaders often stumble when attempting to implement innovative technologies. 

We also discuss communication strategies to bring internal stakeholders on board, the dynamics of public resistance to new security measures, the importance of articulating the value of security initiatives to internal stakeholders, how AI can elevate security programs, the difference between evolutionary changes and true innovation, and much more. 

Resources: 

Over the past few years, security teams have struggled to adapt to a swath of different challenges – from soaring crime rates and geopolitical conflicts to the rise of AI. But what’s coming in 2024? To get some insight, we invited Scot Walker and Carlos Francisco, CPP, CSSP to discuss the future of corporate security. In this episode, they explain why the retirement of the baby boomer generation represents one of the biggest challenges to security leaders. We also discuss the growing threat of deepfakes, how the Israel/Palestine conflict will impact businesses far away from the warzone, what security leaders need to know about the upcoming 2024 Presidential elections, and the biggest mistakes individuals from the public sector make when transitioning to the private sector. 

Resources:

How do you convince senior leadership on the value of open source intelligence? Malte Roschinski and Moritz Schramm from Plan4Risk are on the show today. In this episode, they share their approach to demonstrating the value of OSINT to decision makers. We also explore the consequences of not having management buy-in for threat intelligence, how to prove a tangible ROI with OSINT, as well as the differences in the understanding of threat intelligence in various countries.

Picture this…

You're sitting in a room during another training session, listening to someone at the front of the room drone on and on. They flip through endless pages of a binder, reading aloud monotonously. Your mind starts to wander, and before you know it, you're daydreaming about the fun things you'll do after work. Sound familiar? We've all been there!

Ensuring employees retain crucial safety information can be a real challenge for employers. Despite the best intentions, traditional training sessions often fail to engage employees effectively. When information is presented in a dry and uninspiring manner, it becomes difficult to capture attention and make the material memorable. Consequently, employees may not retain the knowledge they need to stay safe in the workplace.

The consequences of ineffective safety training sessions extend beyond employee disengagement. Poorly designed and implemented programs can cost companies a significant amount of money. When employees fail to retain crucial safety information, accidents and injuries are more likely to occur. These incidents not only harm individuals but also result in increased healthcare costs, lost productivity, and potential legal liabilities for the company.

So what’s the answer? 

On the podcast today is Dr. Tristan Casey, Director of New View Safety. In this episode, we discuss the common reasons why safety training programs often fail to engage employees. Dr. Casey will also share his insights on transforming training sessions into exciting and memorable experiences.

Resources:

Are AI-driven threats lurking within your organization's walls? Liferaft’s Chief Innovation Officer Eduardo Capouya and Senior Vice President of Engineering Matt Hogan join us on the show today. In this episode, Matt and Eduardo delve into the pressing challenges companies face, particularly regarding privacy, security, and ethical concerns in the era of AI. They reveal the risks associated with the use of AI models like ChatGPT, such as the unintentional disclosure of sensitive information and the potential for biased decision-making.

Resources mentioned in this episode:

Chief Security Officers (CSOs) encounter significant challenges when constructing an effective tech stack for their organization's security. These challenges include grappling with integration issues among diverse security solutions, keeping pace with rapidly evolving threats while operating within budgetary constraints, and striking a delicate balance between robust security measures and user-friendliness. Additionally, complying with stringent regulatory requirements and safeguarding data privacy further complicate the process. 

The consequences of getting the tech stack wrong can be severe, potentially leading to security vulnerabilities, data breaches, financial losses, reputational damage, and legal ramifications. It could also hinder the organization's ability to effectively defend against physical threats and stay ahead in an increasingly complicated landscape.

So how can they get it right?

John Gill, Executive Vice President at Kaseware, is on the podcast this week. In this episode, he delves into the intricacies of building an effective tech stack for security teams. He also reveals the most common mistakes CSOs make when evaluating potential solutions. 

In this episode, expect to learn...

• The dangers of looking for the "magic solution" that solves everything.
• How to create a structured Plan to Identify Suitable Technologies
• The seven factors to consider when selecting security technologies
• Picking best-of-breed technologies vs. all-in-one solutions.
• Best Practices for merging physical and cybersecurity roles in organizations

Resources:

• Contact John Gill by Email: john.gill@kaseware.com
• Kaseware: https://www.kaseware.com

The prevalence of active shooter situations in the workplace has seen a disconcerting increase in recent years. These distressing incidents, once considered improbable within work environments, have sadly become an alarming reality. News reports continue to remind us that no workplace or industry is immune to such acts of violence. And this sobering trend has prompted companies of all sizes to prioritize employee safety by implementing comprehensive training programs aimed at equipping individuals with the skills and knowledge needed to navigate and survive active shooter events.

But while traditional survival training methods, including the widely-known run, hide, fight strategy advocated by the FBI, have been widely disseminated, they may not provide the most effective approach to ensure survival in active shooter situations. These methods, while offering some guidance, often oversimplify the complexities and realities of high-stress scenarios. So to better prepare employees, a more comprehensive, adaptable, and practical training approach is essential to address the nuanced challenges presented by active shooter incidents.

So what’s the answer?

On the show today is Michael Julian, creator of the A.L.I.V.E. Active Shooter Survival Training Program and President of MPS Security & Protection. During our discussion, he shares his unique method for surviving active shooter situations. Additionally, Michael provides insights on how security leaders can enhance the effectiveness of their training sessions and highlight common pitfalls that companies often encounter when teaching survival training to their employees.

Resources:

High-profile individuals are increasingly exposed to various online threats that can jeopardize their personal security, reputation, and the organizations they represent. The digital realm has become a playground for attackers seeking to exploit vulnerabilities and gather sensitive information about VIPs for malicious purposes. So what can security professionals do to mitigate this risk?  

In our latest podcast episode, we sit down with Ben Barrontine, VP of Executive Services at 360 Privacy. In our conversation, Ben sheds light on the growing threats executives face online and offers insights into effective strategies for safeguarding their digital presence.

In this episode, expect to learn...

• Why staying off social media won't keep your data safe.
• A glimpse into the mindset and techniques used by online attackers.
• The growing importance of digital intelligence in physical security.
• The biggest vulnerability of almost every VIP.
• The four pillars of staying safe online. 

...and much more.

Resources Mentioned

Imagine a world where talking to computers feels as natural as chatting with a friend. That's the power of ChatGPT, a groundbreaking technology developed by a company called OpenAI. 

This technology has already revolutionized the way we work with computers. Instead of giving them commands, we can have real conversations with them. It's like having an incredibly smart virtual assistant at our fingertips. ChatGPT understands what we say and responds in a way that makes sense. It helps us find information quickly, provides useful suggestions, and even assists with tasks like writing. With ChatGPT, the possibilities seem endless, and it has truly changed the way we interact with technology.

But corporate security teams are understandably worried. For starters, ChatGPT can be used by bad actors to create and spread false information like never before. This means that people are more likely to come across misleading or manipulated content, making it hard to separate fact from fiction online. Additionally, ChatGPT also represents the technological equivalent to the machine gun for cybercriminals, allowing them to create high quality phishing emails and develop new attack vectors like never before. 

So how do security teams address these challenges? 

In this episode, our guest Daniel Ben-Chitrit, Director of Product Management at Authentic8, breaks down what ChatGPT will mean for corporate security teams and the OSINT community. We’ll also discuss how OSINT analysts can leverage this technology effectively while maintaining security and data privacy.

In this episode, expect to learn: 

• The implications of using ChatGPT in threat intelligence gathering and analysis.

• Discover the potential risks and vulnerabilities associated with integrating ChatGPT into corporate systems.

• How to effectively mitigate security threats and protect sensitive information in the era of ChatGPT.

• Gain insights into the challenges of distinguishing between genuine and manipulated information generated by ChatGPT.

• Understand the impact of ChatGPT on phishing and social engineering attacks, and how to combat them.

• Explore potential vulnerabilities in existing security systems when faced with ChatGPT-generated threats.

• Understand the potential impact of ChatGPT on user privacy and data protection in corporate environments.

• Discover ways to educate employees about the risks and benefits of interacting with ChatGPT in a secure manner.

… and much more. 

Relevant Resources:

In the high-pressure world of security, where professionals are constantly facing complex threats and demanding situations, building resilience is not just an advantage—it's a fundamental necessity. It's what empowers practitioners to bounce back from setbacks, adapt to challenges, and maintain their mental well-being amidst the pressures of the field. 

On the show today is Dr. Mary Beth Janke, a former Secret Service agent, Doctor of Clinical Psychology, and an international protection agent. Drawing from her expertise in behavioral therapy, Dr. Janke guides security professionals in developing strategies to enhance their resilience. And with her diverse background, Dr. Janke brings a unique perspective on the critical importance of resilience for success in the security industry.

By understanding the power of cognitive behavioral theory, she empowers individuals to transform their mindset, break negative thought patterns, and cultivate a resilient approach to their work and personal lives. And her insights provide practical tools and techniques to strengthen mental and emotional fortitude in the ever-changing landscape of physical security.

In this episode, expect to learn:

- The vital role of resilience in the success of security professionals.

- Exploring the connection between mental well-being and effective physical security practices.

- How behavioral therapy can be applied to enhance resilience in the field.

- Practical techniques to identify and modify negative thought patterns.

- Strategies for maintaining resilience in the face of stress and uncertainty.

- Real-life examples illustrating the transformative power of resilience in the industry.

- ...and much more.

Alternative social networks present a growing challenge for corporate security teams. These non-traditional platforms, such as Gab and Chan boards, can pose significant threats to organizations, including cyber threats, physical threats, doxing, and misinformation campaigns. And without monitoring these communities, security analysts could be overlooking serious risks to the company. 

To address this issue, Neil Spencer, Director of Market Strategy and Partnerships at Liferaft, is back on the podcast. This week, he breaks down what alternative social networks are and how security teams can effectively monitor these platforms. In this episode you will learn:    

- Learn why monitoring smaller, obscure communities on these networks is critical for comprehensive threat intelligence.

- Understand how alternative social networks can create echo chambers and contribute to the spread of misinformation campaigns.

- Explore the importance of detecting early warnings and indicators of potential threats in the digital space.

- Find out why brand protection is becoming a crucial piece of corporate security scope.

- Hear real-world examples of how smaller, alternative social networks have provided early warnings of potential threats.

- Learn about the long history of white supremacists using these networks to post manifestos before violent events.

- Discover how monitoring these networks can help organizations get ahead of threats and plan effective mitigation strategies.

- Gain insights into the implications of a threat to an organization's brand, both financially and from a physical security perspective.

- Understand the significance of monitoring alternative social networks for both emerging and mainstream platforms.

Resources:

On this episode of Talking Threat Intelligence, we're joined by Chris Grow, Managing Partner at LeMareschal LLC, to discuss the common mistakes that OSINT analysts make when providing intelligence for VIP protection. Chris is an expert in the field of open-source intelligence and has years of experience working with close protection teams. He'll be sharing his insights on the most frequent errors that analysts make, as well as strategies to minimize the risk of failure.

Some of the key topics we'll be covering include: how your bias as an American can negatively impact the intelligence you provide to an agent in the field, misconceptions about OSINT, the dangers of providing too much information for EP personnel on the ground, and how OSINT analysts should prepare before their VIP departs for a trip. Chris will also discuss how he vets potential new employees and common red flags to look for during the interview process.

Resources:

In this episode of our podcast, we're thrilled to have Nick Gicinto, Executive Vice President at Red Five Security, join us. Nick is a highly experienced OSINT analyst and security practitioner, and he's here to discuss the importance of learning how to conduct investigations on the blockchain for threat intelligence professionals.

Nick will explain how blockchain technology is rapidly evolving and becoming more important to our understanding of the current threat landscape. He'll delve into how blockchain can be used to investigate a wide range of activities, from financial fraud to cyberattacks. And we'll explain how OSINT analysts can use blockchain to access a wealth of information that would otherwise be hidden from view.

Additionally, Nick will provide some tips and tricks to help OSINT analysts get started with blockchain investigations, including resources, tools, and important concepts to understand.

Resources:

Over the course of interviewing dozens of security leaders on this podcast, one of my favorite questions is, “How do you hire?”

Their answers always provide a great insight. That’s because after interviewing countless job candidates, they’ve learned the best approaches to help them figure out how a person really ticks. And more importantly, whether they will work well on their team.

Jerry Heying, CPP, PPS, CST, CEO at International Protection Group, is on the show this week.

In this episode, he breaks down the techniques he uses to identify top talent and hire the right people for his close protection details.

Expect to learn the key personality trait every protector needs to succeed in the private-sector, the biggest red flags to look for when interviewing candidates, the job interview question every hiring manager should ask, how to sniff out misleading accomplishments on a resume, the type of great candidates security managers often overlook, and much more.

Resources:

Sandra Stibbards, Owner & President of Camelot Investigations, is on the show to chat about executive privacy.

In this episode, we discuss what close protection teams need to know about protecting their principal’s personal information online.

You will learn how seemingly harmless bits of metadata can leave executives and other VIPs vulnerable to attackers, what you should tell clients to absolutely never post on social media, the one thing analysts should do every week to keep principals safe, a simple trick that can dramatically reduce the venerability of your LinkedIn account, free OSINT tools to monitor for doxxings and other data leaks online, and much more.

Resources:

Chris Story, Director of Risk Intelligence & Security Consulting at Triumph Protection Group, is on the show this week.

In this episode, he discusses applications for open source intelligence in physical security and investigations.

Expect to learn where to get started with OSINT for physical security, the strengths and limitations of OSINT, the common mistake that trips up new OSINT practitioners, and much more.

Resources:

Chris on LinkedIn: https://www.linkedin.com/in/chris-story-securityriskintelligenceleadership/

James Tunkey, Chief Operating Officer of I-OnAsia, is on the show this week.

In this episode, James reveals three key things he believes every OSINT analyst should start doing to deliver better risk intelligence for clients.

Expect to learn the biggest opportunity for OSINT analysts to differentiate themselves in the marketplace right now, the benefit of adding individuals with an insurance or finance background to an OSINT team, why OSINT analysts need to focus more on preparing for “non-routine” events, the key mistake that can sabotage your analysis, and much more.

Resources:

Security departments have long had the reputation of being cost centers inside organizations.

That makes it tough for managers and directors to ask for more budget. And their departments are often the first to see budget cuts during a recession.

So how can security leaders avoid this problem?

Alan Saquella, CPP, professor of Business, Security, and Intelligence at Embry-Riddle Aeronautical University in Arizona and a consultant for Verensics, joins the podcast this week.

In this episode, we discuss his strategies to transform the security function at Cox Communications from a cost center to revenue neutral and beyond.

Expect to learn the dangers of being a cost center within an organization, the first thing you should do before asking executives for additional budget, the importance of learning the language of business, how to demonstrate the ROI of your corporate security program, and much more.

Resources:

Open-source intelligence, or OSINT, has become an increasingly important tool for close protection details. But because many intelligence analysts have never worked in the field, some struggle to provide the actionable insights needed to keep clients safe.

So how can we address this problem?

Denida Grow, Founder & CEO Athena Worldwide and Nannyguards as well as Managing Partner at LeMareschal LLC, is on the show this week.

In this episode, she breaks down the communication gap that exists between OSINT analysts and close protection teams on the ground.

Expect to learn what every OSINT analyst should do before working with an EP team, the danger of sending too much information to agents on the ground, what protectors on the ground probably won’t tell you, the common OSINT mistakes that compromise client safety, the number one trait of top OSINT analysts, how biases can jeopardize security, one of the biggest problems across the security industry today, and much more.

Resources:

Mass shootings in the workplace have become more frequent in recent years. And with employees returning to the office following the COVID pandemic, we’ve seen a spike in violent incidences.

So how can security teams proactively address this problem?

Drew Neckar, MBA, CPP, CHPA, President and Principal Consultant at Security Advisors Consulting Group, is on the show this week.

In this episode, Drew reveals the lessons learned from an incident where he and his team successfully prevented a mass shooting incident.

Expect to learn the importance of teaching ordinary employees how to spot suspicious behavior, the mistake most organizations make when providing security awareness training, the value of environmental design in preventing workplace violence, and much more.

Resources:

Background checks represent the go-to method most organizations use to screen out unethical employees. But due to a growing number of problems, this system has started to fail employers.

Russ Law and Yariv Lis, co-founders of Verensics, are on the show this week.

In this episode, they explain the broken system behind background checks and why this technique fails to screen out problematic workers.

Expect to learn why companies have no incentive to report workplace incidents, the importance of talking about ethics upfront in the interview process, the mistake almost all hiring managers make that can cost their organizations millions, how to set up a structured interview to screen out unethical employees, the best indicators that a candidate will be successful in their new role, and much more.

Resources:

What OSINT skills do employers want right now? And how can you stand out during the application process? 

At Liferaft, we know from talking to hundreds of analysts that many want to take their OSINT careers to the next level.

Unfortunately, OSINT as a profession is relatively new. So you won’t find as many clear milestones and certifications to guide your career.

That can make breaking into the field confusing for rookie analysts. And it can make things even harder for experienced practitioners trying to advance in their careers.

So what's the answer?

Transitioning from the public sector to corporate security is no easy task. Habits that served you well in the military and law enforcement may sabotage your success in the private sector.

So how can you avoid this problem?

Carlos Francisco, CPP, Regional Security Leader at one of the world’s largest social media companies and host of the Corporate Security Translator Podcast, is on the show this week.

In this episode, you’ll learn the radical mindset shift security practitioners must learn going forward to succeed in a corporate environment.

Expect to learn how better customer service improves corporate security, the MAGIC formula for effective leadership, what security professionals can learn from Disney, how to lead without authority, and much more.

Resources:

Intelligence analysts are increasingly turning to the "wisdom of the crowd" to help them make better predictions.

Michael McCabe, CEO of Intelligence Fusion, is on the show today. In this episode, we discuss an emerging trend that has reshaped how organizations gather and analyze intelligence: crowdsourcing.

We also discuss:

* What is crowdsourced intelligence?

* How crowdsourced data gives organizations an edge.

* How analysts can ensure the quality of crowdsourced information.

Resources:

If you have recently transitioned from the military or law-enforcement to corporate security, then you may have noticed other stakeholders in your organization are skeptical (or even out right hostile) of your role.

This presents a big problem for a new security professionals entering the private sector.

Without allies in your organization, it becomes far harder to get anything done. That can jeopardize the safety of other stakeholders as well as your success in this new role.

So what can be done?

Scot Walker, host of Scot Walker’s Protective Future, is on the show with us this week.

In this episode, we discuss the importance a building alliances at work.

We also discuss:

* Specific tactics you can use to win over allies in your organization.

* The common mistake former military and law enforcement professionals often make when transitioning to the private sector.

* The ultimate sign that you are succeeding in your new role.

How will COVID reshape the world of event security?

AJ De Rosa, Chief Revenue Officer of Evolv Technologies, is on the show this week.

In this episode, we chat about the future of event security.

We also discuss:

• The biggest risks to sport and concert venues.
• How COVID has rewritten the rules of event security.
• How slow screening system impact event profits.

Links:

Connect with AJ: https://www.evolvtechnology.com

Evolv Technologies: https://www.linkedin.com/in/a-j-de-rosa-793b357/

If you liked this episode, be sure to subscribe on Apple, Spotify, or wherever else you listen to podcasts.

When transitioning to corporate security, what is the biggest mistake that prevents former military and law-enforcement professionals from succeeding in their new role?

Scot Walker, host of Scot Walker’s Protective Future, is on the podcast this week.

In this episode, we discuss the importance of understanding company culture when starting a new position in the private sector.

We also chat about:

• The common mistakes former military and law-enforcement professionals make in corporate security.
• The type of mentality that can sabotage your career.
• One simple technique to win over executives and other potential allies in your organization.

Links:

A personal brand can go along way towards distinguishing yourself from other professionals and unlocking new career opportunities.

Chuck Andrews (MSME, CPP), founder of Friends of Chuck and the number one influencer in the security industry, is on the show this week.

In this episode, we chat about the importance of establishing and building your personal brand as a security professional.

We also chat about…

• How security professionals can define their personal brand.
• 3 steps to expand your professional network.
• The dangers of blending in and looking like everyone else.
• How to be yourself online.

When it comes to celebrity protection, what separates the professional protector from the amateur bodyguard?

Jerry Heying (CPP, PPS, CST), Security Director of the Executive Protection Institute, is on the show today.

In this episode, Jerry reveals the biggest mistake protectors make when safeguarding VIP clients.

We also discuss:

* The Grayman school of executive protection.

* How fake news and false rumors can jeopardize your VIP’s safety.

* The value of threat intelligence in celebrity or executive protection.