Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Connecting Security to the C-suite through Intelligence ProgramsDaniil Davydoff – Associate Director of Intelligence, AT-RISK International
Agenda
• Intelligence Evolves Alongside Corporate Security
• From Internal Support to External Ambassador
― People
― Products
― Processes
Going from “introverted” to “extraverted” is one of the main challenges for corporate security today
▪ Shy, reticent, reserved, withdrawn
Introverted
▪ Outgoing, expressive, socially confident
Extroverted
Security leaders are not necessarily “introverted”…
…so why are so many corporate security programs still introverted?
▪ Still seen as a cost center (fail to show ROI)
▪ Traditional role of information on “as needed” basis
▪ Do not speak the same language as other corporate departments
▪ Work in *relative* isolation
▪ Fail to show formalized processes
Intelligence programs can facilitate the evolution of security programs
v1.0
Intelligence has traditionally provided internal support for security programs, but there is a lot more that they can do to create a C-suite-ready corporate security department
▪ Supporting a stronger “introverted” security department
v2.0 v3.0
▪ Facilitating limited connections within the enterprise
▪ Enabling a C-Suite partner
Basic intelligence programs assist security teams, but have no “ambassador” role
Intelligence Program – v1.0
What it is and what it does
▪ Small program with one or two analysts ▪ Focus on providing security with analysis for decision-making (“can you look up
crime stats for…”)▪ Enabled with technology, some capacity for fostering preventive security
What’s missing
▪ Security support is more ad-hoc than formalized▪ Program has very limited exposure to outside departments (“what does
intelligence do?”)▪ Plays no “ambassador” role▪ Difficult to show proof of value for program
More sophisticated programs link security to the rest of the firm, but do not go far enough
Intelligence Program – v2.0
What it is and what it does
▪ Small team of analysts enabled with social media and/or event monitoring software▪ Focus on analytical support to distinct security programs (e.g., travel security,
executive protection, facility security)▪ Processes and products have greater standardization▪ Creates external exposure for security departments
What’s missing
▪ Bridge-building still limited primarily to existing security programs▪ Intelligence team role is important to the programs, but not central▪ External impact is likely not C-suite level
The next-generation intelligence programs consistently elevates the security team across the enterprise
Intelligence Program - v3.0
The v3.0 intelligence program requires security carefully consider and invest in three areas:
People – a diverse team that has the skills to make an impact across the enterprise
Products – an innovative product set that goes beyond typical security concerns
Processes – processes that create improved internal functioning and external interaction
1
3
2
Agenda
• Intelligence Evolves Alongside Corporate Security
• From Internal Support to External Ambassador
― People
― Products
― Processes
Making an impact at the C-Suite level requires a hybrid intelligence team
Traditional analysts bring a lot to the table
Former federal intelligence personnel – bring unequalled knowledge of intelligence methodology and foreign risk
Former military intelligence – in addition to above, can often cross-assist with standard operating procedures (SOPs) development and emergency operations
Former law enforcement/crime analyst – can be especially strong on domestic crime issues and may have networks. Depending on background, may be especially strong on quant data
Poached/embedded analysts – best familiarity with role of corporate intelligence analysts. Know how to “do” risk analysis
Making an impact at the C-Suite level requires a hybrid intelligence team
Unusual backgrounds can add appealing skillsets
Inexperienced recent graduates – do not underestimate the bright blank slate
Journalists – know how to tell a relatable story with complex data and muddled information. Storytelling is critical at the C-Suite level
Management consultants – there are no better candidates than those who already know what it takes to make a strategy impact
Scientists – there’s detail-oriented and detail-oriented (scientists are the latter). They can also bring hard skills and depending on their background a better understanding of company sector
Certain traditional qualifications may also need to be re-evaluated or deprioritized
Tech platform familiarityOpen-source investigations
experience
▪ Might be important, but chances are you analysts will need to learn other regions anyway
▪ Being able to “process” political information in various ways much more important
▪ Tech platforms are typically easy to learn
▪ Providers change over time
▪ All tech providers offer training as part of their contracts
Regional expertise
▪ The available tools for OSINT investigations are constantly in flux
▪ As many have noted, OSINT investigations are not about tools but about mindset
HR should instead consider broader qualifications…and test for them
Good intelligence hires have certain indispensable traits. A three-tiered process can help determine whether candidates have them
Curiosity/inquisitiveness
Writing ability
Adaptability/flexibility
Humility
People skills Interviews (with multiple team members)
Testing (long and short timeframes)
Resume Evaluation
1
3
2
The v3.0 intelligence team should also have a set of “preferred” skills
An intelligence team hoping to make C-Suite impact must have additional skills that are becoming increasingly important outside of the security team
Quantitative Data Analysis
Sector Knowledge and Business
Mindset
Visualization
Risk Management Knowledge
Presentation Skills
Project Management Knowledge
Attaining and developing these skills requires creativity on studying and training
The analyst reading list needs to include company documents and
sector publications:
Analyst training and certification courses may need to focus on software that is more difficult to grasp or subject-matter knowledge that
connects security to other teams:
Skill-building overall should take multiple tracks
Whatever the skills or knowledge at hand, advanced intelligence programs need a diverse approach to creating a skills-base
Traditional Skills –
Internal Training
Non-traditional
Skills –Analyst
Playtime
Non-traditional
Skills –External Training
Traditional Skills –
External Training
▪ Trainings, exercises or workshops hosted by senior staff
▪ Training provided by security associations and providers
▪ Analysts need free time to explore skills they may not need they know
▪ Devote some part of the budget to upskilling outside of security and intel
Agenda
• Intelligence Evolves Alongside Corporate Security
• From Internal Support to External Ambassador
― People
― Products
― Processes
Thinking more broadly about intelligence products means thinking more broadly about the role of intelligence
By changing one word in the standard definition of intelligence , we can see the possibilities of intelligence products to contribute to multiple areas of the enterprise
Intelligence is information that has been processed and
analyzed to help enable effective [security]
IP Protection
Market entryMarketing
M&A
Government relations
Communications strategy
Legend
= revenue generation
= cost reduction
Beyond crime and travel risk, intelligence teams can assist with due diligence and investigative products
Due diligence and investigations are critical for executives and a variety of critical functions outside of security
The intelligence team conducts bespoke open-
source investigations on individuals and
companies, domestically and/or
internationally
What is involved?
Creates greater rapport with…
How?
Executives generally
▪ Intel team as first line of defense for meetings with individuals/companies
▪ Significant visibility in cases of targeted threats
Corporate strategy and associated teams (M&A, CFO)
▪ Financial risk is only part of the risk profile when engaging in transactions with other individuals/companies
Beyond crime and travel risk, intelligence teams can assist with due diligence and investigative products
Due diligence and investigations are critical for executives and a variety of critical functions outside of security
Creates greater rapport with…
How?
Corporate social responsibility
▪ Do CSR teams know everything there is to know about their potential partners?
Legal, ethics, and compliance
▪ Open-source and public records info is critical in workplace violence investigations
Government relations
▪ Government relations teams may have the “ground intel” but they may not know how to dig deep
Corporate security and risk management departments can have access to investigative
databases without investigative agency
licenses
Did you know?
If your intelligence program is conducting investigations, add assessments of digital exposure to the mix
Cybersecurity departments are looking for vulnerabilities, but intelligence teams are uniquely suited to connecting how digital exposure creates risk for enterprises and executives:
A few discoveries that reverberated beyond the security team…
Startup’s IP was revealed in city licensing documents
Executive’s son was giving a room-by-room tour of his home on YouTube
Copycat website was discovered selling knock-off products
Intel teams can be leveraged to track reputational risk affecting the brand and C-suite stakeholders
▪ 2017 Global Risk Management Survey – “Damage to Reputation/Brand” is #2 risk
▪ 2018 CEO and Board Risk Management Survey – Only 50 percent of organizations can identify reputational risk events and only 53 percent have the capacity to analyze them and predict their impact
An intelligence program can identify and analyze reputational risks associated with…
Products Policies People Politics
Intelligence team products may also be C-Suite level training
Some intelligence analysts have spent years on techniques to improve qualitative analysis. This knowledge is itself an asset that can be used for training company-wide
▪ Business leaders get just as trapped in cognitive biases as security leaders
▪ Deciding what information to act on has always been a problem for companies
▪ All professionals need training to distinguish between “fake” news, insubstantial, and substantial news
Agenda
• Intelligence Evolves Alongside Corporate Security
• From Internal Support to External Ambassador
• People
• Products
• Processes
Improving and formalizing processes is critical for an intelligence team trying to professionalize
Internal to Intel Team External to Intel Team
▪ Metrics and KPIs
▪ Risk quantification for company planning
▪ Models of informal interaction
▪ Branding
▪ Knowledge management
▪ Project management
▪ ROI calculations
▪ Dissemination processes
▪ Develop or perfect internal processes to show off your team’s functioning
▪ Develop or perfect external processes get greater exposure
▪ Intel collection and analysis
Technology can help formalize some aspects of intelligence collection
Free and paid software can assist with intelligence collection, whether for intelligence analysis or collection:
If an intelligence team is a security department’s brain, effective knowledge management is the cornerstone
Don’t settle for saving documents on computers or even on internal network drives. An effective intelligence team needs to invest in knowledge management platform and process:
Metrics keep an intelligence program on-track and feed into all strategy discussions
Metrics on incident processing may help your intel team, especially if it maintains an alerting function:
Metrics keep an intelligence program on-track and feed into all strategy discussions
Alternatively, metrics can focus on products and their reception:
New project management approaches and tools may be needed beyond the “intelligence cycle”
The intelligence cycle is a start, but you may need actual project management tools:
1. Planning and Direction
2. Collection
3. Processing and Analysis
4. Dissemination and Delivery
5. Evaluation and Feedback
The intelligence cycle is a start, but you may need actual project management tools:
New project management approaches and tools may be needed beyond the “intelligence cycle”
Software can simplify both routine tasking and complex projects:
Establishing a brand involves a series of internal processes that establish an external presence
Integrate with company marketing if you can:
▪ Develop a well-designed set of internal templates. Beautiful products are critical for an intel team
Create your own marketing:
▪ A video may tell the story about your intelligence team better than any printed material
▪ Team name is important. Are you a GSOC, a global intelligence department?
▪ Team space is important. If possible, become a “tour space”
Once your branding is ready, formalize dissemination processes to anyone outside the security team
In addition to creating attractive, visual, and data driven products, an intelligence team needs to formalize its distribution processes:
Beyond dissemination of intelligence, establish processes for providing input to strategic planning processes
Considering quantifying the value of intelligence and helping other teams quantify their own risk:
▪ Understand the corporate strategic planning process. Be an input
▪ Try to quantify intelligence team return on investment (ROI). Find ways to highlight the ROI
▪ Consider approaching other teams calculating risk. They may not know about the intel contribution
▪ Clarify an intelligence team's contribution to ERM and ESRM processes
Find additional exposure by making intelligence a program management function
Threat Assessment programs provide an ideal opportunity for putting intelligence at the center of cross-department processes:
Intelligence personnel can take the lead on coordinating threat
assessment stakeholders
Risk Management
Security
IT/Cybersecurity
Legal
Human Resources
Leverage “softer” approaches to interaction with other departments and senior leverage to test the waters
The “coffee date” approach ▪ Find equivalents in other departments and pick their brain over coffee or lunch. Find gaps in their teams that you can fill with intelligence
The “exchange” approach ▪ A more formalized exchange of equivalent personnel can help expose mutual concerns, as well as strengths and weaknesses
The “freebie” approach▪ Everyone lacks resources, so “freebie” analysis to other teams is
always appreciated, even if it is not a perfect fit. Leverage the appreciation to build something truly valuable over time
Thank You! Questions?
Daniil DavydoffAssociate Director of IntelligenceAT-RISK [email protected]://www.linkedin.com/in/daniildavydoff/