Connecting Security to the C-suite through Intelligence ProgramsDaniil Davydoff – Associate Director of Intelligence, AT-RISK International

Agenda

• Intelligence Evolves Alongside Corporate Security

• From Internal Support to External Ambassador

― People

― Products

― Processes

Going from “introverted” to “extraverted” is one of the main challenges for corporate security today

▪ Shy, reticent, reserved, withdrawn

Introverted

▪ Outgoing, expressive, socially confident

Extroverted

Security leaders are not necessarily “introverted”…

…so why are so many corporate security programs still introverted?

▪ Still seen as a cost center (fail to show ROI)

▪ Traditional role of information on “as needed” basis

▪ Do not speak the same language as other corporate departments

▪ Work in *relative* isolation

▪ Fail to show formalized processes

Intelligence programs can facilitate the evolution of security programs

v1.0

Intelligence has traditionally provided internal support for security programs, but there is a lot more that they can do to create a C-suite-ready corporate security department

▪ Supporting a stronger “introverted” security department

v2.0 v3.0

▪ Facilitating limited connections within the enterprise

▪ Enabling a C-Suite partner

Basic intelligence programs assist security teams, but have no “ambassador” role

Intelligence Program – v1.0

What it is and what it does

▪ Small program with one or two analysts ▪ Focus on providing security with analysis for decision-making (“can you look up

crime stats for…”)▪ Enabled with technology, some capacity for fostering preventive security

What’s missing

▪ Security support is more ad-hoc than formalized▪ Program has very limited exposure to outside departments (“what does

intelligence do?”)▪ Plays no “ambassador” role▪ Difficult to show proof of value for program

More sophisticated programs link security to the rest of the firm, but do not go far enough

Intelligence Program – v2.0

What it is and what it does

▪ Small team of analysts enabled with social media and/or event monitoring software▪ Focus on analytical support to distinct security programs (e.g., travel security,

executive protection, facility security)▪ Processes and products have greater standardization▪ Creates external exposure for security departments

What’s missing

▪ Bridge-building still limited primarily to existing security programs▪ Intelligence team role is important to the programs, but not central▪ External impact is likely not C-suite level

The next-generation intelligence programs consistently elevates the security team across the enterprise

Intelligence Program - v3.0

The v3.0 intelligence program requires security carefully consider and invest in three areas:

People – a diverse team that has the skills to make an impact across the enterprise

Products – an innovative product set that goes beyond typical security concerns

Processes – processes that create improved internal functioning and external interaction

1

3

2

Agenda

• Intelligence Evolves Alongside Corporate Security

• From Internal Support to External Ambassador

― People

― Products

― Processes

Making an impact at the C-Suite level requires a hybrid intelligence team

Traditional analysts bring a lot to the table

Former federal intelligence personnel – bring unequalled knowledge of intelligence methodology and foreign risk

Former military intelligence – in addition to above, can often cross-assist with standard operating procedures (SOPs) development and emergency operations

Former law enforcement/crime analyst – can be especially strong on domestic crime issues and may have networks. Depending on background, may be especially strong on quant data

Poached/embedded analysts – best familiarity with role of corporate intelligence analysts. Know how to “do” risk analysis

Making an impact at the C-Suite level requires a hybrid intelligence team

Unusual backgrounds can add appealing skillsets

Inexperienced recent graduates – do not underestimate the bright blank slate

Journalists – know how to tell a relatable story with complex data and muddled information. Storytelling is critical at the C-Suite level

Management consultants – there are no better candidates than those who already know what it takes to make a strategy impact

Scientists – there’s detail-oriented and detail-oriented (scientists are the latter). They can also bring hard skills and depending on their background a better understanding of company sector

Certain traditional qualifications may also need to be re-evaluated or deprioritized

Tech platform familiarityOpen-source investigations

experience

▪ Might be important, but chances are you analysts will need to learn other regions anyway

▪ Being able to “process” political information in various ways much more important

▪ Tech platforms are typically easy to learn

▪ Providers change over time

▪ All tech providers offer training as part of their contracts

Regional expertise

▪ The available tools for OSINT investigations are constantly in flux

▪ As many have noted, OSINT investigations are not about tools but about mindset

HR should instead consider broader qualifications…and test for them

Good intelligence hires have certain indispensable traits. A three-tiered process can help determine whether candidates have them

Curiosity/inquisitiveness

Writing ability

Adaptability/flexibility

Humility

People skills Interviews (with multiple team members)

Testing (long and short timeframes)

Resume Evaluation

1

3

2

The v3.0 intelligence team should also have a set of “preferred” skills

An intelligence team hoping to make C-Suite impact must have additional skills that are becoming increasingly important outside of the security team

Quantitative Data Analysis

Sector Knowledge and Business

Mindset

Visualization

Risk Management Knowledge

Presentation Skills

Project Management Knowledge

Attaining and developing these skills requires creativity on studying and training

The analyst reading list needs to include company documents and

sector publications:

Analyst training and certification courses may need to focus on software that is more difficult to grasp or subject-matter knowledge that

connects security to other teams:

Skill-building overall should take multiple tracks

Whatever the skills or knowledge at hand, advanced intelligence programs need a diverse approach to creating a skills-base

Traditional Skills –

Internal Training

Non-traditional

Skills –Analyst

Playtime

Non-traditional

Skills –External Training

Traditional Skills –

External Training

▪ Trainings, exercises or workshops hosted by senior staff

▪ Training provided by security associations and providers

▪ Analysts need free time to explore skills they may not need they know

▪ Devote some part of the budget to upskilling outside of security and intel

Agenda

• Intelligence Evolves Alongside Corporate Security

• From Internal Support to External Ambassador

― People

― Products

― Processes

Thinking more broadly about intelligence products means thinking more broadly about the role of intelligence

By changing one word in the standard definition of intelligence , we can see the possibilities of intelligence products to contribute to multiple areas of the enterprise

Intelligence is information that has been processed and

analyzed to help enable effective [security]

IP Protection

Market entryMarketing

M&A

Government relations

Communications strategy

Legend

= revenue generation

= cost reduction

Beyond crime and travel risk, intelligence teams can assist with due diligence and investigative products

Due diligence and investigations are critical for executives and a variety of critical functions outside of security

The intelligence team conducts bespoke open-

source investigations on individuals and

companies, domestically and/or

internationally

What is involved?

Creates greater rapport with…

How?

Executives generally

▪ Intel team as first line of defense for meetings with individuals/companies

▪ Significant visibility in cases of targeted threats

Corporate strategy and associated teams (M&A, CFO)

▪ Financial risk is only part of the risk profile when engaging in transactions with other individuals/companies

Beyond crime and travel risk, intelligence teams can assist with due diligence and investigative products

Due diligence and investigations are critical for executives and a variety of critical functions outside of security

Creates greater rapport with…

How?

Corporate social responsibility

▪ Do CSR teams know everything there is to know about their potential partners?

Legal, ethics, and compliance

▪ Open-source and public records info is critical in workplace violence investigations

Government relations

▪ Government relations teams may have the “ground intel” but they may not know how to dig deep

Corporate security and risk management departments can have access to investigative

databases without investigative agency

licenses

Did you know?

If your intelligence program is conducting investigations, add assessments of digital exposure to the mix

Cybersecurity departments are looking for vulnerabilities, but intelligence teams are uniquely suited to connecting how digital exposure creates risk for enterprises and executives:

A few discoveries that reverberated beyond the security team…

Startup’s IP was revealed in city licensing documents

Executive’s son was giving a room-by-room tour of his home on YouTube

Copycat website was discovered selling knock-off products

Intel teams can be leveraged to track reputational risk affecting the brand and C-suite stakeholders

▪ 2017 Global Risk Management Survey – “Damage to Reputation/Brand” is #2 risk

▪ 2018 CEO and Board Risk Management Survey – Only 50 percent of organizations can identify reputational risk events and only 53 percent have the capacity to analyze them and predict their impact

An intelligence program can identify and analyze reputational risks associated with…

Products Policies People Politics

Intelligence team products may also be C-Suite level training

Some intelligence analysts have spent years on techniques to improve qualitative analysis. This knowledge is itself an asset that can be used for training company-wide

▪ Business leaders get just as trapped in cognitive biases as security leaders

▪ Deciding what information to act on has always been a problem for companies

▪ All professionals need training to distinguish between “fake” news, insubstantial, and substantial news

Agenda

• Intelligence Evolves Alongside Corporate Security

• From Internal Support to External Ambassador

• People

• Products

• Processes

Improving and formalizing processes is critical for an intelligence team trying to professionalize

Internal to Intel Team External to Intel Team

▪ Metrics and KPIs

▪ Risk quantification for company planning

▪ Models of informal interaction

▪ Branding

▪ Knowledge management

▪ Project management

▪ ROI calculations

▪ Dissemination processes

▪ Develop or perfect internal processes to show off your team’s functioning

▪ Develop or perfect external processes get greater exposure

▪ Intel collection and analysis

Technology can help formalize some aspects of intelligence collection

Free and paid software can assist with intelligence collection, whether for intelligence analysis or collection:

If an intelligence team is a security department’s brain, effective knowledge management is the cornerstone

Don’t settle for saving documents on computers or even on internal network drives. An effective intelligence team needs to invest in knowledge management platform and process:

Metrics keep an intelligence program on-track and feed into all strategy discussions

Metrics on incident processing may help your intel team, especially if it maintains an alerting function:

Metrics keep an intelligence program on-track and feed into all strategy discussions

Alternatively, metrics can focus on products and their reception:

New project management approaches and tools may be needed beyond the “intelligence cycle”

The intelligence cycle is a start, but you may need actual project management tools:

1. Planning and Direction

2. Collection

3. Processing and Analysis

4. Dissemination and Delivery

5. Evaluation and Feedback

The intelligence cycle is a start, but you may need actual project management tools:

New project management approaches and tools may be needed beyond the “intelligence cycle”

Software can simplify both routine tasking and complex projects:

Establishing a brand involves a series of internal processes that establish an external presence

Integrate with company marketing if you can:

▪ Develop a well-designed set of internal templates. Beautiful products are critical for an intel team

Create your own marketing:

▪ A video may tell the story about your intelligence team better than any printed material

▪ Team name is important. Are you a GSOC, a global intelligence department?

▪ Team space is important. If possible, become a “tour space”

Once your branding is ready, formalize dissemination processes to anyone outside the security team

In addition to creating attractive, visual, and data driven products, an intelligence team needs to formalize its distribution processes:

Beyond dissemination of intelligence, establish processes for providing input to strategic planning processes

Considering quantifying the value of intelligence and helping other teams quantify their own risk:

▪ Understand the corporate strategic planning process. Be an input

▪ Try to quantify intelligence team return on investment (ROI). Find ways to highlight the ROI

▪ Consider approaching other teams calculating risk. They may not know about the intel contribution

▪ Clarify an intelligence team's contribution to ERM and ESRM processes

Find additional exposure by making intelligence a program management function

Threat Assessment programs provide an ideal opportunity for putting intelligence at the center of cross-department processes:

Intelligence personnel can take the lead on coordinating threat

assessment stakeholders

Risk Management

Security

IT/Cybersecurity

Legal

Human Resources

Leverage “softer” approaches to interaction with other departments and senior leverage to test the waters

The “coffee date” approach ▪ Find equivalents in other departments and pick their brain over coffee or lunch. Find gaps in their teams that you can fill with intelligence

The “exchange” approach ▪ A more formalized exchange of equivalent personnel can help expose mutual concerns, as well as strengths and weaknesses

The “freebie” approach▪ Everyone lacks resources, so “freebie” analysis to other teams is

always appreciated, even if it is not a perfect fit. Leverage the appreciation to build something truly valuable over time

Thank You! Questions?

Daniil DavydoffAssociate Director of IntelligenceAT-RISK Internationalddavydoff@at-riskinternational.comhttps://www.linkedin.com/in/daniildavydoff/