Artwork

Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Topic: Elevating Private Sector Intelligence through Professionalization with Harvard University's Maria Robson

21:20
 
Share
 

Manage episode 332858711 series 3331602
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In episode 76 of The Cyber5, guest moderator and Nisos Director for Product Marketing, Stephen Helm, is joined by our guest, Dr. Maria Robson, the Program Coordinator for the Intelligence Project of the Belfer Center at Harvard University's Kennedy School.

We discuss the evolution of intelligence roles in enterprise and the ultimate path for intelligence professionals. We cover ethics in private sector intelligence teams and the role of academia in fostering not only the ethics, but also the professionalization of private sector intelligence positions. Dr. Robson also discusses insights into how proactive intelligence gathering capabilities tends to provide most value to enterprise. Finally, she gives an overview of the Association of International Risk Intelligence Professionals work and mission.

Three Takeaways:

  1. Ethical Focus is Critical

Ethical lines of consideration and having a standard of what is appropriate for collection and analysis is important but currently very murky. Collection and analysis for the U.S. Intelligence Community would be entirely inappropriate and illegal when collecting against private sector persons and organizations. Standards would ensure, for example, that new analysts know what was in and out of bounds of the type of inquiry that can be answered. The Association of International Risk Intelligence Professionals (AIRIP) is leading the way to identify these standards.

  • Apprentice and Guild Process is Critical if Standards are Slow to be Developed

Craft and guild process is important to get jobs in private sector intelligence because there is no linear pathway to employment. Since networking and a manager’s previous experience in the intelligence community, non-profit, or private sector are the driving forces behind mentorship, craft and guild benchmarking and professionalization become important models.

  • Security Organization and Reporting Structure Has Changed

Cyber threat intelligence, geopolitical risk, and corporate security have historically been the security functions. Before digging into how cyber threat intelligence benefits a physical security program, we identify a list of some of the services, products, and analyses that a CTI program might address.

The following services have significant overlap with physical security programs:

  • Adversary infrastructure analysis
  • Attribution analysis
  • Dark Web tracking
  • Internal threat hunting
  • Threat research for identification and correlation of malicious actors and external datasets
  • Intelligence report production
  • Intelligence sharing (external to the organization)
  • Tracking threat actors’ intentions and capabilities

Other CTI services generally do not overlap with physical security and remain the responsibility of cybersecurity teams. These services include malware analysis and reverse engineering, vulnerabilities research, and indicator analysis (enrichment, pivoting, and correlating to historical reporting).

Security teams are now leveraging open-source intelligence and cyber threat intelligence to provide critical information to physical security practitioners. The physical and corporate security programs of these teams generally consist of the following disciplines, with use cases that are at the center of the convergence of cyber and physical security disciplines:

  continue reading

91 episodes

Artwork
iconShare
 
Manage episode 332858711 series 3331602
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In episode 76 of The Cyber5, guest moderator and Nisos Director for Product Marketing, Stephen Helm, is joined by our guest, Dr. Maria Robson, the Program Coordinator for the Intelligence Project of the Belfer Center at Harvard University's Kennedy School.

We discuss the evolution of intelligence roles in enterprise and the ultimate path for intelligence professionals. We cover ethics in private sector intelligence teams and the role of academia in fostering not only the ethics, but also the professionalization of private sector intelligence positions. Dr. Robson also discusses insights into how proactive intelligence gathering capabilities tends to provide most value to enterprise. Finally, she gives an overview of the Association of International Risk Intelligence Professionals work and mission.

Three Takeaways:

  1. Ethical Focus is Critical

Ethical lines of consideration and having a standard of what is appropriate for collection and analysis is important but currently very murky. Collection and analysis for the U.S. Intelligence Community would be entirely inappropriate and illegal when collecting against private sector persons and organizations. Standards would ensure, for example, that new analysts know what was in and out of bounds of the type of inquiry that can be answered. The Association of International Risk Intelligence Professionals (AIRIP) is leading the way to identify these standards.

  • Apprentice and Guild Process is Critical if Standards are Slow to be Developed

Craft and guild process is important to get jobs in private sector intelligence because there is no linear pathway to employment. Since networking and a manager’s previous experience in the intelligence community, non-profit, or private sector are the driving forces behind mentorship, craft and guild benchmarking and professionalization become important models.

  • Security Organization and Reporting Structure Has Changed

Cyber threat intelligence, geopolitical risk, and corporate security have historically been the security functions. Before digging into how cyber threat intelligence benefits a physical security program, we identify a list of some of the services, products, and analyses that a CTI program might address.

The following services have significant overlap with physical security programs:

  • Adversary infrastructure analysis
  • Attribution analysis
  • Dark Web tracking
  • Internal threat hunting
  • Threat research for identification and correlation of malicious actors and external datasets
  • Intelligence report production
  • Intelligence sharing (external to the organization)
  • Tracking threat actors’ intentions and capabilities

Other CTI services generally do not overlap with physical security and remain the responsibility of cybersecurity teams. These services include malware analysis and reverse engineering, vulnerabilities research, and indicator analysis (enrichment, pivoting, and correlating to historical reporting).

Security teams are now leveraging open-source intelligence and cyber threat intelligence to provide critical information to physical security practitioners. The physical and corporate security programs of these teams generally consist of the following disciplines, with use cases that are at the center of the convergence of cyber and physical security disciplines:

  continue reading

91 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide