Strategic Threat Intelligence: Communicating to Non-Technical Audiences

In a recent article in War on The Rocks, More Art Than Science: Intelligence and Technical Topics, authors  Brian Holmes and Max Greenlee write about communicating technical intelligence subjects to policymakers.

Scientific and technical intelligence analysts thus face the great challenge of quickly, effectively, and clearly conveying information to policymakers. – Brian Holmes and Max Greenlee

Continue reading →

Write It, Or It Didn’t Happen

BLUF: As intelligence analysts, our customers demand that we know a lot about a lot. However, research from Chris Sanders shows that humans’ working memories are very limited; we can only juggles small volumes of information at once. Even long-term memory can be stressed by the volume of knowledge that analysts must maintain. These cognitive limitations highlight the fundamental importance of capturing knowledge in written reports. If no one writes it down, does the knowledge really exist? Playing on the expression “PCAP, or it didn’t happen,” I offer the expression “write it, or it didn’t happen.

Continue reading →

What Analysts Can Learn From Shadowserver’s “Italian Connection” Report

BLUF: The  “Italian Connection” report from The Shadowserver Foundation is exemplary for its adherence to solid analytic tradecraft. The tradecraft is evident in the authors’ writing style, transparent methodologies, and use of structured analytic techniques. As analysts, we can learn from this report by similarly following the analytic standards that it demonstrates.

Continue reading →

A Simple Model For Cyber Threat Targeting

BLUF: There are too many threats, and not enough time. Analysts must therefore prioritize their time on threats that are relevant to their organizations — they must be deliberate about targeting, the process of identifying and focusing on the threats that matter. While many analysts intuitively know what are and are not relevant threats, it’s still helpful to have a simple model to guide such targeting and serve as a repeatable and transparent methodology. Models presented in both a Carnegie Mellon report  (page 8) and a talk from Rick Holland (slide 23) can be adapted as simple frameworks to aid in Cyber Threat Targeting.

Continue reading →