In my previous blog, “Trump and Intelligence: 6 ways to deal with challenging intelligence consumers,” I focused on six ways to effectively communicate and tailor intelligence to uninformed and/or difficult executive audiences. I want to make this a blog series and expand upon some of my guidance from that blog. I am cheating a bit; I’m using this blog to build out content for my World War II themed SANS Cyber Threat Intelligence Summit presentation, “Inglorious Threat Intelligence.”
Today, I want to dig a bit deeper into aspects of the intelligence consumer. I suggested building briefing dossiers for your intelligence consumers. Dossiers are a long-standing intelligence products for the IC; they are often used by policy makers to better understand foreign leaders. During World War Two, Harvard Professor Henry Murray was commissioned by the The Office of Strategic Services to conduct a personality analysis of Adolf Hitler. The goal of the analysis was to attempt to predict his future behaviors and develop suggestions for dealing with him during and after the war (see image 1.)
Image 1. Analysis of the personality of Adolph Hitler.
There are several ways we can adapt dossiers to our own security programs.
1. Develop threat intelligence consumer personas. Buyer personas come out of the marketing world. Buyer personas are developed to better understand the target customer. Buyer personas can include the individual’s concerns, needs, motivations, skills, and reporting structure. Using personas to better understand prospects and customers ensures that what you produce is beneficial and tailored to that group of individuals. Take a look at this article for additional detail. Buyer personas can be adapted for threat intelligence consumers; by better understanding who you are producing intelligence for, you can improve the overall quality of your production. I think a key point to draw out is that in this scenario you are producing intelligence versus simply consuming intelligence from a 3rd party. This is an important step in the maturation of a threat intelligence capability. Some example intelligence consumer personas include the following roles:
a. Security Operation Center analyst
b. Threat hunter
c. Chief Information Security Officer
d. Other C level executives
e. Business unit / Line of business leader
2. Build briefing dossiers for specific intelligence consumers. For some of your intelligence consumers, you are going to need to have more detail. Personas address a functional area within the organization, whereas dossiers are specific to an individual, a very strategic consumer of your intelligence. When building out dossiers for specific consumers you should include the following:
a. What is the ideal outcome when working with this individual? Are you seeking to influence the policy of your organization? Are you attempting to educate the individual on the threat landscape? Whatever your goal is, and you should have one, you need to have it documented and then make sure any intelligence product you develop aligns with your goals.
b. After each interaction with one of these strategic intelligence consumers, you need to conduct an after-action review. What was effective in the interaction? What was ineffective? Capturing this information is critical to your success. The more positive “touches” you can get with these strategic consumers the better. You can set yourself up for positive interactions.
c. In the event you have never read Dale Carnegie’s best-selling book “How to Win Friends and Influence People,” I highly recommend that you do so (see image 2). Carnegie was quite the social engineer; this book remains highly relevant today and can help you to effectively communicate.
Image 2. “How to Win Friends & Influence People”
In future blogs in this series, I’m going to dig deeper into the creation of these intelligence consumer personas as well as a how to establish a framework for constructing dossiers on your strategic intelligence consumers.