While cyber threat analysts are critical to determine what cyber threats are relevant to their respective organizations so they can take the appropriate action, open source intelligence (OSINT) and investigations can often be the added value to address the “how”, “why”, and sometimes “who” that brings much needed context.
Furthermore this relatively new discipline and skillset is needed to address many more threats outside of cyber crime, according to a recent podcast from Nisos’ own Mike Eller.
A solid open source analyst needs problem solving skills, an inquisitive mindset, persistence, and strong attention to detail to pick up on mistakes an online threat may make. In addition to cyber crimes, open source investigators often are called to tackle extortion, blackmail, disinformation, general problems such as missing persons, protective intelligence, and geopolitical analysis.
While some misperceive OSINT as “high speed googling”, it’s a critical skillset to turn data into intelligence for organizations solving a vast array of global problems and threats.
Analysts are often aware of the different syntax and ways search engines index information on the internet. Although people may delete information, it’s on the internet forever and can be retrieved. Data such as VEH registrations, IP registrations, chat logs in social media, and online forums are just a few of many examples.
While analysis will always be a human over a computer exercise, automation has started to allow analysts to come to conclusions at a much greater scale than five years ago.
Three elements of automation are: