Nobody wants to read your intelligence reports

Tom Carey
Tom Carey
Jul 23, 2017 · 3 min read

Let’s say you’re a newly reported intelligence director or an intelligence analyst. You’re eager to bring what you’ve learned from SANS FOR578 or your time in Army intelligence to your brand new team and, more importantly, your customers.

You take the latest threat report from your high-priced intel vendor, apply your own analysis to it and draft a beautiful new product that you know your CISO will love — in fact, maybe even other senior leaders in the company will love it. After some finishing touches and a peer review, you send it off.

And then nothing happens…

Although you were imagining receiving some great feedback for a job well done, you’re not even sure if your CISO read it, much less any other leaders in the company.

You think maybe she was just busy that week so you try resending the report as an attachment to a related incident.

Still no feedback.

You try again with another report, and then another, still no feedback, and very little reports of action being taken on your reports.

What is going wrong?

This is a problem normally seen in new intelligence teams and teams led or mostly populated by former military and US government intelligence employees:

1. The organization has no context for your usefulness yet. For the US military and its civilian counterparts, intelligence has been around for hundreds of years. Meanwhile, the company you work for, its IT organization, and in some cases, its Information Security organization have thrived since its inception without an intelligence team.

This does not mean your organization has never used or created “intelligence,” it just means they’ve been used to doing it themselves.

  • Need hard-to-get competitor information to make a business decision? Hire an investigation firm through your legal and chief security office.
  • Need to know where these IPs are coming from that have been probing our defenses? Any Tier 1 cyber security analyst knows how to use an IP look-up and basic OSINT.

2. You’re not great at ‘selling’ your intelligence. Following from your organization not having a context for understanding your usefulness, there is also no context for even consuming it.

In US intelligence community and military intelligence organizations, general officers, operational commanders and even US Senators know they want to read an intelligence report. They’ve read them before — they probably get them every morning — and they know what to expect in reading it.

Your corporate executive, however, listens to NPR on the drive to work and has to sort through a hundred non-security-related emails, and prep for a meeting with his boss and some auditors. Your intelligence does not matter to him and your report is, at best, taking up space in his inbox.

3. Corporate leaders don’t want a report, they want action. The US intelligence community has libraries of written intelligence products, both physical and digital. As a matter of record and pride, an organization puts its seal on the top of its products so other organizations know who made what.

Some of these products get printed out and put in binders for general officers to read, some even go the President of the United States. It is a matter of great pride for the analyst who writes a Presidents Daily Brief (PDB) article; it is in fact a great reflection on his entire team.

But your executive doesn’t care as much about a report as she cares about knowing the wheels are turning in her organization; that action is being taken from the best available sources, that your colleagues on the Detection team are not being overburdened with false positives, or that the Insider Threat is caught before intellectual property leaves the network.

Sure, an intelligence report that makes its way to the Board of Directors looks great for you and your executive, but this occurrence is rare and should not be the primary focus of your analytic efforts.

What to do about these problems?

Being aware of this paradigm as a new intelligence professional in the corporate world will be helpful. Further:

Focus on being a great salesperson for your intelligence and your team within the organization. Educate them on what you can do for them that they couldn’t do themselves.

Educate them on how you can help them, and the rest of the organization, make decisions smarter, faster and cheaper.

And then focus on creating — and driving — action.

-Tom


Originally published at craftcyber.net on July 23, 2017.

Tom Carey

Written by

Tom Carey

Cybersecurity Leader writing about Human-Centered, Well-Designed Strategy at craftcyber.net

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade