I am an Investigator for a non-profit, investigating crimes, threats or frauds against our organization, staff or supporters in multiple countries.
Global non-profit focused on poverty alleviation, humanitarian and disaster relief.
I had 18+ years of law enforcement experience before taking this job. I worked in 2 different major U.S. cities and specialized in gang and organized crime group intelligence gathering and reconnaissance. During that career, I learned early on to use the internet and open-source assets for gathering intelligence data and helpful images.
I later learned it was called “OSINT”, lol. I am now C|OSINT certified as well as certified in several OSINT related disciplines (Advanced SOCMINT, etc) through private education programs or training provided by grant funded programs.
Think outside the box. Far too many new investigators get stuck in “Google everything mode”. Learn how to search the rest of the internet, not just Google’s results.
For me, learning Boolean search methods and even Google dorks was a major change to my level of information gathering success.
Switching browsers for getting different results, keeping yourself protected with VPNs and sock puppet accounts is crucial…learn how to create a sock puppet from your peers, there is a ton of training in just this area alone from the world’s best OSINT practitioners, and this will keep you much safer.
Burner phones and using a Linux based OS don’t hurt either, in my opinion.
My current role was a fluke. I was familiar with the organization and decided to see if they had a corporate security team. Low and behold, they did, and they happened to be hiring.
I wanted to finish my law enforcement career, so I applied. My first role was in the corporate security function, but I was eventually moved into a higher-level role as a full time investigator.
I pretty much had to invent my roles over these last few years, there were no such jobs within this organization at the time I was hired. OSINT, and proving OSINT’s value as a budget friendly approach were key in my success in doing this.
Get your skill sets under your belt first. I had to discover OSINT out of necessity and work backwards in building out my role and new career.
The free and low-cost classes online are worth it and help build that resume. I should note I am the rare OSINT professional who does not know how to code… but I have found an ample supply of tools out there, created by smart folks to help a non-coder do everything you need for OSINT, you just gotta vet out those resources and make the budget work for your employer (or personal budget if you are freelance/contracting).
Follow the experts in the field on social media (Twitter is a must) and their newsletters; they are the best group of professionals out there (Henk van Ess, Lorand Bodo, Niko Dekens, Jake Creps, etc.).
Participate in the Capture the Flag events as well, get those skills sharpened and learn how your peers “find the flags”, they are a huge inspiration and resource.
I would have put more emphasis on learning technical/computer skills. I went to college to learn the why and how of criminal behaviours in the context of major crimes (homicide and other physical, deviant criminal behaviours) because those were the high profile cases in the criminal justice world back then.
I failed to spend enough time thinking most crimes were going to be committed from behind a computer screen in the 21st Century.
I take all the classes I can find. I also follow the OSINT community on Twitter, LinkedIn and so on. I subscribe to newsletters from not just OSINT groups, but investigative journalist groups, private investigation forums and law enforcement partnership groups (such as the FBI’s public-private partnership initiative) as well.
In training and development, again, think outside the box…find groups of journalists, fraud investigators, forensic analysts who post or publish content related to investigative methods…they are all using OSINT now and have a wealth of information to share.
I also catalogue everything in a start.me page, it is much easier than bookmarking sites and never finding them again.
Any book by Michael Bazzell, get it. “Open Source Intelligence Techniques” is the first book you should buy.
I like sites and resources by OSINTCurio.us, NixIntel, Hunchly and the SANS Institute. While I am certified by the McAfee Institute, their classes are not for everyone, especially anyone who can code and operate tools like Spiderfoot, etc.
I also subscribe to the Boolean Strings, Bellingcat and GIJN newsletters.
[End of interview - note this interview has not been edited]