Sign up to our newsletter!
Dismiss

Career Interview with "J"

What it's like to work as an investigator to protect an organisation against frauds, threats, and crimes? In this interview, "J" shares his insights and provides valuable advice to those who seek a similar career path.

J, where do you work now and what exactly is it that you do?

I am an Investigator for a non-profit, investigating crimes, threats or frauds against our organization, staff or supporters in multiple countries.

Can you tell us more about the industry that you are working in?

Global non-profit focused on poverty alleviation, humanitarian and disaster relief.

What skills, knowledge, and background are required to work in your industry?

I had 18+ years of law enforcement experience before taking this job.  I worked in 2 different major U.S. cities and specialized in gang and organized crime group intelligence gathering and reconnaissance.  During that career, I learned early on to use the internet and open-source assets for gathering intelligence data and helpful images.  

I later learned it was called “OSINT”, lol.  I am now C|OSINT certified as well as certified in several OSINT related disciplines (Advanced SOCMINT, etc) through private education programs or training provided by grant funded programs.

In your view, what are the top skills/attributes to have for becoming successful in your area?

Think outside the box.  Far too many new investigators get stuck in “Google everything mode”.  Learn how to search the rest of the internet, not just Google’s results.

For me, learning Boolean search methods and even Google dorks was a major change to my level of information gathering success.

Switching browsers for getting different results, keeping yourself protected with VPNs and sock puppet accounts is crucial…learn how to create a sock puppet from your peers, there is a ton of training in just this area alone from the world’s best OSINT practitioners, and this will keep you much safer.  

Burner phones and using a Linux based OS don’t hurt either, in my opinion.

Where and how did you land your first job?

My current role was a fluke. I was familiar with the organization and decided to see if they had a corporate security team. Low and behold, they did, and they happened to be hiring.

I wanted to finish my law enforcement career, so I applied. My first role was in the corporate security function, but I was eventually moved into a higher-level role as a full time investigator.

I pretty much had to invent my roles over these last few years, there were no such jobs within this organization at the time I was hired. OSINT, and proving OSINT’s value as a budget friendly approach were key in my success in doing this.

Looking back at how you started and where you are today, what advice do you have for someone who wants to pursue a similar career or even transition to the field you are working in?

Get your skill sets under your belt first. I had to discover OSINT out of necessity and work backwards in building out my role and new career.

The free and low-cost classes online are worth it and help build that resume. I should note I am the rare OSINT professional who does not know how to code… but I have found an ample supply of tools out there, created by smart folks to help a non-coder do everything you need for OSINT, you just gotta vet out those resources and make the budget work for your employer (or personal budget if you are freelance/contracting).

Follow the experts in the field on social media (Twitter is a must) and their newsletters; they are the best group of professionals out there (Henk van Ess, Lorand Bodo, Niko Dekens, Jake Creps, etc.).

Participate in the Capture the Flag events as well, get those skills sharpened and learn how your peers “find the flags”, they are a huge inspiration and resource.

If you were to hire people in your team, what would you look for? 

  • Strong internet and social media skills.
  • Experience in deciphering legal or court documents is essential.  
  • Understanding source codes for emails and webpages would be helpful.
  • Finding that “needle in the haystack” is crucial, I want someone who looks past the surface and finds those cracks, uncovering the real mystery beneath, which usually leads to the truth/suspect/reportable findings.

Looking at your career, is there anything you would do differently today if you had the chance to travel back in time?

I would have put more emphasis on learning technical/computer skills. I went to college to learn the why and how of criminal behaviours in the context of major crimes (homicide and other physical, deviant criminal behaviours) because those were the high profile cases in the criminal justice world back then.

I failed to spend enough time thinking most crimes were going to be committed from behind a computer screen in the 21st Century.

Where and how do you develop yourself professionally?

I take all the classes I can find. I also follow the OSINT community on Twitter, LinkedIn and so on. I subscribe to newsletters from not just OSINT groups, but investigative journalist groups, private investigation forums and law enforcement partnership groups (such as the FBI’s public-private partnership initiative) as well.

In training and development, again, think outside the box…find groups of journalists, fraud investigators, forensic analysts who post or publish content related to investigative methods…they are all using OSINT now and have a wealth of information to share.  

I also catalogue everything in a start.me page, it is much easier than bookmarking sites and never finding them again.

Are there any websites, books, podcasts, or anything else that you would recommend for professional development (does not have to be OSINT related)?

Any book by Michael Bazzell, get it.  “Open Source Intelligence Techniques” is the first book you should buy.

I like sites and resources by OSINTCurio.us, NixIntel, Hunchly and the SANS Institute. While I am certified by the McAfee Institute, their classes are not for everyone, especially anyone who can code and operate tools like Spiderfoot, etc.

I also subscribe to the Boolean Strings, Bellingcat and GIJN newsletters.

[End of interview - note this interview has not been edited]

More Articles