The surge in demand for intelligence programs and intelligence-oriented global security operations centers (GSOCs) and virtual security operations centers (VSOCs) has not emerged out of thin air. In fact, it has been driven by changing corporate security concerns, which themselves have been shaped by the fears of corporate leaders. Between 2017 and 2018, for example, PwC’s Annual CEO survey saw geopolitical uncertainty move from being the fifth most critical concern to being the third. And terrorism, typically a threat that is firmly within the physical security realm, has now become the number two fear of CEOs. It is logical, therefore, that initiatives which seek to monitor for, manage, or even predict such risks have become a priority for global enterprises. Unfortunately, with the rush can come many stumbles.
A poorly designed intelligence program can be inefficient, ineffective, or in business terms, a waste of money. What is worse, the complacency that comes from just having a program can be coupled with liability. In 2018, a court upheld a $41.7 million-dollar verdict that ruled against a school system which did not warn students traveling to China about encephalitis. Could travel risk analysis have prevented such a lawsuit? Maybe, but only if it was designed appropriately. There are many pathways toward creating a successful intelligence team, but it is important to also understand a few potential pitfalls:
- The Wrong Priorities – Many security leaders have noted that intelligence team responsibilities should be clearly outlined to avoid overreach. From an intelligence practitioner’s point of view, though, the greatest difficulty can be even more fundamental – prioritizing speed, accuracy, or depth of analysis. A large team with several layers of analysts can perform on any requirements, but small teams need clear triage directives. One or two analysts cannot always do it all
- The Wrong Location(s) – There are many world-class GSOCs and VSOCs, but also ones that are hampered by a chosen geographic distribution. Some centralized GSOCs are effective as publicity tools for security leadership but are strained by global 24/7 requirements and plagued by retention problems. VSOCs, on the other hand, can run the risk of being local for the sake of local, with no value-add to the intelligence and, instead, a host of setbacks resulting from scattered personnel
- The Wrong Technology – No best-in-class intelligence program can operate without technology that acts as a force multiplier on risk monitoring, investigations, visualization or information management. But getting the wrong technology is easier than getting the right technology. A sprinkling of the problems that come up: a system does not save the team time; a system worked better in the demo than in practice; a system is too costly to justify; a system is too artificially intelligent for its own good; a system’s capabilities can be matched by the judicious use of free platforms or standard Microsoft Office products.
- The Wrong People – People are an intelligence team’s most important asset and an easy one to get wrong, especially if selection of personnel is tied to a security executive’s or hiring manager’s bias in favor of their own background. Individuals with intelligence community, military or law enforcement experiences are sometimes outmatched as analysts by graduate students with a zeal for connecting geopolitics to business. Conversely, no amount of enthusiasm or abstract knowledge can sometimes make up for the deep networks and location-specific familiarity that experienced professionals bring to the table. Some intelligence programs need one or the other, and some need both.
The good news about these issues and others is that they can be avoided. Three strategies come to mind.
First, security leaders who seek to develop intelligence capabilities should do their best to avoid the rush and take their time. To be sure, attaining analytical capacity is often urgent and “needed yesterday.” In those cases, security teams would do well to externalize their intelligence needs to third-party providers while thinking through their own requirements. This may be costlier but will usually turn out better than cobbling together a Frankenstein program on the spot.
Second, benchmarking is essential because the best way to learn from mistakes is to let others make them for you. If you don’t have intelligence directors or managers in your Outlook, find them and contact them on LinkedIn.
Lastly, a consultant who can help the security team conceptualize and implement the program is also strongly worth considering. An intelligence program is not a product, a person, or a platform – it is an ecosystem that may need an expert architect.