Show Notes: From Global Intel to Cyber Threat Intelligence With Robert Crapo | Episode #18

Overview

In this next episode, I was honored to be joined by Robert Crapo. He is a cyber intelligence leader in his organization, in the financial services industry. He has broad experience from being an intel officer in the US Army, he’s worked in intel analyst roles, and now leads projects that are a fusion of global intel and cyber threat intel — supporting diverse stakeholders across his organization. Plus, he’s earned his Master’s from the university of South Florida.

Today’s discussion was really interesting for me, especially because Robert made a pivot of sorts in his career from being an intel analyst to supporting and leading cyber initiatives in his organization — and I think this is an essential idea for analysts out there to think about — you’re skills are highly transferable across other security disciplines and you can be so much more than you are!

—–


Big Ideas from This Episode

  1. Commit to a growth mindset.

    Understand that just because you work primarily in one security domain (e.g., OSINT) — you can develop your skills in other domains that might at first appear intimidating such as INFOSEC.
  2. Develop meaningful relationships with people inside and outside of your organization — including those that work in different fields.


RESOURCES MENTIONED

– N/A

Use CONTROL + F to search the transcript below if you want to learn more!


Transcript from this episode (#18)

*Note: this transcript was generated using automated software, and my not be a perfect transcription. But I hope you find it useful.

Travis  0:00  
Robert, thank you for joining me today, I've been looking forward to chatting because you have a really interesting role that you work in where you get to do a mix of OSINT and cyber threat intelligence. And I think for listeners, this will be really interesting to learn about, because I think oftentimes, these are completely different functions. And like many analysts don't get to work in like such a diverse area and work across these different disciplines. So I think it'll be really cool for listeners to listen to. And welcome to the show. And thanks for sharing your time with me today.

Robert  1:57  
Yeah, Travis, Thanks for Thanks for having me. I've been looking forward to this as well, and very happy to share some of the things that my team has the privilege of working on, and some helpful things that people can consider in the space.

Travis  2:11  
Awesome. So to kick things off, I want to start off with a hypothetical. And it's this. So if you had a magic wand, and you could change any one thing about the security industry, what would it be? Are there any particular things that come to mind?

Robert  2:29  
Uh, huh. I wish I wish I did have a magic wand some days? I? That's a great question. And I think the biggest thing that that I'd like to see change, and I think it is changing, thanks to folks like yourself and others, that we all get to work with is just the perception of any silos or barriers that may exist relative to intelligence and the impact that can provide to an organization and to ensure that when those silos and barriers are removed, we have that ability to share information to share thoughts, to compare insights, and bring people data and technology together to solve problems in new and collaborative ways.

Travis  3:17  
silos and barriers. Yeah, that's a that's a great topic, because it, it impacts everyone, it doesn't matter if you're in like a 100 person startup, or whether you're in a large financial financial services company, you definitely see those in all organizations, and it all kind of comes back to culture and the way that we do things to integrate other team members. So yeah, I do love that idea.

Robert  3:40  
Yeah, I fully agree. And I would say more times than not, these are not intentional barriers, I think a lot of people and teams are really passionate about the work that they do, and the impact that they can provide. And so there's always an opportunity to take a step back, and think and to to see about new and creative ways to to to take that passion and that insight that a team or group of analysts can provide and find new and meaningful ways with others to tell an even more powerful story.

Travis  4:12  
Yeah, I think that's a great way to look at it. And we'll probably continue touching on this topic a little bit too as we work through some of the other discussion questions I had for us. And next, I was curious, can you share with us a little bit about the role that you do today? Yeah,

Robert  4:28  
absolutely. And, and I would say that the role I have today is a really unique and fun one. I get the privilege to to work around a wide variety of topics and with a lot of great people with the intelligence mission in my organization, we've gone over, gone through a bit of an overhaul and I would say revolution, ideologically speaking, which, as you noted, obviously started with our cyber intelligence program and and found new ways to bring relevancy for emerging cyber threats to other parts of our organization, whether it was risk, whether it was what we would call a line of business, and someone delivering a product and a service for a customer, to bring them into the organization, to to know what a potential cyber threat might be to them, as well as to our senior leadership and educating them on new and emerging threats, that might have an impact on upcoming business decisions. We've evolved from that to expand into an open source intelligence capability, identifying new ways, as we've talked about now for a little bit of bringing disparate pieces of data on the surface deep and dark web together. But we've also now evolved into the geopolitical and security space, which I know we're all passionate about. And bringing all of that together along with fraud and Economic Intelligence, to provide a holistic threat intelligence picture to our organization. We've really seen rapid gains this year, through the dynamic world events that have been taking place where our leadership and our stakeholders have been looking for a more well rounded and comprehensive view of the world, and what issues might bring the most impact and, and threat to our customers and to our organization.

Travis  6:16  
That's really awesome that you get to work across so many different topics, you said, you mentioned fraud, like geopolitical situations and OSINT capability to support the cyber team. That's, that's really interesting. And could you give, can you give any examples of the types of projects that you generally might work on?

Robert  6:37  
Yeah, so we work across three primary pillars of work, strategic, bigger picture items, things that are over the horizon, or conceptualizing things in a more meaningful and historic way to what's happening in the moment, those items which are more tactical, in nature, as we're seeing issues emerge, we will look at those those situations for a more breaking news impact to either our facility or to a an imminent threat against our network, as well as something operational where we are seeing evidence of a potential compromise or a threat against a peer. And we look for that information, we'll bring that an internally analyze it, and supply that to our code, we will call our first line network defenders or environmental defenders to ensure that we don't see those issues here. So the intel team is plugged in at all levels of the organization to do this, always making new relationships and identifying new ways to go the journey is by no means over. But we've been fortunate and privileged over the last several years to to tell our story, make these relationships, and most importantly, identify ways to make the analysis meaningful and relevant. And wherever possible, actionable for folks to make better decisions to protect our organization.

Travis  8:06  
And you mentioned a little bit of like technical language around around cyber and around intelligence. Are there any competencies or like any particular skills that make someone more successful in these types of roles?

Robert  8:23  
The really good question, and I appreciate it, these minds, well, I'm not getting too technical. But I think that you make it, you make a really good point. And actually, I would give an offer of encouragement for anyone considering a role in the cyber space, you do not need a certification, or a technical degree to be successful. I currently am working on a couple of certifications. But as it stands today, I don't have one of the things that I've been privileged, I think to do is come from a non technical background, which has allowed me personally, not only an opportunity to learn something new, but also to translate a lot of what my teams work on on a daily basis to a non technical audience. When we think about our consumers of of some of our strategic products, for example, Travis, there are board members, or their senior executives that they don't have a lot of cyber training or they have limited time to read and consume. And they want to know what it means in plain English. So anyone that has any background in analysis, critical thinking, the Intel field has the opportunity and power to succeed and get into the space. We you know, I'm sure you've seen it and we talked about potential shortages in the cyber industry for talent. And I don't think that there is I think that I think that the the shortage is an opportunity for folks with non traditional backgrounds, more diverse and inclusive backgrounds. to come into the field and enrich the cyberspace, with more backgrounds and diversity of thought, that will allow folks to better understand each other. And as we mentioned the beginning, reduce any silos or barriers, to arrive at a more holistic solution. I do think that as you continue, or someone continues to mature in any field, learning, and certifications are awesome, they're valuable, and encouraged, but I don't think that they're needed of a gatekeeper or a barrier to entry into the cyberspace.

Travis  10:35  
And I think that's one thing that I love about cyber and information security is that there's so many times where there's so many times where you run into someone who has incredible knowledge in some of these domains. And you know, what they might hold like a senior role. And they might not even have a bachelor's degree or like any of these certifications. But they've just developed this knowledge over time in their self study, because maybe a manager took a chance on them like earlier in their career, and they've just had awesome on the job training and the opportunity to learn with other experienced professionals. So for me, I think that's one of the coolest aspects about the cyber field. For example, one of my really good friends from the Marine Corps. He he's really like my go to whenever I have any type of like cyber compliance, like any types of these questions, I go to him, but he doesn't have a degree, he barely earned his security plus recently, but he has incredible his just an incredible wealth of knowledge. So that's one thing that I really love about, about that aspect of the security industry. You nailed it. Yeah. And then for you, how did you go about developing some of these skills that are making you successful in your role today?

Robert  11:53  
Yeah, another good question, I think you've already answered it partially is is, you know, I allowed myself the opportunity to think that I could be successful in an area where I didn't have the skills developed on the technical side. And, and also having folks that were advocates and champions for me to push myself into thinking about ways that I could contribute beyond where I had been operating at. In my particular situation, I was exposed to new opportunities in the cyberspace. And I took a leap, and I almost, I almost didn't. But I applied the commentary that you actually shared Travis and that's giving myself that that that opportunity to learn something new to challenge myself, but also realize where there was already natural overlap, analysis, critical thinking, the intelligence field is so broad, and the skills are so translatable the content and the specific aspects of how it's applied in different areas is really the only difference. And so I took that leap, I took on a role to to get myself experience, I applied the knowledge I learned, and then continued to do the work necessary to build and grow those capabilities to build and grow my team. And then really spend a lot of time getting to know the stakeholders that I work with, and understand that their problems and their needs, and their concerns, as well as their information gaps. And some of the feedback I had heard early on was, we know that the intel team does good work. But we're trying to understand how it's relevant and relatable. And so we took that time to build out our intelligence requirements, something I know you're very familiar with. And we we developed a set of requirements and a feedback loop. So that as our intelligence program produced those those products for them, we will continue to refine and get the feedback Incorporated. And over the last several years, having the requirements that feedback loop, and the time spent, to grow the team's capabilities, in turn, have been able to continue to grow our team success, and my personal success as a result. So everything I owe to the team, and to the organization that continues to support what we do, and all kudos to the team for making that even able to be happen.

Travis  14:30  
And one thing you said that really stands out to me is when you talk about the translatable skills from any type of Oh, sent research and analysis to the work that you're doing today. So I hope some of the listeners can also take that away and they don't necessarily think just because today I'm doing I'm just doing OSINT research writing reports. Doing like investigative research online that those skills aren't translatable over into, like a C Cyber fusion center setting. So

Robert  15:02  
yeah, and you've touched on the fusion aspect of things. And so the the aspect of the fusion piece is so important to to an organizational growth. And again, bringing those people together and teams together to to have a shared knowledge of the threat landscape. And it goes beyond Intel, it's our stakeholder teams we have, in particularly here at at TD, we have our, our global security partners, our fraud partners, our technology partners, real estate, legal, HR, and so on, all at the table, to understand shared priorities and understand shared threats, which we are again able to leverage to better get our message out as an intel team and how we can work with them, specifically on our Open Source Intelligence Team, a bit of a misnomer, because it also, you know, Miss Miss names, perhaps because it gets into this the deep and dark web as as well. But, but we're partnering our OSINT team with some non traditional teams here to help them solve more problems creatively. And I think that's really the name of the game drives is putting the team and analysts and ourselves in a position to add more value in ways that may not have been explored. Those areas are so rich, and ripe, not only for collaboration opportunities, but also for Intel analysts to apply their skills in new and meaningful ways.

Travis  16:35  
Yeah, and I hope people listening today this may inspire them to collaborate more between OSINT and investigative teams and their cyber teams to see how, how some of their work overlaps. So I think that's awesome. And next, I was curious to ask you, so what did your career path look like leading up to the role that you're in today? Like, did you know? Like, as soon as he left the military, that this was what you wanted to do? What did that look like?

Robert  17:04  
Yeah, I mean, so that when I, when I when I, when I left the military, I had already been in my career. Now for a little while. I was in the Reserves at the time, I was also a defense contractor, and looking for something where I could grow in the private sector and translate the skills. And at the time, I was, I was fortunate to be looking at potential job opportunities that at the time, I only thought were to help me understand what I needed to get around certifications around degrees, and related. But when I went for a particular interview, where I started out, I was fortunate enough to see a an organization that wanted people with the skill sets that we've been talking about and to look at things in new and non traditional ways, in maturing and Intel program capability. And so I transitioned into a role like that, still doing my time on serving as as an intelligence officer. But then as my career continued to progress, physical security, strategic intelligence analysis, fraud, and insider threat, Nexus points. And my last organization, I did spend a little time working with our cyber partners, which is where I saw it and developed my interest levels. Working in a cyber team. I switched organizations in that same time period, focusing more on on my private sector career than the military, but also focusing in on the cyber space. And over the last several years, sort of what goes around has come around where the more that I've worked in the cyber space, the more organization was craving, additional capabilities to be matured. And that's now where I find myself, I found the team and the last year, being asked to provide more context and more insights about why things were happening with respect to particular nation states or international threat actors, and why they were conducting new actions. And in many cases, my answers were including the geopolitical and economic sanctions aspects of things. And so as those answers continue to resonate with our partners, we have the demand to increase our capabilities to respond in that space. So as my mandate continued to grow, and my program continued to evolve in its capabilities and value to the organization, that's not where we find ourselves today, where the last year the the organization has embraced a true fusion comprehensive intelligence program, providing value from one central hub to the rest of the organization. So to answer your question, as I see it evolving this way, no, not at all. But I've been privileged to be a part of The journey that has given me skill sets and insights and experiences along the way that have been diverse, and allowed me to get to this point in our team to this point, where we sort of bring it all together. It's been exciting. It's been fast paced, it's been dynamic. And I think that would be a piece of advice for anyone as well as, you know, again, allowing yourself to to learn new things, and put yourself in positions, to challenge yourself and to grow, will will will more times than not lead to a career with opportunities that are rich and allow you to succeed in ways that you didn't think possible.

Travis  20:43  
That's great. And it's excellent to hear that you were kind of in the organization at the perfect time where your leadership saw a need to expand some of those functions, develop those teams. And then I'm sure also a big role. That was part of it, too, that I would assume, based on like, what you're talking about today is like you and your teams and your leadership's ability to speak, the value of the cyber of the cyber Intel and the OSINT teams so that they can see the value and they know to expand this. So

Robert  21:14  
absolutely. And I think just as a quick follow up to that, I think it's a lot of what we do is storytelling, and being able to not only do meaningful and valuable work, but to showcase and articulate the value of intelligence to an organization. And I think a quick shout out to the community is important as as a whole, the information sharing community, the analytic communities are so critical to the value at a leadership level as well, there's there's many days that I get asked about, you know, what our peers, organizations are thinking and doing, or what we're getting from our information, sharing channels, as well. And I think that's a testimony to all of the work and the analysis and efforts by the intelligence community, as a whole the private sector and the public sector. But to build this, the value over the last many years, is our leadership, I think is hearing it in many organizations, and even where they're not seeing it directly. They are assessing the contributions being had other organizations. So a quick shout out there, because appropriate as well as this intelligence success is built on the backs I think of all of us. And and I think, something that, as you've noted, we're experiencing also because of that story that's being told,

Travis  22:40  
yeah, I love the idea of storytelling. Because that's so important for us, I could think of times where I've been in roles where I did well at that. And I can think of other times where there's probably a lot of room for improvement when it came to me or others telling the story of what we're individually working on and how that's contributing to the mission or the vision. So I love that idea. That's probably an entire podcast on its own. So as we wrap up our session today, I had one last question which I was really interested in hearing your thoughts on, which was for aspiring practitioners that are listening today? What advice would you have for them? As far as them wanting to pursue similar roles to you, for example, maybe if there's like OSINT analysts like what advice would you have for someone like that, who wants to pursue a role that's more like yours on the cyber side that's like a fusion of some of these different disciplines.

Robert  23:37  
You have to believe in yourself, right? I think I think the important thing is to believe in yourself, believe in how your skills and your passion can translate, make meaningful connections and relationships outside of outside of just the domain or the area that you operate in today, make relationships across the security teams, and also across the organization that you'd like to be a part of. I think that as we've talked about today, some of the best value that our intel team has now doing and providing is to the organization components that spend time dealing with our customers. And remembering that no matter how much we do on the back end to protect our organization. We also have an immense obligation and opportunity to protect and educate our customers as well. So make sure that we don't limit ourselves or no one limits themselves to just security relationships incredibly important but also develop those organizations into being an ambassador for an intelligence function and capability along the way so dad definitely network definitely believe in yourself and and just continue to move forward and find ways to partner I'll end as I began in talking about silos and barriers and and ways to reduce those There's so many times we look to our leadership above us and around us in an organization to help set strategy and vision and bring those those walls down. But I would encourage everyone listening to know that that that you can be a part of that. And while I know, that's easier said than done, and by no means so I think that's an easy and straightforward path to achieve. I do believe that everyone has that intrinsic value. And it comes through that hard work through those relationships. And that belief that every analyst can contribute to a better and safer tomorrow, for their organization, if they remember those things. I believe that everyone listening will have a great career ahead of them, and be able to to continue to add value to our field of intelligence and to the organizations they work at.

Travis  25:49  
I love those points, you mentioned, believing in yourself, which I think is extra important, as like many, many of us might think of ourselves as we're an OSINT researcher are aware of physical security risk assessment person, like tend to believe in yourself and just know that you can slowly develop any skills over time, including those in cyber, which might be intimidating initially. But just taking baby steps along the way, you'll be able to build that competence, and then also relationships huge gonna be huge within your organization. And then, like you mentioned, to like having relationships outside of your organization with other organizations so that you can understand what challenges they're facing, how they're addressing them successfully, or unsuccessfully. I think those are all those are excellent points. And, Robert, I really appreciate you sharing your time with me today, we covered some really cool topics around silos and barriers. You talked about, like the revolution in your organization to combine so many different disciplines into one fusion center. And he gave us some really cool insights just around the career in general of working in a fusion center. So I really appreciate you sharing your time to time with me today.

Robert  27:03  
Yeah, thanks so much, Travis.

Subscribe to the newsletter below, and never miss new content!


Megaphone