Overview
Check out this intriguing conversation with Gareth Westwood, Global Intelligence Manager. He shared how his professional path led him from studying music composition, to military intelligence, and onto corporate intelligence. Topics covered include: job market challenges for practitioners, core competencies for intel analysts, and advice for aspiring practitioners.
Also, you should check out other work from Gareth with OSINT Jobs; episode #4.
Big Ideas from This Episode
- Primary areas of responsibility for a Security Intelligence Manager can be made up of…
Fraud / InvestigationsForce Protection / Physical SecurityTravel SecurityEmerging Security Situations
…and mapping these back to the business so that stakeholders can use insights to make smarter decisions. - Gareth was a classically trained musician, who went on to join the military (eventually focusing on intelligence), then finally making his way to corporate intelligence. His path is a fantastic example of (a) how taking the “standard” path isn’t quite necessary (b) how a broad set of skills such as teaching, practicing music, etc. can contribute to making one a well-rounded security practitioner / leader.
- Core skills / ideas to develop as an intel practitioner include the following:
(a) Ability to deliver an idea / argument / product in as few words as possible; whether verbal, written, or slide deck
(b) Taking a complex issue and condensing it for easy consumption by stakeholders
(c) Understanding in detail, the stakeholder’s needs and the intelligence question they are trying to answer (how the analyst is specifically supposed to help them); Or as people say colloquially, “Read the flipping [intelligence] question”
(d) Design of work products; analysts need to consider aesthetics in their reporting because “presentation is everything” — it can have a dramatic impact on how the consumer perceives its value
Hardskills
– MS Office (or similar)
– MS Excel, Power BI, or similar data analysis tools - Leverage LinkedIn for your job search! Connect with people, use the boolean job search filters, and reach out to the community! People are more willing to help you than you think.
- The best result of “nothing happening” from a security perspective, should not be a barrier to communicating the role and performance of the security org. As an example, when a corporate attorney can celebrate that there were no new law suits against their company in a given year, we should be able to do the same.
- RESOURCES MENTIONED:
– Structured Analytic Techniques for Intelligence Analysis by Pherson and Heuer
– Quick Wins for Busy Analysts by Defence Intelligence
– Risk: A User’s Guide by General Stan McChrystal
– Storytelling with Data: A Data Visualization Guide for Business Professionals by Cole Nussbaumer Knaflic
– Range: Why Generalists Triumph in a Specialized World by David Epstein
Use CONTROL + F to search the transcript below if you want to learn more!
Transcript from this episode (#2)
*Note: this transcript was generated using automated software, and my not be a perfect transcription. But I hope you find it useful.
Travis 0:00 Ladies and gentlemen, welcome to the security student podcast Travis here. In this second episode, I was lucky to get a chance to chat with Gareth Westwood, who's currently a global security intelligence manager for a global pharmaceutical company. And he is based across the pond. In this chat today, Gareth shared a bit with us about his very non traditional path to becoming a corporate Intel manager. And I'm sure many of you can relate to this, regardless of the security niche that you're working in currently or trying to work in. Next. He also talked about overcoming challenges when he was moving from government and military, Intel to the private sector. And he also shared some great insights about what skill areas make one a successful Intel practitioner. I hope you enjoy the following conversation. And if you do, be sure to share your favorite episode with a friend so text them to Spotify link or DM them on social media. Thanks. So Gareth, what made me want to reach out to you was I heard the interview that you did with the OSINT jobs podcast, and he's struck me as someone who has a really unique perspective when it comes to global security and global Intel, especially coming from working in a mix of public sector and private sector roles. And then plus you being from England, it's very cool to bring on someone who has a more diverse perspectives, and so many people listening today are based in the US. So welcome to the podcast. And thank you very much for sharing your time with us. Gareth 1:43 Hello from the UK, everyone. And Travis, it's a great pleasure to be here. Wonderful to be able to spend my time talking with you. And I hope your listeners are all well on this, as we're recording it this wonderful Thursday evening. Travis 2:01 Thank you, thank you. And one of the fun things that I like to ask guests when they first come on, just to learn a little bit more about their perspective and how they view things in the security and risk industry is this. So imagine that you have a magic wand and this wand gives you the power to change any one thing in the security risk industry. If you could change anything, what would it be would have to do with people with processes with organizations with education? Does anything come to mind for you? Gareth 2:35 Okay, so I think it's interesting. You said education people process. I think education is pretty much up there. Now. There's some serious educational establishments offering, you know, courses and what have you. So I think education has caught the people in the industry that I see are some of the most skilled and diverse bunch of folk, both public and private sector. So I don't think those I think perception. So even in, you know, some quite high levels of government, sometimes security is seen as maybe a bit of a dumping ground, right? It's not understood that's, that's a bit harsh. It's not completely understood what it is, and because it's so diverse, right? But it is, is a profession, like the practice of law can be quite diverse. You can have contract law, you can have criminal law, it's huge. And you know, what one one lawyer, one solicitor may have, you know, one set of skills that are completely different to another, but that is understood what what the profession of law is about despite the diversity within it. And I feel there maybe isn't an understanding of what a security professional or somebody is security department. B They, you know, fiscal security manager, threat, intelligence, whatever, that security department what what it does and what it can offer, and what it can't offer. I'm not sure there's a greater awareness of that at the moment. So I don't know how we tackle the perception. But if there's a magic wand, the professionalization of the sector would be recognized for what it is amongst other stakeholders. And, you know, I think Trump has that magic wand has been waived in some organizations, as far as I can tell, but but not across the piece. I'm not sure if you'd agree. Travis 4:33 Yeah, that relates to some conversations I've had recently. Well, one, I think nearly everyone in our industry will agree that we that there's so much more that we could do when it comes to professionalization of security, like if you compare security, to risk management, to accounting to architecture to law to engineering, it's so different and there's so much more maturing to do and then to your second point to that I think another big area where we can improve is kind of telling the story of security, and helping people outside of just the security org, understand all of the different objectives that security seeks to to meet, but also how they help and they facilitate all of the other business objectives in an organization. So, yeah, I do. I do love that reply. Gareth 5:28 My kind of my answer to the perception piece has always been well, you know, insecurity or intelligence, threat intelligence, specifically if we do our job, right, absolutely. Nothing happens. Right. And I also, I always used to see that as a barrier. But do you know if your legal counsel in a big company, and you never get a lawsuit against you, nothing has happened and you've justified being legal counsel, right. So you know, the best result being nothing happening shouldn't be a barrier to us being able to expose the deliverables in the various business units, as you just alluded to? So yeah, I think we're totally aligned on that. Travis, to be honest, Travis 6:10 right. Yeah, that's an excellent point about kind of our primary job to make nothing bad happen, which is, which is hard to see. And, and now to continue on with the Convo, I wanted to ask you, if you could share a little bit about your role within your organization, just so listeners can understand more about what a global Intel manager does, and some of their responsibilities and objectives? Gareth 6:34 Absolutely. So I'd be glad to earn an ear just to preface it with I think, no corporate Intelligence Team is exactly the same throughout the piece. You know, there's there's many different examples of, of corporate intelligence teams that do varying roles. But broadly, my current role, I'm very lucky I I've built and I'm now running a small program within a multinational. And we kind of cover two broad areas. So the first of which is intelligence and insight support to physical security. So that's the more traditional I guess, in the military vernacular, we too. So that information support to, you know, force protection, what's what's going to what may happen to my buildings, or my personnel traveling travel security, in the in my particular instance, you know, my company, ships products, you know, so supply chain, what's going to threaten supply chain. So, in that regard, it's kind of looking at emerging security incidents or situations, you know, everything from war, conflict, terrorism, to supply chain risks, such as strikes, labor strikes, etc, and try to map these to the business. Okay. So it's quite, it's quite a broad church that when To be honest, but essentially providing insight that may help mitigate threats to our people, our places, and the movement of our products, essentially. And then the other part is, sorry, chose to just close this one off. The other part of my job is managing a function that looks at open source intelligence support to our investigations department. We have a department that that looks very much at sort of parallel trade of our products, which many multinationals do have. A my corporate Intelligence Team is quite unique in that in our sector, there aren't many corporate intelligence teams that assist investigations, they are a few. But we conduct open source research and develop kinds of products and packages, in order to help our investigative partners. Look at the illegal trade and parallel trade of our of our products. So I'm very lucky to have quite a diverse, a diverse palette to manage them. And that's my job in a nutshell. Travis 9:18 I see. Yeah, it's very cool that you could be involved in so many diverse areas. You mentioned force protection, supply chain investigations, and then just emerging threats. So that's, that's super interesting. And then next, I wanted to ask you, so what did your career path look like leading up to this role? Was it something that was traditional? Did you have to call some audibles and make some changes along the way? What did that path look like for you? Gareth 9:45 Well, Travis, sorry. My dogs barking in the background... Travis 9:50 guest appearance... Gareth 9:52 absolutely. I think I think this might become a theme of your podcast dog barking in the background. My path was completely unorthodox and accidental and I probably don't recommend anybody do it there but this, there's some parts of it that I would fully recommend. So upon leaving university or you know, my my master's degree, I actually did something completely different times. And it was an amazing music teacher in high schools and colleges, Alright, I got a class, I'm classically trained musician. So I did that for a few years. And then I'm teaching was too stressful. So I thought I'd join the military and go to war. Or any educators out there I I am fully on board and empathize with, with how stressful that job is, honestly, was a great, great career. And it taught me a lot of actually transfer, transferable skills that I carried over. But in my kind of mid to late 20s, I decided I wanted to do something different. And listen, to cut a long story short, I ended up in kind of military, military intelligence, essentially, which is actually I think, broadly an area that I was interested in from quite a young age, honest, I'd always been interested in international relations, you know, I nearly did my degree in that I subsequently have another one in that, but I've always, you know, been very passionate about following global events. And even when I was, you know, teaching my, my, my classes, I would always bring some kind of current affairs aspect to it to be honest, because I think that makes somebody a well rounded student. So I ended up a mid to late 20s, going into that spent, you know, a good few years doing that. doing various specialisms one specialist in particular, more kind of technical intelligence stuff. And then I found myself being a contractor and advisor for my government, the UK Government. So I lived in Pakistan, and I lived in Afghanistan, kind of doing threat stuff, really, that force protection piece, very, very much. So looking at looking at threats to our business in that country. So I lived in embassies in Islamabad and Kabul for nearly four years. And then it was time to come home. After thought, after four years of very hot country, some, you know, some months more more balmy than others, I decided to come home. So I did pretty much a year of job searching to come back to the UK, which is my home, as you can hopefully tell from my accent. And, you know, my my progress was pretty slow early on. But eventually, through the power of networking and reaching out to folks who have far more experienced than I have managed to get to a place where I didn't have free rein in the job market. But I had a few offers on the table, and I could see what best fit my needs at the time. And in October of the year, that I began job searching, and it was, I think, January when I started job searching. So you know, 9-10 months in, I got an offer for my current company, which is a multinational and pharmaceutical company, to, at the time, become a senior global security analyst, which very quickly turned into the senior manager running this corporate intelligence program. So not orthodox at all. There wasn't any Ivy League, red brick kind of Russell Group University tap on the shoulder or, you know, full career as a military officer. And then coming into the risk space, it was very much decisions made overnight to stop doing this and start doing that. And we ended up here, but no journey is Orthodox. I think, Travis and whilst there is a core of folk that follow a traditional path, and that's great. There are many of us that follow and traditional paths and end up where we aren't. So in a nutshell, that's my journey. Travis 14:10 Wow, that's super interesting. Yeah. So you went from musical composition to teaching to the military, and then to global security manager and I can completely relate, for example, like I myself, studied political science in school, and any, any university and I thought it was kind of boring. So then I joined the Marine Corps Reserve as well so that I could do that while going to school too. So I can completely relate to kind of taking, taking an untraditional path there. And one interesting thing that stuck out you mentioned a little bit about your career search. Could you share a little bit more about what your career search was like? Because I'm sure like some of the younger professionals who are listening would be interested in hearing what that experience was like maybe challenges have you faced or failures that you had along the way? Gareth 15:04 Absolutely, it was. I mean, first of all, that the biggest challenge for me was that I was, you know, I bought the call myself an intelligence professional at this point, certainly the point that I was looking for work, and trying to find security, Intel kind of jobs without looking at cyber is really difficult. quite understandably, that the cyber threat intelligence landscape is, is huge. And the job market is saturated with these roles, because there is a skill gap. So that was a challenge. I mean, I give them some parts of my background, I do have acumen in that area. So cyber isn't something I was absolutely averse to either. But I did want to seek out these kinds of normal traditional intervals. Again, the use of ... to but traditional intervals, so many of your listeners may may be looking for. So that was the first challenge. And I found actually found LinkedIn and getting a LinkedIn pre I'm not I'm not on any commission from LinkedIn, by the way, and there's lots of wrong with LinkedIn. But but that platform and getting a premium account for that helped start with because the job search on LinkedIn, I'm getting really like kind of tactical, and I try this, but this is what it is. The job search function on LinkedIn supports kind of Boolean logic. So you know, getting really good job alert setup is key. In the UK, there there is a job website calling deed as well, I think that might be global, actually, indeed, pretty good. And, you know, there there are other oversights as well. But I think the biggest challenge was actually right. So risk manager, okay for a PMC, a private military company is very different to risk manager for bank, and really start any company. If you're a risk manager for bank, you might have to be an actuary and have a PhD in math. If you're a risk manager for PMC, lightly, you're an ex military Intel guy, right? So identifying very quickly, the job descriptions and what they actually mean was the first challenge because often the job descriptions are written or heavily influenced by like a hiring manager that may not may not have to have, you know, expertise across the whole sector and who's expected to, so deciphering what jobs to actually apply for, and how to get alerted to those jobs, and how to find them was the biggest challenge. Challenge number two. And I think this, I think folks will empathize with this from both the entry level graduate standpoint, and those who are maybe in law enforcement or the community or military, but crafting your CV in a way that's appropriate for the private sector, employee, employer, and expand the private sector, employers seems to want to know what you've done and how you can how you can do what they're seeing on the job description. Now, if you've, if you're an entry level, young man or woman, and you just in university, that's difficult. And if you're law enforcement or government or you know, the community, and all everything you've done is reasonably sensitive, that's difficult as well. So I was obviously in the latter camp. But those are the two major challenges, finding the jobs in the first place, and then crafting my brand in a way that I could tell my story in a way that, frankly, I was able to, those are the two major challenges. And I, I got over those challenges, I met those challenges over time. And the rate in which I was able to kind of get hold of those was it was definitely cooperate between that and me, talking to people, networking, finding out how they did networking with like minded folk networking with other people who've been in my position, speaking to them, frankly, and there's so many folks out there. And you've probably noticed his travels as well, across the pond, in Europe, across the world that are willing to speak to you. I was very lucky. I'm ex military. So there's a cadre of ex military folks that have been here. But there are guys and girls that have been there as well. And that was the thing that helped me speaking to people, frankly, and not speaking to professional CV writers, although they have their place, but just speaking to people like me who've been there I'd been. And that's how I've got over those kind of two major challenges, I guess. Travis 20:05 I see, yeah, those are all really good points. And I've seen a lot of these just in my own personal job searches over the years. And one thing that really has stuck out to me was how practical and how efficient LinkedIn is, like one, you mentioned, the ability to set up some of the Boolean alerts, that's very useful, but then also just being able to, to just do cold outreach and reach out to other people who are in the industry in roles that you think are interesting, or people that are, maybe their hiring managers. And yeah, like you said, it's always good if you could have an intro and draw some similarity between you and them. And maybe it's like, you're also someone who was in the Marine Corps went to the same university, or you're in the same geographic area. So yeah, I found that cold outreach on LinkedIn, and then also just interacting with people at more like industry events has been incredibly useful, even more so than just applying for more jobs on on something like indeed, or monster one of those websites. So I can completely relate to that. Gareth 21:11 Yeah, Travis, I agree. And even now, networking, I'm averse to see LinkedIn, because I'm not officially endorsing it, right. But you know, LinkedIn is the platform that I'm gonna network on at the moment. So don't do it. Don't do social media, really in other guises. But whatever your platform, be at LinkedIn, or something else, networking doesn't stop when you get a job, either. I mean, those folks who are connected with me on the platform will will know what I'm about to say, but I'm doing a project at the minute, I'm kind of helping my company develop something in an area that I'm not completely familiar with. And I know there's folks in my network that are really familiar with it, I just put a post out and I left it on there for a couple of hours and took it off. Does anybody have experience in this? If so, please, message me. And, you know, I've got half a dozen, probably more calls set up now with folks that are given their time for free, just to chew the fat and helped me help me with a problem. And it's not a quid pro quo. But when you're in this community, your your, your inclination is to help people right, because at some point, you might be where they are, or they are, you have been where they are. So I think networking is undervalued. And listen, for those guys who are law maybe in the IC or in the military or law enforcement. It feels very weird to discuss things with other people not in your organization, I get that I get I completely get that right. But, and the power of networking, which which emboldened someone's career, it seems up to now in the private sector is so juxtaposed with the attitude of, sorry, the attitude, but the culture within some public sector organization, so I understand that but honestly, emancipate yourself. Get out there, you don't have to, you know, give away anything that is that may potentially be compromising to any you know, your company or whatever. Get out there network. And it seems like the most obvious thing in the world to folks, to many folks out there, but there will be some that are nervous about in the networking piece, trapeze, I know that, anecdotally, don't be afraid of it, be a whale, harvest it of like plankton, and there'll be people out there to take, you know, get on a call with you for half an hour and, and help you. So just to double down on on that networking thing. Travis 23:39 Yeah, that's a great observation, too. It's kind of like, the more you give back to the community at those times, whenever you need help, when you move into a new position that you're unfamiliar with, or you encounter some unique situation in the workplace, it's kind of like you've built up, you've built up good karma over time. So now when you reach out to others, to get help with a very specific project, they'll be the ones that reached out like, I can think of one instance over the pandemic where one of my friends moved into like a new executive protection manager type role, really, with a mix of corporate Intel, and they messaged me on LinkedIn was like, Hey, do you have a template for XY and Z? And I was like, shoot, I don't, but let me reach out and see if someone else does. And of course, someone else provided it to me. They didn't, you know, ask for. They didn't ask for any money or anything, anything in return, they just provided me a template that we were able that I was able to pass on to my other friends. So it's just very good to build up good karma in the community. And it really lifts all ships because at the end of the day, all of our roles are just around protecting people. So it's really not competitive in the way that one secure one global security managers competitive with another so that's a great thing about the community as well. Gareth 24:54 No, no, I like good karma. I like that turn of phrase. Travis is good. Yeah, I can use that. Travis 25:00 And next, I wanted to ask, so in your role as global security manager, what competencies are like? What skill areas do you think, make someone successful in your role or even successful as junior Intel analysts that are supporting you? Are there any competencies that stand out to you? Gareth 25:21 Absolutely. And just in case anyone for my company is listening, global security intelligence manager, just in case of global security managers, is listening. And he's he's a really tall guy, and he's ex Parachute Regiment, so don't upset him. Global Security Intelligence man, no, no. On a serious note, yeah, there are discernible. And just to kind of just reel back a little bit. This is really hard to quantify, right? Because anybody who has done a political science degree, or maybe has done kind of law enforcement analysis, or is military intelligence, or maybe in the community, it's, it's difficult to quantify exactly what skills you have, probably the detail about the skills you have, like the specific qualifications you have might be kind of sensitive, and might be actually a bit niche, you know, you might be really good at exploiting this particular sensitive data set. Or, you know, if you're law enforcement, you might be really good informants handler, or whatever the case may be, right, and that that's not marketable. But there are absolute hard skills and, and extensive soft skills that you glean from being in in that kind of world, which is what I had to think about quite hard when crafting my resume or CV, to get out of what I was doing at the time. So I'd say first of all, and these are really vague and soft, but just to kind of encapsulate the whole thing here. Getting large volumes of data, and presenting it in brief, concise Insights is a commodity. So if, for example, if I was, if I was recruiting for my team right now, I would, and I, and my manager said to me, okay, Gareth, you have to do a test, you got to give these folks a test, you know, because we're investing some money in these folks. I, one of the tests I'd probably do is give several different statements about one event, several reports, in different formats. Some of them are a bit contradictory. And say, Okay, I want you know, I want one paragraph about this, or sometimes even I want five bullet points about this, and add an image, an image that is meaningful, and adds value to the product. Sounds very simple, though very hard to do. That that's, that's certainly one thing. The second thing is to the extension of that, actually, it's probably rather than wanting to it's probably one on one a here, okay. One Alpha, is the ability to give a briefing. And, again, deliver a complex issue in as few words as possible. Because one thing you taught me the military is the concept of vital intelligence, right vital lint. And I'm not sure in the states what it's called. But essentially, if the commander comes into your briefing, and then within five minutes is called out to deal with something absolutely paramount, you need to get the the meat and potatoes, you need to get the important bits of the entire brief and the brief might be half an hour across those first five minutes. So you always need to imagine that the commander, your stakeholder, the CEO, whoever it might be, of your 20 Minute, 30 minute briefing might be called away in five minutes or of your three page report might only have time for half a page. So the art of condensing a complex issue into a really neat, concise insight is is paramount. Then I think the second thing we dealt with kind of condensing complex issues there both verbally and an orally is understand this is a bit more of a tangible piece, probably more relevant to the private sector, but relevance of the public sector to understanding your business, your stakeholder need, answering the question, actually, you know, and again to part of the vernacular, in the military, we'd say RT FQ read the fitting question, okay. And I noticed and you see this a lot, and this is something that I actually brought from my teaching career. as short as it was, on an exam question you might get, ... the qualification you get for going to university in the UK. I'm not, it might be changing that actually out step at a level as it was then you might get question i critically analyzing something about so let's let's pick my subjects say say Beethoven. Okay, so critically analyze how you know, Beethoven's deteriorating hearing impacted his composition. Now there's folks that will see the word Beethoven, and pretty much write everything they knew about Beethoven. Okay, so they wouldn't read the flipping question. They would, hopefully at some point in their deluge of an answer would get near that the essay question. And the same is the case in in my kind of team is, is every word that you're putting down on paper, every sentence relevant to the essay question, you know, relevant to the intelligence question, in this case. So that's, maybe that's more of a state of mind, or I'm not sure if that's a skill, but being able to get your knowledge and get the insight that you have and pivot pivot it to, to the question at hand. So understanding the stakeholder essentially understand the question. And maybe that's something that we can delve into a little bit later in the podcast about kind of wider understanding of the industry in order to empathize at the stakeholder, heart hard skills, just very briefly, being good at the the the office 365 suite in the private sector, a lot of your work as a corporate intelligence manager will be marketing. I say that it's a bit superficial, but it's the truth Travis and those guys who are in who in private sector here who are maybe you know, corporate Intel managers, or whatever the case may be, will hopefully not the head presentation doesn't usurp content, but it is everything you can get to hide there no slide decks or reports, one that looks absolutely professional. And, you know, may or may contain less content than the one that looks a bit shabby. And guess what Guess which one is going to hit read. So it it pains me because, you know, security intelligence professional, and it's about content, it's about insights, but delivery, but do you know what the aesthetics are important? getting to grips with that, and then kind of on the periphery, be good with data, you know, be able to get yourself around Excel and Power BI or Tableau, whatever the case may be always good. If you're not data scientists, Trump's always good to be able to do that, as it is always good to be able to get yourself around information security and cyber issues, even if you're not in cyber, at least understand them. That's always good. And something that I don't possess, but I know is a discernible advantage. It's an aptitude for language, you don't have to be fluent in the most difficult language of the day. But a demonstrable aptitude or interest in language does help at the entry level, especially with you know, things like due diligence companies, that kind of thing. Travis 33:28 Well, you mentioned a lot of points, I wrote down a ton of notes here. So yeah, and I couldn't agree more. So many of the big things he emphasized were around designing how information is presented, whether it's in the form of a presentation, or a written document, and then being able to like what you said about delivering the most important information. When you're briefing a stakeholder or a commander, like you're here in the US one really common acronym is bluff, BL UF, meaning bottom line up front. So So whenever we deliver information, we want to have the most important information up front in some kind of executive summary. So if someone only glances at the first paragraph of whatever we're delivering, they can absorb whatever is the most important information. And this also reminds me of there's a book that I read over the past year, it was called storytelling with data. It was by, I think, was a data analyst over at Google. And it was an incredibly easy to read book, half of it was actually more about presenting data. But really the first half of the book, I found to be so important when it comes to intelligence writing, because so much of it was focused on getting the reader to think about delivering the most important information that they have in the most concise way. Like I think, I think the author even said something about having kind of like a 10 second pitch ready to summarize all of your information. So if people want to learn more, I highly recommend that Book storytelling with data. Gareth 35:03 Now sounds like that's a great book... So it's, it's on my reading, it's not gonna buy immediately after the podcast and the author I could, I could not agree with him more on your bluff, very much an acronym we use over here as well. And in terms of business travelers in terms of the stakeholder, you've got that in the private sector, you've got that added piece about not only what's important in my brief, objectively, what is important to the stakeholder that could be something of vital importance or objective importance to you as somebody who's a political risk analyst, but actually, what is the most important thing in my brief that addresses the stakeholders question? Let's deliver that. And you know, at best, it's a hook that will then bring them in. At worst, it's something they can take away before the dragged off to the next meeting. So wholly endorse that, Travis. Travis 35:58 Yeah, that's an excellent point about understanding the question that we're trying to address. And then that gets into one of my next questions. Well, actually, it's very related. So I was curious, were there any, like certification programs or trading programs that you have found to be useful for you? Or some of your team members when it comes to like everyday work? Whether it's investigative research, whether it's business writing, are there any education programs or certification programs that have kind of stood out to you over the years? Gareth 36:34 That's a really good question, actually. So I think, I guess it depends on what area you're looking at. So there are I think, if you're in due diligence, or corporate investigations, you know, even if you've been ... event, or open source intelligence is, is the buzzword, okay. And as I found out over the last few years, I wasn't can bring you so much. You know, I was very much in the public spot in the government space for many years. And I didn't realize the power of open source intelligence. So a lot of vendors and suppliers now kind of deliver this pre package, which is fine. However, what I'm finding at the moment, in our investigative research part of my program, is that we have some really cool pieces of equipment and platforms, etc. And I'm not gonna mention them on the podcast, but people are free to reach out, and I'll gladly gladly, you know, make personal endorsements. But still, we're supplementing that with old fashioned browser based open source research. Okay. So I'd say any reputable open source intelligence course you can get on is good as an introduction to the kind of took his open source intelligence programs normally. At best, okay, they give you the tools, techniques, and they help you understand the Intelligence Cycle as well. And the better ones have come across have really focused the participant on answering the intelligence question, again, there's so much data out there Trump is so you can spend a whole day researching something and come up with nothing that answers the question. So the best ones kind of concentrate on that. But even you know, the shorter more budget ones, give you ideas of tools and techniques that you can then as long as you keep on top of it and keep networking keeping the forum's you know, you you can, you can really develop, so get on an open source intelligence program. Now, I've not been on the Bellingcat. One. Bellingcat is obviously a well known provider and the kind of almost celebrity status open source intelligence company, I know they do one. But there's loads out there, okay, I'm just saying Bellingcat. That's, that's the kind of thing I mean, when get on a course get on a course by a provider that's in summary, reputable that can give you the tools and techniques Bellingcat I think is that probably at the upper end have not looked at their course, but I know they do them. But there are plenty out there. I'm not gonna mention them here. Any folks in the UK that want recommendations for quick cheap online courses get in touch, I don't run them myself. But you know, I know folks that do actually I'm sending a young man that works with me at the moment in my my company, I'm sending him on a course in a few weeks. And in truth, most of these courses are almost the same. Okay, so there's just kind of some of them bit longer, some of them online, so in the residential, etc. So get yourself on an open source research course because it's quite good. Unless of course you've done it in your in your degree. about many degrees, we're going off of that. So failing that, also, and I don't want to go off on a tangent here, because I'm not going to give you a definite answer. If I was in cybersecurity, right, I would definitely say there certifications you need to do like CompTIA, security plus a BNC, etc. But in our world is a bit different. So what I would say is that folks coming from non public sector backgrounds, often have studied security, international relations and intelligence at best intelligence studies, okay, and may not have critically looked at the process of intelligence. So for example, if you've done international relations, you know, you'll be used to writing your essay questions, etc. Even if you've done a program in insecurity, intelligence, you've not been taught yet the process of, you know, direction collection, analysis and dissemination. And that really focuses one mind one's mind. So I would, I would also say, if you can get on some kind of intelligence studies, vocational course. Now there in the public sector, you would have done this in kind of your basic training, okay. But there are folks out there that offer intelligence analysis programs, that almost sheep dip somebody from going, you're right, I'm an academic, into being an intelligence professional, if you know if they're not going to go through that public sector route. Again, there are certain companies that I can name so do do reach out. So I stop a really concise answer to question, Travis, as I said, if you talk about cybersecurity as a CompTIA, security plus actually didn't work if you're an intelligence professional, and you think you might touch information security or cyber, do CompTIA Security Plus as well, because it's not a bad thing to have, if you've got any technical doubts about you. But I hope that kind of vaguely answered the question, Travis, I know it's not a concise. Travis 42:06 Yeah, it definitely does. And one of the unique things about OSINT is, really, there's so many free or near near free programs, where you can essentially become an expert and just direct your education yourself. Like, for example, if someone just goes out there and buys like OSINT techniques by Michael Bazzell, and tries using every single tool in that book, and just does their own kind of school project out of it, you could almost become like a self directed expert in many ways. So that's kind of one of the unique things about OSINT. And then plus, there's so many tools that are constantly changing. So it's like, even if you've gone to one reputable school a couple of years ago, it's always useful to continue your development or follow people on Twitter and LinkedIn who are constantly immersed in some of the new trends. So that's always an interesting point to Gareth 43:05 ...you touched on a really good point there. I'll be honest, because folks think open source intelligence is tools. And it isn't. And I said this, I think on on the OSINT jobs podcast, there's one quite famous and reasonably expensive company that specializes in geo locating posts from a certain social media site. And that was almost certainly based on EXIF data that was contained within posts or pictures, whatever the case may be. As soon as various social media companies started stripping EXIF data from, you know, from the platforms, this overnight this tool became redundant. And this wasn't kind of just some GitHub, you know, bit Park Tool that somebody had written, or some open source coding, it was it was serious, you know, reasonably expensive. capability. So tools isn't OSINT it's the mindset that is OSINT. And that is all I think that is all about answering the questions. So in that regard, yeah, I think general kind of intelligence certifications, and actually work experience in in supplying information to stakeholder is more valuable than tool itself, get get yourself on a course. Just so you got an appreciation of the type of tools out there because actually, if you start from scratch to traverse, you have no idea so yeah, get on, whether it's LinkedIn learning all the free stuff out there, or Mike Bazzell. Get as much and you'll start to get a feel. We're very much kind of done the open source research side here, but that's fine. You'll get a feel of the sorts of things you can exploit how you get Geo, he just wrote an email address, you know, how exploitable a telegram and Snapchat usernames? What can you do with that? And then the tools that literally become tools not that not that they're not the means to the end. You know, that means to the end, they're not the end itself. So get on a course get that baseline at standing, then as you say, Join Twitter, or join forums, even even LinkedIn. And then the tools will come and go. But hopefully, your mindset of, of developing these pieces of information translate intelligence question will develop, through literally working with stakeholders, doing projects doing, as he say, high school projects. It's a bit of an intangible one. And, you know, I think there's lots of free stuff out there. A good bit of advice is get on a course just get on any courses start off with because they'll give you some direction. But from then on in, you'll learn that it's actually quite nebulous, and you can take your own direction. I hope that corroborates the point Charles didn't want to know. Yeah, Travis 45:49 yeah, that's a very good point about it being more of a mindset because you are 100%, right. When it comes to tools, tools are fleeting, like, I'm pretty sure I had a license to the tool that you're talking about that kind of became obsolete overnight, when some of the geolocation stuff started to disappear. So that is an excellent point that it's more about understanding how to solve problems, not necessarily just going to any single tool itself. I do like that mindset. Gareth 46:20 And that's very obvious, you know, if you've got if you really listen to this, and you've got a degree in, in science, you know, a stem subject, not cyber, like if you've got a biology degree, or, or even you just a problem solver, right? It's the process of solving a problem, which is the mindset. So just because we've talked about political science degrees, I said about international relations, etc, fine, great, that actually, no, you don't you don't need that you don't even need degree is the process of solving problems. So anybody out there can can pick up one of these tools. If you've got a logical mindset. And you know, you're nosy, and you want, you want to know the next bit of information. You want to know how to get that information. And you'll be invest yourself in finding that, then you know, that ozen is for you, I'd say. Travis 47:09 Yeah, excellent point. And one thing that I wanted to go back to that you mentioned earlier, I wanted to see if you could share a little bit about how studying music composition or working as a teacher might have made you a better Intel manager, like are there any specific aspects about your your past experience and those past roles that have kind of made you better in the role that you're in today? Gareth 47:39 That's a good question. And I think there is first of all, music is accurate, you know, when you're looking at the deep study of music and composition, whilst it is creative, it's also quite mathematical. And it's and it's quite logical. And I don't know if this is my study of music, but being able to assimilate quantities of information and put a shape to it. As it is, so it's something actually you do music, you know, you redress as a conductor that I was I used to conduct, you know, your village orchestra or whatever the case may be. Being able to very quickly read all the lines of music and make sense of it. Maybe that's a little bit of theory or that's a bit nebulous, but I'm sure that's paid dividends however, totally see that? Absolutely. Same with I guess, you know, mathematician looking at a large equation, I'm not sure to want to elevate myself above my station here. However, I think that you know, where the rubber meets the road is when I was a teacher. You know, you do degree duties training, then boom, you're, you're teaching classes of teenagers from the age of, you know, 23-24, so you amass responsibility quite quickly. So empathy, being able to read people, you know, because lower set, I, we call it year nine, or whatever in our, in our system, you know, your nine, year eight, so 12-13 year olds, from various different backgrounds. Knowing how to kind of manage behavior and manage your lesson in a way that allows for learning for a crowd of those folks is is challenging and I think that that empathy helped me with folks in my subsequent intelligence career, in terms of the tangibles, Travis I mean, in pretty much every every role I've had since I joined the military, I've been helping implement new systems procedures, and essentially teaching. So my very first job in the military, there was a new system that was... used, and I bought it online and I had to teach People, you know how to use it, etc. So I've done that for a number of years. That that that was pretty straightforward to do. I didn't really think it at the time, but having taught for few years, quite a few years, really helped do that. And also, it helped me be in my later career kind of like liaison officer. So when the roles I did, I was delivering kind of intelligence support to to a customer who didn't quite understand you know, the more intelligence that was being presented, sorry, how to package it up in a way that was that was more fit into to the audience. And it's, and it's the same the private sector, right, you're patching up complex issues in a way that suits the audience. And in that, as a teacher, you're facing audiences, different audiences all the time, and having to do your deliver, in the case case, the national curriculum, consistently to a variety of different audiences, different ages, different backgrounds, that certainly helped in kind of that liaison role in terms of briefing as well. And then finally, just writing a lot of reports, which is what you do as an Intel guy, you do that as a teacher as well. So so that that that certainly helped as well. So those are the tangibles. The question I wasn't prepared for Travis, but I hope I had a good crack. Travis 51:23 Yeah, that's great. And one of the things that really stuck out to me was you mentioning, working in music and being able to look at essentially musical information, and then shape that into something tangible where you can do your your work in composing it or instructing. There's, there's an interesting book that I stumbled across recently, I forget the title is something like how generalists thrive in a changing world or something, something to that, that nature. And one of the studies that they mentioned in the book, so the author was did research around high performing high performing researchers in educational institutions. And one of the common characteristics that they found among like, the highest performing educational researchers, like people who are making dramatic progress on like different theories that are changing their different subfields. One of the common strings that they found was that these top performers tended to be involved in artistic pursuits, whether that was music, whether it was writing, whether it was playing chess and doing more like abstract games. So I think that's one really interesting thing to like, kind of connect back to your story is how, how being involved in kind of like artistic pursuits, probably do inform a lot of the work that you do, even though it might not seem like super tangible, it's probably they're kind of working in the background. So that really stood out to me. Gareth 52:54 Travis, what a great point. That is, that's a great word abstract, I think I was probably looking for that for the entirety of my answer. Yeah, meat, music or painting, you know, you're, you're dealing with abstract things. So you know, if you've got an orchestra, you've got strings, rubbing the strings to make some kind of vibration that makes a pitch of some sort. And you, you know, you've got people blowing into bits of tubes, and, and all that. And quite, it used to come down from another planet, quite random sounds and experiences, and you're molding it into something that's tangible, I guess. Same with artists, right, you're getting different paints and mixing them and then eventually come up with, I guess, I guess, a painting. So absolutely. Making the intangible and the abstract into something tangible, as you say, I think there's a PhD thesis on how that's directly relatable, but I've no doubt that, that it helps. That's, that sounds like that's the second book recommendation. So I'm getting a lot from the podcast today, Charles. Travis 53:52 Thanks. And actually, that gets to one thing that I want to ask you about, too, was, Are there any books that you've found yourself recommending the most throughout the years to whether it's team members, whether it's peers? Are there any books that you've recommended the most over the years? Gareth 54:11 Okay, yeah, that's a great question, too. So, I think I'll go with the kind of more hard skills first. So structured analytic techniques for intelligence analysts, and that's by Heur, that is kind of the Bible for it, guys in terms of structured analytical techniques. And I guess that the, the online there's an online kind of version of that book, but there's an online alternative you can get, and it's called quick wins for busy analysts, and it's authored by UK Defense Intelligence and it's online, you know, it's not, you know, classified protectively marked. It's out there, really good for structured analytic techniques. and especially those folks that are coming from academia, it will help you put all the skills and the knowledge and the intellect that you have, and structure that in a way that is that that can produce meaningful outputs. And the the analytic techniques contained there in our are used, genuinely, you know, for example, plausibility cones, or analysis of competing hypotheses, there'll be plenty folks that say, you know, that that stuff doesn't work, but they are genuinely used within government. And I mean, I recently did a product in my team, we use the one of the analytical techniques in there and we didn't, you know, you don't show your work into the eventual product to the stakeholder, but you do the workings out and then you deliver the product, and then you can back it up with really structured techniques, that that helps you defeat bias and all the rest of it. So those two publications, structured analytical techniques for intelligence analysts, and wish isn't cheap. And then the Defense Intelligence di quick wins for busy analysts. In terms of books that I've read throughout the years, well, there's there's plenty of I mean, the authors I read sometimes can be probably quite controversial, so I'm not going to that. But in terms of recent books, I've read Gen Stanley McCrystal's Risk User Guide. That was that was absolutely excellent, and also have started VT reading HR McMaster's Battlegrounds, which seems to be a really interesting, interesting book, interesting perspective. And then finally, you know, if you're still in academia, and you're not yet breaking into the job market, and you're not some kind of leader that wants to read these inspirational books by kind of generals, but you're looking for some good academic text on matters of intelligence. It's called Secret Intelligence, a reader. Okay. So that sounds a bit sneaky, that book but it isn't. It's a well known academic book, you know, authors, such as Richard or Aldrich, contribute to it. And that will actually give you a collection of essays essentially on intelligence, successes and failures. But but it isn't like a novel, right? It's it's really objective, and, and that that's a good book as well, and gets you thinking about the whole process to be honest. And you don't have to be going into, you know, the IC or the public sector to have an appreciation of that book. It's a really interesting book to read. And I think it's recommended in most kind of University pogroms if I'm not wrong. Travis 57:50 Awesome. Yeah, thank you for all those recommendations. And just from those recommendations, I could kind of tell the you, you do read a ton. So I'm sure that also informs like the way that you assess different Intel products and produce Intel products. So I'm sure all the reading that you do is also incredibly helpful when it comes to delivering presentations and preparing all of those products for stakeholders. And, and one funny thing at structured analytical thinking, I remember, one of my bosses at a couple a couple of jobs ago gave it to me, and I remember I had it on my desk, and I started flipping through it. And I was like, I don't know if I can really apply these like in my day to day work. And I kind of like gave up initially, but that is one that I should definitely return to and take a look at. Because I'm I could see a lot of those different, like techniques for looking at different challenges helping whether you're working in Intel, or whether you're working in other parts of security risks, I would definitely look into those Gareth 58:49 absolutely ... I mean, you know, a SWOT analysis can be done quite quickly. And they can help structure your thinking, you know, what's the strength, and the weakness of this position, what the opportunities and threats in the same way is looking at, you know, your kind of plausibility what's what's the most likely the most dangerous outcome here and why I think it just helps you check your biases, none of the spoiler alert, none of these techniques beat or defeat, inherent bias. And when I say bias, it's not, you know, pernicious or, or or malicious bias. It's natural human bias based on our lived experience, nothing beats that. However, if you adopt these techniques, you know, you get as close as you can do. And then if you introduce others, to avoid groupthink, and, you know, you bounce ideas around, you can kind of get close. And that's what these techniques are for really, some some practitioners will say they helped defeat bias. I don't think they do. And there's definitely studies out there to show that, you know, ACH analysis of competing hypotheses doesn't completely defeat inherent bias, but they do help quantify one's own thinking which when you come in from an academic background, You know, you're writing your flowery essays, and I'm not being pejorative at all. You know, it can help focus you from coming from that background and actually doing your workings out and presenting an objective answer to a question. Travis 1:00:14 Those are excellent points. And I hope people do go out and check out that book. And then now as we're coming to close the interview, are there any final thoughts that you want to share with any of our listeners. Gareth 1:00:30 So what I'd say to folks that are coming from the public sector, and those folks that are graduating is that you don't probably realize the value that you bring to an organization. So first of all, to graduates, you know, many graduates struggle with resumes and CVs, and we're getting quite into the weeds now. But I've spoke to quite a few recently, actually, many, many struggle, because, you know, resumes are predicated largely on you demonstrating your essentially work experience and how you can fulfill the roles of the job descriptions put before you. And if you've been to university, you you've not got any work experience. So you might have some work experience, you know, in, in a bar, or whatever the case may be. But actually, you need to take a more, almost abstract view of it. Okay, so you have got work experience, those guys and girls that are at university, and that are looking to go into entry level Intel roles. Intelligence is kind of, you know, in the corporate sense, I guess, in the public sector, as simulating large large amounts of information and creating a unique product beta based on that. And if you're doing a dissertation or thesis, you've done that, you know, you've definitely done that. So, so don't underplay you experienced those guys in the public sector. A couple of things. First of all, whether you're employed by law enforcement, government or military, they'll never tell you the kind of, they'll never help you along the way of quantifying your skills. And you do have quantifiable skills, and it took me over a year to try and think about this, really, and I'm still trying to think about it now. But you do definitely have skills that are commodity, don't undersell yourself, and also think you're being carried encouraged by your, by your organizations, to be very vague on a CV, as well look at what's on a job description, look at how you can contribute to that. Specifically, if you're in the military, you've commanded a platoon of you know, however many troops, but management isn't on the job description, your privacy suddenly finds something different, then they don't include that. Right. So CV and resume husbandry is really at the heart of of your job search, because your skills and experience if you're in the public says you've got loads of votes influence spent a few years and then you can adapt, you know, so please do reach out to folks in your network, both graduates and and you know, public sector employees that look and make the jump to the private sector. Don't be afraid of LinkedIn. You know, you're not, you're not going to suddenly get a honey trap by a spy from particular country. You know, you could just be coming from a public sector, be diligent. And actually, whoever you are on LinkedIn, we know it's used by lots of folks for lots of bad reasons. But it's an it's a good platform, get on there, get your name out there. And be and be bold. And I guess the last thing I'd say is, you know, reach out. We discussed this before Travis, I'm in no way any kind of expert on anything. I've done, you know, maybe a year and a half less than that in the private sector. And that's after nine years in kind of public sector security and intelligence. And before that teaching, I I've not got the 27-30 year career that some of the contacts and some of the guests on the podcast might have. So I'm coming at this from you know, I'm one of you folks, I'm appear. Only a couple of years ago, I was in a job search with you. I was listening to podcasts like this hoping to get some insight. So do please reach out. I regularly I did share jobs, kind of quite liberally on on LinkedIn volume of posts, I now do it all via author jobs. So you know, once or twice a week I get on there and upload jobs. So please do look at them as well. And feel free to reach out. If you just want a general chitchat or if you want to give me some advice and tell me that I'm completely wrong. Please do reach out as well. It'd be it'd be good to have that chat. And finally, Travis, thank you very much for inviting Travis 1:04:59 Yeah, of course, and I loved everything that you said about the importance of developing resumes that match exactly what private sector employers are looking for. And then also definitely reach out to people who are hiring managers, or who are peers in some of the roles that you're searching for, and get a second opinion from them. I'm sure they'd be willing to share 10 minutes to quickly critique your resume. So networking, also very huge. And yeah, Gareth, I really appreciate you sharing your time with me today, I have an entire page of notes here when it comes to some of the some of the competencies you mentioned in areas to explore for people to develop more as Intel professionals, and then also some book recommendations. And then also, you're you're very humble. But it's really important to also talk to people who are in mid level roles who haven't necessarily been doing it for 20 years, because often, some of the insights that they deliver are much more useful for some of those junior people who are just getting into the industry or who are just graduating from university. So I would not discount your your experience at all. I'm super humbled and grateful that you would share your time. So thank you very much, Gareth. Gareth 1:06:15 Travis, it's been an absolute pleasure. And I don't know when this is going out, but it's Easter holiday here in the UK. So anybody listening to this, I hope you've had a wonderful bank holiday and and thank you very much for taking the time to listen to listen to me and Travis chat today. And thank you again, Travis. Travis 1:06:35 And that concludes today's episode. Remember, show notes from today's chat can be found online at the security student.com which includes a transcript, links to resources mentioned, and a quick summary of big ideas we touched on today. Final note, if you're finding my podcasts useful, and you want to help me in a very meaningful way, please go to the Apple podcasts app and write a quick review stating why you would love the podcast
