cyber security

Case Study – Intelligence / Investigative Analytics

Over the last seven years, and for more than 12,000+ investigative hours, I’ve worked as a intelligence/investigative analyst. I use both intelligence and investigative because the position goes by either.

Technically, I’m an All Source Analyst because I use both open (OSINT) and closed source data points. An intelligence analyst researches, gathers, and evaluates data from a variety of sources. They specialize in data mining. An investigative analyst works on, you guessed it, investigations.

Typically, there are three divisions: military, law enforcement, and insurance. Often, we use similar databases but with different levels of security clearance. Law enforcement is more concerned with digital forensics and cyber investigations. Military locate and track terrorists. Insurance investigates claims. All three have similar skill sets: we are cyber sleuths. It should be noted that there are also Cyber Security Threat Analysts that are also similar (they search systems and networks).

The insurance side of things deals a lot with insurance companies and law firms, and often works alongside law enforcement. Some of the cases I’ve worked on include money laundering, rape, assault, kidnapping, and shootings. Several of them have gone international (Mexico, Spain, Canada, Guatemala, etc) , and have included all forms of insurance: liability, work comp, property loss, FMLA, and life.

Before I continue, it should be noted that a background investigator is not the same as an analyst. Yes, I may do a simple social media sweep or a pre-employment search, but that’s the extent of what a background investigator does. They collect a bunch of data, but make little to no attempt at evaluating it. They don’t go beyond the confines of a search engine. Additionally, a copy service retrieves documents such as court records, birth certificates, and camera footage from an intersection, but that is only the “other” duties of my job function, and not what I do the majority of the time.

So, what do I do? I piece puzzles together in order to paint a clearer picture. I work on skip traces, SSN traces, heir searches, asset and business searches, employment checks, social media archives (which may include metadata) and criminal/civil checks, and a host of other case types. I launch bank account searches, comb through DMV records, and run vehicle sighting reports. I might triangulate the location of a cell phone or create a family tree in Ancestry.

Yep, I’ve read thousands of police reports, traffic incident reports, birth certificates, property deeds, property transfer detail reports, vehicle titles, death certificates, autopsies, bankruptcy documents, articles of organization and incorporation, statements of info, and marriage and divorce records. I conduct geofences, match data points, and watch body-cam and surveillance footage. I then conclude my findings by compiling a legal document for court purposes.

My toolkit is vast. It includes a host of software and online databases. And it’s not something one ever truly masters. You’re always learning, adapting to some new trend or security feature, and uncovering new methods for solving cases. You’re on the frontlines in combating the $1 trillion a year industry known as fraud. And rarely are two days alike.

Your coworkers have no idea what it is you do. The certificates you get are often the same ones military and law enforcement receives. And you’re even eligible to test for and receive a PI license! It’s a job that includes lots of tech, sometimes being on call for a court appearance, and is rewarding in and of itself. I mean, I get to work on some really interesting cases and see things few others can ever testify of. We see a lot, learn a lot, and the feeling you get when you crack a case…it’s amazing.

So whether it’s a dude claiming to be a vegetable who is using dummy LLCs in a real estate pyramid scheme, another dude who claims to be broke to sneak his way out of lawsuits while he liquids his assets, transferring them to Canada where he happens to be a multimillionaire, or it’s finding a mother pretending not to know the identity of the father so she can collect all the life insurance on her deceased toddler, the cases are never the same.

Eight years ago I didn’t know this position even existed. I was experienced in marketing, sales, writing, customer service, and project management. I started out in data entry, did some editing, and then stumbled into a super fun and wildly different day job. It’s perfect for the writer and mystery lover in me. And I can’t wait to take it to the next level.

Case Study – Security Audit

If you don’t know what a SOC 2 Type 2 Audit is, don’t worry because I didn’t know either. I had turned down a position as a permanent copy editor (I wrote the manual for the department and trained a person for the position), instead opting to take on the role of a project manager. It wasn’t long before I had my first massive assignment – do whatever it takes to pass the audit and achieve compliance.

My specific task was twofold: first, I would be writing the bulk of the actual report. A simplified process at this time because I knew all the ins and outs of the company. I wrote training manuals for multiple departments, and had cross-trained for almost every single position. With a strong background in writing, compiling a slick, detailed report turned out to be a breeze.

The second major task proved more daunting: build an internal database for the purposes of housing the HR and IT departments. My background in coding was limited to HTML I played with in high school on notepad and MS FrontPage. I was given no budget, no team, and no guidance for putting together the database. Just a three month deadline. No pressure, right?

The first program that popped in my mind was MS Access since it had sat there on my desktop, collecting dust for years. Access = database, I thought. I discovered I needed to know two programming languages to get this right: VBA and MySQL. I immediately purchased a ‘Dummies’ book, located a handful of forums where database conversations were taking place, and got to work.

I remembered a simple trick clockmakers would use in order to master the craft: take apart the clock and then put it back together again. So, I grabbed a database off the interwebs, broke it apart, examined the coding, and put it back together. This built my confidence up.

Looking back I wish I had done some wire-framing. Although, at the time, I didn’t know what wire-framing was. Regardless, I built a database, from scratch, that housed both the IT and HR departments. I did it in three months while also compiling the SOC 2 Type 2 Audit report. Best news of all? We passed the audit and were granted compliance. At $20k+ you could say it’s the most expensive exam I’ve ever passed.

This would become the foundation for my present study in Python and R programming. It also proved to me that with dedication, discipline, and a deadline, I could accomplish just about anything. Well, almost anything. Lastly, I really don’t like VBA, but it is what it is.