Let's examine this a bit more closely...
- I read the Wall Street Journal slowly.
- I read (more quickly) daily editions of Foreign Policy and Stratfor.
- And then I skim dozens of RSS feeds for interesting pieces.
Next, Foreign Policy and Stratfor pieces generally turn into ideas that sometimes get posted to our workflow and analysis request system. This is where I we get much of our long term perspective on things happening in the world that may become problematic in the future, but haven't yet. So, I read the publications, but not as slowly as the WSJ. Foreign Policy and Stratfor (for me) are geopolitical tipping and queuing.. situational awareness. As the stories get closer, I'll see them in the Wall Street Journal!
The RSS feeds simply get skimmed, read, and posted to Buffer App for sharing across twittersphere and our Linkedin. I know that I focus more on world and business affairs than I do the tech, but also know that I've got a room full of techies focused more on that then world and business affairs, so when we get the office, the conversation should be pretty amazing --and it usually is --but this is where the new vuls, patches, bugs, etc., are usually discussed.. but because they're in RSS, they're usually a bit time late and written in a format that anyone can understand.. so I also look at some of the google groups to get my fill of deep, running, colorful (sometimes) tech gouge and leading indicators.
Of course I get a ton of this stuff in Red Sky Alliance as well. Usually we don't bring in the original source because everyone sees them too, but the conversations can be awesome --online, phone, video, whatever. The connections become rich and we figure out quickly what's important that day, that week, and sometimes (but not always) next year.
So I have to ask --we talk about this often. What kind of intelligence do you need? Most folks have no idea what an EEI is. They're really good at incident response, forensics, or operations, but have no idea what the intelligence cycle is or does, why we use it, or the value of great intelligence.
So bear with me. I'd like to take a moment and review the categorization of the kinds of intelligence that we think about. There are many, but this is our perspective:
- TACTICAL Intelligence is used by security operators, incident responders and forensic teams. The information can be long or short lived, and generally, best in short pieces of context (with the deeper work available via one click), and actionable indicators of potential compromise, or indicators of compromise.
- OPERATIONAL Intelligence, although argued by many because of the varied nature of the reader, from my perspective, focuses on the immediate and short term needs of decision makers NOT in security, but in the business or business lines.
- STRATEGIC Intelligence focuses on the planners and risk managers. This is for the folks who think about broader situational awareness --the folks who look at the entire chess board and plan the next five moves.
And I'd ask (and I'd really love to see comments on this please)... "How do you want it?" Document? PDF? STIX? Other?? You tell me. I'm all ears.
Who is (are) your primary customer(s)? When you consider writing intelligence for someone, who do you write it for? At what level?
These scratch the surface for me, but we're constantly asking our members and readers "What keeps you up at night?"
I'd love to hear from you...