10-Minute Red Team (Tutorial): Executive Protection INFOSEC


Before we jump into this topic, I will be creating a new OSINT in executive protection webinar in the future. And you can sign up for it below.

In the previous webinar, we covered the following topics:

  • Developing a Systematic & Timely Framework
  • Closed Social Media Accounts
  • OSINT Investigation Fundamentals
  • Maintaining Digital Privacy & Investigation Integrity
  • Value of Digital Images & Metadata
  • And More...
     

Could the executive protection team members' negligent personal information security practices be jeopardizing the principal's safety?

Imagine, how difficult it is to get access to the principal, or to get access to their sensitive personal information. It’s hard as ****, if you’re doing your job right. Now compare that with the simplicity of getting access to your team members' or their personal information.

I’m going to demonstrate for you in a 10 minute tutorial, how to conduct a simple red team assessment of your executive protection team members’ personal information security. This is a starting point, to give you perspective on how your team members' lazy information security practices are creating greater risk for the principal.

This highlights the great paradox of Executive Protection – We expend untold resources to protect the principal, however, we do not approach our personal security with the same energy (generalization). My favorite (and the most basic) example of this is here: I never let the principal or security vehicles have a low fuel level, yet my Toyota in the parking lot right now has only half a tank. After working 12 hour days, you don’t feel like refueling your car three times per week.

As security executive protection specialists, we need to acknowledge this vulnerability (and take steps to fix it) so that we can look the principal in the eye and tell them that we are conducting security in the most prudent and professional manner.


Action Steps & The 10-Minute Red Team Challenge-

1 - Watch my 10 minute tutorial video and review the following: (1) The 10 Keys of OSINT Research in Executive Protection (2) IntelTechniques - Internet Search Flow Chart.

2 - Select a partner on your security team and forward him this email - Challenge them to follow my tutorial and red team you (starting with your first name & last name, then expanding as he finds your email addresses, usernames, phone number, etc). When he is done conducting his red team, he sends you his findings. Then you red team him, also sending him the findings after you’re complete.

*It is necessary for someone other than you to do the red team because they will be less bias and vice versa.

3 - Once you receive the results, and you examine what personal information was available online, now you have a starting point for strengthening your information security practices.

4 - The next step is to remove as much of your personal information as possible or replace correct information with disinformation.

*Caveat: A thorough red team analysis of your comprehensive online presence should take hours. But I have found the tools in this video to be the best start, when the OSINT researcher is under a time constraint.

Don't forget. If you sign up for the EP Nexus newsletter, you'll receive monthly update in your inbox.

Good luck,
Travis


 

About the EP Nexus Blog

The EP Nexus executive protection blog, is a comprehensive resource for security professionals involved in executive protection, protective intelligence, threat assessment, and related fields.

Launched in March of 2016 as a resource for executive protection professionals, command center gurus, and close protection know-it-alls, EP Nexus is quickly becoming a resource for those seeking to quench their thirst for executive protection reading.

The most popular section of the blog is Executive Protection HacksEP Hacks is a series in which we address complex topics (one topic per issue) in a convenient collection of tools & writings. I am actively collaborating with industry leaders to produce future issues. If you're interested in taking an active approach in moving your industry into the future, contact me below.

Outside of EP Hacks, I explore the following topics in writings, tutorials, and webinars: online tools for executive protection professionals, open source intelligence investigations (OSINT), threat assessment, protective intelligence, travel security, and more.

Sign up for the newsletter to receive premium content and monthly updates.