10-Minute Red Team (Tutorial): Executive Protection INFOSEC


Before we jump into this topic, I will be creating a new OSINT in executive protection webinar in the future. And you can sign up for it below.

In the previous webinar, we covered the following topics:

  • Developing a Systematic & Timely Framework
  • Closed Social Media Accounts
  • OSINT Investigation Fundamentals
  • Maintaining Digital Privacy & Investigation Integrity
  • Value of Digital Images & Metadata
  • And More...
     

Could the executive protection team members' negligent personal information security practices be jeopardizing the principal's safety?

Imagine, how difficult it is to get access to the principal, or to get access to their sensitive personal information. It’s hard as ****, if you’re doing your job right. Now compare that with the simplicity of getting access to your team members' or their personal information.

I’m going to demonstrate for you in a 10 minute tutorial, how to conduct a simple red team assessment of your executive protection team members’ personal information security. This is a starting point, to give you perspective on how your team members' lazy information security practices are creating greater risk for the principal.

This highlights the great paradox of Executive Protection – We expend untold resources to protect the principal, however, we do not approach our personal security with the same energy (generalization). My favorite (and the most basic) example of this is here: I never let the principal or security vehicles have a low fuel level, yet my Toyota in the parking lot right now has only half a tank. After working 12 hour days, you don’t feel like refueling your car three times per week.

As security executive protection specialists, we need to acknowledge this vulnerability (and take steps to fix it) so that we can look the principal in the eye and tell them that we are conducting security in the most prudent and professional manner.


Action Steps & The 10-Minute Red Team Challenge-

1 - Watch my 10 minute tutorial video and review the following: (1) The 10 Keys of OSINT Research in Executive Protection (2) IntelTechniques - Internet Search Flow Chart.

2 - Select a partner on your security team and forward him this email - Challenge them to follow my tutorial and red team you (starting with your first name & last name, then expanding as he finds your email addresses, usernames, phone number, etc). When he is done conducting his red team, he sends you his findings. Then you red team him, also sending him the findings after you’re complete.

*It is necessary for someone other than you to do the red team because they will be less bias and vice versa.

3 - Once you receive the results, and you examine what personal information was available online, now you have a starting point for strengthening your information security practices.

4 - The next step is to remove as much of your personal information as possible or replace correct information with disinformation.

*Caveat: A thorough red team analysis of your comprehensive online presence should take hours. But I have found the tools in this video to be the best start, when the OSINT researcher is under a time constraint.

Don't forget. If you sign up for the EP Nexus newsletter, you'll receive monthly update in your inbox.

Good luck,
Travis