Your Organization’s Ground Truth
What your dashboards may not be telling you
Boots on the ground
Early on in the Iraq war, I distinctly remember coming back from patrol and seeing the news from home playing in what served as our command center. As an intelligence collector tasked with gaining information and insight from the various Iraqi people I spoke with, I was rather surprised to hear some of the comments made both by officials and pundits about the state of things “on the ground.” There was a severe disconnect between what I was watching on the television with what I was experiencing daily. I guess I was surprised to see the same disconnect in the corporate world years later.
The term “ground truth” gets thrown around quite a bit, but it truly is an important concept. Today’s leadership often assumes that because of all this fantastic technology the company has purchased for their teams, and all the incredible talent that they have brought on, that whatever “dashboard” they rely on for their daily updates is accurate. There are no red boxes, so everything must be “fine,” right? And maybe it is! The problem is that green or red box comes only from whatever data points are being automagically collected and correlated. But is that everything you should know?
The truth hurts
If anyone wants to feel utterly hopeless about today’s cyber situation, sit down with any red team, and ask them what works for them again and again. Go talk to the phishing team and ask what the click stats are on the latest “test phish” email they sent out (and look at the email, too). Very depressing, most definitely. But if you really want to be scared, go out to the smoking area with the SysAdmins and SecOps folk, the men and women working hard at keeping the blinky lights blinking. After you ask them what they’d fix first and why, you’ll — a) wonder how the company is still in business and b) why this doesn’t show up on any fancy executive dashboards.
As on any battlefield, there is ground truth in your organization. What the C-Suite is talking about to the board may not entirely reflect what these teams are seeing. Granted, they may only see one piece of the larger picture, but that does not negate what they’re experiencing.
We often look at intelligence as an external-facing activity. But the actual value of a good intelligence team comes from combining organizational knowledge and relating it to external events and situations. Employees are the most significant sources of information when it comes to understanding what is wrong and right within an organization. Sadly, all that knowledge, experience, customer & partner interactions often gets thrown out with the cigarette butts simply because it’s not collected. Your intelligence teams should be collecting that information.
It starts at home
If anyone is thinking about building an intelligence team from scratch, before going off to buy external tools and feeds and more data, I suggest this: Start at home. What is your organization’s ground truth? What is happening? What’s scary and why? Some things may be simple fixes, some maybe not. But at least you’ll understand what the pretty dashboards are telling and, more importantly, not telling you.
Happy to discuss further! Find me at LinkedIn or at D3 Intelligence
