DeepSec 2022 Talk: OPSEC – The Discipline Of The Grey Man – Robert Sell
During operations, it is not unusual for us to get excited about the target and to prematurely begin before we have adequately prepared. As a result, this can not only spoil an operation but can cause dire life-threatening consequences. This talk goes over why OpSec is so important, failures people often make and how we can greatly improve our operational security during intelligence gathering and operations. While I will cover sock puppets and other techniques in detail, I will also cover physical considerations, habits and other areas where risks can be generated unless the operator is careful and diligent.
We asked Robert Sell a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- I start by providing a better definition of OpSec
- Then, we look at why you should care about good OpSec
- Next, I outline the traditional OpSec process
- I compare our InfoSec OpSec to more traditional spycraft concepts like the Greyman
- Finally, I provide clear and concise insights on how to operate security.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
In all 3 of my domains: Search & Rescue, InfoSec and Trace Labs – OpSec is critical. I see so many people making mistakes. I want everyone to realize that OpSec needs to be a preliminary preparation.
Why do you think this is an important topic?
Poor OpSec can result in very serious consequences.
Is there something you want everybody to know – some good advice for our readers maybe?
Our industry doesn’t prepare you well for doing good OpSec, however it is essential if you want to operate in an environment with bad actors. Reduce your personal risk but also the risk to your friends and family with better OpSec. There is no going back to fix it later.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
Even now it’s not unusual to have a target file on key persons who you are interacting with. What’s in your file? What do you want others to know about you?
This is becoming more popular in the corporate world as we recognize the benefits of targeted intel. If you haven’t been a target of an intelligence gathering operation, you likely will be soon. That could be for recruiting or it could be to learn the easiest way into your organization. It’s too late to prepare after the fact so I hope this talk helps everyone prepare.
Robert is the founder and president of Trace Labs, a nonprofit organization that crowdsources open source intelligence (OSINT) to help locate missing persons. He has spoken at conferences and podcasts around the world on subjects such as social engineering, open source intelligence, physical security, insider threats, operational security and other topics. Robert primarily works in the aerospace industry where he assists newly acquired organizations to secure their environments. This includes all aspects of security in regions around the world. In 2017 and 2018 he competed at the Social Engineering Village Capture the Flag contest. He placed third in this contest (both years). In 2018, he actually ran his own Trace Labs OSINT CTF while participating (and placing 3rd) in the SECTF at Defcon Vegas. Robert is also a ten year volunteer with Search and Rescue in British Columbia, Canada. In his search & rescue capacity, Robert specializes in tracking lost persons and teaching first responders how to leverage OSINT.