After college I worked in a dark corner of the advertising division of a major Midwestern newspaper. The most satisfying part of the job was the anti-fraud component. Vetting suspicious incoming ads became a puzzle and I relished the opportunity to become a sleuth. I taught myself rudimentary OSINT more than a decade before discovering there was a word for it.
The scammer would slip up somewhere. And if you looked carefully enough, you’d see it. Ads for jobs at companies with non-existent addresses. Local car-for-sale ads placed from internet cafes on other continents. There were even times I stopped advertisers themselves from becoming unwitting pawns in a bigger scam.
I found the fingerprints of fraud and taught my peers what to look for. We saved our readers from falling prey, and diligently worked to maintain trust in what at the time was the region’s primary marketplace for public and private commerce.
… With the passage of time came greater self-knowledge – including the startling discovery that I had much more technical aptitude and interest than I’d previously imagined. But the desire to use my creativity in service of strengthening public trust never went away.
So as my understanding of the Infosec Landscape grew, I naturally gravitated to “the offensive part of defense”. Specifically Detection Engineering, Threat Hunting and Active Defense. And true to my newspaper days, I’ll be sharing what I learn in this blog.