Alex Lozano of Cibergy joins us to discuss how he uses OSINT and social media to protect executive clients, resources for his cyber students at University of Barcelona and the best tools for real-time monitoring.
Alex Lozano is the founder and CEO of Cibergy, an intelligence company based in Spain, and is a professor of OSINT at Universitat Autònoma de Barcelona. His passion for investigation, corporate security, and OSINT dates back to a very young age, stemming from his family's activities as professionals in the Private Investigation sector.
Alex is a private investigator and security director with a special interest in intelligence and business. On LinkedIn, he frequently shares tips and cheat sheets about OSINT to provide as much value as possible to the OSINT community.
Alex: [00:00:00] We start explaining different, uh, internet levels. What's a deep web, what's a dark web, what's a surface web. Uh, then understanding the importance of OPSEC, protecting yourself, not showing information if you're, you're doing an investigation, you have to protect yourself.
Aubrey: Welcome to Needlestack. I'm
Shannon: Aubrey Byron. And I'm Shannon Reagan. Today, we're discussing executive protection and threat intelligence.
Aubrey: Join us for that discussion today is Alex Lozano, founder and CEO of Cybergy and a professor of cyber intelligence at EPSI at University of Barcelona. Alex, welcome to the show.
Alex: Hey, hey Aubrey, hey channel. Thanks for inviting me tonight. I'm a super fan of [00:01:00] your podcast. I believe you do great things, so thank you.
Aubrey: Thank you so much.
Shannon: Yes. So, Alex, ahead of the show, uh, we were discussing your work, uh, and we ended up kind of honing in on this topic of executive protection, how it's used in corporate environments, as well as government figures, um, anybody important.
Can you start by telling us how OSINT is used in executive protection?
Alex: Yes. So, um, Segregated protection is related to, uh, what we call Uh, it involves executives, also famous people, political figures, CEOs, and different personalities. And at the end, what we are trying to do with those things is, uh, understand what type of, uh, exposure these people have, uh, on the internet.
Uh, not only them, but, [00:02:00] uh, with everything they do, uh, related to their work, to their personal activities, also to their relatives, and just understand what type of exposure they have and the risks and threats that, that can happen, uh, because of this, uh, information.
Shannon: So with wealthy or powerful people, um, I'm assuming they might be, uh, extra careful of what information they make public about themselves or what they put online or maybe allow for them to have online.
Can you talk a little bit about how that makes your job harder or is it actually surprisingly easy to find information on important people?
Alex: It just depends on the people. Uh, there are some, as you mentioned, some of them are aware of their risks or having, um, trained or some point someone has told them, uh, what can happen if your [00:03:00] personal information is, is out there on there.
On the internal, but on the opposite, uh, now with all social media profiles, um, people sharing a lot of DVDs, personal information, uh, everything they do, where they go, uh, it's quite easy to find this type of information. Also, um, generally what they post, but we have also data breaches or, uh. Yeah, leaks where you can find phone numbers, emails, and those are for sure a risk for, for executives.
Aubrey: Um, you mentioned how, you know, uh, OSINT can be used for travel and even, you know, People looking into foreign investments. How do you use OSINT to learn more about a place someone might be going or situation?
Alex: Well, the way, the way you do that, um, [00:04:00] see, first you need to know like a schedule of where, where are your workers going to go, or like your protect with someone, especially, uh, you just, well, you have to understand the context of that region where we're at. We're traveling and then, uh, identified, uh, possible risks or, uh, what's going on in real time. Also, uh, week before, uh, political, uh, and, and, and stability and also, uh, maybe, uh, Some disasters, uh, natural disasters have happened. Um, maybe, uh, riots or, uh, demonstrations. So you have to be aware of all of this.
Uh, there are specific, uh, hosting tools that enable you to just have real time information and then, uh, get some alerts if something is going [00:05:00] on. And that's very important, uh, that you, that you are aware of. able to, to understand what's going on so that you can protect effectively your client.
Shannon: It seems like social media today would be a crucial tool to doing this.
Um, do you Are you going directly to social media? Are you using like data aggregators and scrapers? Do you worry about sock puppets? What are maybe special considerations for sockmen or social media intelligence in exact protection?
Alex: Well, first you have to identify where can we get the information from.
For example, a good way to get this type of information is through live videos. We can find these live videos on social media such as Snapchat, uh, YouTube. Also, Instagram, Facebook, all of these, uh, social media platforms have, uh, live videos and and also [00:06:00] just, uh, monitoring through, through this different type of alerts.
For example, Google alerts, uh, we have other tools such as Stoke Walker or maybe, uh, Sandesk. These are special specialized tool, uh, that what mainly what they do is just, uh, identify what's going on, uh, in a certain place and then, uh, through, through the group. data aggregators, you can find all this information and generate a report or, or just, uh, get an alert, uh, in case, uh, it's something interesting.
Shannon: It seems like with executive protection too, that there's a certain amount of proactive research, like before the event or travel or whatnot. Um, but I, Can I can't underestimate the pressure you must be under to, you know, provide intelligence like reactive to react to in the course of the event. Can you talk a little bit about what that pressure is like, how [00:07:00] tight timelines might affect your, your research and intelligence building?
Alex: Yes. Um, so. I mean, there's always pressure because you, you, uh, we want to do, everyone wants to like things correctly and wants to provide the best intelligence possible. Uh, and at the end, you, you must be ready. You need a process. You have to develop a process previously and know exactly what, what you want to do.
And then, uh, just run like sometimes you just have to run because you have to, uh, report something. Uh, that's going on and maybe it, you don't have even time to write it, but you have to call someone and say, Hey, this is, this is going on or this is going to happen. Uh, what we mostly do is, is, uh, we wake up, let's say in the morning and then we, we prepare a specific report for that specific or that day.
Uh, and then we, we just every [00:08:00] day that happens, for example, if we have an event specific event, a certain place, uh, which is report, uh, interesting facts, uh, regarding what's going on on that day, next day, we, we do the same and, and we send this type of information, uh, let's say, uh, in the afternoon, uh, so that our clients or, or the people we're, uh, We're working with, uh, have this information and then they can, uh, go back, review what's, what went on, what, what was happening, and then more or less, uh, understand like the full context.
Of the, of the event.
Aubrey: Um, I wanna shift gears a little bit because to talk about your academic career, 'cause you're also a professor of cyber intelligence. Um, what kind of techniques are you teaching to your students?
Alex: We start with basic techniques because, uh, [00:09:00] even though these, these students are, are gonna be private investigators or security directors, uh, at some point, uh, there's, I, they don't know a lot about those things.
Uh, so we start with the basics. Uh, let's say we start explaining different, uh, internet levels, what's a deep web, what's a dark web, what's a surface web, uh, then understanding the importance of OPSEC, protecting yourself, not showing information. If you're, you're doing an investigation, you have to protect yourself, uh, Absolutely.
And then we start with Google dogs, how basic techniques to find information, basic tools, we pivot them to social media, how to investigate different social media platforms. And and then we're monitoring geolocation. There are different elements that are very commonly noticing and we try to. Touch all of them in a basic [00:10:00] way, but it's, it's a good way to get started.
And then, uh, for sure, what, what I do a lot is just share, uh, different people that, like on Twitter, only, LinkedIn, uh, these people that share a lot of knowledge, I, I teach them, I let them know that there, there's a lot of value on the internet and they can learn by themselves. Uh, many things.
Shannon: In your, in your courses, are there any tools that you focus on or open up to your students, or is it really more about the techniques?
I know you mentioned SAMdesk and some other ones earlier that seem to be relevant to executive protection side of things.
Alex: I did teach them how to use Martigo. Uh, I believe it's one of the most typical tools, and also you can integrate a lot of different, uh, third party tools to the platform. So it's a good way to start.
[00:11:00] Um, and it depends, of course, these are paid tools. So we don't. We don't rely a lot on them, uh, while we're teaching, but, um, we, we did, well, different resources, databases, um, we have like specific Linux tools that also are helpful or, or, or just, for example, if you want to search a user name, we use, uh, what's my name up.
You want to, um, depending on all, what type of, well, depending on. Through the course we reveal different tools. I always like and that's like a difference. I've seen with other courses or trainings. I like to touch on paid tools, such as Authenticate, Silo, Social Links, Shadow Dragon, all of these tools, because They are [00:12:00] becoming more and more advanced, and you can rely on them, uh, in a way that you cannot rely on, on free tools.
Uh, so at least, even though it's hard to teach them how to use them, because you, We need a trial or something at least, uh, so that they know what's going on out there. What are these professional companies, big companies, uh, doing, uh, so that whenever they want to find a job or, or just work, uh, in the intelligence field, they, they at least know that we have this, uh, I
Shannon: think, you know, a tool, like you said, it always depends.
It depends on what you're researching, if it's relevant or not, how you're going to leverage it, knowing how to leverage it. Again, kind of getting back to the time crunch of executive protection, but there's essentially a time crunch on all sorts of OSINT investigations. Everybody's giving you a deadline to get this information in so it can be [00:13:00] utilized.
How are you mixing tools, automation? Tradecraft, your own skills. What is, what is the mix of that look like again in this kind of pressurized environment?
Alex: I, what we, what we try to do is just develop a process, like a system for which we can automate as much as possible. Of course, then you have to analyze this information, verify it's real information, and you have to review everything before you send something to your client because it's important.
Okay. Uh, but we try to automate everything so that, because maybe we're handling five cases at the same time. Uh, you talk about pressure, but, uh, I have one client here that, uh, is asking me for one thing. And then, uh, I have calls from another client, uh, and completely different investigations and situations.
So you have to try to [00:14:00] develop a system in which you automate as much as possible, but also, uh, try to analyze and verify all this information, uh, because. So you have to, for sure, you have to, uh, anytime you give information, well, intelligence to your clients, this has, this has to be reliable information.
Aubrey: Um, since you, you know, work with students and, you know, people really early in their career, is there any advice you want to give at that stage for people who want to pursue a career in OSINT or cyber? Um,
Alex: yes, I, I will say, I will tell them first, we understand posing is a very big discipline. So just try to focus your attention, whatever you like the most.
And also I, I believe that everyone in nursing at some point has learned by [00:15:00] themselves, right? They just, there's a lot of information out there about those in how to things, how to use this techniques, how to use this, uh, these tools. And, and just try to learn as much as possible because this is, hosting is changing all the time.
And, and you must be updated if you want you to be a, a good professional.
Aubrey: Well, thank you again so much for joining us. It was great talking to you.
Alex: Thank you.
Aubrey: And thanks to our audience for listening today. You can view transcripts and other episode info on our website, including where to find Alex at authentic eight.
com slash needle stack. That's authentic with the number eight. com. And then be sure to let us know your thoughts on X formerly Twitter, blue sky at needle stack pod, and to like, and subscribe wherever you're listening today, we'll see you next time.
Alex: Thanks. It's been my [00:16:00] pleasure.