Intelligence Tradecraft - Sharpen your analytic edge

From UK Defense intelligence, Warning Intelligence, and IEDs, to Private Sector Intelligence - Interview with Will Woodall (S2E4)

1 h 17 min · 8. apr. 2026
episode From UK Defense intelligence, Warning Intelligence, and IEDs, to Private Sector Intelligence - Interview with Will Woodall (S2E4) cover

Beskrivelse

Summary Will Woodall shares his 14-year journey through intelligence roles in the UK government and transitioning to private sector intelligence. He explains motivations for leaving government (slow recruitment and limited recognition), contrasts public vs private sector work, and emphasizes core intelligence methodology: the yardstick/estimated probability language, source evaluation and confidence, structured analytical techniques, and clear writing and delivery tailored to customers. In the interview. Will and Freddy debate what distinguishes information from intelligence, how to measure intelligence program value through customer action and feedback, challenges like expert bias and stakeholder alignment, and how AI/LLMs can help with volume and practical tasks but require validation and human questioning. He advises aspiring analysts to pursue analytical subjects, develop domain expertise, and learn core intelligence components. Resources Extrac AI - https://www.extrac.ai/index.html [https://www.extrac.ai/index.html] SANS Admiralty Scale blog post 1 - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system [https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system ] SANS Admiralty Scale blog post 2 - https://www.sans.org/blog/admiralty-code-part-2-ticketmaster-data-breach-claims [https://www.sans.org/blog/admiralty-code-part-2-ticketmaster-data-breach-claims] LinkedIn Post on what makes something intelligence - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m [https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m] King's College London, the Intelligence Studies Program - https://www.kcl.ac.uk/study/postgraduate-taught/courses/intelligence-and-international-security-ma/teaching [https://www.kcl.ac.uk/study/postgraduate-taught/courses/intelligence-and-international-security-ma/teaching] Structured Analytic Techniques (SATs) Training - https://inteltradecraft.com/sat-certifications [https://inteltradecraft.com/sat-certifications] Analytic standards ICD203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf [https://www.dni.gov/files/documents/ICD/ICD-203.pdf] PHIA UK Analytic Standards - https://www.gov.uk/government/publications/phia-common-analytical-standards/phia-common-analytical-standards [https://www.gov.uk/government/publications/phia-common-analytical-standards/phia-common-analytical-standards] LinkedIn Freddy M - https://www.linkedin.com/in/fmurre/ [https://www.linkedin.com/in/fmurre/] LLMs getting worse - https://royalsocietypublishing.org/rsos/article/12/4/241776/235656/Generalization-bias-in-large-language-model [https://royalsocietypublishing.org/rsos/article/12/4/241776/235656/Generalization-bias-in-large-language-model] Chapters 00:00 Introduction to Intelligence and Personal Journey 07:15 Transitioning from Government to Private Sector 11:53 Understanding Intelligence Methodology and Standards 18:59 Defining Intelligence vs. Information 23:27 The Role of AI in Intelligence 31:02 Training and Methodologies in Intelligence 47:06 Challenges in Implementing Intelligence in the Private Sector 54:16 Measuring Success of Intelligence Programs 58:13 Challenges in Applying Intelligence in Organizations 01:02:06 Advice for Aspiring Intelligence Professionals 01:15:50 Influential People and Career Moments 01:17:28 Closing Remarks and Future Outlook This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on July 2nd, 2025 in London, UK.

Kommentarer

0

Vær den første til at kommentere

Tilmeld dig nu og bliv en del af Intelligence Tradecraft - Sharpen your analytic edge-fællesskabet!

Kom i gang

1 måned kun 9 kr.

Derefter 99 kr. / måned · Opsig når som helst.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

Alle episoder

15 episoder

episode The librarian who founded modern OSINT: Sources, tradecraft & AI - Interview with Arno Reuser (S2E8) cover

The librarian who founded modern OSINT: Sources, tradecraft & AI - Interview with Arno Reuser (S2E8)

If you've ever read a text or sat in a briefing and quietly wondered what actually separates this "intelligence" from someone's hot take on LinkedIn, a journalist with a deadline, an analyst with a search bar, or an AI, this episode is for you. The host, Freddy Murre, sits down with Arno Reuser, the man who founded the Dutch Defence Intelligence Service's open-source intelligence (OSINT) capability in the early 1990s, before most of Europe had a word for it. What follows is less an interview than a working argument about how OSINT should actually be done, and where the field has gone soft. Arno doesn't mince words. He'll tell you the "information explosion" everyone complains about is just proof you skipped your stakeholder and requirement analysis. That most of what gets sold as OSINT is the word "OSINT" stapled to “everything”, such as tools. That he has, by deliberate choice, never written an analytical judgment in his life, and why that line between collection and analysis matters more than people think. For anyone who's argued about what counts as OSINT versus PAI (Publicly Available Information), or where collection ends and all-source begins, this is the debate you want to engage with. Along the way: the librarian's discipline, he says, underpins all good intelligence work, the collection plan he calls "worth gold," the classroom trick thousands of students have failed, and a run of war stories from his teachings, such as a prison break by email to a deepfake that fooled cyber experts who personally know him. The back half takes on two problems every practitioner is living with right now. How do you put a value on intelligence when the same report is priceless to one decision-maker and useless to the next? And what is AI actually good for? Arno uses LLMs daily and is genuinely amazed by them, but only for things he can verify. He and Freddy get specific on hallucinations, sycophancy, model collapse, and the difference between a real summary and a machine that just shortens the text and deletes the one sentence that mattered. RESOURCES Maersk Website - https://investor.maersk.com/news-releases/news-release-details/cyber-attack-update [https://investor.maersk.com/news-releases/news-release-details/cyber-attack-update] Dutch Police Data Breach - https://www.politie.nl/nieuws/2024/oktober/2/update-over-datalek-politie.html [https://www.politie.nl/nieuws/2024/oktober/2/update-over-datalek-politie.html ] When does something go from a Google answer to Intelligence - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m/ [https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m/] LexisNexis Library - https://www.lexisnexis.com/en-us/products/digital-library.page [https://www.lexisnexis.com/en-us/products/digital-library.page] Vague questions in OSINT - https://opensourceintelligence.biz/vague-osint-questions/ [https://opensourceintelligence.biz/vague-osint-questions/] Structured Analytic Techniques (SAT) Training - https://inteltradecraft.com/sat-certifications [https://inteltradecraft.com/sat-certifications] Pherson Structured Analytic Techniques for Intelligence Analysis - https://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/150636893X/ [https://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/150636893X/] Routledge Handbook of Terrorism Research - https://www.routledge.com/The-Routledge-Handbook-of-Terrorism-Research/Schmid/p/book/9780415520997 [https://www.routledge.com/The-Routledge-Handbook-of-Terrorism-Research/Schmid/p/book/9780415520997] AI Model Collapse - https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&q=AI+model+collapse&btnG= [https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&q=AI+model+collapse&btnG=] CHAPTERS 00:00 From literature searcher to founding military OSINT 04:00 Becoming a librarian: the Kampen archive moment 08:00 Where OSINT stops and intelligence begins 11:00 Why "cyber" keeps getting OSINT wrong 15:00 What actually makes something "intelligence"? 24:00 The information explosion myth 32:00 The classroom trick: think before you type 36:00 The collection plan that's "worth gold" 42:00 The human factor cyber keeps ignoring 45:00 War stories: validation and getting fooled 51:00 Learning the craft: sources, sources, sources 55:00 Customers ask for what they think you can do 01:08:00 Can you measure the value of intelligence? 01:11:00 AI and LLMs: amazed but skeptical 01:32:00 Deepfakes, the NATO photo & "how likely is it?"

I går1 h 37 min
episode From Dutch Military Intelligence to Private Sector Cyber Threat Intelligence (CTI) - Interview w/Martijn (S2E7) cover

From Dutch Military Intelligence to Private Sector Cyber Threat Intelligence (CTI) - Interview w/Martijn (S2E7)

SUMMARY Former military intelligence analyst turned consultancy director Martijn Docters van Leeuwen joins Freddy Murre to unpack what cyber threat intelligence really is, and why so many teams "talk the talk" without "walking the walk", i.e. doing the work. Martijn Docters van Leeuwen has done the whole journey, infantry, military intelligence, stopping ATM skimming and gas attacks in the Netherlands, to building a bank's first CTI team, and now being a cybersecurity consultant. So when he talks about CTI being a tradecraft and not a report that magically lands in your inbox, he's not theorizing. He's been the only analyst in the room wearing all seven hats, the guy getting asked "why does this cost so much?", the one trying to prove value in the six quiet months when nothing's on fire. We get into the stuff analysts actually argue about: why most teams are great at talking the talk and bad at doing it, the trap of living in your own little football field while the business has no idea what you do, how people game their own metrics to manufacture a crisis, and where AI genuinely helps versus where it's just a confident liar with no fingers. Threat vs. risk, mirror imaging, incident-driven vs. intel-driven, and the brutal truth that training does nothing if you walk out the door and never apply it. If you do this work, or you're trying to convince someone it's worth doing, pour a coffee and settle in. RESOURCES Structured Analytic Techniques (SAT) Certification Training by Intel Tradecraft and Pherson - https://inteltradecraft.com/sat-certifications Intelligence Mind Map - https://github.com/Errum/IntelArchitectureMap When does something go from a Google answer to Intelligence - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m/ Mitre Att@ck - https://attack.mitre.org/resources/attack-data-and-tools/ Mark Arena - CTI: Comparing the incident-centric and actor-centric approaches - https://medium.com/@markarenaau/cyber-threat-intelligence-comparing-the-incident-centric-and-actor-centric-approaches-f20cfba2dea2 ASML The world's supplier to the semiconductor industry - https://www.asml.com/en SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence TIBER European Central Bank - https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html Freddy's resources on SANS - https://www.sans.org/profiles/freddy-murstad#resources The intelligence cycle - https://github.com/Errum/IntelArchitectureMap Basic cyber-hygiene guidance from CISA - https://www.cisa.gov/topics/cybersecurity-best-practices NSM ICT Security Principles - https://nsm.no/advice-and-guidance/publications/nsm-ict-security-principles SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence Obsidian (note-linking/mind-mapping for research) - https://obsidian.md/ CTI-CMM - https://cti-cmm.org/ CREST - https://www.crest-approved.org/ Google Notebook LM - https://notebooklm.google/ Intelligence minor, Leiden University - https://www.universiteitleiden.nl/en/education/minors/minor/fgga-minor-intelligence-studies Heuer & Pherson Structured Analytic Techniques for Intelligence Analysis - https://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/150636893X/ CHAPTERS 00:00 Introduction & from military intel to CTI 08:30 Building a bank's first CTI team 15:00 What is intelligence — and what is CTI? 26:00 Talking the talk vs. doing the work 35:00 Incident-driven vs. intelligence-driven CTI 46:00 Tradecraft, methodology & pricing CTI work 53:00 Collection, analysis & tailoring reports 01:04:00 Mirror imaging & understanding threat actors 01:08:00 Measuring the value of a CTI program 01:19:00 Threat vs. risk: capability, intent & opportunity 01:24:00 Training intel skills & making it stick 01:36:00 Can AI help us do intelligence better?

17. juni 20261 h 42 min
episode Lessons from a Former US Navy Collector - Joe Slowik on intelligence tradecraft and AI in CTI (S02E06) cover

Lessons from a Former US Navy Collector - Joe Slowik on intelligence tradecraft and AI in CTI (S02E06)

In this episode of Intelligence Tradecraft, host Freddy Murre sits down with Joe Slowik, a threat intelligence veteran whose career spans the US Navy, Los Alamos National Laboratory, MITRE, and the vendor world (Dragos, DomainTools, Gigamon, Huntress, and now DataMinr). In the conversation, Joe makes the case that intelligence is fundamentally about decision support, not raw data feeds or research written for other analysts. He and Freddy dig into what separates good reporting from bad, why stakeholder alignment and rigor (ICD 203, clear separation of fact vs. assessment) matter, and when a "flash report" beats a polished deep-dive. They also tackle the attribution debate — how-centric vs. who-centric attribution, the mess of overlapping naming schemas (APT10 vs. APT31, the Visma case), and why "trust us, we're Microsoft" isn't tradecraft. Joe explains the thinking behind his Applied Threat Intelligence training and the gap it was built to fill. The back half turns to AI: where LLMs genuinely help (research, scripting), where they're dangerous (cognitive offloading, model decay, drying up the junior-to-senior pipeline), who's accountable for AI-generated output, and how threat actors are using these tools, from better phishing to voice cloning. Joe's bottom line for newcomers: critical thinking, communication, and curiosity come before any prompt-engineering skill. Resources Joe Slowik's LinkedIn - https://www.linkedin.com/in/joe-slowik/ [https://www.linkedin.com/in/joe-slowik/] Joe Slowik's Blog and Courses - https://paralus.co/ [https://paralus.co/] Freddy' Structured Analytic Techniques (SAT) Training - https://inteltradecraft.com/sat-certifications [https://inteltradecraft.com/sat-certifications ] Los Alamos National Laboratory - https://www.lanl.gov/ [https://www.lanl.gov/] NIST Cyber Threat Intelligence definition - https://csrc.nist.gov/glossary/term/cyber_threat_intelligence [https://csrc.nist.gov/glossary/term/cyber_threat_intelligence] CTI used in books (Google Search) - https://books.google.com [https://books.google.com/ngrams/graph?content=Cyber+threat+intelligence&year_start=2000&year_end=2022&corpus=en&smoothing=3&case_insensitive=false ] APT 1 Report - https://services.google.com/fh/files/misc/mandiant-apt1-report.pdf [https://services.google.com/fh/files/misc/mandiant-apt1-report.pdf ] Moonligh Maze on Wikipedia - https://en.wikipedia.org/wiki/Moonlight_Maze [https://en.wikipedia.org/wiki/Moonlight_Maze] SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence [https://www.sans.org/cyber-security-courses/cyber-threat-intelligence] ICD 203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf [https://www.dni.gov/files/documents/ICD/ICD-203.pdf] MLitt in Terrorism and Political Violence - https://cstpv.wp.st-andrews.ac.uk/masters-in-terrorism-and-political-violence/ [https://cstpv.wp.st-andrews.ac.uk/masters-in-terrorism-and-political-violence/ ] Routledge Handbook of Terrorism Research - https://www.routledge.com/The-Routledge-Handbook-of-Terrorism-Research/Schmid/p/book/9780415520997 [https://www.routledge.com/The-Routledge-Handbook-of-Terrorism-Research/Schmid/p/book/9780415520997 ] APT Groups and Operations Rosetta Stone (not mine) - https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit?pli=1&gid=1864660085#gid=1864660085 [https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit?pli=1&gid=1864660085#gid=1864660085 ] Structured Analytic Techniques (SAT) Training - https://inteltradecraft.com/sat-certifications [https://inteltradecraft.com/sat-certifications ] Tradecraft Primer: SATs - https://www.cia.gov/resources/csi/static/Tradecraft-Primer-apr09.pdf [https://www.cia.gov/resources/csi/static/Tradecraft-Primer-apr09.pdf ] An Illustrated Book of Bad Arguments - https://bookofbadarguments.com/ [https://bookofbadarguments.com/ ] Weston's Rulebook for Arguments - https://hackettpublishing.com/philosophy/logic-mathematics/critical-thinking/a-rulebook-for-arguments-group [https://hackettpublishing.com/philosophy/logic-mathematics/critical-thinking/a-rulebook-for-arguments-group ] Joe's Critique of Practical Threat Intelligence - https://pylos.co/2026/05/03/a-brief-critique-of-practical-threat-intelligence/ [https://pylos.co/2026/05/03/a-brief-critique-of-practical-threat-intelligence/ ] Cognitive Offloading - https://sistemasi.ftik.unisi.ac.id/index.php/stmsi/article/view/6180 [https://sistemasi.ftik.unisi.ac.id/index.php/stmsi/article/view/6180 ] OpenAI Research - https://openai.com/research/index/ [https://openai.com/research/index/] Chapters 00:00 Intro and Joe's career path 06:11 The Evolution of Cyber Threat Intelligence and intelligence 15:05 Rigor, reporting, & attribution 29:50 The Relevance of Intelligence in Incident Response and CTI 47:09 Building & measuring a CTI function 01:00:13 Training teams (and why it doesn't stick) 01:07:37 Integrating LLMs in Intelligence Work 01:19:50 Skills for the Future of CTI

4. juni 20261 h 30 min
episode From US Army Intelligence to Private Sector Intelligence Advisor - Interview with Jeremy Levin (S02E05) cover

From US Army Intelligence to Private Sector Intelligence Advisor - Interview with Jeremy Levin (S02E05)

In this interview, Jeremy Levin shares his journey into US Army intelligence and subsequent move into private sector intelligence. Jeremy has extensive experience in intelligence analysis, training, and management, emphasizing the importance of adaptable skills, continuous learning, and effective team utilization in the field. Jeremy Levin accidentally entered military intelligence in the mid-90s by joining the U.S. Army intelligence. He served nearly 30 years in various government intelligence roles and as a contractor. After moving into the private sector he founded Questimation (“Better decisions discovered”) to teach thinking, analytic methods, and explore more objective calibration of qualitative probabilities. This in-depth interview explores the challenges and opportunities in intelligence analysis, focusing on metrics, training, AI integration, and the mindset needed for future success. Discover how to measure impact, foster analyst development, and adapt to technological advances. Resources and references mentioned Questimation - https://www.questimation.com/ Julia Galef - The Scout Mindset - https://www.amazon.com/Scout-Mindset-Perils-Defensive-Thinking/dp/0735217556 IARPA Reason Project for AI in Analysis - https://www.iarpa.gov/research-programs/reason US Intelligence Standards ICD 203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf UK Intelligence Standards - https://www.gov.uk/government/publications/phia-common-analytical-standards/phia-common-analytical-standards New Zealand Code of Ethics - https://nziip.org.nz/code-of-ethics/ Chapters 00:00 Meet Jeremy Levin 07:52 Contractor Life and 9/11 22:43 Going Independent and forming Questimation 30:30 What Counts as Intelligence 35:22 Analyst Tasks and Management 41:53 Value of Warning and Training 57:51 Metrics Drive Output 01:02:20 Measuring Intelligence Value 01:12:00 Defining Success Metrics 01:22:18 Analytic Standards Matter 01:25:48 AI and Tradecraft Future 01:48:10 Mentors and Closing This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on July 2nd, 2025 in London, UK. #intelligenceagencies #intelligenceanalysis

22. apr. 20261 h 50 min
episode From UK Defense intelligence, Warning Intelligence, and IEDs, to Private Sector Intelligence - Interview with Will Woodall (S2E4) cover

From UK Defense intelligence, Warning Intelligence, and IEDs, to Private Sector Intelligence - Interview with Will Woodall (S2E4)

Summary Will Woodall shares his 14-year journey through intelligence roles in the UK government and transitioning to private sector intelligence. He explains motivations for leaving government (slow recruitment and limited recognition), contrasts public vs private sector work, and emphasizes core intelligence methodology: the yardstick/estimated probability language, source evaluation and confidence, structured analytical techniques, and clear writing and delivery tailored to customers. In the interview. Will and Freddy debate what distinguishes information from intelligence, how to measure intelligence program value through customer action and feedback, challenges like expert bias and stakeholder alignment, and how AI/LLMs can help with volume and practical tasks but require validation and human questioning. He advises aspiring analysts to pursue analytical subjects, develop domain expertise, and learn core intelligence components. Resources Extrac AI - https://www.extrac.ai/index.html [https://www.extrac.ai/index.html] SANS Admiralty Scale blog post 1 - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system [https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system ] SANS Admiralty Scale blog post 2 - https://www.sans.org/blog/admiralty-code-part-2-ticketmaster-data-breach-claims [https://www.sans.org/blog/admiralty-code-part-2-ticketmaster-data-breach-claims] LinkedIn Post on what makes something intelligence - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m [https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m] King's College London, the Intelligence Studies Program - https://www.kcl.ac.uk/study/postgraduate-taught/courses/intelligence-and-international-security-ma/teaching [https://www.kcl.ac.uk/study/postgraduate-taught/courses/intelligence-and-international-security-ma/teaching] Structured Analytic Techniques (SATs) Training - https://inteltradecraft.com/sat-certifications [https://inteltradecraft.com/sat-certifications] Analytic standards ICD203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf [https://www.dni.gov/files/documents/ICD/ICD-203.pdf] PHIA UK Analytic Standards - https://www.gov.uk/government/publications/phia-common-analytical-standards/phia-common-analytical-standards [https://www.gov.uk/government/publications/phia-common-analytical-standards/phia-common-analytical-standards] LinkedIn Freddy M - https://www.linkedin.com/in/fmurre/ [https://www.linkedin.com/in/fmurre/] LLMs getting worse - https://royalsocietypublishing.org/rsos/article/12/4/241776/235656/Generalization-bias-in-large-language-model [https://royalsocietypublishing.org/rsos/article/12/4/241776/235656/Generalization-bias-in-large-language-model] Chapters 00:00 Introduction to Intelligence and Personal Journey 07:15 Transitioning from Government to Private Sector 11:53 Understanding Intelligence Methodology and Standards 18:59 Defining Intelligence vs. Information 23:27 The Role of AI in Intelligence 31:02 Training and Methodologies in Intelligence 47:06 Challenges in Implementing Intelligence in the Private Sector 54:16 Measuring Success of Intelligence Programs 58:13 Challenges in Applying Intelligence in Organizations 01:02:06 Advice for Aspiring Intelligence Professionals 01:15:50 Influential People and Career Moments 01:17:28 Closing Remarks and Future Outlook This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on July 2nd, 2025 in London, UK.

8. apr. 20261 h 17 min