Here’s an interesting conversation with one of the blog readers and OSINT community contributors – somebody who has broad experience working in cybersecurity and cyber threat intelligence. Previously, Jeremy made a decent contribution to the article on forums related OSINT. He is also the author of the Cyber HUMINT manual – which he kindly agreed to share here.
How do you introduce yourself / describe what you do?
My name is Jeremy Makowski, I am 35 years old. I am a cyber crime and terrorism intelligence expert. I am also a former Cyber Intelligence Officer from the Israel National Police and from the Israel Defence Forces.
I have more than 10 years of experience in Cyber Threat Intelligence and I have worked in a variety of environments including academia, high tech, military, and law enforcement. My academic background includes a BSc in cyber security that I did in France and a MA in International Security from the UK.
As a cyber intelligence expert I am working on the strategy, collection, research and analysis of a variety of cyber threats issues (cyber-crime, hacktivism, cyber terrorism and APTs). I also work on leading OSINT investigations / cyber HUMINT operations within the deep web and dark web environments.
I have trained many civilian analysts as well as Military and Law Enforcement Officers on conducting deep & dark web investigations, cyber intelligence collection and cyber HUMINT operations.
Although we are not related, I have to ask about the surname. Do you have Polish ancestors?
No, indeed we are not related but we have the same surname which for me was also a funny surprise. Yes, I have Polish origins and I am French and Israeli.
Do you remember your beginnings in OSINT and information security overall?
Yes, I started my career in the information security field after my first degree. I worked a couple of years on the cyber defensive side until I realised that I was more attracted by the intelligence aspects. I then started to make a shift in my career to be more focused on threat intelligence issues.
What can you say about using OSINT during your career in the Israeli military and later in government jobs?
OSINT is not new to the world. However, during these last 15 years it has developed considerably with the expansion of the cyberspace and the emergence of multiple new sources like social networks, forums, discussions boards, as well as encrypted messaging applications.
As I experienced during my military and police service, OSINT is useful because it makes it possible to obtain information available on the Internet without a heavy investment or subpoena process. All you need is to spend time on what is already publicly available, which in itself can be very useful during any investigation.
How hard is it to get a job within the cyber police in Israel? Does OSINT help? What else would you consider relevant skills and knowledge?
I think that like in most of the countries in the world, getting a cyber job within a law enforcement agency is not simple. In some countries you must start from the beginning as a patrol officer for a few years before you can apply for more advanced position like cyber investigator. When I joined the Israeli Police, I already had a strong background in cyber intelligence and thus was seen as a professional with extra qualifications and value.
To join a cybercrime law enforcement agency, it is always best to have some technical background, as cybercrime investigation and intelligence requires a deep understanding of the cyberspace, its communities and clientele, and the different techniques used by people operating there.
I assume the threat intelligence landscape is different in Israel than it is in Europe? What would you say the main differences are?
While most developed countries face similar cyber threats, these threats sometimes differ from one country to another depending on the geopolitical, military, or economic context. Israel faces many common cyber threats like other countries in Europe and elsewhere in the world, but in addition to the threats of cyber espionage and cyber criminals, Israel also faces frequent cyber-attacks from terrorist organisations or from countries that are hostile to it.
What made you leave the government sector?
I simply decided to leave because I wanted to continue to develop my career and turn to other horizons while remaining in the same field of work. And as you might know, this is not always possible in government roles.
What kind of OSINT do you focus on the most nowadays?
Today, I guess like many professionals in the field, I focus my OSINT activities on the collection and analysis of different cyber threats such as phishing and cyber-attacks campaigns, threat actors’ profiles, fraud and scam activities and more…
What are the tips you would give to people only starting out in cybersecurity?
First, I would tell them to look at the entire spectrum of cybersecurity, including offensive and intelligence, to get the big picture and understand the function of each of these areas and how they relate each other.
A good defence requires good intelligence on the various threats around us. When working in cybersecurity, it is important to have an overview of cyber threats. For me it is very difficult to work in cyber security if you do not understand the process of an attack and the intelligence that precedes it.
Since the beginning of my cyber intelligence career, I have seen many cyber security experts focusing on the protection of their infrastructures, implementing multiple security systems but ignoring or neglecting intelligence on the different threats that surround them – like vulnerabilities affecting the systems they use and that allow different threat actors to target them.
What are your favourite learning resources? And how do you keep your skills and knowledge relevant?
I am constantly learning and striving to develop my knowledge and skills as cyber threats are constantly changing and increasing. Moreover, cyber criminals and other threat actors being constantly on the lookout for flaws and new methods of attack, it is vital to stay informed and to know the latest threats and techniques developed and used by threat actors.
I gain knowledge from different sources like blogs, academic publications, companies and governments threat intelligence reports. I am also following various researchers and cyber experts on Twitter. The list is long.
I want to ask about your view on paid training, certificates, formal academic education. How useful or helpful is all that in your career?
Certifications and professional trainings are useful and good at all levels. However it is important to choose the right one according to your objective.
For the past 10 years more and more universities around the world have been offering cyber security programs at undergraduate and graduate levels, which according to me is a great thing as the need of people in the cyber security and cyber intelligence fields is growing every day.
Beside my first degree in cyber security, I took several cyber intelligence courses in different public and private institutions in Israel and was trained on cyber crime by the FBI in 2019.
Are you part of any OSINT communities that you could recommend?
I am not part of OSINT communities, but I know that they are many OSINT communities or specialists that are good to follow. Among them personally recommend the following ones (apart from this blog of yours):
What resources would you recommend for OSINT in the Arabic language?
There are some search engines in Arabic like Yamli or Eiktub, but I personally find that they are not as effective as Google Arabic or Google in different Arabic countries. I would also tend to recommend using Google dorks for research on Arabic sites.
Generally speaking, Arabic focused research does not differ hugely from regular OSINT – like with performing research on known social networks that are universally popular, such as Whatsapp, Instagram, Facebook… It’s down to identifying specific groups and communities where you can find interesting information depending on what you are looking for.
Can you share a story of an OSINT / opsec fail – and how that ended for you?
When I started in the cyber intelligence field, I remember that I was looking to gather intelligence on a hacking forum and one of my mistakes at that time was logging into the same forum with two different avatars but without noticing that I was using the same IP address. As a result, I got banned from that forum. It is a basic error that taught me to always pay attention to my opsec features.
A basic rule of opsec is to always compartmentalize things. One address per avatar using TOR or VPN / Proxy. Today, even with 10+ years of experience, I make sure that my opsec meets all security requirements. Whenever I lecture on cyber intelligence to professionals or students, it’s something I always emphasise strongly.
Looking back at your career to date, is there anything you would have changed or done differently?
When you look back at your career, there are always things you think you could have done differently or better. Personally, if I could go back, I think I might have had to train myself earlier in cyber intelligence and OSINT techniques, but on the other hand, gaining computer security experience allowed me to understand a lot of things about how systems work, as well as security policies.
Apart from that, I do not regret anything because as I mentioned before, I was able to practice cyber intelligence in various professional environments which allows me to see and approach it from all angles.