The Human IOC: Why Security Professionals Struggle with Social Vetting
Applying SOC-level rigor to the rumors, politics, and ‘human intel’ can make or break a security team. During my years working in Security Operations, we were very careful to vet anything that came our way.
Vetting Information vs Vetting People
We vetted sources, intelligence, IOCs, TTPs (tactics, techniques, and procedures), and other information as well. However, when we hear information, and especially negative information, about people or organizations, most of us don’t vet it rigorously at all.
For example, we might hear a rumor about a colleague or a vendor, and we immediately start thinking negatively about them without asking any questions. Meanwhile, if we were to receive a similar rumor about a potential security threat, we would thoroughly investigate it before taking any action.
Consequences of Not Vetting Information
The consequences of not vetting information about people or organizations can be severe. Additionally, it can lead to false positives, wasted resources, and damaged relationships. Therefore, it is essential to apply the same level of rigor to vetting people and organizations as we do to vetting information.
Moreover, we should consider the source of the information and their motivations. Are they trying to manipulate us or do they have a hidden agenda? Furthermore, we should review the history of the person or organization and their past behavior.
Techniques for Vetting People and Organizations
So, how can we vet information, and in particular negative information, about people or organizations? Here are a few techniques that can be employed:
- Ask questions: When someone is sharing the truth with us, they won’t mind at all if we have a few questions and/or want to clarify a few things.
- Ask for evidence: If a person or organization has indeed done whatever it is they are being accused of, shouldn’t there be evidence of that?
- Approach the targeted person or organization directly: It amazes me that more people don’t simply approach the targeted person or organization directly when confronted with unfavorable information.
- Consider the source: Is the source always the victim in their stories? Does the source always seem to talk about others, rather than focusing on the topic or task at hand?
- Review history: Has the targeted person or organization produced good results for you in the past?
Finally, vetting people and organizations takes effort and may go against our nature, but it is generally well worth the effort. Just like information, people and organizations need to be properly vetted. If they aren’t, there can be serious consequences for a security team.
Conclusion
In conclusion, social vetting is a critical aspect of security teams. By applying the same level of rigor to vetting people and organizations as we do to vetting information, we can avoid false positives, wasted resources, and damaged relationships. Therefore, it is essential to make social vetting a priority in our security operations.
Meanwhile, we should continue to educate ourselves on the importance of social vetting and the techniques for doing so. Additionally, we should encourage our colleagues and peers to do the same. Finally, we should always remember that social vetting is an ongoing process that requires continuous effort and attention.
FAQs
- What is social vetting, and why is it important in security teams? Social vetting is the process of thoroughly investigating and evaluating people and organizations to determine their credibility and trustworthiness.
- How can we vet information about people or organizations? We can vet information by asking questions, asking for evidence, approaching the targeted person or organization directly, considering the source, and reviewing history.
- What are the consequences of not vetting people and organizations? The consequences of not vetting people and organizations can be severe, including false positives, wasted resources, and damaged relationships.
- How can we make social vetting a priority in our security operations? We can make social vetting a priority by educating ourselves on the importance of social vetting and the techniques for doing so, and by encouraging our colleagues and peers to do the same.
- What is the role of social vetting in preventing security threats? Social vetting can play a critical role in preventing security threats by helping to identify and mitigate potential risks and vulnerabilities.








