OSINT Symposium Day 2

Sept 18-19 2025
https://www.osintsymposium.com
https://www.osintsymposium.com/2025-agenda

The Chatham House Rule applies

DAY 2

The Illegal Empire, Business is Booming

This presentation will not be recorded
Hayley Van Loon, Crime Stoppers International

The Illegal Empire refers to a global network of illicit economies—from environmental crime and drug trafficking to human exploitation and financial crime. This session explores how OSINT is being used to support the Stop the Illegal Empire campaign by tracing financial flows, connecting crime types and enabling more agile, international disruption efforts.

Here’s a structured summary of the Hayley Van Loon transcription, along with some striking quotes you might find useful:

Hayley Van Loon, CEO of Crime Stoppers International, spoke on the theme “The Illegal Empire – Build Businesses Booming”, showing how OSINT (Open Source Intelligence) can disrupt transnational criminal networks.
She connected the counterfeit goods trade to human trafficking, terrorism, and organized crime, stressing collaboration across sectors and the urgency of intelligence-led action.

Key Points

1. The “Illegal Empire”

• A $4.2 trillion underground economy involving counterfeit goods, human trafficking, illicit tobacco, drugs, and arms.
• Counterfeit sales directly finance terrorism, including the Charlie Hebdo attack (funded by fake sneakers).
• Criminal networks exploit supply chains, shipping containers, and online marketplaces, reinvesting profits into weapons and violence.

2. Role of Crime Stoppers International

• Over 850 programs in 30+ countries, offering anonymous tip platforms since 1976.
• In 2023 alone:
  • 1.7M actionable tips
  • $2.5B narcotics seized
  • 1M+ arrests
  • 1.5M cases cleared
• Their independence (no government funding) enables neutral collaboration with governments, corporations, and NGOs.

3. Case Study – Illicit Tobacco & Trafficking

• Containers of fake cigarettes from Southeast Asia were sent back full of trafficked women and girls (some as young as 9).
• Intelligence came from OSINT + community tips + blockchain tracing + corporate records.
• Resulted in multi-agency raids, seizures, and rescues.

4. OSINT in Missing Persons & Fugitives

• Early intervention with OSINT (within first 24 hours) is critical.
• Example: tracing a missing 16-year-old through digital footprint analysis and social network mapping.
• Advocated for law enforcement to adopt advanced OSINT tools.

5. Technology, Privacy & Policy

• Some powerful tech (e.g., Pornhub’s content-tracing) could aid child exploitation investigations, but privacy laws block its use.
• Hayley criticized political inaction: “Every day it’s not turned on, there’s another victim.”

6. Call to Action

• Announced a global volunteer OSINT army focused on missing persons, fugitives, trafficking, and illicit marketplaces.
• Stressed collaboration over silos: criminals don’t separate activities, so neither should defenders.

Notable Quotes

• “Criminals do not separate their activities into neat categories, so why should we? If they don’t work in silos, neither can we.”
• “Profits from fake Nike sneakers paid for the guns used in the Charlie Hebdo attack.”
• “We were sending empty containers overseas to fill with fake cigarettes, so we decided to fill them with sex slaves for the return journey.” (from trafficker testimony)
• “Fake medicines claim over 250,000 young lives each year.”
• “This pair of shoes cannot have been made for $20 unless somebody in the supply chain is being abused.”
• “The world will not be destroyed by those who do evil, but by those who watch them without doing anything.” – quoting Einstein
• “Each threat we neutralize is a step towards a world where fewer families are torn apart and fewer children exploited.”

——

Applied OSINT for Good: Fusing Intelligence and Operations to Counter Sex Trafficking

Michal (Michele) Block & Liz Bradt, Skull Games

The Skull Games Task Force is an OSINT capability that supports law enforcement with actionable intelligence for counter sex trafficking operations and victim recovery. Using real-world examples, this session explores the evolving role of OSINT in this mission and the value of fusing intelligence with operational execution to drive impact.

https://skullgames.org

Michal Block (Director of Intelligence) and Liz Bradt (Director of Operations) of Skull Games co-presented on “Applied OSINT for Good: Fusing Intelligence and Operations to Counter Sex Trafficking.”
They traced the evolution of Skull Games from a small group of volunteers into a structured OSINT task force that now works closely with law enforcement to disrupt trafficking networks and support victim recovery. Their focus was on lessons learned, sustainable practices, and bridging intelligence with live operations.

Key Points

1. Origins of Skull Games

• Founded in 2020 to apply crowdsourced OSINT against sex trafficking.
• Built around three arms:
• Society (donors/sponsors),
• Experimental (innovation & international expansion),
• Task Force (volunteer OSINT analysts, main operational arm).
• Mission: identify trafficking victims and perpetrators, and assist law enforcement in real-time interdiction.

2. Building the Volunteer Task Force

• Began with 8 volunteers in 2020; grew to 152 participants by Expedition 9 (2023).
• Early challenges: scaling, case volume, and balancing quality vs. quantity.
• Adopted structured team models, after-action reports, and mentorship from Detective Joe Scaramucci (counter-trafficking veteran).

3. Evolution of Operations

• Shifted from passive hunting (providing leads to police) to active hunting (real-time support during live operations).
• Introduced Fusion Cell (Expedition 7, 2023): live case validation ensuring intelligence was accurate, actionable, and legally sourced.
• Integrated lessons from law enforcement operations: Intel must drive operations.

4. The Intel-Operations Fusion

• Stressed the importance of two-way communication with police on-site.
• Compared failures (disjointed comms leading to missteps) with successes (analysts co-located with officers).
• Advocated for acceptance of the “40% solution”—delivering fast, actionable insights rather than waiting for perfect intelligence.

5. Case Example – Real-Time Success

• During one operation, Skull Games identified victims and traffickers within minutes of contact:
  • Confirmed trafficker had a violent criminal record.
  • Identified two victims, who confirmed their situations once law enforcement showed them part of their own story.
• Result: trafficker arrested, children safeguarded, victims received services.

6. Sustainability & Lessons Learned

• Applied frameworks like After-Action Reviews, S-curves, and OODA loops to continuously adapt.
• Recognized that sustainable OSINT requires trust with law enforcement, clear processes, and actionable value.
• Stressed that while law enforcement might someday build their own internal capacity, Skull Games’ role remains vital given resource constraints.

Memorable Quotes

• “Intel drives operations.”
• “We weren’t sitting behind a computer, we were standing next to the team on the ground while the operation was going.” – Liz Bradt on her Special Forces background
• “Who are the two people that will spill the tea on social media? Mom and grandma.” – Michal Block on how they identified a person of interest
• “We need to be okay with the 40% solution.”
• “Words matter. Words have meaning. As analysts we must understand what is valuable to the operation side, and when.”
• “Our solution was to build a process that provides a clear standard of the finish line from the onset.”
• “The goal is to provide sustainable intel of value—ID victims and traffickers before they arrive, so victims get help and traffickers get arrested.”
• “If law enforcement worked us out of a job, I’d be more than happy. That would be amazing. But realistically, I don’t think that’s going to happen.”

——

Scaling Security at Canva

This presentation will not be recorded
Presenter: Niamh Cunningham, Canva
This session explores the challenges and opportunities in scaling security at a fast growing global company - and where intelligence fits. Niamh shares lessons learned in ensuring your approach matches both current and future needs, in an environment that is anything but static.

Niamh Cunningham, Head of Protective Security at Canva, presented on how to build and scale protective security in a fast-growing tech company.
Her talk highlighted the challenges of establishing security in a startup-like environment, the need for creative approaches, and the importance of communication and collaboration across the business. She also explored the role of AI, diverse teams, and networks in building resilience.

Key Points

1. Starting Point at Canva

• Joined Canva in 2023 as the first hire in protective security within a company of 3,000+ staff across 29 countries.
• Found no centralized structure for physical security, limited awareness of threats, and had to both educate leadership and build the function from scratch.
• Cybersecurity was already mature, but physical/protective security lagged behind.

2. Scaling Quickly

• Adopted a “ruthless triage” mindset: focus on the most immediate safety and security risks.
• Leveraged existing networks and processes (e.g., social listening, CTI team, local site response in the Philippines) instead of reinventing everything.
• First hires: operations and risk leads, before bringing in an analyst—prioritized a risk-based approach.

3. Creative and “Scrappy” Solutions

• Borrowed capabilities from marketing monitoring tools and cyber intel teams to bootstrap protective security.
• Used incident reporting systems to reverse-engineer categories for future insights.
• Emphasized early wins by solving high-visibility problems, such as securing Canva Create events.

4. Communication as a Core Skill

• Security is a “cost center” for many businesses; success depends on how well you communicate its value.
• Used visual communication, short-form Slack messages, and Canva’s upbeat style to make security approachable.
• Focused on “so what” analysis and actionable guidance for leadership.

5. Building Enduring Capability

• Advocated for diverse teams (backgrounds in risk, academia, journalism, AFP, retail) to challenge assumptions and avoid groupthink.
• Promoted growth mindsets and comfort with ambiguity in rapidly scaling environments.
• Stressed that perfect solutions aren’t the goal—“presence over perfection” is key in a fast-moving company.

6. Technology and AI

• Canva embraces AI across all functions, including security.
• Niamh sees AI as an accelerator for productivity and creativity, but warned against chasing “shiny toys.”
• Adopted a “human in the loop” approach: people remain accountable for outputs.

7. Networks and Community

• Relies heavily on professional networks for benchmarking, rapid checks, and shared intelligence.
• Views them as essential both for today’s challenges and anticipating tomorrow’s.

Notable Quotes

• “Trying to implement a traditional security framework in a hyper-growth environment is like attempting to mix oil and water.”
• “When there is something that’s working, no matter how it looks, you do not mess with it until or unless you can offer something better.”
• “Fear does not sell at Canva. Building rapport and partnerships became the way for me to influence at speed.”
• “Being able to choose the incident subcategories of your reporting system is a security nerd’s dream. And I am a security nerd.”
• “Perfect today could be irrelevant tomorrow. Instead of perfect, I’m aiming for presence.”
• “Our CTO repeats the mantra: human in the loop. The person directing the AI is responsible for the output.”
• “Diverse backgrounds push you to consider how your program plays into other areas. It makes the output better.”
• “Your network is worth its weight in gold and should be treated as an essential long-term investment.”
• “Embrace imperfection and park your ego at the door.”

——

Mastering the Art of OPSEC & Pushing Frontiers

This presentation will not be recorded
Tony M aka Ginger T, CQCore Solutions

Poor operational security (OPSEC) is one of the fastest ways to derail an OSINT investigation. Discover the hidden risks of exposure, why one-size-fits-all approaches fall short, and how to innovate in OPSEC to protect both your capability and your personal safety.

Tony (also known as Ginger T), founder of CQ Core Solutions and creator of the OSINT Toolbox, presented “Mastering the Art of OSINT.”
His talk centered on the interplay between OSINT and OPSEC (operational security), highlighting how investigators often underestimate their digital footprints and the risks associated with poor tradecraft. He emphasized pragmatism, risk awareness, and tailoring methods to context rather than rigidly following “one size fits all” rules.

Key Points

1. Perception vs. Reality in OPSEC

• What investigators think they’re doing is often very different from what’s actually happening.
• Digital footprints, fingerprinting, and behavioral “DNA” online are always traceable.
• Most practitioners receive little or no formal OPSEC training, instead learning by trial and error.

2. Tailored OPSEC, Not One-Size-Fits-All

• Different missions (short, medium, long-term) require different OPSEC strategies.
• Overly rigid workflows (e.g., always using the same sock puppet build process) risk detection.
• OPSEC must be fluid, dynamic, and contextual—linked to clear tasking, aims, and objectives.

3. Tools, Tradecraft, and Missteps

• VPNs: Not all are equal; free VPNs can be more harmful than helpful. Mobile IPs may look more natural for sock puppets than VPNs.
• Virtual machines & emulators: Platforms like Telegram and WhatsApp can detect them, leading to blocked accounts.
• Browsers & fingerprints: Over-locking privacy settings makes users more unique, not less. Chrome blends in best but may feel like a compromise.
• Search engines: Don’t just default to Google—consider local engines (e.g., Baidu) when investigating specific regions.
• Device signals: Phones, laptops, smartwatches, cars, and even fitness apps (e.g., Strava) can leak location and identity data.
• Social media OPSEC: Even innocuous details (rings, watches, background objects) can compromise anonymity.

4. Risk vs. Reward

• Sometimes the “safer” path (e.g., heavy privacy stack) undermines the OSINT mission by standing out.
• Investigators must balance blending in with protecting themselves, depending on adversary sophistication.
• Hostile actors don’t care about rules — assuming nothing, believing nothing, challenging nothing — so professionals must think adversarially.

5. Building Enduring Capability

• OPSEC mistakes are inevitable; the key is to learn from them, not punish them.
• Awareness of personal OPSEC (social media, emails, out-of-office replies, children’s online activity) is just as critical as professional tradecraft.
• Collaboration between privacy and OPSEC communities enriches OSINT resilience.

Notable Quotes

• “What you think you’re doing is not necessarily what you are doing.”
• “Every contact leaves a trace—in the digital world, it’s no different.”
• “One size does not fit all. Don’t just do the same thing every time without knowing why.”
• “If you’ve never asked yourself why you’re doing what you’re doing from an OPSEC perspective, then you won’t know why your sock puppets are failing.”
• “Fear of standing out online can be as damaging as not protecting yourself at all.”
• “From an OSINT perspective, sometimes Chrome is the best OPSEC tool—not because it’s private, but because it blends in.”
• “Assume nothing, believe nothing, challenge everything… but remember: hostile threats assume what they want, believe what they want, and challenge nothing.”
• “We are all going to make mistakes with OPSEC. The important thing is not to punish people, but to learn and improve.”
• “Your smartwatch, your car, your fitness app—they’re all leaking data. You may be locked down, but your children or your Strava leaderboard will give you away.”

——

(Blurred Lines: Human Judgement & AI Assistance)

Jacob Hunter, OSINT Combine

As AI becomes more embedded in OSINT workflows, the line between human judgment and machine assistance is increasingly blurred. This presentation unpacks the risks of shadow AI, accountability gaps and model agreeableness, and offers analysts and decision-makers practical governance tools and real-world strategies to integrate AI into analytical workflows without compromising integrity.

——

Managing OSINT Toolkits for Operational Sustainability

Ashley Lawson, NexTech Solutions

Explore how organizations can strategically build and manage OSINT toolkits that evolve with a rapidly changing information environment. This session shares practical approaches for assessing tool needs, vetting vendors and maintaining long-term performance to ensure operational sustainability.

Ashley Lawson, Deputy Program Manager at Nextech Solutions, presented on “Managing OSINT Toolkits for Operational Sustainability.”
Her talk provided a blueprint for building, maintaining, and evolving OSINT toolkits in government and commercial environments. She drew on her experience both as a user of intelligence tools and as someone now responsible for procurement, stressing that toolkits should be treated as living ecosystems rather than static purchases.

Key Points

1. Common Problems with OSINT Toolkits

• Redundancy: Overlap of tools that do the same job, wasting budget.
• Obsolete tools: Legacy platforms kept out of habit despite changing missions.
• Underutilization: Tools often have powerful features left unused due to lack of training.
• Procurement missteps: Tools purchased without user input or pilots often fail adoption.
• Lack of measurement: Few organizations track ROI, usage, or mission impact.

2. OSINT Toolkits as Ecosystems

• Must be intentionally designed, maintained, and adapted.
• Success requires clarity on mission, users, workflows, and outcomes.
• Integration planning should begin before contracts are signed, with IT and cyber stakeholders engaged early.
• Sustainability depends on continuous monitoring and willingness to retire tools that no longer deliver value.

3. The ADAPT Framework

A repeatable cycle for toolkit sustainability:
1. Assess – Define mission, requirements, gaps, and user needs.
2. Discover & Align – Identify tools, filter them against workflows and requirements.
3. Analyze Vendors – Vet deeply for data sources, supply chain, compliance, financial stability, and responsiveness.
4. Procure – Pilot tools with real users and workflows, plan for integration and training from the start.
5. Track – Measure adoption, usage, mission impact, and overlap. Retire tools that no longer add value.

4. Lessons Learned

• Failure case: Procured a tool by brand recognition without piloting; it suffered latency, poor features, and low adoption—money lost.
• Success case: Piloted a similar tool early, engaged users, solved integration issues, and achieved smooth adoption and high satisfaction.
• Applying ADAPT cut one client’s costs by 30%, reallocated funds to niche tools, and expanded toolkit growth by 54% over several years.

5. Challenges and Advice

• Hardest part of scaling OSINT: resistance to change and overcoming the “we just Google” mindset.
• Smaller organizations can apply the same cycle but need to be creative with licensing and allocation.
• Vendor roadmaps are valuable but must be matched by delivery and transparency.

Notable Quotes

• “We can’t treat OSINT toolkits like one-time purchases. We have to start treating them like living ecosystems.”
• “Guesswork is very expensive and very stressful.”
• “Feature does not equal fit.”
• “Procurement isn’t the finish line—it’s where the real work begins.”
• “The moment you stop adapting is the moment your toolkit starts becoming obsolete.”
• “Mindset shifts are the hardest to do. Some people still think we just Google.”

——

Panel: Building Enduring OSINT Capability for Australia’s Critical Infrastructure

Moderator: Stephen Beaumont AM, CI-ISAC Australia

When the lights stay on and the port stays open, open-source intelligence is often part of the story. This panel will explore how critical infrastructure operators and security leaders are building lasting OSINT capability, not just for incident response, but as part of daily operations, enterprise risk management and decision-making under real-world pressure.

The panel “Building Enduring OSINT Capability for Australia’s Critical Infrastructure” brought together practitioners from diverse sectors—ARPANSA (radiation & nuclear safety), Port of Melbourne, Australia’s Academic and Research Network (AARNet), and the Royal Flying Doctor Service—to discuss how OSINT supports operations, protects assets, and strengthens resilience against threats.
Moderated by Steve, the discussion highlighted insider threats, procurement challenges, organizational buy-in, sharing intelligence, and the future of OSINT in critical infrastructure.

Key Themes

1. The Role of OSINT in Critical Infrastructure

• OSINT is no longer optional; it’s critical for monitoring broad attack surfaces that include cyber, physical, human, and supply chain vulnerabilities .
• Sectors represented (ports, healthcare, nuclear regulation, and academia) each face different but converging threats, from protests and insider risks to foreign interference and data theft .

2. Insider Risks

• Insiders are consistently the biggest factor in sensitive breaches. For example, every recorded theft of radioactive material globally involved an insider .
• Remote work has magnified insider risk by reducing day-to-day visibility of staff wellbeing and vulnerabilities. OSINT helps flag risks early .

3. OSINT Implementation and Adoption

• Lessons from implementation:
• Avoid overpromising tool capabilities; pilot them in real-world environments.
• Frame OSINT as addressing business risks, not just security risks, to win executive buy-in .
• Build trust with legal and HR teams early to manage ethical and regulatory boundaries .
• Successful adoption depends on champions inside the organization who can articulate OSINT’s value to leadership and boards.

4. Sharing Intelligence

• Timeliness is crucial—sharing via trusted personal networks often provides faster actionable insights than waiting for formal channels .
• Critical Infrastructure ISAC (CISAC) was praised for enabling sector-specific, de-identified intelligence sharing.
• Legal and regulatory barriers often limit sharing, but partnerships with legal teams and anonymization can overcome these hurdles .

5. Challenges and the Future

• Volume of data is overwhelming; OSINT tools act as force multipliers, especially for small teams .
• Fourth-party supply chain risks (the suppliers of your suppliers) are a growing concern .
• In academia, researchers and students can simultaneously drive innovation and represent insider risks, highlighting OSINT’s dual role .
• The future of OSINT lies in integration with broader business risk management and in more widespread adoption across sectors not traditionally seen as high risk.

Notable Quotes

• “No shipping, no shopping.” – Steve Holmes, Port of Melbourne
• “Every single case of known radioactive material theft in the world involved an insider.” – Luke Romkey, ARPANSA
• “We’re not a technology company; we’re a people company. Our role is to keep our clinicians safe while they deliver healthcare.” – Adam Carey, Royal Flying Doctor Service
• “Super carefully and ethically… it’s about trust, trust, trust.” – On using OSINT responsibly inside organizations
• “An immutable truth: you always need to explain what OSINT is — and what it isn’t.” – Nadia Taggart, AARNet

——

Closing Address

Chris Poulter, OSINT Combine