[0:58] Exploring International Security and Open-Source Intelligence with Andrew Borene

Rachael: Please welcome to the podcast Andrew Borene. He's the executive director of Flashpoint. He's previously led private sector intelligence teams at IBM Semantic. And he's also served as a former senior official in the US intelligence community where he led strategic operational planning for foreign counter-terrorism on behalf of the White House National Security Council. What a background. Welcome, Andrew. So excited to have you.

Andrew: Well, thank you so much both of you for having me. I've been listening to the podcast for a while. You've had some real heavy hitters. People, I look up to a great deal, including Bill Evanina, Chris Krebs, and Megan Stifel. So thanks for all the work you're doing. Having people talking about security, thinking about things like insider threats, and cybersecurity. And then I really do think when we have this conversation about open-source intelligence. Your listeners will also get a feel for a more holistic understanding of what we can do together as defenders.

Audra: Absolutely. So Andrew let's jump into open-source intelligence since you opened the door on that one. I believe recently you were in Ukraine and representing your new firm. Would you be able to talk a bit about what you found, your findings, and how they relate to open-source intelligence? How do you see that coming forward and how we can learn from the situation there?

Andrew: Yes, first off. I just want to get a quick disclaimer that anything I say is really my own opinion. Not that of any former agency I was affiliated with or the US government. And definitely not necessarily Flashpoint Intelligence the firm. But I am the executive director of Flashpoint.

Navigating International Security Challenges with Open-Source Intelligence

Andrew: I work really heavily in the national security intelligence component of the company. It's a threat intelligence firm and a data company. And it is one of many kinds of emerging new OSINT providers that are commercial companies. There are also kind of non-governmental folks. And certainly, in the last couple of years, we've just seen a ton of activity across the US government with OSINT. How we pronounce it, and under US law, it's actually, this is funny. There's been a debate for over a decade, right? Open-source intelligence under US law for it to be a US intelligence community activity.

It's open-source space intelligence, OSINT. There's a statute that defines it. There's a classified requirement for intelligence. Then you use unclassified information, whether publicly available or commercially available to answer that requirement. One of the really great things about being a flashpoint here is we are a commercial OSINT provider. Within that framework that puts us in the ability to really leverage all kinds of tools. And resources currently serving more than 50 governments that our US security partner and NATO security partner allies.

And 15 of the largest 15 financial services institutions in the United States. So that's kind of the background there. I think for some of those reasons I was asked to be the keynote presenter at Ukraine's largest technology executive gathering. It has been a decade since they started the conference this year it was in Aviv. Which is pretty far to the west. Very close to Poland for obvious reasons, Ukraine's actively in a hot war.

International Security in the Face of Modern Hybrid Warfare

Andrew: They've been aggressive, and frankly my opinion, really horrifically invaded by a Russian government under Vladimir Putin that is waging modern irregular warfare, hybrid warfare, and cyber warfare. Frankly what some in the NATO community are referring to as cognitive warfare attacking the psychology even of individual actors through cyberspace. And in the US that might be called stalking or harassment. But I had conversations with some IT executives who said they're getting really horrific comments on posts.

They said I talked to an American journalist. Joe Linsley has been reporting on the ground since the invasion. He's one of the few journalists that actually I guess I would say assessed that the Ukrainians would fight. And he said it over and over again until February of 2022.

And he's been on the ground every day since he said he'll stay in Ukraine until the victory is won. He's on 500-plus days of continuous reporting. And actually, I did find that rather inspirational. So here's a nation that is in a hot war and they are keeping the economy functioning as best they can. They're a perfect example of resilience in the face of modern hybrid conflict.

What the Russians call a special military operation. I think collectively, if you read NATO, Secretary General Yen, Stolbergs comments is an absolute violation of international law It's the invasion of a sovereign, self-identified state with democratic processes. And so for me personally, I found it a great humbling honor to have been invited to be the keynote speaker on the second day, which was their business focus in Ukraine. On the ground, and I will say this before we continue the interview if you want to talk about open source intelligence.

[7:09] Ukraine: A Flashpoint for International Security

Andrew: Ukraine is its own flashpoint, not as a term for the company I work for. But for Ukrainian operators in the military, in the critical infrastructure sectors and also in commercial developers and commercial solutions. If you're building a social network or a solution for businesses. They have to be thinking all across the front of the defense of human espionage against them, of cyber exploits against them, of spearfishing against them, of wailing against them.

And then the ones and zeros, right? The fact that there are offensive capabilities built and being deployed against every single possible vulnerability or attack surface that the Ukrainians have in cyberspace. So again, they're very brave people and I'm just really humbled that they asked me to be there.

Audra: So can you talk about any kind of success that they're having in this area?

Andrew: Absolutely. I think when we think about Ukraine, and as an example of OSINT, I think when Chris Krebs was talking on your show. I guess I don't know when that was, earlier this year. He was talking about how 80 plus to nine plus percent of information is now becoming in the open source environment. It's not classified that's going to inform us critical infrastructure operators or the US government on what's happening. A lot of it is out there in open source.

Probably available commercially available or independent security researchers getting information, and that was for cyber. But in Ukraine, as I said, they're getting attacked in physical space. They're getting attacked in psychological space, they're getting attacked in cyberspace. All of the possible vectors they're being hit by. And so OSINT for them is really already integrated for the public-private partnership for cross-sector in the government for critical infrastructure providers.

Open Source Intelligence's Vital Role in International Security and Conflict Monitoring

Andrew: So think of the big ones. Energy and space things that the British year called position navigation, timing, PNT, we call it GPS, global positioning system in the US. Those are vital assets for the military to do targeting and to get accurate grids to avoid incoming missiles or drone attacks. The public often reports in open source, in real- time on social media on signal or on other platforms providing tips on the movement of adversaries or enemy formations, right?

Hey, we saw Russian tanks moving in this direction at this time. Which can then be verified as open source using commercial imagery. We're seeing a real proliferation in Ukraine of non-governmental organizations being part of a community of observers using open-source intelligence. And so what I want to think through is think of an example of something horrible happening in Ukraine. For example, we know that atrocities are being committed by Russians and Russian proxies. And I should say perhaps we have to wait.

The lawyer in me says, okay, we'll wait until a record is created and we can have accountability in a respected multilateral tribunal setting. But evidence is being gained that I have seen that leads me to believe that there are atrocities being committed.

And so the open source intelligence can kind of work across a whole spectrum if that's the bang right back encounter terrorism. We would talk about the left of bang and right of bang. You want to get ahead and you want to work on the left side of that. So open source intelligence is providing intelligence. It's providing traditional military intelligence order of battle.

Enhancing International Security and Rapid Threat Response

Andrew: Which formations, which Russian commanders, which units, and which patches are doing the same for things that used to be in the ProGo network? Wagner forces, where are their formations? These are what we might often call illegal combatants, right? If they're bearing arms and they're not in uniform and they're violating the laws of war, it can expose and reveal some of that.

It can provide intelligence on intent if they're communicating on an open platform and it's observed, right? If some soldier sends back data to their friends or family in Russia. That information, if it's available publicly, can be seen and then used by Ukrainian forces for self-defense or for kinetic activity. Then there's a warning, and I experienced this myself.

So I'm a combat veteran from Iraq combat. I participated in the 2003 invasion as a Marine Second lieutenant working on the staff of General Mattis back when he was a two-star division commander of the first Marine division. Unlike Iraq, which very much at that point was major combat operations and movement. In Ukraine, we had an air raid and it turned out it was a MIG launch. But I got notice of the air raid through a group signal chat I had been invited to. And that scooped even the official air raid app alert that is sanctioned by the government.

But back to that app that is informed by OSINT and then the government's a little slower. Because they want to validate that with radar with things that are classified collect. So that they're providing an accurate vector of when the attack will arrive, where is it headed? Is it a make, or is it a collection of drones? Is it a missile?

OSINT's Vital Role in International Security

Andrew: And what kind of blew me away is it's almost like a pizza order or a delivery order because then after the initial tip on the signal chat. I got further information on the air raid and then it specified. It said, okay, these have been identified. There were two incidents when I was there. The first one was a MIG launch. The second one was some SHA heads. And they said, oh, the SHA heads should arrange in one of, they can change direction anytime. But we would anticipate they would arrive from 10:30 to 11:30 PM. And I was publicly out there on the app air raid. It's almost like there's a weather map of incoming indirect attacks from the air from Russians.

And I thought that was very interesting. I grew up in Minnesota with tornado alerts and it would tell you the tornado alert is before the touchdown. The tornado warning is once the tornado has hit the ground, and so there's a public safety application. So yes, so there's the order battle intelligence, there's the warning piece, which is putting this together across the whole of society.

Then if there's an incident, and this is what we would call coop or cog on the US and allied side. Continuity of operations, continuity of government, says an attack hits and there's a strike. And now I'm in hypothetical land because thankfully it did not happen when I was there. It did the week prior. And again, still, people are out doing commerce, working, fighting, and resisting the invasion. But bad things happen. And if something explodes, OSS can support continuity of operations.

[14:16] The Role of OSINT in International Security

Andrew: And I think I'm going to cite one really great one. And it also exemplifies fiscal courage and moral courage. When President Zelensky went live on social media, the Russian propaganda was that the government had fled everybody in Ukraine should just quit. And that actually aligned with some earlier US government assessments and allied assessments that I think my biggest takeaway was that the spirit of Ukrainian people to fight is strong and was strong.

And it was massively surprising to many in Russia that launched this invasion. But then also on the allied side and say, wow, we have real partners that are going to stick it out. But when Zelensky went on, it was verified that that was live and that was him.

That inspires continuity of operations, not just for the government, but for those in the critical infrastructure sectors. For those who work at banks, and for those who work in the food industry.
Could you imagine if the entire grocery industry of Ukraine had decided to bug out because they heard their president and the government left? So that was a real-time continuity of operations, continuity of government effectiveness of using open sources. Then we can move into resilience and public safety. Ukraine is a perfect example because we have hot kinetic attacks in addition to the weather.
 
But that ties into thinking through even New York City, right? New York City's emergency preparedness commissioner, Zach Isol served with me in Iraq in 2003, interestingly enough. But Zach, I had a meeting with him and we talked about OSINT and we talked about the resilience aspects of open-source intelligence.

Strengthening International Security through Open-Source Intelligence

Andrew: How does it feed into the work he does, preparing for public safety and disaster response, right? Because it can verify that a warehouse is available. It can verify that Home Depot does or does not have lumber sometimes. And forgive me for naming Home Depot, but it just came to mind.

I know they do a lot of disaster recovery support, as does Walmart, as does Waffle House. When things go sideways in the United States, Waffle House is open, right? And so there's the resilience piece. And then the last piece, and this comes back to my earlier conversation about the atrocities and the possibility of atrocities. OSINT creates an accountability framework and an accountability mechanism that may very well be admissible in international tribunals.

There's a concept called the Berkeley Protocol supported by the United Nations, human rights activists, and other human rights lawyers. And I would put myself in that bucket. Yes, I'm a national security expert, but also I very much believe in individual human rights and dignity. That is the basis of our post-1947 world order. And so when accountability needs to come into play. Open-source intelligence, if it's collected, documented, and aggregated, it can then be used as corroborating evidence in a war crimes prosecution. Or even in a criminal prosecution for things like theft.

So that was my thing with the chronology of OSINT across Ukraine as an example. A very early order of battle, the intent of adversaries, warning of things like attacks.
Continuity of operations, continuity of government in a crisis. And then you move through and you get to touch resilience and accountability.

Future of International Security

Andrew: So all of these things now are in a world where there's more data being produced. I mean, it's cliche to say it, but more than ever before. So I really do believe this about the Ukrainian people and their military when they have peace, when there is a victory secured. The professionals that are doing the work in Ukraine now. When they have trusted partners, will have the most high-value export of security expertise and security technology from anywhere on planet Earth. And that will help security interests in Asia, South America, Africa, everywhere. Anyway, sorry it was a really long talk, but I was so inspired by the Ukrainian people.

Audra: Absolutely. So in terms of looking at our future around OSINT and what we can learn from Ukraine, where do you think we could take this? How do we apply it beyond the kind of resilience and public safety? How else could we use this? I'm sure you're thinking about it.

Andrew: Yes, I think it's a yes, and that is kind of how I view OSINT. There will always be benefits to espionage for any state. And there will be a benefit to an exquisite complex collection that is protected if one of the functions of intelligence writ large is providing insight and kind of truth-telling. Even validation of OSINT using those types of means is high value. And so it's not just mass society issues, these are on the US side. What information can be used to advise the president to make a decision? What information can get used by the National Security Council and then proliferate out through the Pentagon or State Department or the AIDS for international development for counter-terrorism?

Leveraging OSINT for Enhanced International Security

Andrew: That's stuff that you do want to keep protected and limit the sharing on sometimes when there's really an exquisite national security or allied security component at stake. But one of the truly amazing things that I observed about open source intelligence is the form of what is a kind of collected exploitable material.

Sometimes called collected enemy material in terrorism, as a result, last 20 years of counter-terrorism work. A lot of collected material was created.

It has not all been digitized, but there is an operation for law enforcement in the Middle East that brings together the US the five eyes. Which are the five core former commonwealth nations, Canada, New Zealand, the United Kingdom, and the United States. And that all derives from, that very special relationship between the United States and the United Kingdom after World War II for intelligence sharing. Then there are bilateral partners from all over the world that are trusted security partners.

And the best part about that effort for law enforcement using that collective material. Which is unclassified, as everybody can take in that information and then use swivel chair access. So someone from a country in the Pacific region may have a real interest in one kind of splinter group of Salafis terrorist activity. And they can take that and move forward with it in ways that perhaps the person who saw it first could have been in the Nordics or the Baltics.

And that particular terrorist group is not of interest to them. But it is to their friend. And so they hand it over and that friendly ally can take the information and act on it. And that was based on open-source intelligence or just open-source information.
 

[21:13] The Synergy of Open-Source Intelligence in Shaping International Security Strategies

Andrew: It didn't become intelligence until it really became valuable to drive a decision. And I see you both nodding, so I know you agree with me. That's kind of a core component of intelligence. If it doesn't drive action and it doesn't support a decision process, then it's still in my mind that's information. And so I think kind of two things I observed in counter-terrorism internationally that were so just awesome to watch in real time was swivel chair access.

Human beings take information in on common floorboards. Being able to turn to a trusted friend on the floor and then action it for either further investigation or pass off to law enforcement or prosecution. And I just thought that was so cool. It also created a common threat picture. There is the ability then for any one of those actors to take that information that came in open and classify it internal to themselves. And this inverts the process. Because you're not taking classified collected information and then trying to run it through a foreign disclosure process to then share out.

It was brought in open and then the bespoke tailored work can be done classified. And I do think the commercial sector is a little ahead on this. Financial services in particular because they know this. They've got to protect not just money, but facilities. And they have those 15 biggest US firms that have people all over the planet. They definitely still do finance work in some very difficult parts of the world in emerging markets and what they call frontier markets. Where there might be a risk to their personnel if a government decided they were just going to claim a bunch of property.

Balancing the Promise and Peril of Open-Source Intelligence in International Security

Andrew: So they do want to stay ahead of it. And that's not a classification for them. But it does become proprietary security information for them. It's holistic. And it's not only cybersecurity, it's physical security, personnel security, and information security. And really hits on one of the important things Bill Evanina spoke about was also insider threat. So I think open source intelligence serves a lot of different purposes. It's not a hundred percent solution and it probably never should be. But as a share of driving national, sorry, national security decision processes for any allied country. As a share of the percentage for driving decision processes for the commercial sector.
 
It already is the key component, really the only component unless the government shares something. So add in some artificial intelligence and means of deriving ways, of seeing patterns and anomalies that a human being can then review subsequently. And I think I'm very optimistic that this puts us, and if the allies stay ahead of this. It puts us in a place because we focus on transparency and inoperability anyway. It does put us in a place where we will ultimately push back authoritarian overreach in places like Ukraine and other places where we see it at risk in the Pacific and elsewhere in Europe.

Audra: What are some of the risks of using OSINT? Because you sat there and kind of went, yes, artificial intelligence, these sort of things. What about deep fakes and seeding things in OSINT that are not real and where you want to swivel things in a different direction?

Safeguarding OSINT in International Security

Andrew: A hundred percent. And I think it was Dick Helms when he was the director of CIAI could be wrong on which director I think it was. Dick said an intelligence agency's effectiveness is only as great as its counterintelligence function. And that wasn't James Jesus Angleton who said it. It was a director who said, so I think when we talk about OSINT, then yes, we have to think about the counters to manipulation of OSINT. And so that in my mind does include things like deep fix. And I'll also add that the other ints if you will, all come with costs and benefits.

That's why we want to use a holistic approach to these things. I do think there's a real- time issue where the deep fakes concern really raises challenges. And I think it does kind of turn into who do you believe? And that Zelensky incident where the FaceTime from the street. We were at a point in the technology curve where there aren't DeepFakes accurate enough that if the Russians started promoting a separate live stream that showed Zelensky in a helicopter on his way to Switzerland. That well, which one do I believe?

So I do, but I think that's another component of why. Particularly in the allied space, what I would call the free world, it's the United States, the UK, our five eyes partners, the NATO Alliance. And then plus a lot of bilateral security partners that are all committed to this defensive individual human liberty. There's a whole lot of other stuff you can get into. But people should never be murdered by their government without calls. And so those of us that share a fair business playing field and rule of law

Empowering International Security: The OSINT Revolution

Andrew: What are the values that we all hold? Even if we have some disagreements on the specifics around 'em? And I do think that the alliance, that very broad alliance by focusing on how to use open source intelligence and creating vetting and verification tools that are trusted and can be exposed to transparent. That then creates a higher trust. I do think in the long run authoritarian regimes are in the short run. It looks like, oh, they'll beat us because they'll be able to do DeepFakes and they'll, well, what's their weakness? They're brittle.

The Chinese Ministry of State Security, the Russian SVR, and GRU, these proxy networks, the internet research agency, why are they brittle? They're brittle because they abuse people inside and outside for one part. And the other part is we are okay with our tools being subject to public scrutiny. So there's a long-term strategic value- driven piece with our commitment to transparency in the things that we do. And whether it's under secret intelligence or unclassified open-source intelligence, that we will stand by them.

There may be warts, and sometimes there may be missteps, but they do get exposed to public scrutiny and then investigated, and lessons learned in advance. And I do think that's a massive difference in values and worldview about how we will be using open source intelligence that really will help. I could use NATO as an example because you have 31 member states, maybe 32 if Sweden gets in the near future. But that's 31 or 32 member states, all of whom will benefit from interoperable practices for validation and verification of what is true and what is not true. Transparent means to share it with the public at large the whole society.

[28:30] International Security in a Digital Age

Rachael: I really like your mention of NATO because it's one of my favorite topics too. When we start looking at this conflict how do you define war in the cyber sense, also what is NATO's role in these kinds of conflicts? Because to dip the toe in the water is a pretty significant act. I'd be interested in your perspective there. And just a sidebar, we had met with the CEO of Wist Secure who's in Finland. And he was telling us about Finland joining and all the potential repercussions that could come with them joining NATO at this time. So it's such an interesting time. I'd love to hear more about where you sit here and what your perspective is.

Andrew: Yes, first I'll just say I think NATO is not as well understood in the United States at large as it is here in Europe or even here in Britain. In Great Britain. People really value NATO as a core common defense component because, and certainly the Nordics, they do. And when you saw the Putin regime, the oligarchs and that, I mean, it's like a post-communist aggressor state invade Ukraine.

It caused an avalanche of interest in Sweden, Finland, and even some others that are not quite publicly disclosed. But they're interested. Other European countries that previously were committed to neutrality are now like, oh my God. I need a common defense provision and I need to be interoperable with my partner. So for instance, here in the United Kingdom, even if I walk down the street in the UK. I can't walk past a local government office or a post office that doesn't fly a Union Jack a British flag and also a Ukrainian yellow and blue flag.

NATO's Role in Ensuring International Security and Resilience

Andrew: And I think, again, I think that's part of this city where I live now, did endure the blitz. London kept functioning, they sent children to the countryside. They lived through World War II. It was a different set of enemies with a different ideology perhaps. But they understand that the whole of society has to withstand these attacks and be resilient and that there's value in the alliance itself. So I think again, it's a personal hope as a US citizen living abroad that more folks in the United States will really understand how valuable NATO is as a coalition effort.

And how it brings us together and provides a whole lot of information. The other piece of NATO can create interoperability standards. So each individual member state has the upside of becoming interoperable and then getting common defense access. And common defense sharing. There's a NATO intelligence fusion center sometimes called NFIC, right? But the NATO Intelligence Fusion Center brings those people together. You have common floorboards ability to share information, there are IT systems.

And so it creates an allied network. I think that one of the greatest strengths of NATO is integrated intelligence and planning because NATO is not like the United States can't command forces in the same way. And you have 31 or maybe 32 soon individual member states each with their own military services, their own intelligence services.

But NATO can create common standards. Also, entry to NATO is contingent upon a nation adopting certain transparency, human rights commitments, and values-driven commitments that really were the underpinning of why we now have the world order we do after 1947.

A Global Model for International Security and Alliances

Andrew: So I dunno if that answers your question, but I think NATO is an incredible force multiplier for the United States. And I think its value. If it was something that the White House, typical international relations. I went to an Ivy League school and we got a job at the White House type thing, what's that?

Nato didn't really think about it much because they were more worried about great power competition. I think now after Ukraine, holy smokes, every single international relations theory school is talking about NATO and its play not only in Europe. But also as a model for how you build alliances in the Pacific and in Africa. Frankly, because the great power competition plays out globally between the US and UK allies. And I'm not trying to be nation-specific or nation-centric about it. I just am American and really a set of challenges from the Communist Party of China on one hand. And from the Putin regime on the other in addition to the usual scary stuff like terrorism and transnational crime.

Audra: That's fantastic.

Rachael: Very much answered the question. Thank you. Audra: Absolutely.

Rachael: It's an exciting time for NATO. And I think to your point, a lot of the folks in America don't really understand it or the opportunity there for sure. And that's some of what we like to do on the podcast too, is try to raise awareness of these kinds of needs because the more you learn, the more power there is in that for sure.

Audra: And we're trying to be a little bit more international about what we're talking about. So it's good to have perspective.

An International Journey in Business and Security

Andrew: We're kind of international. I mean, I'm in London, you guys are? Rachael: I'm in Texas.

Audra: Yes, I'm in Melbourne and WSU.

Andrew: There we go. So I'd say we're international here. Let's just bring in somebody from Toronto with some pancakes and maple syrup and bam.

Audra: And then we're sorted Rachael: That would be excellent.

Audra: Before we kind of head off in any other directions, are you happy to give us your origin story? So how did you come to live in London and kind of lead an international business and that side of things? You certainly have a very interesting, not very direct route on how you got there. I always found those pathways far more interesting.

Andrew: I'm going to give you my origin story. So first off, I was going to ask my nickname. My nickname is Sweed, and yes, I'm Scandinavian, but it was an independent nickname that originated when I was in the Marines. And I was raised predominantly by my grandfather who was the child of a Swedish immigrant, and his nickname was Sweed. And so when I got dubbed independently of with that nickname, I was like, man, I'm going to honor that guy and run with it.

But how did I get to be Sweed from Andrew Borene from Edina, Minnesota. I worked at an investment bank after college. And I went to McAllister College in Minnesota which is a big international focus. I think at the time I enrolled, it was 30% international students. And I didn't know what I wanted to do with my life, but I thought it would be international related, somehow.

[35:37] Navigating the Path to International Security

Andrew: And I worked at a bank for a couple of years. This was really the peak of what we used to call Pax Americana before nine 11. And after the push of the Iraqi Army back into Iraq and bottled 'em up with Operation Northern Watch, Southern Watch. I was working at a bank because that was about as exciting a job as you could find with potential for international stuff.

And I read a book called The Ugly American, and it was from the fifties or sixties. But it had all these vignettes about individual Americans. Whether they're in the military or working for a development company or they were missionaries and they're working in this fictional country in South Asia and really doing amazing things. And it was like the American policy writ large was a little screwed up. And the State Department and a lot of the kind of top-layer plutocracy, if you will, never got out of the embassy.

So they didn't really see the world as it was or what was happening in this fictional country of SAR. But the guy that went and built a bike factory had a human relationship. It was really vital for an intelligence officer who built some trusted relationships with a military partner and a missionary who did a little test on a local carrying goods so that he could create a supply line of relief and aid. So I guess it kind of took away from this like, wow, I got to do something with my life. And I applied to three agencies, the CIA, the Peace Corps, and the Marine Corps. And people are like, wait, you applied to the Peace Corps, the Marine Corps, and the CIA, how is that possible?

A Unique Career Journey

Andrew: And I said, actually, it makes a ton of sense. It was the late 1990s and I wanted to be granular and on the ground and part of showing people in the world what America really stood for. And as fate would have it, the Marine Corps had the fastest path to entry. They said, that if you could get through Officer Candidate School, half of the people didn't make it through back then because it was pre-War Marine Corps. And they said if you can get through this training on the other side of it. We guarantee you you'll be someplace ugly leading Marines in 7 months to 12 months, depending on your occupational specialty.

Rachael: Wonderful.

Andrew: They didn't lie, they delivered. And would've been, honestly, I would've been just as happy coming into international relations through the Peace Corps. Hey, go build a well someplace and learn the language. I would've loved that. And frankly, I do. I am a huge fan of the people of the CIA and the broader intelligence community. At the time I was applying, that was the only game in town because the Intelligence Reform, and Terrorism Prevention Act had not been passed. There was no such thing as the ODNI.

There really was just a director, an assistant director function for community management where CIA was kind of trying to bring together some other components, but really transnational issues even were led by the Central Intelligence Agency. And I think so certainly if it were Andrew Borene 20 something. Applying for a career, doing international things related to security and overseas, I would've been open to a whole bunch of other different agencies now.

Andrew Borene's Journey from Military Service to International Business

Andrew: And I really do encourage young people. I've been teaching since 2007 in a number of graduate schools and colleges. And I always encourage folks to get out and do something. Don't just sit in the classroom, go do something. And if you pursue your passion, the money works out. And I guess this is how we get to your question. I've been in business, I've been in government, I've been in business, I've been in government.

It kind of takes a little like a rhythm. And then I went to law school somewhere along the way. But I have been pursuing how can I work with things related to human rights law, the rule of law. The basic fundamental principles of what keeps human society civilized, and kind of how we use force in ways that comply with that, right? Nobody wants to fight, but somebody has to know how.

Was one of the recruiting posters for the, literally that's why I went to the Marine Corps. I didn't know anything about really which services do what stuff. And I love Green Berets. I seriously do. I love Green Berets and the mission of the Oppressor the Bear and teaching people to cast off tyranny is the coolest thing I could think of in the world.

So I'm saying hats off to the Green Beret hat guys, but the Marines did have that side had said, nobody wants to fight, but somebody has to know how. And I keep that in mind quite a bit throughout my career.

Passion-Driven Pursuits

Andrew: That was 23 years ago or longer, I guess according to a standard form I got from the government. But yes, I don't know if that answers your question, but I got out, I did something. And 20-plus years later, I now am at Flashpoint trying to build ecosystems around open-source intelligence that will support not just military or national security decision-makers. But also will benefit the US and our security partners all over the planet.

Rachael: That's exciting. But that's somehow the best life plan, right? I mean, you keep following where your passion lies and how you make an impact and a difference. I mean, it's amazing what one person can do. We had a fellow on Josh Corman on several months ago, and he started this organization called I Am the Cavalry.

Andrew: I like that

Rachael: One person. And even three people can make such a difference. You just have to kind of put yourself out there and take that step forward. So it's a great message for folks to hear.

Audra: I think it's important. As you were saying, people also should get out and look around, and if they just want to look around in the us, that’s fine. But yes, there's a much bigger world out there.

Andrew: And I will say this too, it is scary. It is frightening once we kind of find out what it is that drives us about where we want to add value. I think the Japanese call it Ikigai, what am I good at? What am I interested in? What gives me joy and what is the world willing to pay me for? It's like when all that Venn diagram comes together.

[42:07] The Future of International Security

Andrew: It gets kind of scary, right? Now I'm pursuing a thing that gives me joy and adds value to the world, but I don't really know where it's going to lead. And I don't know. I'll bring it back to open-source intelligence. I mean, that's often how these OSI investigations work. I just read a book called We Are Belling Cat, about kind of a belling cat loose group of investigators that started investigating really hard topics like the poisoning of Navalny by the Russian services. And they just got going and they started working it.

They didn't know where the thread would take them, and then they teamed up with some recognized international media, which then led to the disclosure of a lot of things. It talked about that full spectrum back to accountability. So I think if I had a trend, I would say this, if I could have a role from Flashpoint or from anywhere working with the partners at NATO, working with the US security partners, I'm going to limit it to that.

I'm not super interested personally in helping countries that do not share the values that I find foundational and that I took an oath to preserve multiple times and defend. But it's that we need to professionalize that effort so it's not. Amateurs can get involved and the NGO community be involved and then up through into highly skilled OSINT operators, collectors, analysts, call it a professionalization of that workforce and then into the governments themselves. But I do think we need to think about ethical standards. We need to think about best practices that align with the Berkeley protocol. And we need to make sure I say this.

Charting the Path Forward

Andrew: I'm a former chief privacy officer for Bill Eina when he was the director at the National Counter Intelligence and Security Center. And what I loved about that job is Bill Evanina made the point that we would never violate the privacy of Americans or American companies.

And he was the best client I ever could have asked for as a privacy officer. So I do think that that's another component of it that we have to think through. Because not every nation in the alliance has the same expectations for privacy. The general data privacy regulation for Europe is not the same as the US privacy. Is not the same as the cloud protections across the Atlantic, the United States, and the United Kingdom that are rolling out right now. So again, let's think of OSINT, creating interoperability while allowing individual nations their individual needs. And I do think that's stuff that we can start professionalizing and continue to rally around using an alliance or collaborative model.

Rachael: It's such an exciting time. I wish I was 30 years younger, Andrew, so I could be at this time starting off on my journey versus starting a long, long time ago. I imagine guess for any of our young listeners who might be in college right now or in high school, please embrace these opportunities. They are wonderful and you can make such an impact on your community on the world, it's kind of incredible. Just take that first step.

The Role of OSINT and AI

Andrew: Yes, I couldn't agree more. And I think open source intelligence creates, I'm going to say another, Dan Coates was the director of National Intelligence. And I thought as a civil servant, it's not a political statement. I just thought he cared so much about the workforce and he really made it a point to assert mission. And what he said is part of the job is to seek the truth and to speak the truth, right? Open-source intelligence creates a vehicle for governments, NGOs, and private sector, individuals.

Rachel, we're not that old. We could get involved.

We can learn new tricks. Not too late. We can all contribute. But in the face of falsehood, in the face of state-sponsored falsehood and attacks on individuals and supporting their theft, whether it's insiders like Bill was talking about, or cyber means that Chris Krebs or Megan Stle would've been talking about. All of us in the free world really can be part of a solution. But again, I just want to say it's not the solution. It's not a hundred percent. No, it is a significantly more important component of societal resilience, policymaker information, and military information. And I think this is an exciting time for it, right? As the new technology of AI allows us to see a lot more, a lot faster.

Rachael: Exactly. I was wondering if AI would come up in conversation today. I'm very excited you said that. That could be a whole other podcast discussion.

Lessons from Ukraine and the Global Struggle for Freedom

Rachael: Wonderful. Well, I do want to respect your time, Andrew. Thank you so much for today's conversation. Just so many wonderful insights, particularly in the discussion on Ukraine. I think particularly with the US perspective. That's not as high on folks' radar and it needs to be. Because there's so much to learn there, but also so much to be proud of there for that group and community. Especially watching so many countries around the world come together to help support that. It's a really wonderful time I think, in our society to see that. And I think there's more partnership to be had for sure. Again, thank you, Andrew. It's been wonderful hearing your background and all the great stories that you have to share with our listeners.

Andrew: Thank you, Rachel and Audra. And I'll just say thank you for what you're doing here, right? This is a really cool podcast. I've listened to a bunch of episodes and I really humbled to have been asked to do this. And I hope, again, please keep the Ukrainian people and their struggle in your hearts. To all the listeners know that there are other people who will be perhaps sooner than we would like to see struggling for their own freedom against authoritarian regimes.

And it's an interesting moment in history. I didn't expect to be here if you would've asked me 30 years ago when I was 18 years old and graduated from high school, that we would have a pandemic and that we'd have the counter-terrorism campaign. And now we really do face a values-driven struggle between authoritarian regimes and the freedom values that we share. So thank you both for everything you're doing on that conversation.

About Our Guest

Andrew Borene, Executive Director for Global Business Development at Flashpoint National Security Solutions.

He is an Executive Director with Flashpoint, a worldwide provider of specialized intelligence and data to allied governments, businesses, and critical infrastructure industries to help them take decisive action and reduce risk.

A seasoned advanced technology executive who led private sector intelligence teams at IBM, Symantec, and LexisNexis — Andrew is also a former senior official in the U.S. Intelligence Community where he led strategic operational planning for foreign counterterrorism on behalf of The White House National Security Council in addition to roles leading privacy policy and academic research efforts in areas from open-source intelligence to transnational crime. Borene is an attorney with deep national security law expertise, a Certified Information Systems Security Professional, and a US Marine Corps veteran.

Andrew’s previous work has been recognized for service with both the FBI Director’s Award and the ODNI Exceptional Achievement Award. He is a Life Member of the Council of Foreign Relations.