Approach
Leadership
Veteran leadership, privilege-aware process, and accountability in the work.
Leadership Team (Role-Based)
We do not publish identities. Sensitive work is led by cleared principals operating under attorney-client privilege and strict separation of duties.
Executive Security Lead (FCSO)
Decides: risk posture, incident authority, high-risk travel and event approvals.
Interfaces: C-suite, board, outside counsel.
Director, Protective Intelligence
Decides: signal triage, escalation level, monitoring priorities.
Interfaces: EP/physical security, legal, comms.
Case Director, Litigation & Corporate
Decides: investigative scope, privilege routing, disclosure readiness.
Interfaces: trial teams, GC, outside counsel.
OSINT Fusion & Analytics Lead
Decides: collection plans, entity resolution, confidence scoring.
Interfaces: PI director, platform engineering.
HUMINT & Source Handling Lead
Decides: source vetting, contact strategy, deconfliction & payments.
Interfaces: counsel liaison, case directors.
Red-Team & Adversarial Testing Lead
Decides: test design, success criteria, remediation priorities.
Interfaces: FCSO, facility/IT owners.
Platform & Security Engineering Lead (Knox)
Decides: access controls, audit trails, data retention & redaction.
Interfaces: analytics, compliance, client IT.
Risk, Compliance & Counsel Liaison
Decides: policy alignment, legal holds, discovery posture.
Interfaces: GC, privacy, regulators.
Crisis Response Coordinator
Decides: activation, war-room cadence, cross-team comms.
Interfaces: FCSO, comms, external partners.
How We Run Sensitive Work
- Privilege-aware routing (counsel-first on matters likely to face discovery).
- Separation of duties across collection, analysis, and approval.
- Dual-control for elevated access and source payments.
- Immutable audit of actions and edits in Knox.
- PII minimization, redaction, and need-to-know partitioning.
Escalation & Decision Rights (Summary)
| Trigger | Owner | SLO |
|---|---|---|
| Credible threat signal | Protective Intelligence Director | ≤ 60 min triage |
| High-risk travel/event change | FCSO | Same-day |
| Legal hold / disclosure question | Counsel Liaison | ≤ 24 h |
| Access exception / data request | Platform & SecEng Lead | ≤ 8 h |
| Public-facing incident comms | Crisis Coordinator + Counsel | War-room |
Guardrails
- No covert activity without documented legal basis and client authorization.
- No pretexting for protected data; no scraping behind auth walls without consent.
- All briefs carry provenance, assumptions, and confidence—not just conclusions.