Organizational Investigation, Research, Audit
Published: Sunday, October 13, 2019 written by Andy Flagg
View Count: 202
Keywords: Organizational Investigation, Research, Audit
So you are working or plan to work with an organization - what do you do to prepare?
Back in the day, for example, I wanted to work at Microsoft. I went to the library and looked up everything on Microsoft that was available - the INFOTRAC, periodicals, newspapers, card catalog, inter-library loan database, books, everything. This was in 1990, almost 2-3 years before the Internet came along in 1992-1993.
Fast forward 25 years, now we have the Internet and we can do all sorts of searching.
- leverage each search engine (google, bing, yahoo, duckduckgo, dogpile, dmoz, etc)
- leverage board minutes
- leverage staff, management, and leadership public bios
- leverage social media
- leverage EDGAR db, D&B db
- leverage ARIN or appropriate registrars
- leverage Bit Torrent and PDF, ZIP, XLS, MDBs
- leverage SHODAN and IoT
- leverage CFR and related reports
- leverage SOS (secretary of state) systems
- leverage City and County databases, assessor, risk reports
- leverage GIS, Mapping systems, Streetview, Google Earth, Imagery Maps, Zoning, Boundaries
- leverage Infrastructure and area limitations, flood, fire, wind, air traffic, earthquake, etc.
- leverage and review their systems, application vendor licenses and agreements
- leverage RFPs, RFQs, and other forms of detailed insight
- ...there is a ton more... being curious and ethical is a good thing! don't you think?
To be a good investigator one needs to know all things considered, physical, tangible, electronic, all assets.
Be the investigative HR of all HRs when it comes to looking up a company and see how much work needs to be done before you get there and what you are up against. For some at the company, they might not even know what's out there and what is exposed. Its okay. someone there probably should know what is going on.
Its sort of scary what one can find out about a company and persons, if you look.
Be good, be ethical and if something is glaring bad, report it. I did for LearJet a while back of a backdoor network leak and no contact info was available, so I contact their PR/Marketing who passed it all and boy-oh-boy did they thank me. Be an analyst and leader in all things computing and be as helpful as possible.
I once got in a little trouble at Microsoft c/o Network Security when I reported one of my system repair and scan tools and applications internally and accidentally discovered the admin passwords for a few corporate systems, with all their internal company employee data and corporate purchases and credit card databases; their password was terribly obvious. They appreciated the report even though it was terribly difficult for them to change their hard-coded systems scripts with that password, yet they did.
more to come...
if you found this article helpful, consider contributing $10, 20 an Andrew Jackson or so..to the author. more authors coming soon
FYI we use paypal or patreon, patreon has 3x the transaction fees, so we don't, not yet.
© 2020 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.