Q&A: Erich Huwar, Director, U.S. Public Sector
Ever since joining Flashpoint earlier this year as Director, U.S. Public Sector, Erich Huwar has leveraged his extensive experience in information technology and federal government account management to provide tailored solutions that support critical missions and drive strategic growth among agencies in the U.S. Department of Defense and U.S. Intelligence Community.
Erich recently spoke with us about his career path, the unique needs and challenges of public-sector intelligence programs, and how Flashpoint’s collections coverage, subject-matter expertise, and innovative technology help address those needs and challenges.
Q: Why Flashpoint?
A: Prior to joining Flashpoint, I spent nearly a decade at one of its reseller partners as an Account Manager supporting U.S. federal defense and intelligence agencies. During that time I had the opportunity to be briefed by the Flashpoint team on the company’s extensive work in the public sector and solutions for clients like mine, and I was immediately impressed.
I could tell right away that many of the illicit online communities Flashpoint’s analysts were in harbored data that would be invaluable—but likely otherwise largely inaccessible—to many of my clients, as well as to similar federal agencies.
And having been closely following the threat intelligence space for a number of years, I could also tell that Flashpoint’s offerings easily outpaced competitors’ in terms of expertise, collections coverage, and overall relevance for public-sector defense and intelligence missions. Unlike the practically ubiquitous threat feeds and raw-data offerings I frequently saw misleadingly marketed as intelligence, it was easy to see that Flashpoint’s claims of providing true, and truly actionable, intelligence were (and still are) indisputably accurate.
Eventually, as more of my clients began consuming and actioning Flashpoint’s data and intelligence, I found myself interacting with the Flashpoint team more often and more closely. The more I worked with them and had the chance to see firsthand the immense value in what they were providing, the more I wanted to join them and become a Flashpoint employee myself.
Q: Given that public-sector intelligence programs are widely known for their expertise and tradecraft, what do they usually look for in an external provider such as Flashpoint?
A: Typically, these programs seek a provider that is able to access communities and collect data that they are unable to access and collect themselves. Although the U.S. federal government does have extensive intelligence resources and capabilities, these primarily pertain to various forms of classified intelligence. Meanwhile, open-source intelligence (OSINT)—especially that which originates in the sorts of private, invitation-only online communities Flashpoint covers—is where public-sector programs are more likely to face gaps in terms of both collections coverage and subject-matter expertise.
Flashpoint helps fill in these gaps, thereby enabling programs to gain a more complete intelligence picture; and this is critical given the missions many such programs support.
While most (though certainly not all) intelligence consumed in the commercial sector focuses on malicious activity that could lead to or exacerbate revenue losses for a business, intelligence consumed in the public sector frequently pertains to matters that could impact the safety, wellbeing, and/or livelihood of the nation and its constituents. Specific missions and objectives vary across operations, departments, and agencies, but in many cases the stakes are much higher. Rather than loss of revenue, for example, they might include damaged critical infrastructure, deteriorated diplomatic relations, weakened national security, or even loss of life.
This also means that by supporting intelligence programs with these types of high-stakes missions, Flashpoint is truly helping to make the world a safer, more-secure place for all of us.
Q: A recent blog post from Analyst Abigail Showman looks at the rise of mail services as a vector for fraud. Why is this type of research so important for the public sector?
A: This type of research is invaluable for public-sector intelligence programs because it provides insight into an emerging threat facing their constituents and can ultimately help them to mitigate this threat more efficiently and effectively.
As I mentioned earlier, it’s common for such programs to have less visibility into the online communities from which threats such as those examined in Abigail’s blog post emerge. But by arming them with this visibility, Flashpoint also arms them with the crucial insights they need to combat this threat.
It’s also important to recognize that especially when it comes to nonviolent threats that directly, and often indiscriminately, target members of the general public, education and awareness are absolutely imperative. And in order for education and awareness trainings and outreach efforts to be effective, they need to be shaped and informed by timely, accurate, and actionable intelligence—which is exactly what Flashpoint provides.
Q: Flashpoint has customers throughout the public sector. What are the most important use cases our offerings support for federal civilian, law enforcement, and defense agencies?
A: Although federal civilian, law enforcement, and defense agencies have different missions and thus different objectives and priorities when it comes to their intelligence programs, there is considerable overlap in a few areas in which Flashpoint is exceptionally strong and impactful.
Insider threat is a perfect example of this. On the defense side, Flashpoint helps agencies monitor for, detect, and mitigate threats posed by inside actors seeking to abuse their internal privileges in a manner that could potentially harm national security.
And on the law enforcement and civilian sides, the use cases are essentially the same: our analysts help these agencies to proactively identify and mitigate insider threat activity. The difference lies in the type of activity, its potential impact, and the extent that these factors align with each type of agency’s objectives, jurisdiction, and mission.
Another example of a truly crucial use case for all three types of agencies is cyber threat hunting. Flashpoint’s subject-matter expertise and collections coverage with respect to cybercriminals, hacktivists, fraudsters, and state-sponsored actors enables these agencies to rapidly identify and take action against cyber threats that fall within their jurisdiction—and often before these threats are detected by automated tools or indexed by open-source databases.
The reason I say rapidly is because speed and timeliness are truly essential here; the longer it takes to detect, respond to, and mitigate the impact of such a threat, the more damaging that impact is likely to be. Hours, minutes, and even seconds can make all the difference, especially given the rate at which adversaries’ tactics and motivations have been known to evolve, attacks transpire, and new vulnerabilities identified and exploited.
All of Flashpoint’s offerings—from the multiple finished intelligence reports our analysts publish every single day, to our continually-expanding datasets that are always easily accessible and searchable within our platform, to our extensive integrations ecosystem that enables these datasets to be seamlessly integrated with leading SIEM, TIP, and data analysis tools—are designed to empower our public- and commercial-sector users alike with the speed, usability, and actionability they need in order to fulfill their objectives, service their constituents or stakeholders, and carry out their missions.
Q: What are your interests outside of work?
A: I enjoy spending time outdoors, traveling, and cooking.