Original broadcast 10/7/25
Presented by ShadowDragon & Carahsoft
In today’s security environment, the challenge for intelligence and protection professionals is no longer finding information—it’s making sense of the overwhelming amount of data available. Nowhere is this more apparent than in executive protection and threat management, where the stakes are high and the timelines short. At the AFCEA and INSA Intelligence and National Security Summit, Sean Underwood, Vice President of Government at ShadowDragon, described how open-source intelligence is reshaping this mission space and why both technology and human judgment are essential.
A critical complication is that individuals who pose threats rarely operate under a single online identity. People in heightened emotional states may abandon accounts, create new ones, or operate under multiple aliases simultaneously. Underwood emphasized that effective OSINT tools must be able to link these disparate identities, revealing patterns of behavior across platforms. “They’re not just operating under one social media account,” he explained. “How do you identify all the different accounts they have, and which ones are the most accurate?” This kind of cross-platform analysis is central to building an accurate threat profile.
The rise of fragmented social media ecosystems makes this task even harder. While many think primarily of mainstream platforms like Facebook, Instagram, or TikTok, Underwood noted that threat actors often migrate to less visible networks. Review sites, hobbyist forums, or decentralized platforms like Mastodon servers can become echo chambers where individuals express dangerous intentions outside the view of traditional monitoring. Hundreds of such platforms now exist, each requiring its own approach for collection and analysis. “Social media isn’t just 20 or 30 platforms—it’s hundreds,” Underwood said.
For threat management professionals, this diversity of sources creates a collection challenge. But the harder task often comes after collection: assessing intent. Determining whether a threat is credible requires more than scanning for violent language. It involves understanding the individual’s mindset, history, and proximity to potential targets. Underwood described this as the science and art of threat management, distinct from broader risk management. “You have to look at the individual, the state of mind they’re in, their proximity to weapons, and their proximity to the protectee,” he said. An isolated post by a teenager thousands of miles away may warrant monitoring, but it poses a very different level of concern than a local individual repeatedly making threats with access to firearms.
He also noted that effective solutions require cooperation among vendors. Government customers benefit most when different tools and platforms integrate seamlessly, allowing professionals to pivot between data sets without disruption. This interoperability reduces the risk of blind spots and ensures that information flows smoothly into established battle rhythms. “How do vendors actually work with other vendors to get the government the solution they need?” Underwood asked. He suggested that more collaboration within the private sector is needed to meet government’s complex and evolving requirements.
The trajectory of threat management is changing rapidly. For years, professionals struggled primarily with data volume. Today, the challenge is more about fragmentation and intent. With individuals spreading their activity across dozens of platforms, and with AI tools increasingly shaping both threats and defenses, the field is in constant flux. Underwood argued that success depends on blending advanced tools with seasoned human expertise—neither can succeed without the other.
Ultimately, the goal of OSINT in this space is not just to identify threats but to integrate them into broader operational rhythms. Intelligence must feed into decision-making cycles quickly enough to prevent harm. That requires technology that can surface relevant insights at speed, analysts who can interpret them with accuracy, and organizational processes that translate insights into action.
Underwood’s perspective highlights the growing importance of OSINT beyond traditional intelligence missions. In executive protection and threat management, open sources often provide the earliest warning of danger. By investing in tools that can handle fragmentation, integrating multiple vendor solutions, and training professionals to make informed judgments, organizations can better safeguard their leaders and operations.
Key Takeaways
Threat management professionals face overwhelming volumes of alerts and tips, making triage and analysis more critical than collection.
Individuals who pose threats often operate under multiple aliases across fragmented platforms, requiring cross-source OSINT tools.
Technology enables faster analysis, but human judgment remains essential to determining intent and prioritizing threats.