What is the process?

I absolutely have a #1 question. Often I get asked how I did a certain piece of analysis, or if there is some training I can do that will help replicate it. There is a way to replicate it, but it’s not any particular hard skill.

I always recommend in response a couple of things. One is that analysis is best viewed as a bar fight - you are in active competition with the question, you should grab and use everything that is at hand, and what is at hand is unpredictable and will be different every fight. Another is that hours or days will be unfulfilling, and fail to answer the question. What we do in that interlude is usually what ends up bringing an investigation to a satisfying conclusion. This process might take days, or months, or even sometimes years. Of course, you scale your investment to both the importance of the question and your other ongoing priorities.

By leaning into a pursuit mindset, and embracing some tactical patience, you will slowly (or quickly, with luck) build an understanding of the problem. Each day, you might have a significant breakthrough, or you might just take notes on light activity, small nuggets of information, or note that there was nothing at all identified that day. If you save your notes somewhere accessible during this process - and somewhere you will actually search back through - the pieces might all fall together later on. You never know which pieces fit together, and if you did, it wouldn’t be a question in the first place.

Which brings me to my second most received question - what should be looked at. The short, and only, answer that I have is to look at everything. Due to the bar fight analysis tends to be, you don’t know what you’re looking for. You don’t know what tools will work best, and you don’t know what’s at hand or how to use it yet. You have to learn by touching, explore with curiosity, and exhaust every potential lead. If there was an entirely repeatable process for analysis, there wouldn’t be much of a need for the trade. Processes can help with some more rote tasks, or well-defined tasks, but they are unlikely to bring you entirely from a question to an answer.

You manage this, which sounds like a significant investment, with priorities. First ruthlessly optimise for your mission’s requirements - and then optimise your time. If you can run multiple analytic work streams in parallel, always do that. If something doesn’t meet your ideal confluence of priority and time investment, especially compared against ongoing workload, bench or drop it.

Finally, communicate. Push out analytic notes to your team, and other teams with equity in the problem set. Communication fosters analytic collaboration, teaches those around you, and teaches you. It also coalesces group knowledge around a problem set, which will not happen without deliberate effort to do so. In the intelligence community, there is a concept - stove-piping - where you can jam up analysis on a problem set by hoarding or over-compartmentalizing information. There are sometimes valid reasons for keeping information close-hold, but if there aren’t, share.

Most of all, be curious, and be relentless. Stay safe out there. 🌸