Building Next-Gen GSOCs with Visa’s Niall Herlehy

0:00

Fred Burton:

Hello, welcome to Ontic’s Connected Intelligence Podcast. I’m Fred Burton, Ontic’s Executive Director of Protective Intelligence. This podcast offers valuable insights and practical advice to help you navigate the complexities of modern corporate security shared by leaders and innovators in the field. Now, on to the discussion. Hi, I’m Fred Burton here today with Niall Herlehy, Niall currently leads Visa’s Protective Intelligence Program within the Global Security Operations Center and Global Intelligence Program. Prior to Visa, he spent two years building an intelligence program within Capital One’s GSOC, two years establishing ExxonMobil’s first 24 by 7 security intelligence and response center, and two years working within AIG’s GSOC coordinating evacuations for travel guard clients. He is the chair of the DC Analyst Roundtable and is passionate about supporting early career analysts. Niall, welcome to the Ontic Connected Intelligence Podcast.

Niall Herlehy:

Thanks, Fred. Happy to be here. Thanks for having me.

Fred Burton:

Niall, can you give us some background on your career and what led you to standing up the GSOC at Visa?

Niall Herlehy:

Yeah absolutely. So I studied international affairs at Mary Washington and in Tel Aviv University. And when I moved back to the States I’d seen a job posting intelligence analyst at AIG. And I thought it was a really unique opportunity. And I was intrigued that there was intelligence in the private sector. So After working there for a few years, it sort of opened up my eyes to this opportunity with Fortune 500 companies in the public sector in the United States. And from there, I had the opportunity to then move to Exxon to help establish their first GSOC, which we called the Security Intelligence Response Center. And after a few years there, I had another opportunity to do something similar at Capital One in standing up an intelligence program within their alarm monitoring GSOC, I was there for a couple of years, and then when I saw the opportunity to join Visa, we operate in nearly 198 countries, and we have offices in 136 countries, over 25,000 employees. So it’s been a really great learning experience being here and helping to support the team.

2:23

Fred Burton:

Niall, that’s an amazing career in this space. And your ability to start these GSOCs is simply amazing. So what have you seen as to how a GSOC has evolved since you’ve been there?

Niall Herlehy:

Yeah, absolutely. I think, you know, we hear about this a lot from corporate security, but I think ROI and breaking down silos. So in a 24-7 world with threats all across the globe, both physical and cyber, it’s really important to have a holistic approach to work with different stakeholders. And so that’s what we’ve really done over the last few years, just getting our brand out there and getting the recognition. A lot of folks, when I’ve set up conversations, are surprised to find out that Visa even has a global security function. And so I think getting the message out there that, hey, we’re here, we’re here to help and protect and keep you safe when you’re overseas. But we’d also like to get to a point where we’re involved in decisions from the beginning, from the onset, so we can be more proactive about our threat management as opposed to reactive. So that’s been a really big improvement that I’ve seen, as well as just the products that we’ve built out, the engagement that we’ve had.

3:36

Fred Burton:

You know, Niall, one of the benefits of we have here at Ontic is the ability to see all the different GSOC operations and to have discussions with thought leaders like yourself. Tell us a little bit about your staffing at your GSOC. We see hybrid approaches. We see full-time staff versus contractors and a mix of a little bit of each. Explain how you’re set up, if you don’t mind.

Niall Herlehy:

Yeah, absolutely. So we have the management is all in-house proprietary staff. And then we have a team that’s staffed in our GSOC. And those are what I will refer to as our operators are about 15 operators. And those are all contract. And then within the GSOC adjacent to the GSOC is our intelligence program. And so within that, we have four contractors as well that support us. on a Monday through Sunday schedule, but not 24 by 7. So we leverage our 24 by 7 GSOC to support the critical alert functions. But we do have Intel analysts to help write Monday through Sunday if an event occurs during regular business hours.

4:43

Fred Burton:

Yeah, that’s quite the operation. And there’s so much overwhelming data and data streams today and so forth. How do you contact other functions to help educate on how to work together, meaning you know, that approach to whether you’re working with HR, legal, EH&S and so forth. How do you manage all of that?

Niall Herlehy:

Yeah, so that’s a really great question. And one we’re still answering, Fred. I think, you know, the big one is exposure, getting out there and building those relationships. And Once you build a relationship, you know, following up on our cycle of program management. So getting feedback, getting stakeholder engagement, and then conducting AARs with them. We work really closely with our crisis team, HR, and employee relations, you know, all around the year, but especially when we have a crisis. So recently with the hurricanes, wildfires in Colorado, you know, we’re passing real-time information on employees affected and impacted, as well as potentially the buildings that are impacted. And then from the social side, right, are we seeing any sort of sentiment against the company, right, or you know social media commentary right how are we tracking that and that all ties into providing an intelligence and information to our stakeholders and our partners that they can make better informed decisions maybe about you know who specifically they’re going to offer extended benefits to or maybe a temporary housing for those displaced by a hurricane.

6:08

Fred Burton:

You know, and I know you also wear in many ways multiple hats and you also have the protective intelligence program, which, as you may know, is something near and dear to my heart. Can you explain how you have that combination or that function of protective intelligence merged inside the GSOC?

Niall Herlehy:

Yeah, absolutely. So within the protective intelligence program, we have a few different pillars that we look at. One is supporting our events security. So we’re a huge sponsor of the Olympics, the Super Bowl and the World Cup. So conducting threat assessments and then real time monitoring for security incidents that could impact our staff on the ground, our clients, consumers, folks that we’ve invited to attend on our behalf with us, providing that real time analysis and impact for our security contacts on the ground. One example is recently in Paris, I mean, what a crazy event, right? Just with the threat vectors that we’re seeing from terrorism with France raising the level to the highest level, and then also protests. So being able to coordinate with our folks on the ground to let them know, hey, we expect a pretty large protest, a quarter mile, avoid these routes using that. And then also working closely with our brand reputation teams for sentiment analysis. If we’re seeing, you know, folks online who are maybe displeased with the inclusion of the Israeli group, Israeli athletes to attend the Olympics or, you know, other brands in general who are sponsors of large events see similar sort of targeting online. One thing we also do is support executive travel to high-risk countries. So having the GSOC monitor our high-risk trips, whether it’s to Egypt or Brazil or Mexico, and providing the real-time incident monitoring for our teams on the ground is really helpful.

Fred Burton:

Yeah, that really is. And you touched on something. I ran protective intelligence operations for the State Department at the Olympics in Atlanta. And, you know, everything was fine, obviously, until we had the bomb cookoff at Centennial Park. But the partnership that we had with big vendors, such as Visa and Coca-Cola and others during these events, I think most people are kind of unaware of that scope of just coordination and assistance we got from the private sector. as we protected an Olympic venue.

Niall Herlehy:

Yeah, I think that’s something that I love. I love that aspect of this field. I never thought it would be like this. I mean, we’re all on the same team, right? We’re all protecting people. We’re all protecting lives and information and events. And so seeing in real time these private public sector partnership, OSAC is phenomenal. I love OSAC. The RSOs are always super helpful whenever we have a trip coming up to a location we may not be familiar with. And then also just the partnership on the events. Phil, who runs the special events, is great. And so having other teams from Coca-Cola or Airbnb or TikTok or Google and Uber in real time provide their perspectives and their challenges is really helpful to get a more holistic approach with benchmarking.

Fred Burton:

Yeah, I’m old enough to remember the first OSAC when it first started, Niles. So it truly has come a long way, and we’re certainly looking forward to the upcoming OSAC as well.

10:06

Fred Burton:

Now how do you eliminate you know I know this is whether it be a government coordination center or a private sector GSOC. How do you eliminate all the noisy signals and how do you go about collecting what’s important just for these.

Niall Herlehy:

Yeah I think. I think it just takes time, right? It takes time and fine tuning. And we have some really great partners out there. And over time, I’ve seen the technology improve. When I first started using, you know, real-time alerting tools like DataMiner in 2015, 2016, it was like a firehose, right, of information. But I’ve actually seen over time vendors improve that and really dial in specifically to what is important to companies, right? Maybe it’s protests. Maybe it’s negative sentiment online. Maybe it’s basic criminal information. So I think really a lot of these companies have developed the ability to do it on behalf of companies. But it’s also just real-time applicability, going into the tool and fleshing out, hey, these are not important to me. Can we get rid of these noise signals? And then also, we’re fortunate that we have the GSOC. And so they can give us that feedback. Hey, these aren’t important. I don’t think we should be seeing these anymore. Or let’s see more of these. Can we expand maybe the aperture or the geotag around this area for us to look at more closely?

11:27

Fred Burton:

Now, can you talk a little bit about metrics? Like, for example, what metrics are you utilizing throughout your process? Or what’s helping you make sense of what you’re seeing and collecting and so forth?

Niall Herlehy:

Yeah, absolutely. So we do monthly metrics here. From the GSOC, we do all of our alarm monitoring, whether it’s the time it takes to action alarm and to clear an alarm. And then we also provide our metrics for tactical alerts, so our critical alerting, how many reports we’ve sent out. And that enables us to see a wider picture of where are we applying our resources, maybe The last year it’s been the MENA region, right? But also major protests in Europe over the summer, so tracking that. So that’s what we’ve been focusing on. Something that I’m looking toward to do more of is being able to look at all of the alerts that we’re getting, which is thousands of alerts over the year, and then fine-tuning those and saying, out of, say, 3,000 alerts or 2,000 alerts, how many of those did we action? How many were applicable to us? How many were relevant to the company, as opposed to just security notifications for an event maybe nearby? So that’s the end state that I’d like to get to, at least for the critical alert and security notifications that we’re getting.

Fred Burton:

How has the wars affected your GSOC operations, meaning not only what’s happening in Israel and Gaza and the endless Hezbollah missile attacks, but the hot war in the Ukraine and so forth?

Niall Herlehy:

Yeah, so our team has been really engaged in a lot of the conflict zones for us to analyze and monitor for potential impacts to the company. going so far as to even track missile impacts in Beirut in proximity to our visa office location, as well as employee location, so that we can provide that information to our security team on the ground, and then they can alert the employees and decide to take what actions they need to take for the company on the ground.

13:39

Fred Burton:

Niall, I would be remiss without asking you this question. You have so much experience in this space, starting GSOCs, operating GSOCs, looking at it on a global perspective. What advice would you give to that individual that’s out there right now that’s going to be watching and listening to this podcast that either wants to up their game in the GSOC space or start a GSOC? What advice would you pass along?

Niall Herlehy:

Yeah, honestly, benchmarking. That’s my favorite tool. When I started this protective intelligence program here, I had conversations with dozens of companies, and all it can do is make you better. Every time I talked to someone, there was a new idea and a new product that I hadn’t thought of that someone’s doing. And so that really helped me grow, build out our product line, but then also helped me think about stakeholders maybe that I wasn’t previously engaging. So that, I think, is a really great tool, leveraging your network. And if you don’t have one, building one out, reaching out to folks on LinkedIn and saying, hey, I’d love 15, 20 minutes of your time. Can I talk to you about GSOCs? I love talking about GSOCs. I know you love talking about GSOCs and protective intelligence. So I think just having a conversation is what I would advise.

14:54

Fred Burton:

Yeah, our industry is very good about helping each other. That’s the one thing that, you know, even in the competitive landscape that all companies are in, I’ve always been so impressed with the ability for all of us to come together to help each other that needs an answer to a question. Niall, we ask all of our guests this question, so I’m not putting you on the spot, but what does Connected Intelligence mean to you?

Niall Herlehy:

Yeah, that’s a great question. And I love this question, hearing the different answers. To me, it’s putting the puzzle pieces together, right, as many as you can. You’re not, I don’t think you’re always going to get 100%. And I think that it’s doing the best that you can to put in, you know, all the different threat vectors, cyber, physical, online, to create a better to give yourselves and your team a better idea as to the threats that are out there, but then also, you know, as part of the cycle of intelligence, you know, getting the AAR, getting the feedback, yeah, putting the puzzle pieces together.

Fred Burton:

Niall, we thank you very much for being on the Ontic Connected Intelligence Podcast.