Category Archives: OSINT

The Top 10 OSINT Events for Government in 2025 

Posted on by
Reply

Open Source Intelligence (OSINT) is no longer a niche capability—it is a core component of modern intelligence work. Carahsoft and our partners have spent years attending and supporting the top OSINT events. We have seen firsthand how AI, automation and smarter data strategies are reshaping the way Government teams gather, analyze and act on intelligence.  

This list of the top OSINT events for 2025 and beyond highlights the best places to learn, connect and bring new ideas back to your mission. 

OSMOSIS: DC 

August 6-7 | Reston, VA | In-Person Event 

OSMOSIS:DC is a two-day conference held by OSMOSIS, an Association for OSINT Professionals. The theme for this year is “Technology, Trends, and Transformations.” The expo-style event offers participants direct access to leading vendors, hands on experience with the latest tools and expert-led workshops. Attendees will have the opportunity to connect with industry leaders and build career advancement strategies to help stay ahead of emerging OSINT trends. OSMOSIS:DC is a great opportunity to gain transformative insights from the OSINT industry!  

Take a look at some of last year’s top themes in preparation for the 2025 event: 

  • Harnessing Location Intelligence: Advanced OSINT Techniques for Cyber Intelligence Investigations 
  • Linguistic Fingerprints: Using Language to Profile Subjects in OSINT Investigation 
  • Digging for Digital Dirt: Unearthing Bad Actors with Open-Source Intelligence 

Carahsoft invites our partners to exhibit at OSMOSIS:DC, hosted at our Conference & Collaboration Center in Reston. Whether you are looking to sponsor, speak, exhibit or just attend, reach out to osintverticalmarketing@carahsoft.com to get involved in this intimate networking event! 

Billington Annual Cybersecurity Summit 

September 9-12 | Washington, D.C. | In-Person Event 

The Billington Annual Cybersecurity Summit is the leading forum for cybersecurity professionals, Government leaders and industry executives to discuss emerging threats, best practices and the latest trends. With over 200 expert speakers, 100+ cyber-focused vendors and more than 40 sessions, attendees will have the chance to engage with top specialists, explore state-of-the-art technologies and participate in thought-provoking discussions. The Summit’s strong focus on collaboration between the Public and Private Sectors provides insights that address real-world security challenges. Learn about cybersecurity strategies, AI-driven threat detection and the latest advancements in national defense at this crucial event!  

Carahsoft is looking forward to sponsoring and exhibiting at this year’s event. We’re excited to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions! Check out the events tab on our website  for more details closer to the event! 

Intelligence & National Security Summit 

September 18-19 | National Harbor, MD | In-Person Event 

The Intelligence and National Security Summit (INSS), held by AFCEA International and the Intelligence and National Security Alliance (INSA), gathers thought leaders, policymakers and industry experts dedicated to advancing solutions for shaping the future of intelligence and national security. The two-day event will feature five plenaries, and six breakout sessions focused on AI and emerging technologies, critical infrastructure security, space acquisition and more. Attendees will gain hands on experience with innovative technologies in the Intelligence Community (IC), insights from experts in the field, as well as networking opportunities with Government leaders, technical professionals and leading researchers. Expert-led panels and interactive discussions will cover critical national security challenges and provide actionable strategies for navigating the complex world of intelligence. Join this premier forum to explore the emerging threats, intelligence operations and technological advancements that are redefining the security landscape! 

Carahsoft supports INSS by enabling our vendor partners to participate as sponsors and exhibitors, ensuring a strong industry presence at the event.  

IACP 

October 18-21 | Denver, CO | In-Person Event 

The International Association of Chiefs of Police (IACP) is an annual event that brings together public safety professionals from around the world to explore new techniques, share expertise and prepare their departments for future success. The conference features an exposition hall showcasing products from more than 600 vendors, education workshops and networking opportunities with fellow law enforcement professionals. Spanning four days, attendees will have the chance to engage in policy discussions on the latest challenges in policing, leadership and public safety innovation. As one of the largest law enforcement events, IACP 2025 is an essential gathering for agencies looking to enhance their strategies and stay ahead in an evolving security landscape. 

Attendees should expect sessions surrounding how to leverage OSINT for criminal investigations, OSINT for threat assessment and risk mitigation, as well as Dark Web and Deep Web investigations.  

Carahsoft will have a booth at IACP where several of our vendor partners will demonstrate their solutions and share educational content. We will also be hosting a networking reception with several of our vendor partners, welcoming conference attendees for food, drinks, networking and more!  

OSINT Foundation Awards 

November 7 | VA | In-Person Event 

The OSINT Foundation Awards recognize individuals and organizations that have made significant contributions to the field of OSINT. Attendees will explore the latest OSINT methodologies, data analysis techniques and the critical role of open source information (OSIF) in national security and risk assessment. This prestigious event highlights major achievements, facilitates professional networking and demonstrates OSINT’s impact on intelligence operations. Join industry experts as they honor innovation, dedication and the future of OSINT! 

Awards honored at last year’s ceremony included:  

  • Innovation of the Year 
  • Volunteer of the Year 
  • Practitioner of the Year 
  • Unit of the Year 
  • Catalyst of the Year 
  • Product of the Year 

View a more in-depth explanation of the selection criteria here

Carahsoft is a proud partner of the OSINT Foundation, supporting them annually by hosting the OSINT Foundation Tech Expo. We encourage our partners to get involved with this event by nominating individuals who they believe exemplify excellent service to the nation and contribute to the OSINT discipline. 

Global Security Exchange

Sept 29 – Oct 1, 2025 | New Orleans, LA | In-person Event

Global Security Exchange (GSX) 2025 is the premier event for security professionals across the public and private sectors, offering a comprehensive forum to explore the evolving threats and innovations shaping today’s global risk landscape. With immersive education sessions, insightful keynotes and cross-industry networking, GSX brings together leaders and practitioners from around the world to exchange ideas, strategies and best practices. Attendees will gain firsthand insight into the tools and technologies driving the future of physical and cyber security.

Carahsoft is proud to exhibit at GSX 2025 at Booth #2907. Stop by to connect with our OSINT experts and discover the latest open source intelligence technologies designed to help you stay ahead of emerging threats. We look forward to engaging with the security community and sharing how our partners are equipping organizations to be the first line of defense in today’s complex environment.

OSINT Foundation Tech Expo 

April 30 – May 1, 2026 | Reston, VA | In-Person Event 

The OSINT Foundation Tech Expo is an annual event that brings together professionals and experts in the field, showcasing the latest advancements in OSINT technologies and related services. Attendees can expect a variety of presentations, workshops and networking opportunities designed to enhance knowledge and skills in gathering and analyzing publicly available information. The event aims to foster collaboration and innovation within the OSINT community, making it a must-attend for anyone involved in intelligence and cybersecurity! 

Carahsoft is proud to host the OSINT Foundation Tech Expo at the Carahsoft Conference & Collaboration Center in Reston, a space dedicated to ensuring collaboration and support across the technology industry and Government. Carahsoft invites our partners to join the 50 OSINT vendors and agencies already lined up to showcase their own tabletop exhibits. Carahsoft has also collaborated with FedGovToday’s Francis Rose to interview our partners for their Innovation in Government and Video Insights! 

GEOINT 2026 

May 3-6, 2026 | Aurora, CO | In-Person Event 

The Geospatial Intelligence (GEOINT) Symposium is the nation’s largest gathering of industry professionals and Government leaders and will be held at the America’s Center Convention Complex in St. Louis. This year’s theme, “Building a Secure Tomorrow Together,” highlights the collaborative efforts and cutting-edge innovations shaping the future of geospatial intelligence. The symposium will feature industry-leading keynote speakers, main stage panels and hands on training sessions on topics such as mission planning, precision timing and navigation. Attendees will be able to engage with geospatial intelligence experts to deepen their understanding, foster connections and stay at the forefront of innovative technologies. Attend GEOINT 2026 to explore the critical role geospatial intelligence will play in building a secure future! 

Carahsoft intends to showcase a Partner Pavilion with our vendors again in 2026. We look forward to attending GEOINT 2026 and join our OSINT customers to learn more about the latest in geospatial open source intelligence.  

SOF Week 2026 

May 3-8, 2026| Tampa, FL | In-Person Event 

SOF Week 2026 is the annual gathering for the international Special Operations Forces (SOF) community. Jointly sponsored by U.S. Special Operations Command (USSOCOM) and the Global SOF Foundation, the event serves as a platform for fostering collaboration, innovation and excellence in modern special operations. SOF Week will feature keynote addresses from senior leaders, professional development workshops, chances to network and sessions focused on non-profit initiatives. Do not miss this key event shaping the future of SOF operations! 

Carahsoft and more than 45 partners will attend and showcase solutions in AI, DevSecOps, cybersecurity, cloud technologies and open source intelligence.  

TechNet Cyber 2026 

June 2-4, 2026 | Baltimore, MD | In-Person Event 

TechNet Cyber 2026, hosted by the Armed Forces Communications and Electronics Association (AFCEA), is a flagship cybersecurity event bringing together U.S. Cyber Command, the Defense Information Systems Agency (DISA), Joint Force Headquarters-Department of Defense (DoD) Information Network and DoD Chief Information Office (CIO), as well as a mix of military, Government, industry and academic leaders. This conference serves as a platform for collaboration, uniting policy, strategic architecture, operations and command and control to address global security challenges in the digital domain. Attendees can expect a comprehensive program featuring expert panels on cybersecurity advancements, technology demonstrations and networking events aimed at enhancing national cybersecurity efforts. Join us in Baltimore to connect with top decision-makers and help drive solutions for this vital mission! 

 The event will feature a range of exhibitors, including Carahsoft’s leading cyber technology providers. Carahsoft looks forward to joining our open source intelligence customers at TechNet Cyber in 2026. 

Join us at one of our 2025 OSINT events to connect with intelligence leaders and professionals dedicated to advancing OSINT. Do not miss this opportunity to explore innovative OSINT techniques and tools, data analysis, cybersecurity and more! 

To learn more or get involved in any of the above events please contact us at OSINTVerticalMarketing@Carahsoft.com. For more information on Carahsoft and our industry leading OSINT technology partners’ events, visit our OSINT solutions portfolio

The Subcommittee on OSINT: A Milestone for National Security 

Posted on by
Reply

The establishment of the Subcommittee on Open Source Intelligence (OSINT) within the House Permanent Select Committee on Intelligence (HPSCI) marks a significant step forward in recognizing the vital role of OSINT in modern intelligence and national security. This dedicated subcommittee is designed to provide oversight, guidance and strategic direction for OSINT initiatives across the intelligence community (IC). Chaired by Rep. Ann Wagner (R-Mo.), the subcommittee focuses on enhancing OSINT capabilities by promoting data sharing, professionalizing OSINT as a discipline and ensuring adequate resource allocation. By leveraging publicly available information, OSINT plays a critical role in identifying global threats, improving situational awareness and strengthening national security.  

Purpose and Mission 

The OSINT subcommittee is responsible for overseeing programs and policies that ensure the collection, analysis and dissemination of OSINT align with national security objectives. It will advocate for increased funding and resource allocation to enhance OSINT capabilities while encouraging innovation through the adoption of artificial intelligence (AI), machine learning and automation tools to improve the effectiveness of OSINT. Additionally, the subcommittee will address ethical and legal considerations by establishing guidelines that adhere to privacy laws, civil liberties and best practices.  

Why OSINT Matters 

Carahsoft Subcommittee on OSINT Security Blog Embedded Image 2025

OSINT has become a cornerstone of modern intelligence gathering, providing real-time, publicly available data to supplement classified intelligence. By leveraging OSINT, agencies can accelerate threat detection and response by prioritizing the most critical risks, ensuring a proactive defense strategy. OSINT supports counterterrorism efforts, combats disinformation, identifies cyber threat actors, assesses geopolitical risks and aids in crisis response, making it an essential tool for strategic planning and real-time threat mitigation. 

Impact on the Intelligence Community 

The formation of this subcommittee signals a shift toward a more structured and well-funded approach to OSINT. By prioritizing open-source data collection, analysis and integration, the IC can gain faster, more accurate and cost-effective insights into global events. Additionally, it opens the door for increased collaboration between the Government and Private Sector OSINT providers, fostering innovation and strengthening national security. 

Carahsoft’s Perspective 

As The Trusted Government IT Solutions Provider, Carahsoft Technology Corp. views this initiative as a game-changer for the OSINT community, recognizing the congressional backing as a significant momentum builder for the discipline. With formal recognition and dedicated oversight at the congressional level, OSINT will receive the attention, investment and structure needed to solidify its role as an indispensable intelligence asset in an era of rapidly evolving digital threats. This move is expected to bring increased resources, enhanced policies and a more strategic approach to OSINT initiatives. For industry leaders like Carahsoft, it presents greater opportunities to collaborate with Government agencies, drive innovation and contribute to the evolving landscape of intelligence gathering. The subcommittee’s focus aligns with Carahsoft’s mission to provide cutting-edge OSINT tools and services, ultimately strengthening the nation’s intelligence capabilities. 

Discover how Carahsoft’s OSINT portfolio of trusted technology partnerships and innovative solutions can enhance intelligence gathering.

Third-Party Risk Management: Moving from Reactive to Proactive

Posted on by
Reply

In today’s interconnected world, cyber threats are more sophisticated, with 83% of cyberattacks originating externally, according to the 2023 Verizon Data Breach Investigations Report (DBIR). This has prompted organizations to rethink third-party risk management. The 2023 Gartner Reimagining Third Party Cybersecurity Risk Management Survey found that 65% of security leaders increased their budgets, 76% invested more time and resources and 66% enhanced automation tools to combat third-party risks. Despite these efforts, 45% still reported increased disruptions from supply chain vulnerabilities, highlighting the need for more effective strategies.

Information vs Actionable Alerts

The constant evolution and splintering of illicit actors pose a challenge for organizations. Many threat groups have short lifespans or re-form due to law enforcement takedowns, infighting and shifts in ransomware-as-a-service networks, making it difficult for organizations to keep pace. A countermeasure against one attack may quickly become outdated as these threats evolve, requiring constant adaptation to new variations.

In cybersecurity, information is abundant, but decision-makers must distinguish the difference between information and actionable alerts. Information provides awareness but does not always drive immediate action, whereas alerts deliver real-time insights, enabling quick threat identification and response. Public data and real-time alerts help detect threats not visible in existing systems, allowing organizations to make proactive defense adjustments.

Strategies for Managing Third-Party Risk

Dataminr Third Party Risk Management OSINT Blog Embedded Image 2024

Managing third-party risk has become a critical challenge. The NIST Cybersecurity Framework (CSF) 2.0 emphasizes that governance must be approached holistically and highlights the importance of comprehensive third-party risk management. Many organizations rely on vendor surveys, attestations and security ratings, but these provide merely a snapshot in time and are often revisited only during contract negotiations. The NIST CSF 2.0 calls for continuous monitoring—a practice many organizations follow, though it is often limited to identifying trends and anomalies in internal telemetry data, rather than extending to third-party systems where potential risks may go unnoticed. Failing to consistently assess changes in third-party risks leaves organizations vulnerable to attack.

Many contracts require self-reporting, but this relies on the vendor detecting breaches, and there is no direct visibility into third-party systems like there is with internal systems. Understanding where data is stored, how it is handled and whether it is compromised is critical, but organizations often struggle to continuously monitor these systems. Government organizations, in particular, must manage their operations with limited budgets, making it difficult to scale with the growing number of vendors and service providers they need to oversee. Threat actors exploit this by targeting smaller vendors to access larger organizations.

Current strategies rely too heavily on initial vetting and lack sufficient post-contract monitoring. Continuous monitoring is no longer optional—it is essential. Organizations need to assess third-party risks not only at the start of a relationship but also as they evolve over time. This proactive approach is crucial in defending against the ever-changing threat landscape.

Proactively Identifying Risk

Proactively identifying and mitigating risks is essential for Government organizations, particularly as threat actors increasingly leverage publicly available data to plan their attacks. Transparency programs, such as USAspending.gov and city-level open checkbook platforms, while necessary for showing how public funds are used, can inadvertently provide a playbook for illicit actors to target vendors and suppliers involved in Government projects. Public data often becomes the first indicator of an impending breach, giving organizations a narrow window—sometimes just 24 hours—to understand threat actors’ operations and take proactive action.

To shift from reactive to proactive, organizations must enhance capabilities in three critical areas:

  1. Speed is vital for detecting threats in real time. Using AI to examine open source and threat intelligence data helps organizations avoid delays caused by time-consuming searches.
  2. The scope of monitoring must extend beyond traditional sources to deep web forums and dark web sites, evaluating text, images and indicators that mimic official branding.
  3. While real-time information is essential, excessive data can lead to alert fatigue. AI models that filter and tag relevant information enable security teams to focus on the most significant risks.

Proactively addressing third-party risks requires organizations to stay prepared for immediate threats. By leveraging public data, they can strengthen defenses and act before vulnerabilities are exploited.

While self-reporting and AI tools are valuable, organizations must take ownership of their risk management by conducting their own due diligence. The ability to continuously monitor, identify and mitigate risks presents not just a challenge but an opportunity for growth and improvement. Ultimately, it is the organization’s reputation and security at stake, making proactive risk management key to staying ahead of today’s evolving threats.

To learn more about proactive third-party risk management strategies, watch Dataminr’s webinar “A New Paradigm for Managing Third-Party Risk with OSINT and AI.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Dataminr, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Why OSINT is Crucial to Having a Comprehensive Security Strategy

Posted on by
Reply

The landscape of intelligence gathering has evolved dramatically since the 1990s and early 2000s. Back then, accessing and utilizing information effectively was a major challenge, especially for Government agencies tasked with monitoring threats. Intelligence gathering was often a manual process, with significant gaps in communication and real-time analysis. Today technology has bridged those gaps, and organizations are more equipped than ever to gather and act upon threat intelligence.

At the heart of this evolution is open source intelligence (OSINT). OSINT refers to the collection and analysis of information that is publicly available from a variety of sources, such as websites, social media platforms, blogs, news outlets and more. This data is processed to derive actionable insights for decision making, security operations and threat detection. By leveraging OSINT, organizations can gather, analyze and deliver real-time data to enhance security and operational effectiveness.

Leveraging OSINT

When it comes to cyber operations, effectively leveraging OSINT can provide a significant advantage. Without strong intelligence, it becomes difficult to move from strategic planning to tactical and operational execution. Threats often begin long before a hacker breaches a network, with adversaries gathering intelligence on their targets over time. A holistic approach is critical—whether focusing on offensive or defensive cyber strategies—because gaps in understanding can lead to vulnerabilities and unintended consequences.

Recorded Future OSINT Blog Embedded Image 2024

A useful framework for understanding OSINT’s role is the information-to-risk pyramid. At its base, monitoring and telemetry are essential for providing context to potential threats. Many organizations rely on the Common Vulnerability Scoring System (CVSS), a standardized framework for evaluating and ranking the severity of software vulnerabilities, to help prioritize and address the most critical risks first. However, this system alone may not provide a complete picture. Integrating additional intelligence can reveal that vulnerabilities are actively exploited, making them far more dangerous.

Once threats are identified, organizations can bring in key stakeholders to formulate strategic responses. Risk owners, often from the business side, play a critical role alongside IT in decision-making. Government agencies, with their vast networks and resources, face these challenges on an even larger scale. In today’s environment seconds matter, and OSINT plays a pivotal role in crafting strategic plans to mitigate risks in real time.

The Human Factor

While technology plays a crucial role in OSINT, the human factor remains just as important. Analysts are at the heart of making OSINT actionable, reviewing alerts and correlating information. Integrating intelligence through application programming interface (API) calls can enhance this process, allowing organizations to combine telemetry data with open source information (OSIF).

Networks in large organizations are complex, generating thousands of security information and event management (SIEM) alerts daily, leading to alert fatigue. In such environments, timely responses are crucial. Adversaries can breach networks quickly, often within hours, so the ability to act decisively is vital to preventing significant losses. By focusing on critical alerts rather than false alarms, analysts can address the real threats.

Aligning OSINT tools with governance, risk management and compliance (GRC) can help organizations reduce vulnerabilities and enhance their overall security resilience. By understanding risks, organizations can effectively apply technology to secure their assets and ensure uninterrupted operations.

The Cost of Inaction

Turning gathered intelligence into actionable insights is vital, particularly for safeguarding critical infrastructure. As highlighted by FBI Director Christopher Wray, advanced persistent threats (APTs) are increasingly targeting essential sectors like energy, water and transportation. Today’s cybercriminals are no longer just interested in attacking networks to boast about their successes; they are targeting specific organizations.

Beyond direct attacks, adversaries may also infiltrate networks to understand how organizations and systems operate. Networking devices—especially in small office and home (SoHo) environments—are often the weakest links, frequently overlooked despite their vulnerability. While organizations regularly patch servers and monitor critical systems, these networking devices, particularly near sensitive areas like military bases or airports, can be soft targets. Once compromised, attackers can use local IP addresses to stay within the network, gathering information to plan more sophisticated attacks.

Furthermore, the threats extend beyond financial loss. Data privacy and the long-term impact of breaches must also be considered. Publicly traded companies face regulatory scrutiny from agencies like the Securities and Exchange Commission (SEC) and Federal Trade Commission (FTC). With new regulations such as Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) on the horizon in 2025, organizations will be required to report incidents promptly. Failing to protect sensitive data can result in costly fines and reputational damage, long after the breach has been resolved.

The Future of Cybersecurity is Proactive

Cybersecurity is a continuous operation that requires vigilance and adaptability. In an era where adversaries are patient and highly organized, an organization’s ability to identify and respond to threats effectively enables them to be not only reactive but proactive, addressing risks before they become crises. OSINT is no longer optional; it is a strategic necessity for organizations aiming to protect their assets, reputation and future.

To learn more about harnessing OSINT to enhance situational awareness, intelligence gathering and strategic decision making watch Recorded Future’s webinar “The Importance of OSINT in Defense Operations.”