Let's start this article off with a question. What does Agent Smith from the Matrix, the Joker from Batman and Darth Vader from Star Wars all have in common? It's not the fact that they're all from movies, nor the fact that they’re all villains, but instead it’s the fact that they're all villains with motives and purposes. Be it enslaving humanity in the Matrix or building the Death Star in Star Wars, each of these villains do what they do for a reason. Then the heroes in these movies will use these motives and purposes against the villains in one form or another.

This, at its core, is what offender profiling is all about. It’s about building a knowledge base on malicious actors, and about understanding who the villains are so that we can better protect against them.

There’s an example I like giving for offender profiling, and I’ll be honest I like giving it because it is simple and easy for us to understand. It’s the idea of a DoS (Denial of Service) attack. Let’s imagine we’re protecting a customer’s network and they’re continually getting DoSed by a Scandinavian hacker group, between the hours of 03:00 and 06:00 each day. As a response we can add extra load balancers in place at these times, and then for the rest of the day use what we usually use. Here we’re using preemptive security, offender profiling, as well as some general security techniques to help protect our customers.

There is a great quote from the Los Angeles Police Chief, Charlie Beck, that talks about the importance of predictive policing. It says: “I’m not going to get more money. I’m not going to get more cops. I have to be better at using what I have, and that’s what predictive policing is about.” This same approach can be used for offender profiling. It’s all about preemptive security, doing what we can now to help protect ourselves in the future.

So if that’s what offender profiling is and why it’s important, how do we actually implement it? We can break building a knowledge base down into three main areas.