Independent Intelligence Analysis: A Field Manual for Open-Source Practitioners
BLUF
Independent intelligence analysis is not institutional analysis performed outside an institution. It is a structurally distinct discipline operating without clearances, collection infrastructure, peer review committees, legal counsel, or salaried tenure. Every institutional shock absorber — calibration against classified ground truth, an all-source apparatus, a chief of analysis adjudicating disagreement, an agency masthead absorbing liability — is absent. The independent practitioner inherits the doctrine of Sherman Kent, Richards J. Heuer Jr, and the ICD canon, but must re-engineer its operating assumptions for solo execution. Existing manuals treat the analyst as an institutional actor; this gap is what this field manual closes.
Scope and Audience
This manual is written for the practitioner already operating in the open domain, with prior exposure to analytical tradecraft, who needs an explicit operating model for working without institutional scaffolding.
Primary audience:
- Geopolitics and conflict analysts publishing under their own byline — Bellingcat-adjacent open-source investigators, think-tank associates writing in personal capacity, country/theatre specialists building public corpora on platforms like intelligencenotes.com or substack-class properties.
- Cyber threat intelligence practitioners outside SOCs — independent CTI analysts attributing campaigns, tracking infrastructure, and writing public reports without an enterprise intel-team’s telemetry or vendor feeds.
- Financial crime and due diligence investigators in private practice — solo or boutique consultancies producing KYC/enhanced due diligence reports, beneficial ownership work, sanctions screening, and corporate intelligence assignments.
- Investigative journalists applying analytical tradecraft — reporters who have moved beyond narrative journalism into structured analysis (forecasts, attribution, probability assessments) and need the analyst’s toolkit.
- Fact-checkers at platforms applying verification at scale, who require the analyst’s source evaluation discipline rather than only the journalist’s verification reflex.
This manual is not for:
- Students learning basic tradecraft for the first time — see institutional primers and the in-vault Intelligence Analysis Manual and Open-Source Intelligence Manual first.
- Institutional analysts seeking IC doctrine — read ICD 203, ICD 206, ICD 208 directly. This manual deliberately does not re-derive doctrine you already operate inside.
- Hobbyist OSINT enthusiasts without an output discipline — the field manual assumes publication and reputational stakes.
The expected reader has already completed the equivalent of an intelligence-analysis course or three years of applied open-source work, and is now solving the harder problem: how to run sustained, defensible, high-rigor analysis as a one-person enterprise.
The Independent Analyst’s Structural Problem
Institutional intelligence analysis is engineered around five shock absorbers the independent analyst does not have. Recognising this is not a complaint — it is a design constraint. Every chapter that follows is a compensating control for one of these absences.
No clearances → no classified ground truth for calibration. Institutional analysts calibrate their judgements against signals (HUMINT, SIGINT, finished classified product) that occasionally confirm or refute their open-source-derived assessments. Over a career, this produces a feedback loop — the analyst learns where their open-source reasoning is reliable and where it consistently misses. The independent analyst has no such loop. Confidence statements must therefore be structurally more conservative: where an IC analyst might assess “likely” (55–80%) on the strength of corroborating classified reporting, the independent analyst with only open-source convergence should usually downgrade to “roughly even chance” or “unlikely to be confirmed without privileged access,” and explicitly flag the absence of non-public corroboration. The PHIA Probability Yardstick is the floor, not the ceiling, of caution.
No HUMINT network → all-source becomes all-OSINT. The institutional “all-source” label is meaningless without HUMINT, SIGINT, GEOINT-classified, and finished cross-agency product. The independent analyst’s all-source is in fact an all-OSINT pipeline augmented by limited interview work, FOIA returns, and commercial data. This shifts the centre of gravity: collection planning, source evaluation, and triangulation discipline must do more analytical work than they would inside an agency, because they are carrying the load that classified collection carries elsewhere.
No legal counsel → legal exposure is personal. An institutional analyst publishing a misjudged attribution is defended by general counsel. The independent analyst is the named defendant. Defamation thresholds, GDPR Article 6 lawful-basis arguments, OFAC/UK/EU sanctions interactions, and computer-misuse exposure (where collection techniques wander) all land directly on the practitioner. This is treated as a first-order operational concern in Part 09, not an afterthought.
No peer review structure → cognitive bias mitigation is personal discipline. Within an agency, devil’s advocacy, Team A/Team B exercises, and a chief of analysis with authority to demand rework are structural defences against cognitive bias. The independent analyst has none of this by default. Solo red-teaming, two-AI adversarial review, and curated pre-publication networks (Part 06) must be built deliberately. The discipline is not optional; without it, motivated reasoning has no friction.
No salary guarantee → credibility is the business model. The institutional analyst is paid whether or not any single assessment is right. The independent analyst is paid for being right often enough that consumers (subscribers, clients, retainer-paying organisations) keep returning. Credibility is not a virtue here — it is the asset on the balance sheet. A single un-corrected major error compounds against future revenue. This reframes correction discipline, calibration tracking, and reputational OPSEC as commercial functions, not just professional courtesies.
These five absences are the architecture of the problem. The chapters that follow are the compensating architecture of the solution.
What This Manual Is Not
This manual deliberately does not re-derive material already covered in the vault. It assumes the reader treats the following as prerequisites or parallel references, not as gaps to be filled here:
- Intelligence Cycle doctrine — see Intelligence Cycle. The cycle is referenced throughout, never re-explained.
- Full ACH procedure — see Analysis of Competing Hypotheses. Part 05 covers solo adaptation, not the canonical Heuer eight-step procedure.
- IC doctrine (ICD 203, OTRAU) — see Intelligence Analysis Manual. Standards of analytic tradecraft are assumed known; this manual covers their application outside institutional enforcement.
- OSINT doctrine (PAI/CAI) — see Open-Source Intelligence Manual. Publicly Available Information and Commercially Available Information taxonomy is presumed.
- LLM-assisted OSINT workflow — see LLM-OSINT-SOP-A2IC. The A2IC SOP is the operational standard for AI-augmented collection and is referenced rather than reproduced.
- Source verification SOP — see Source Verification Framework. Part 04 extends this for solo application; it does not replace it.
- Geolocation methodology — see Geolocation Methodology. Geolocation tradecraft is a referenced capability, not a chapter.
Read those manuals as the doctrinal substrate. This series sits on top of them.
Series Structure
The twelve parts of the field manual run in operational sequence — from analyst posture through final reputational sustainability — but each is designed to be readable standalone.
-
Part 01: The Independent Analyst — Establishes the posture: what it means to operate under your own name, the analyst–commentator distinction, public byline implications, and the personal threat model. Frames reputation as the central asset and tenure as a fiction that must be replaced by demonstrated track record.
-
Part 02: Self-Tasking and Intelligence Requirements — How to generate Priority Intelligence Requirements without a customer tasking them. Research agenda management, beat selection, the discipline of refusing low-yield work, and converting reader/client demand signals into structured PIRs.
-
Part 03: Collection for the Open-Domain Practitioner — All-OSINT collection architecture for a solo analyst: multi-lingual primary sourcing (per the vault’s actor language tiers), archival discipline (Wayback/archive.today as standing reflex), commercial-data triage, and the collection-plan-as-living-document.
-
Part 04: Source Evaluation Without Institutional Context — Admiralty Code applied solo, treatment of state-aligned outlets (RT, Xinhua, PressTV, TASS) under labelling discipline, Berkeley Protocol on digital open-source investigations, and the heuristics for evaluating analysts and platforms without a counter-intelligence support cell.
-
Part 05: Analysis Without Institutional Support — Structured Analytic Techniques adapted for one operator. Domain modules covering geopolitical/conflict analysis, cyber threat intelligence attribution, financial-crime and due-diligence workflows, and fact-checking-as-analysis.
-
Part 06: Adversarial Review Without a Peer Team — The two-AI adversarial review protocol, solo red-teaming routines, structured self-critique under ICD 203 criteria, and the design of small trusted pre-publication review networks without compromising OPSEC or pre-disclosure.
-
Part 07: Production and Writing for Non-Institutional Consumers — Consumer taxonomy (general public, specialist subscribers, paying clients, journalists, policymakers reading in personal capacity). Report templates, the PHIA Probability Yardstick as default language, BLUF discipline, and correction-and-update workflow.
-
Part 08: OPSEC for the Independent Analyst — Personal threat model, persona separation across analytical and personal life, device-and-OS hygiene, network security baseline, and operational compartmentation when working sensitive cases without institutional protection.
-
Part 09: Legal Exposure and Liability Management — Defamation thresholds across major jurisdictions, GDPR/UK GDPR posture for analytical writing, sanctions-regime awareness (OFAC, OFSI, EU), sourcing risk (CFAA-adjacent collection traps), and structuring activity to limit personal liability.
-
Part 10: Ethics Without Institutional Enforcement — Berkeley Protocol applied; GIJN ethical standards; the publish-vs-hold decision for sensitive findings; weaponisation risk where analytical output can be turned into targeting data; the obligation of correction.
-
Part 11: Tools and Technology Stack — Open-source-preferred tool matrix organised by function: collection, archival, analysis, writing, OPSEC, dissemination. Local-first and self-hosted options prioritised; commercial tools included where structurally necessary.
-
Part 12: Sustainability, Business, and Reputation — Funding models (subscription, retainer, advisory, occasional contract, grant), the credibility flywheel, calibrated career architecture, burnout management, and the long-arc question of when and whether to scale beyond a single operator.
How to Use This Manual
Reading paths by practitioner type — each path covers the load-bearing chapters for that profile; remaining chapters function as reference once the core path is internalised.
- Geopolitics and conflict analysts: Parts 01, 02, 03, 04, 05, 08. Read in sequence; multi-lingual collection (03) and Source Evaluation (04) are the highest-yield chapters for this profile.
- Cyber CTI: Parts 01, 02, 03, 05, 08, 09. Start with 01 to fix the public-byline question, then jump to 05 for the CTI module, then circle back to OPSEC and legal exposure — the two domains where independent CTI work most often breaks.
- Financial crime and due diligence: Parts 02, 03, 04, 05, 09, 10. This profile is the most legally exposed; 09 and 10 are not optional.
- Fact-checking: Parts 02, 04, 05, 07. The fact-checker’s gap relative to other profiles is the analytical jump beyond verification; 05 closes it.
- OPSEC-priority readers (analysts already operating, who picked up this manual after a near-incident or rising threat environment): Start with Part 08, then Part 09. Treat the rest as remediation work once posture is stabilised.
The manual is non-linear by design. Use the wikilink graph rather than the table of contents.
Version Note
This manual is grounded in the established doctrinal canon and harmonises it for non-institutional execution. Primary references throughout the series:
- ICD 203 — Analytic Standards (ODNI)
- DNI IC OSINT Strategy 2024–2026
- Berkeley Protocol on Digital Open Source Investigations (OHCHR / UC Berkeley HRC, 2020)
- GIJN — Global Investigative Journalism Network ethics and methodology resources
- Heuer (1999) — Psychology of Intelligence Analysis
- Kent (1949) — Strategic Intelligence for American World Policy
- PHIA Probability Yardstick (UK Professional Head of Intelligence Assessment)
Methodology: each part presents the institutional doctrine briefly, identifies the structural assumption the institution provides, then specifies the compensating control for the independent operator. Where the vault already holds a deeper treatment, the chapter cross-references rather than duplicates.