National Counterintelligence and Security Center

How We Work

Mirriam-Grace MacIntyre

Mirriam-Grace MacIntyre

Ms. Mirriam-Grace MacIntyre is the Executive Director of the National Counterintelligence and Security Center (NCSC) where she oversees the daily operations of a national center dedicated to protecting America from foreign intelligence threats.


From 2021-2023, Ms. MacIntyre served as the Director for Counterintelligence at the National Security Council where she led the development of counterintelligence policy under the Biden-Harris Administration.


Ms. MacIntyre joined ODNI cadre in 2016 first as the National Counterintelligence Officer for Russia, Europe and Eurasia and later as the Deputy National Intelligence Manager for Counterintelligence and was responsible for leading the development of strategies, plans, and initiatives to advance the Intelligence Community’s (IC) counterintelligence mission and address the needs of U.S. Government decision makers. Under her leadership, ODNI was instrumental in driving significant CI and security advancements at the North Atlantic Treaty Organization. She also led numerous high-impact initiatives, including NCSC’s support to Operation Warp Speed’s COVID-19 vaccine development effort which enhanced threat awareness for the state, local, and private sector.


Prior to joining ODNI, Ms. MacIntyre served for eleven years as an intelligence officer at the Defense Intelligence Agency (DIA) where she held numerous senior analytic and management positions across the counterterrorism, CI, and counterespionage portfolios. In 2007, she led a team of linguists, analysts, and investigators at the Combined Media Processing Center – Qatar responsible for supporting ongoing military operations during Operation Iraqi Freedom. Prior to that, Ms. MacIntyre held several analytic positions working hard targets and spent two years as an analyst and briefer in support of the Joint Chiefs of Staff, where she produced current intelligence products on foreign intelligence threats to the Department of Defense.


Awards and honors include DIA’s Meritorious Civilian Service Award, DoD’s Civilian Combat Support Award, DoD’s Civilian Expeditionary Award, and the National Security Award for CI Analysis.


Ms. MacIntyre holds degrees and certificates from Georgetown University, George Washington University, and Institut des Etudes Sciences Politiques de Paris.

Authorized Disclosures Podcast

Authorized Disclosures is the NCSC Podcast on key counterintelligence and security issues. NCSC Podcast Logo


Protect your information




Data breaches involving personal information result in a broad range of risks to individuals and organizations. This includes identity theft, targeting of individuals with knowledge of sensitive government information and internal business processes, and other intelligence activities that use personal information of U.S. citizens to undermine national security.


It is in our collective interest that we take actions to limit the risk of our personal information being exploited, and that we are able to recognize any indicators that we may be the target of such activities.


Confirmation that your personal information has been accessed in a data breach is not a guarantee that your information will be misused or that you will be targeted for further exploitation. However, it is important to remain mindful of the risk of such misuse or exploitation.


The following information is provided to raise your awareness to this possibility and to help you understand how your personal information may be used by foreign intelligence services, and other “bad actors” (extremists, criminals, hackers, and the like).


The information below is provided to raise awareness and provide guidance for mitigating risks; it is not intended to indicate that the government has observed particular adverse effects from data compromises.


 General Awareness & Protection Guidance


All individuals potentially affected by a breach should be wary of suspicious activities indicating their personal information has been or is being exploited, and follow these protective measures, including:

  • Do not provide additional or detailed information about yourself, your family or associates, or your position with any individual who has an unusual or heightened interest in you, or your family and associates;
  • Do not share personal, financial, or sensitive information if you are contacted by unknown individuals or groups via e-mail, instant messaging or text, telephone, social media interaction, and personal encounters;
  • Do not open attachments or click on links embedded in emails, instant messages or texts from unknown senders, senders who would be unlikely to send an email directly to you, and even from known senders with grammatical errors, misspellings, or if there is no text with the attachment or link;
  • Install and maintain up-to-date anti-virus and anti-malware software to guard against viruses, other malicious code, and pop-ups that can appear if your computer is infected;
  • Transmit electronic information safely using encryption and by using secure, known websites (e.g., with addresses starting with “https” rather than “http”);
  • Share electronic files and photographs only with those you know as they contain embedded metadata such as identity, date and time, and location information;
  • Select the highest level of privacy settings on your electronic devices and applications;
  • Monitor your credit history and activity through a reputable credit bureau and your account statements for any unauthorized or unusual entries. Free credit reports can be obtained at:;
  • Maintain direct positive control of, or leave at home, electronic devices during travel, especially when traveling out of the U.S.;
  • Know the locations and contact information for U.S. embassies, consulates, and other diplomatic establishments for any issues or emergencies when traveling out of the country. This information can be found at:;
  • Report per your department, agency, or company instructions, all suspicious activity, events, or individuals you, relatives, and associates encounter; and
  • Share these general awareness and protection guidelines with relatives and associates as appropriate. Avoid misconduct or behaviors that leave you vulnerable to blackmail, coercion, or recruitment.


Social Engineering


Social Engineering is the term used to describe bad actors using information they have discovered either legally or illegally about you to gain your trust and extract further information or manipulate you to take actions you would not otherwise take.


The use of stolen personal information by cyber operators is highly valuable for social engineering as it can be used to create a compelling illusion that you already know an individual or have a shared interest with them. It opens a means to contact you in either cyber space or the physical world to foster that trust or do harm.


Examples of how bad actors may use your personal information for social engineering and other purposes include:


Phishing (or spearphishing) is a common method used to contact people through email. With phishing, bad actors use social engineering to target their victims and lure them into taking actions that could ultimately compromise their computer or network. Examples include getting a victim to open a malicious attachment or clicking on a bogus embedded link. Like other social engineering attacks, spear phishing takes advantage of a victim’s most basic human traits, such as a desire to be helpful, provide a positive response to those in authority, or respond positively to someone who shares similar tastes or views, or simple curiosity about contemporary news and events. Those who “take the bait,” become unwitting participants in a computer network attack by allowing the attackers to bypass many of our technical defenses.


Phishing scams also trick you into providing your confidential information, which is then used to access your accounts. Typically this kind of fraud involves an email, text message, or pop-up window claiming to come from an official source.


Social Media Deception (including Facebook, Twitter, Google and LinkedIn) provides bad actors with an avenue to connect to their victims. Attackers may create a fake profile to befriend their victims while posing as a former acquaintance, job recruiter, or someone with a shared interest. Using a fake online persona, an attacker may try and get their victims to reveal more information about themselves or their employers, or they may simply collect more information about their victims from your social media postings.


Human Targeting is often used by foreign governments to target individuals with access to information of interest to them. For instance, you may unexpectedly meet someone at a venue of interest, such as a conference or child’s school event, who shares your interests or views and establishes an ongoing relationship. Your new friend may test you by getting you to do seemingly small “favors” for them or getting you to talk about trivial work-related information. Over time, trivial information may lead them to information that is of interest.


Travel Vulnerabilities are greater than usual, especially if you are traveling outside of the U.S., as it is common for you to encounter unfamiliar people. Also, your guard may be down because you are traveling for vacation, training, or other relaxing purposes. Therefore, take extra precaution of:

  • Those who approach you in a friendly manner and seem to have a lot in common with you--especially if they wish to maintain contact with you once you return home.
  • Interactions in social settings where you find you are unusually successful in meeting and impressing others.
  • Aseemingly random and/or other foreign acquaintance who has heightened interest in your work or introduces you to a third party who then wants to continue to meet with you.


Unsolicited Telephone and Text Messages from toll-free numbers can be set up quickly and sometimes exist solely for the purpose of capturing your confidential information, often simply by playing a prerecorded message about your accounts being in trouble. The message prompts you to enter your 16-digit account number. This is followed by a request for your PIN and other personal information. Or you may receive a text message or a phone call with a prerecorded message that describes an urgent situation that requires immediate action. The message may say, “Your account has been blocked. Please call 800-123-4567 to unlock it.” Before you realize you’re being scammed, you’ve given enough information to duplicate your card and access your accounts.


Identity Impersonation is acquiring key pieces of your confidential information, such as your name, address, birthdate, Social Security number, and mother's maiden name, in order to commit fraud. Identify Impersonation can be used as a tactic for corporate exploitation via the newly acquired identity. With this information, an identity thief can take over your financial accounts; open new bank accounts; purchase automobiles; apply for loans, credit cards, and Social Security benefits; rent apartments; and establish services with utility and phone companies, all in your name.




To protect yourself and your family, we urge all affected individuals to exercise caution and remain vigilant to any events appearing out of the ordinary or suspicious.


If you believe you have observed activity related to a personal data compromise or suspect your personal information has been exploited, report your concern as soon as possible to your security office.


The appropriate Federal government sites may also be used to report specific incidents:

  • Report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at
  • If you notice fraudulent activity, go to the Federal Trade Commission (FTC) website ( or and complete an ID theft complaint form and place a fraud alert on your credit report.
  • Report unexplained activity related to criminal behavior to the local police department. Provide them with a copy of the FTC form and request a copy of the police report.




Know the Risk - Raise your Shield: Spear Phishing


Know the Risk - Raise your Shield: Social Media Deception

Know the Risk - Raise your Shield: Human Targeting


More Information


The additional information, as well as future resources, as can be found at the web site, including:




NCSC Podcast Logo

Jeanette McMillian, the Assistant Director for NCSC's Supply Chain and Cyber Directorate, recently sat down with Ms. Kemba E. Walden, the Principal Deputy National Cyber Director for the Office of the National Cyber Director (ONCD), for a podcast interview.

The discussion focused on the work of the ONCD and its efforts to enhance cybersecurity awareness for a more resilient cyber supply chain.

Guest Speaker

Ms. Kemba E. Walden is the Principal Deputy National Cyber Director for the Office of the National Cyber Director. Ms. Walden brings a wealth of public and private sector experience to this role, including her work as assistant general counsel for Microsoft’s Digital Crimes Unit and her service at the Department of Homeland Security, where she served as a cybersecurity attorney for the Cybersecurity and Infrastructure Security Agency, or CISA.

Personnel Security for Industry & Academia

SafeguardingScience Personnel Security

Job Aids

  • Counterintelligence Reporting Essentials (CORE): A Practical Guide for Reporting Counterintelligence and Security Indicators
    Supervisors and coworkers are the first line of defense against national security crimes. The government relies on you toprotect national security by reporting any behavior that you observe that may be related to a potential compromise ofsensitive information. However, judgment calls are often required by the potential reporter, and this often leads to indecisionor choosing not to report anything. This resource provides a focused list of serious counterintelligence- and security-relatedbehaviors that, if observed or learned about, should be reported immediately to the appropriate counterintelligence orsecurity authorities. All these behaviors are serious and require little or no speculation.


  • Enhancing Supervisor Reporting of Behaviors of Concern
    This report compiles a literature review with key information from subject matter expert (SME) interviews about barriers to reporting, strategies for overcoming these barriers, and tools to assist with the reporting process.
  • Reporting of Counterintelligence and Security Indicators by Supervisors and Coworkers
    Personnel and Security Research Center (PERSEREC) conducted a study of supervisor and coworker reporting of security-related information. Explanations were offered by security managers and by focus group participants as to why manysecurity-related behaviors are underreported. PERSEREC developed a clear, succinct list of behaviors that could pose apotential threat to national security and thus should be reported if observed.
  • On the Right Track: Worker-on-Worker Violence Prevention
    Researchers partnered with subject matter experts (SME) in law enforcement and asked them to share their opinions as towhy worker-on-worker violence seems so rare in police departments, especially given the intense, fast-paced, and armed environment. The purpose of this report is to identify best practices based on these discussions and recommend potential prevention strategies that organizations might want to consider for its own workforce.

National Counterintelligence and Security Center