I’m wondering how they actually got the technical details from the Iranian systems though
Sooner or later this company has got to be covered through interviews or something in through journalism and that would be a huge value added because I’d love to hear their perspective from themselves
Your statement that you will be “working desperately to try and interview these guys” only reinforces the concern.
When a company and its personnel are publicly tied to a sensitive national security operation involving Iran, the responsible course of action is not to pursue additional publicity around the individuals involved. It is to recognize that amplifying their identities and roles further increases the risk profile for those people and their families.
You are not covering a consumer startup or a venture capital success story. You are discussing individuals associated with technology linked to a military strike against a hostile nation-state that has openly threatened retaliation against U.S. targets and has a documented history of operating proxy and intelligence networks internationally.
In that environment, aggressively seeking to spotlight specific employees, founders, or engineers is not journalism that serves the public interest. It is risk amplification.
Based upon your article outing the company’s name, its location, and identifying senior personnel in connection with a strike against Iran, what exactly makes you think they would want to speak with you? From their perspective, your reporting has already unnecessarily increased their exposure and potential risk.
People working in defense and national security sectors often operate quietly for a reason. Drawing attention to them for the sake of a story — particularly one framed around a kinetic military action — can have very real consequences.
If your stated concern is the loss of American servicemembers and the seriousness of the conflict, then the responsible path is restraint, not escalation of exposure.
You raise a really good point and one worth keeping in mind. Especially with countries like Iran I am sensitive to that. There is a fine line of profiling companies to give them exposure to gov stakeholders and financiers who can help them bring their tech to the front lines, and the risk that you highlight.
I also have family friends who have lifelong protective service because of their prior roles in government, so I know the risk well.
Unfortunately, the truth of the matter is that every one of these people is exposed already, so it would be an error to think that is not the case. Founders in defense tech should not be ignorant of that no matter how small they are. It took me 3 days to write this and anyone with computer can do the same. They are cyber targets and terrorist targets. Period.
I think a reasonable middle ground is focusing on the enterprises themselves and less on the people that build them. But I do appreciate your perspective and the concerns you raise.
I appreciate the acknowledgment of the concern and your willingness to think about the balance involved. However, there is a critical distinction here that often gets missed outside the intelligence and security communities.
Yes, technically much of this information exists somewhere in open sources. But there is a meaningful difference between dispersed information across multiple sources and someone compiling it into a single narrative that explicitly connects a company, its location, and identifiable personnel to a kinetic strike against a hostile nation-state.
In intelligence work, open-source aggregation is one of the primary ways targeting packages are initially built. Analysts routinely start with exactly the type of information that appears in media reporting, LinkedIn profiles, corporate pages, and public commentary. When someone has already connected those dots and presented them in a clear narrative, the time and effort required to build that operational picture drops dramatically.
That’s not theoretical. It’s a methodology.
Over the course of my career in federal law enforcement, intelligence, and security operations—including work involving investigative analysis, threat assessment, and red-team style security testing—I’ve seen firsthand how hostile actors and intelligence services rely heavily on publicly aggregated information to identify and prioritize targets. The material doesn’t have to be classified to be useful; in many cases it’s entirely open-source.
Your point that founders in defense technology should assume they are potential targets is fair. Most of them already do. But that reality does not eliminate the responsibility to avoid unnecessarily accelerating exposure or amplifying operational associations.
Your suggestion about focusing more on the enterprise and less on the individuals who build it is a reasonable step in that direction.
Given the current geopolitical environment and the credible threat of retaliation from hostile actors, for the safety and security of SpektreWorks and its employees, I would strongly suggest reconsidering the continued publication of the article and removing it from the web. At minimum, the identifying details that connect specific individuals, locations, and operational roles to a military strike deserve serious reconsideration.
National security reporting has always required balancing transparency with operational risk. The line isn’t always obvious—but the distinction between information existing somewhere and information being consolidated into a targeting narrative is very real.
That’s fair. I’m doing work interviewing founders who all personally want to have the profile to help build their businesses (Spectrewoks is an exception to that) so I’ll continue to write about them so long as they want that exposure. But I would appreciate your thoughts on how to strike a better balance going forward.
I appreciate you being open to the discussion and asking the question. That alone already puts you ahead of a lot of people in the tech and defense commentary space.
The balance really comes down to understanding that the defense and national-security ecosystem operates in a very different environment than normal startup culture. Visibility can help founders attract investors and customers, but excessive visibility can also unintentionally create intelligence value for hostile actors.
During my career working in federal law enforcement, intelligence, and security operations, I saw firsthand how open-source information is routinely used to build targeting packages.
Analysts are literally trained to aggregate small pieces of publicly available information—names, locations, technical capabilities, photos of facilities, travel patterns, partnerships—and stitch them together into something operationally useful.
None of this means founders shouldn’t tell their stories or promote their work. Innovation in the defense sector absolutely benefits from responsible exposure. The key is simply being thoughtful about how much operational detail is shared and how easily it could be aggregated by someone with hostile intent.
A few principles that can help strike that balance:
• Focus on mission and impact, not facility details or operational specifics.
• Avoid publishing exact locations, internal layouts, or security posture of companies working in sensitive fields.
• Limit identifying details that make it easy to map personnel, travel, or daily routines.
• When in doubt, ask: Could this information help someone build a targeting picture if combined with other open-source data?
You’re doing something valuable by highlighting innovation in the defense technology space. With a little attention to operational security considerations, that work can continue without unintentionally increasing risk to the people building these companies.
I appreciate you engaging on the topic.
PS- CNN just did a short piece on the drone. No OpSec released
Great write up - classic American entrepreneurship + a return to acquisition speed that mirrors (or exceeds?) the Rapid Fielding Initiative days of OIF.
I can’t help but wonder, however, if a small startup can scale to combat use in ~18 months, where is the moat in all of this?
This competitive dynamic will only intensify and drive prices (and profits) down. Outstanding for the buyer (DoD, and the American people), death knell for venture backers. It makes you question if other financing routes would be a more durable path to a resilient DIB than the boom-bust cycle of the VC model
My hypothesis and this is that there is no mode for companies in this sector, which is probably a good thing if I keep it low cost.
that is what I think is so interesting about this company and why I think they’re a good example of what success looks like. They started off as an engineering services firm with lower expectations of total enterprise value compared to the 12 billion in venture funding that went to drones last year.
In your article “SpektreWorks – The Bootstrapped Startup that Just Bombed Iran,” you state that you “don’t write about this subject lightly,” that “six U.S. servicemembers are dead,” and that readers should keep that in mind when discussing the topic.
What you failed to consider is that your article itself creates a real and measurable security risk.
By publicly identifying the company, describing its operational role, publishing its geographic location, and naming senior personnel, you have effectively conducted the type of open-source aggregation that hostile intelligence services rely upon when building target packages.
That is not journalism. That is targeting assistance through careless disclosure.
The U.S. government has already confirmed the credible presence of Iranian intelligence and proxy hit teams operating inside the United States. In that environment, publicly tying a specific U.S. defense contractor, its location, and identifiable personnel to a kinetic strike against Iran is extraordinarily irresponsible.
Hostile services routinely build operational pictures using nothing more than public reporting, LinkedIn, corporate websites, and media articles. Your article conveniently consolidates exactly the kind of information those actors seek:
• Company identity
• Geographic location
• Operational role in a military strike
• Names of senior personnel
From a security perspective, that combination constitutes pre-targeting intelligence.
If Iranian intelligence or proxy actors decide to retaliate inside the United States, you have helped narrow the list of potential targets and publicly highlighted individuals associated with the operation. That is precisely the type of exposure responsible journalists normally avoid when national security and personal safety are at stake.
You wrote that six American servicemembers are dead.
You should also consider whether reckless publication of sensitive operational associations could place additional Americans at risk — civilians and engineers who never asked to be put in the spotlight of geopolitical retaliation.
Responsible reporting on national security requires more than strong opinions. It requires judgment about what information should not be amplified, even when it is technically obtainable through open sources.
In this case, that judgment appears to have been absent.
I strongly recommend that you reconsider the continued publication of identifying details that unnecessarily expose a private defense contractor and its personnel to potential foreign retaliation.
I totally agree on your points. Not happy about this action but still the subject matter is of critical importance.
Outstanding reporting and outstanding work by the team
I’m wondering how they actually got the technical details from the Iranian systems though
Sooner or later this company has got to be covered through interviews or something in through journalism and that would be a huge value added because I’d love to hear their perspective from themselves
I will be working desperately to try and interview these guys!
Matthew,
Your statement that you will be “working desperately to try and interview these guys” only reinforces the concern.
When a company and its personnel are publicly tied to a sensitive national security operation involving Iran, the responsible course of action is not to pursue additional publicity around the individuals involved. It is to recognize that amplifying their identities and roles further increases the risk profile for those people and their families.
You are not covering a consumer startup or a venture capital success story. You are discussing individuals associated with technology linked to a military strike against a hostile nation-state that has openly threatened retaliation against U.S. targets and has a documented history of operating proxy and intelligence networks internationally.
In that environment, aggressively seeking to spotlight specific employees, founders, or engineers is not journalism that serves the public interest. It is risk amplification.
Based upon your article outing the company’s name, its location, and identifying senior personnel in connection with a strike against Iran, what exactly makes you think they would want to speak with you? From their perspective, your reporting has already unnecessarily increased their exposure and potential risk.
People working in defense and national security sectors often operate quietly for a reason. Drawing attention to them for the sake of a story — particularly one framed around a kinetic military action — can have very real consequences.
If your stated concern is the loss of American servicemembers and the seriousness of the conflict, then the responsible path is restraint, not escalation of exposure.
You raise a really good point and one worth keeping in mind. Especially with countries like Iran I am sensitive to that. There is a fine line of profiling companies to give them exposure to gov stakeholders and financiers who can help them bring their tech to the front lines, and the risk that you highlight.
I also have family friends who have lifelong protective service because of their prior roles in government, so I know the risk well.
Unfortunately, the truth of the matter is that every one of these people is exposed already, so it would be an error to think that is not the case. Founders in defense tech should not be ignorant of that no matter how small they are. It took me 3 days to write this and anyone with computer can do the same. They are cyber targets and terrorist targets. Period.
I think a reasonable middle ground is focusing on the enterprises themselves and less on the people that build them. But I do appreciate your perspective and the concerns you raise.
Matthew,
I appreciate the acknowledgment of the concern and your willingness to think about the balance involved. However, there is a critical distinction here that often gets missed outside the intelligence and security communities.
Yes, technically much of this information exists somewhere in open sources. But there is a meaningful difference between dispersed information across multiple sources and someone compiling it into a single narrative that explicitly connects a company, its location, and identifiable personnel to a kinetic strike against a hostile nation-state.
In intelligence work, open-source aggregation is one of the primary ways targeting packages are initially built. Analysts routinely start with exactly the type of information that appears in media reporting, LinkedIn profiles, corporate pages, and public commentary. When someone has already connected those dots and presented them in a clear narrative, the time and effort required to build that operational picture drops dramatically.
That’s not theoretical. It’s a methodology.
Over the course of my career in federal law enforcement, intelligence, and security operations—including work involving investigative analysis, threat assessment, and red-team style security testing—I’ve seen firsthand how hostile actors and intelligence services rely heavily on publicly aggregated information to identify and prioritize targets. The material doesn’t have to be classified to be useful; in many cases it’s entirely open-source.
Your point that founders in defense technology should assume they are potential targets is fair. Most of them already do. But that reality does not eliminate the responsibility to avoid unnecessarily accelerating exposure or amplifying operational associations.
Your suggestion about focusing more on the enterprise and less on the individuals who build it is a reasonable step in that direction.
Given the current geopolitical environment and the credible threat of retaliation from hostile actors, for the safety and security of SpektreWorks and its employees, I would strongly suggest reconsidering the continued publication of the article and removing it from the web. At minimum, the identifying details that connect specific individuals, locations, and operational roles to a military strike deserve serious reconsideration.
National security reporting has always required balancing transparency with operational risk. The line isn’t always obvious—but the distinction between information existing somewhere and information being consolidated into a targeting narrative is very real.
That’s fair. I’m doing work interviewing founders who all personally want to have the profile to help build their businesses (Spectrewoks is an exception to that) so I’ll continue to write about them so long as they want that exposure. But I would appreciate your thoughts on how to strike a better balance going forward.
Matthew,
I appreciate you being open to the discussion and asking the question. That alone already puts you ahead of a lot of people in the tech and defense commentary space.
The balance really comes down to understanding that the defense and national-security ecosystem operates in a very different environment than normal startup culture. Visibility can help founders attract investors and customers, but excessive visibility can also unintentionally create intelligence value for hostile actors.
During my career working in federal law enforcement, intelligence, and security operations, I saw firsthand how open-source information is routinely used to build targeting packages.
Analysts are literally trained to aggregate small pieces of publicly available information—names, locations, technical capabilities, photos of facilities, travel patterns, partnerships—and stitch them together into something operationally useful.
None of this means founders shouldn’t tell their stories or promote their work. Innovation in the defense sector absolutely benefits from responsible exposure. The key is simply being thoughtful about how much operational detail is shared and how easily it could be aggregated by someone with hostile intent.
A few principles that can help strike that balance:
• Focus on mission and impact, not facility details or operational specifics.
• Avoid publishing exact locations, internal layouts, or security posture of companies working in sensitive fields.
• Limit identifying details that make it easy to map personnel, travel, or daily routines.
• When in doubt, ask: Could this information help someone build a targeting picture if combined with other open-source data?
You’re doing something valuable by highlighting innovation in the defense technology space. With a little attention to operational security considerations, that work can continue without unintentionally increasing risk to the people building these companies.
I appreciate you engaging on the topic.
PS- CNN just did a short piece on the drone. No OpSec released
💪
Great write up - classic American entrepreneurship + a return to acquisition speed that mirrors (or exceeds?) the Rapid Fielding Initiative days of OIF.
I can’t help but wonder, however, if a small startup can scale to combat use in ~18 months, where is the moat in all of this?
This competitive dynamic will only intensify and drive prices (and profits) down. Outstanding for the buyer (DoD, and the American people), death knell for venture backers. It makes you question if other financing routes would be a more durable path to a resilient DIB than the boom-bust cycle of the VC model
My hypothesis and this is that there is no mode for companies in this sector, which is probably a good thing if I keep it low cost.
that is what I think is so interesting about this company and why I think they’re a good example of what success looks like. They started off as an engineering services firm with lower expectations of total enterprise value compared to the 12 billion in venture funding that went to drones last year.
Matthew,
In your article “SpektreWorks – The Bootstrapped Startup that Just Bombed Iran,” you state that you “don’t write about this subject lightly,” that “six U.S. servicemembers are dead,” and that readers should keep that in mind when discussing the topic.
What you failed to consider is that your article itself creates a real and measurable security risk.
By publicly identifying the company, describing its operational role, publishing its geographic location, and naming senior personnel, you have effectively conducted the type of open-source aggregation that hostile intelligence services rely upon when building target packages.
That is not journalism. That is targeting assistance through careless disclosure.
The U.S. government has already confirmed the credible presence of Iranian intelligence and proxy hit teams operating inside the United States. In that environment, publicly tying a specific U.S. defense contractor, its location, and identifiable personnel to a kinetic strike against Iran is extraordinarily irresponsible.
Hostile services routinely build operational pictures using nothing more than public reporting, LinkedIn, corporate websites, and media articles. Your article conveniently consolidates exactly the kind of information those actors seek:
• Company identity
• Geographic location
• Operational role in a military strike
• Names of senior personnel
From a security perspective, that combination constitutes pre-targeting intelligence.
If Iranian intelligence or proxy actors decide to retaliate inside the United States, you have helped narrow the list of potential targets and publicly highlighted individuals associated with the operation. That is precisely the type of exposure responsible journalists normally avoid when national security and personal safety are at stake.
You wrote that six American servicemembers are dead.
You should also consider whether reckless publication of sensitive operational associations could place additional Americans at risk — civilians and engineers who never asked to be put in the spotlight of geopolitical retaliation.
Responsible reporting on national security requires more than strong opinions. It requires judgment about what information should not be amplified, even when it is technically obtainable through open sources.
In this case, that judgment appears to have been absent.
I strongly recommend that you reconsider the continued publication of identifying details that unnecessarily expose a private defense contractor and its personnel to potential foreign retaliation.
Pull the article now, please