Who we are, how we work, and what we commit to.
Independent investigative researcher
CrimsonVector is Diego Parra's investigative research practice.
The focus is the persistent infrastructure underneath cybercrime and financial crime: the operators, hosting ecosystems, and financial conduits that outlast individual breaches, indictments, and enforcement actions. The unit of analysis is the network, not the incident.
Four areas anchor the work: sanctions evasion and shadow finance infrastructure; bulletproof hosting and criminal infrastructure operators; Latin American organized crime and cyber-enabled financial operations; and the adversarial use of AI by threat actors. The Latin America focus draws on Diego's background — Colombian and Mexican-American — and on the gap that bilingual primary-source research can fill in the English-language CTI literature. Italian, retained from a year spent studying in Italy, supports periodic work on European financial intermediaries.
Diego works in cybersecurity at a financial services firm in the southeastern United States. CrimsonVector is independent of that work; no employer data, telemetry, or incidents inform what's published here.
The unit of investigation is the persistent corporate or human network behind the activity, not the technical artifact or the news-cycle incident. Malware samples, phishing kits, and individual campaigns are entry points; the operators, infrastructure providers, and financial conduits behind them are the subject. Focusing on the substrate rather than the event produces work that remains relevant months and years after publication, not days.
Court documents, OFAC designations, corporate registrations, regulatory filings, blockchain primary data, and native-language press are preferred over secondary reporting. Secondary sources are cited for context but not relied upon as the basis for findings.
Investigations are published when the network is sufficiently mapped, not when a deadline arrives. Partial findings are held until they can be placed in adequate context. Speed is sacrificed for accuracy and completeness.
Each investigation includes a clear note on sources used, methods employed, attribution confidence levels, and limitations. This transparency is itself a credibility artifact — readers can evaluate the work on its own terms.
CrimsonVector does not accept sponsored content, advertorials, or paid newsletter promotions of products. Reputation requires verifiable independence. There are no commercial relationships between CrimsonVector and any vendor, platform, or tool mentioned in investigations.
Diego Parra works in cybersecurity at a financial services firm. Investigations published under CrimsonVector never reference current employer threat intelligence, operational data, or specific incidents. The research practice and employment are separated by a hard wall.
Errors are corrected publicly with clear notation. No silent edits. If a finding is revised, the original text is preserved with a visible correction note and date. Readers deserve to see what changed and why.
CrimsonVector does not solicit or accept paid placements, sponsored content, or advertorial work.