Texas Cyber Summit II

Cyber Threat Intelligence is a term that gets thrown around allot. But what does it look like to integrate it into your continuous monitoring program? What real world experience proven strategies and tactics can an organization adopt to start making intelligence driven choices? My talk covers what I think are the most appropriate parts of a threat intelligence program to start weaving into your operations depending on the maturity level of your organization. It is not threat intelligence 101, but it will cover fundamental items which an organization can start to use to be ready for a full Threat Intelligence team or engagement with an outside partner.

Description: Threat Intelligence remains elusive and mysterious to many organizations. There is often little in the way of true CTI in many organization, new and old, aside from subscription feed services. This can lead to both complacency in the sense of “oh we have threat intel” as well as misplaced dissatisfaction with regards to the “threat intel’ they think they have and the true benefits it can provide. If you can evangelize and integrate Threat Intelligence as an organization is just getting its continuous monitoring going (i.e. A SOC and all that goes with it) then the growth of the CTI program will always be in step with the organizations capabilities as opposed to lagging behind it, or worse, out pacing it. The organizations who ask for our help are often understaffed, under-resourced, and begging for help. The suggestions that follow will help maximize their efforts as well as put them in a position to help us help them.