SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsEver since the first system administrator blocked a suspicious IP address at the network perimeter, humanity has been asking the same question: "what is threat intelligence, anyway?" Over the past decade, we’ve collected and accumulated increasing amounts of data about attackers, ranging from “atomic Indicators of Compromise,” to “tactics and techniques,” to “actor-centric” analysis, all in an effort to keep pace with rapidly evolving threats and provide the context defender teams need to make better decisions.
Even as all of this data feeds the threat-informed defense machine, the question remains: what will the requirements look like over the next ten years? As governments and regulators move toward mandating incident and impact disclosure, how must threat intelligence evolve to support stronger, more strategic defensive decisions across organizations? From impact reporting to identifying industry-wide trends in how breaches happen, this talk will discuss the enormous potential in incident reporting and analysis and how, maybe this time, with enough data, we can finally find out what threat intelligence really means.


Alex Pinto is a Director of Threat Intelligence at Verizon Business. He has been responsible for publishing the Verizon Data Breach Investigations Report since the 2020 edition, among a myriad of other research, product management and engineering roles in the company.
Read more about Alex Pinto













