‘Spend time to save time’ is one of Andreas Sfakianakis’ favorite quotes, and he certainly lives by it. When he started out as an undergraduate student in Computer Science, he had little knowledge about information security. “It was the sheer moment when I realized I could identify weaknesses in computer systems and build defences to better protect them that I never looked back.” Andreas’ educational qualifications include a B.Eng. degree in Computer Science and a M.Sc. degree in Information Security.
Tools like Nmap, Metasploit, and BackTrack (Kali) Linux inspired him to start in the field of information security and to better understand the adversaries’ capabilities. “I was always intrigued by adversaries’ actions post-compromise, their intentions, their capabilities, and their tradecraft,” says Andreas. “This knowledge can hugely help an organization better secure its infrastructure.” Precisely that is what brought him into the CTI field. Moreover, he appreciates how communication skills are critical and appreciated in this field. It has helped him build trusted connections with the CTI community and convey the outcome of threat analysis to different types of audiences.
The time when the CTI discipline started being adopted by organizations worldwide was the moment Andreas’ career really kicked off. It gave him the opportunity to experience first-hand the whole evolution of the CTI discipline from its very start. “During this journey, I have participated in the development of CTI teams in the finance, energy, retail, technology, and government sectors, all of which have different threat profiles.”
Another motto Andreas lives by is ‘Sharing is caring’, which shows in the many ways he transfers his extensive knowledge. “I learned a lot about Cyber Threat Intelligence from the community, and I consistently try to contribute back.” He regards SANS as being the best vehicle for transferring the knowledge that he acquired so far in his career. “The high quality of the courses as well as the top-notch instructors, are second to none in our industry.”
Andreas is currently an instructor candidate for the SANS FOR578 course of Cyber Threat Intelligence Training. With his experience across different industries, he brings practical advice and real-world examples to the classroom. “I try to give examples students can relate to, put them in situations where they need to think critically, and provide tangible takeaways. Intelligence is a team sport, and my approach is to interact with the students via thought-provoking questions and trigger interaction among them.”
Apart from the technical and analytical competencies, he also focuses on the important values an analyst should embody. He is a firm believer that a good analyst must embody integrity, humility, respect, transparency, and fairness. “As instructors, we need to lay the groundwork for positive work environments, healthy work relationships, and tomorrow’s leaders.”
Key publications :
- ENISA Threat Landscape. Threat Actor Trends. ENISA (2013, 2018, 2019, 2020, 2021, and 2022).
- Exploring the opportunities and limitations of Threat Intelligence Platforms (TIPs). ENISA (2018).
- World Economic Forum. Global Risks 2013 - Digital Wildfires in a Hyperconnected World (2013).
- Roadmap on the cooperation between CSIRTs and Law Enforcement. ENISA (2020).
- Cooperation between CSIRTs and Law Enforcement: interaction with the judiciary. ENISA (2019).
- Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement. ENISA (2017).
- eID Authentication methods in e-Finance and e-Payment services – Current practices and Recommendations. ENISA (2013).
- ENISA CERT Online Training Material. ENISA (2012, 2013).
- Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the Past - SANS CTI Summit 2020
- Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
- Welcome to the world of Cyber Threat Intelligence - Guest Lecture
- Setting Your CTI Process In Motion - ENISA CTI-EU 2022
- CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
- Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
- A professional view on eBanking Authentication: Challenges and Recommendations. 8th International Conference on Information Assurance and Security. Best paper award (2013).
- An Analysis of n-factor Authentication in eBanking Environments. International Journal of Information Assurance and Security (2014).
- CensMon: A Web Censorship Monitor. In Proceedings of the 1st USENIX Workshop on Free and Open Communications on the Internet (2011).
Working Groups and Committees:
- ENISA's Ad-Hoc Working Group on Cyber Threat Landscapes
- FIRST CTI Symposium Program Committee
- Member of Review Board for the Journal of Threat Intelligence and Incident Response (JTIIR)
- OASIS Cyber Threat Intelligence (CTI) Technical Committee
- GIAC Advisory Board
- Member of ENISA's Expert Group on EU MS Incident Response Development
- FIRST CTI Special Interest Group (SIG)
Personal website https://threatintel.eu
Company website https://sandgroup.eu