Andreas Sfakianakis

Andreas is a seasoned cyber threat intelligence professional with over 15 years in cybersecurity. He specializes in cyber threat analysis and building threat management programs. Andreas believes in actively engaging the community, especially the new generation of CTI analysts, maturing threat management programs within organizations as well as the embedding of CTI in policymaking. Andreas is the global threat operations lead of SAP’s CTI team and the founder of SAND, a company that provides CTI consultancy services. He takes pride in helping students plan and achieve their goals within the CTI sphere. As Andreas would put it, “Helping budding analysts motivate me to further my knowledge transfer activities and develop myself as an instructor and mentor.”

More About Andreas

Upcoming Courses

Profile

‘Spend time to save time’ is one of Andreas Sfakianakis’ favorite quotes, and he certainly lives by it. When he started out as an undergraduate student in Computer Science, he had little knowledge about information security. “It was the sheer moment when I realized I could identify weaknesses in computer systems and build defences to better protect them that I never looked back.” Andreas’ educational qualifications include a B.Eng. degree in Computer Science and a M.Sc. degree in Information Security.

Tools like Nmap, Metasploit, and BackTrack (Kali) Linux inspired him to start in the field of information security and to better understand the adversaries’ capabilities. “I was always intrigued by adversaries’ actions post-compromise, their intentions, their capabilities, and their tradecraft,” says Andreas. “This knowledge can hugely help an organization better secure its infrastructure.” Precisely that is what brought him into the CTI field. Moreover, he appreciates how communication skills are critical and appreciated in this field. It has helped him build trusted connections with the CTI community and convey the outcome of threat analysis to different types of audiences.

The time when the CTI discipline started being adopted by organizations worldwide was the moment Andreas’ career really kicked off. It gave him the opportunity to experience first-hand the whole evolution of the CTI discipline from its very start. “During this journey, I have participated in the development of CTI teams in the finance, energy, retail, technology, and government sectors, all of which have different threat profiles.”

Another motto Andreas lives by is ‘Sharing is caring’, which shows in the many ways he transfers his extensive knowledge. “I learned a lot about Cyber Threat Intelligence from the community, and I consistently try to contribute back.” He regards SANS as being the best vehicle for transferring the knowledge that he acquired so far in his career. “The high quality of the courses as well as the top-notch instructors, are second to none in our industry.”

Andreas is currently an instructor candidate for the SANS FOR578 course of Cyber Threat Intelligence Training. With his experience across different industries, he brings practical advice and real-world examples to the classroom. “I try to give examples students can relate to, put them in situations where they need to think critically, and provide tangible takeaways. Intelligence is a team sport, and my approach is to interact with the students via thought-provoking questions and trigger interaction among them.”

Apart from the technical and analytical competencies, he also focuses on the important values an analyst should embody. He is a firm believer that a good analyst must embody integrity, humility, respect, transparency, and fairness. “As instructors, we need to lay the groundwork for positive work environments, healthy work relationships, and tomorrow’s leaders.”

Resources:

Key publications :

ENISA Threat Landscape. Threat Actor Trends. ENISA (2013, 2018, 2019, 2020, 2021, and 2022).
Exploring the opportunities and limitations of Threat Intelligence Platforms (TIPs). ENISA (2018).
World Economic Forum. Global Risks 2013 - Digital Wildfires in a Hyperconnected World (2013).
Roadmap on the cooperation between CSIRTs and Law Enforcement. ENISA (2020).
Cooperation between CSIRTs and Law Enforcement: interaction with the judiciary. ENISA (2019).
Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement. ENISA (2017).
eID Authentication methods in e-Finance and e-Payment services – Current practices and Recommendations. ENISA (2013).
ENISA CERT Online Training Material. ENISA (2012, 2013).

Presentation Videos:

Presentation slides:

Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the Past - SANS CTI Summit 2020
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Welcome to the world of Cyber Threat Intelligence - Guest Lecture
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

Academic papers:

A professional view on eBanking Authentication: Challenges and Recommendations. 8th International Conference on Information Assurance and Security. Best paper award (2013).
An Analysis of n-factor Authentication in eBanking Environments. International Journal of Information Assurance and Security (2014).
CensMon: A Web Censorship Monitor. In Proceedings of the 1st USENIX Workshop on Free and Open Communications on the Internet (2011).

Working Groups and Committees:

ENISA's Ad-Hoc Working Group on Cyber Threat Landscapes
FIRST CTI Symposium Program Committee
Member of Review Board for the Journal of Threat Intelligence and Incident Response (JTIIR)
OASIS Cyber Threat Intelligence (CTI) Technical Committee
GIAC Advisory Board
Member of ENISA's Expert Group on EU MS Incident Response Development
FIRST CTI Special Interest Group (SIG)

Personal website https://threatintel.eu

Company website https://sandgroup.eu

Presentations https://www.slideshare.net/asfakian

Publications https://threatintel.eu/publications-presentations/