SANS Offensive Operations West 2021 features 10+ Live Online courses, Core NetWars, and Coin-A-Palooza! Register now.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cyber Threat Intelligence in Action-Effectiveness of CTI Programs and Wish Lists for the Future: Results of the 2017 Cyber Threat Intelligence Survey Part 2

  • Thursday, March 16, 2017 at 1:00 PM EST (2017-03-16 17:00:00 UTC)
  • Travis Farral, Rebekah Brown, Dave Shackleford, Allan Thomson


  • Anomali
  • Arbor Networks
  • DomainTools
  • Lookingglass Cyber Solutions, Inc.
  • Rapid7 Inc.
  • ThreatConnect

You can now attend the webcast using your mobile device!



Cyber threat intelligence (CTI) usage is maturing, but organizations still have a long way to go, based on our 2016 CTI survey results. This webcast will cover improvements in CTI usage and integration over the past year, as well as what CTI consumers would like to improve.

In this webcast, featuring Dave Shackleford, senior SANS instructor and GIAC technical director, attendees will learn:

  • Best practices and standards for integrating and utilizing CTI
  • Who's utilizing CTI data and for what purposes
  • Usefulness of reports and data output
  • Wish lists for future iterations of their CTI deployments

Click here to be among the first to receive the associated whitepaper written by Dave Shackleford.

This is the second part of a two-part webcast series releasing our 2017 CTI survey results. The first webcast, on Wednesday, March 15, 2017, at 1:00 p.m. Eastern, will focus on the how CTI is being implemented and the inhibitors that affect organizations' ability to establish and maintain programs. Click here to register for the Part 1 webcast.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Rebekah Brown

Rebekah Brown has spent more than a decade working in the intelligence community; her previous roles include NSA network warfare analyst, operations chief of a United States Marine Corps cyber unit, and a U.S. Cyber Command training and exercise lead. Rebekah has helped develop threat intelligence and security awareness programs at the federal, state and local level, as well as in the private sector. Today, Rebekah leads the Rapid7 threat intelligence programs, where her responsibilities include program architecture, analysis and operations. She is a course author and instructor for SANS FOR578 - Cyber Threat Intelligence, and author of Intelligence Driven Incident Response.

Travis Farral

Travis Farral is the director of security strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response and industrial control systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.

Allan Thomson

As Lookingglass Chief Technology Officer, Allan Thomson brings more than three decades of experience in technology areas such as networking and distributed IT. Prior to Lookingglass, Allan most recently served as Principal Engineer at Cisco Systems, Inc., where he led the software architecture and design of the company’s Cyber Threat Defense System and Platform Exchange Grid. He was responsible for overall systems management and security telemetry collection/aggregation, as well as distributed threat analysis/intelligence services in multi-tenant public and private cloud deployments. Prior to joining Cisco, Allan oversaw the technology growth initiatives of several start-up companies, including Airespace, where he was a Software Architect responsible for the design, development and network management/location tracking of the company’s wireless local area network (WLAN) system. Airespace was acquired in 2005 by Cisco, and Allan joined Cisco following the acquisition.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.