SANS Offensive Operations West 2021 features 10+ Live Online courses, Core NetWars, and Coin-A-Palooza! Register now.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

CTI Requirements and Inhibitors: Part 1 of the 2019 SANS Cyber Threat Intelligence Survey

  • Tuesday, February 05, 2019 at 1:00 PM EST (2019-02-05 18:00:00 UTC)
  • Robert M. Lee, Nick Hayes, Helen Johnson, Allan Liska


  • Anomali
  • DomainTools
  • IntSights
  • RecordedFuture
  • ThreatQuotient

You can now attend the webcast using your mobile device!



Organizations must be able to make decisions about risk, detection, prevention and response that are based on a true understanding of the threats they are facing. Threat intelligence can give them that understanding and can be applied at many different levels in an organization. This, however, relies on knowing what intelligence to apply, where to get that intelligence from, and how it can be put to use.

In this first part of a two-part webcast, attendees will learn the results of the 2019 Cyber Threat Intelligence Survey and explore the following:

  • Value of CTI
  • Use cases
  • CTI requirements
  • Inhibitors of growing a CTI program
  • Inhibitors related to staffing

Register for the second part of the results webcast being presented on Thursday, February 7 at 1 PM Eastern to explore CTI tools, usage and where CTI is headed in the future.

Webcast attendees will be among the first to receive the associated whitepaper written by Robert M. Lee and Rebekah Brown.

Speaker Bios

Robert M. Lee

Rob is a recognized pioneer in the industrial security incident response and threat intelligence community. He started in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).

Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.

Nick Hayes

Nick Hayes is the VP of strategy at IntSights Cyber Intelligence. Prior to IntSights, Nick was a senior analyst at Forrester Research, where he advised security and business leaders at Fortune 500 and growth companies on cybersecurity strategy, technology adoption, and industry and technology market trends. During his time at Forrester, he pioneered the firm’s digital risk protection (DRP) research and authored more than 100 published reports and technology evaluations, covering a wide range of cybersecurity, risk and threat intelligence domains. Some of Nick’s unique areas of expertise include social media weaponization, brand security and threat detection, prevention and response.

Helen Johnson

Helen Johnson, a sales engineer at DomainTools, has more than 15 years of experience in the tech industry, starting her career as a support engineer for an SSL VPN product. Helen has worked with networking and application delivery, security and NAS technologies, and she has held many varied roles, including presales and customer success. Prior to joining DomainTools, Helen was a technical account manager at EMC for the Isilon product, and a solutions engineer in business development at F5 Networks. Outside of work, Helen enjoys MST3K marathons, exercise, knitting and other tactile crafty endeavors.

Allan Liska

Allan Liska is a senior security architect at Recorded Future. Allan has more than 15 years of experience in information security and has worked as both a security practitioner and an ethical hacker. Through his work at Symantec, iSIGHT Partners, FireEye and Recorded Future, Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of “The Practice of Network Security, Building an Intelligence-Led Security Program,” and “Securing NTP: A Quickstart Guide,” and the co-author of “DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.”

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.