Register by tomorrow to save $150 on top-notch cyber security training in Reston, VA!


To attend this webcast, login to your SANS Account or create your Account.

CTI Requirements and Inhibitors: Part 1 of the 2019 SANS Cyber Threat Intelligence Survey

  • Tuesday, February 5th, 2019 at 1:00 PM EST (18:00:00 UTC)
  • Robert M. Lee, Nick Hayes, Helen Johnson and Allan Liska
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Anomali
  • DomainTools
  • IntSights
  • RecordedFuture
  • ThreatQuotient

You can now attend the webcast using your mobile device!


Organizations must be able to make decisions about risk, detection, prevention and response that are based on a true understanding of the threats they are facing. Threat intelligence can give them that understanding and can be applied at many different levels in an organization. This, however, relies on knowing what intelligence to apply, where to get that intelligence from, and how it can be put to use.

In this first part of a two-part webcast, attendees will learn the results of the 2019 Cyber Threat Intelligence Survey and explore the following:

  • Value of CTI
  • Use cases
  • CTI requirements
  • Inhibitors of growing a CTI program
  • Inhibitors related to staffing

Register for the second part of the results webcast being presented on Thursday, February 7 at 1 PM Eastern to explore CTI tools, usage and where CTI is headed in the future.

Webcast attendees will be among the first to receive the associated whitepaper written by Robert M. Lee and Rebekah Brown.

Speaker Bios

Robert M. Lee

Robert M. Lee, a SANS certified instructor and author of the "ICS Active Defense and Incident Response" and "Cyber Threat Intelligence" courses, is the founder and CEO of Dragos, a critical infrastructure cybersecurity company, where he focuses on control system traffic analysis, incident response and threat intelligence research. He has performed defense, intelligence and attack missions in various government organizations, including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Author of SCADA and Me and a nonresident National Cyber Security Fellow at New America, focusing on critical infrastructure cybersecurity policy issues, Robert was named EnergySec's 2015 Energy Sector Security Professional of the Year.

Nick Hayes

Nick Hayes is the VP of strategy at IntSights Cyber Intelligence. Prior to IntSights, Nick was a senior analyst at Forrester Research, where he advised security and business leaders at Fortune 500 and growth companies on cybersecurity strategy, technology adoption, and industry and technology market trends. During his time at Forrester, he pioneered the firm’s digital risk protection (DRP) research and authored more than 100 published reports and technology evaluations, covering a wide range of cybersecurity, risk and threat intelligence domains. Some of Nick’s unique areas of expertise include social media weaponization, brand security and threat detection, prevention and response.

Helen Johnson

Helen Johnson, a sales engineer at DomainTools, has more than 15 years of experience in the tech industry, starting her career as a support engineer for an SSL VPN product. Helen has worked with networking and application delivery, security and NAS technologies, and she has held many varied roles, including presales and customer success. Prior to joining DomainTools, Helen was a technical account manager at EMC for the Isilon product, and a solutions engineer in business development at F5 Networks. Outside of work, Helen enjoys MST3K marathons, exercise, knitting and other tactile crafty endeavors.

Allan Liska

Allan Liska is a senior security architect at Recorded Future. Allan has more than 15 years of experience in information security and has worked as both a security practitioner and an ethical hacker. Through his work at Symantec, iSIGHT Partners, FireEye and Recorded Future, Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of “The Practice of Network Security, Building an Intelligence-Led Security Program,” and “Securing NTP: A Quickstart Guide,” and the co-author of “DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.”

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.