Get a MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training - Learn More


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

CTI Tools, Usage and a Look Ahead: Part 2 of the 2019 SANS Cyber Threat Intelligence Survey

  • Thursday, February 07, 2019 at 1:00 PM EST (2019-02-07 18:00:00 UTC)
  • Rebekah Brown, Jonathan Couch, Nicholas Hayden


  • Anomali
  • DomainTools
  • IntSights
  • RecordedFuture
  • ThreatQuotient

You can now attend the webcast using your mobile device!



Organizations must know what intelligence to apply, where to get that intelligence from, and how they can use cyber threat intelligence (CTI) effectively. In this second part of a two-part webcast, attendees will learn about how respondents are using CTI and what the future holds. Specifically, they'll explore the following:

  • CTI usage
  • Most useful types of CTI
  • CTI tools
  • Integration of CTI
  • Moving forward

Be sure to register for the first part of the results webcast being presented on Tuesday, February 5 at 1 PM Eastern to learn about the value of CTI, CTI requirements and the inhibitors to growing a CTI program and staffing it.

Webcast attendees will be among the first to receive the associated whitepaper written by Robert M. Lee and Rebekah Brown.

Speaker Bios

Rebekah Brown

Rebekah Brown, SANS instructor and co-author of the SANS FOR578 Cyber Threat Intelligence, the SANS "Cyber Threat Intelligence Consumption" poster, and Intelligence-Driven Incident Response, excels at educating students and professionals about threat intelligence. Rebekah has helped develop threat intelligence programs at the highest levels of government, including providing a briefing at the White House on the future of cyber warfare and coordinated defensive and offensive cyber operations. Today, she focuses on understanding intelligence sources, conducting multiple levels of analysis, and explaining what intelligence means and how it can be used to a variety of audiences.

Jonathan Couch

As Senior VP of Strategy at ThreatQuotient, Jonathan Couch utilizes his 20-plus years of experience in information security, information warfare and intelligence collection to focus on the development of people, process and technology within client organizations to assist in the consumption, use and communication of cyber threat intelligence. Prior to ThreatQuotient, Jonathan was a co-founder and VP of Threat Intelligence Services for iSIGHT Partners. Jonathan's expertise is in leading advanced cyber warfare, cybersecurity, information operations and intelligence technologies research.

Nicholas Hayden

Nicholas Hayden is currently the senior director of threat intelligence for Anomali. For the past 20-plus years, Nicholas has dedicated his learning and commitment in the field of information security/cybersecurity. A co-founder for ISC2 New Hampshire Chapter and a leader in the USAF's cyber defense capabilities, Nicholas has participated in several national exercises in a variety of roles: a lead planner, blue team member and blue team lead. Additionally, he continues to make an impact nationally as a member of OASIS STIX/TAXII committee, and participating with the drafting of NERC CIPv5.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.