Ending Soon! Get a new iPad, Samsung Galaxy Tab A or take $350 Off Your OnDemand or vLive course by May 10!


To attend this webcast, login to your SANS Account or create your Account.

Cyber Threat Intelligence in Action-Effectiveness of CTI Programs and Wish Lists for the Future: Results of the 2017 Cyber Threat Intelligence Survey Part 2

  • Thursday, March 16th, 2017 at 1:00 PM EST (17:00:00 UTC)
  • Dave Shackleford, Rebekah Brown, Travis Farral and Allan Thomson
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Anomali
  • Arbor Networks
  • DomainTools
  • Lookingglass Cyber Solutions, Inc.
  • Rapid7 Inc.
  • ThreatConnect

You can now attend the webcast using your mobile device!


Cyber threat intelligence (CTI) usage is maturing, but organizations still have a long way to go, based on our 2016 CTI survey results. This webcast will cover improvements in CTI usage and integration over the past year, as well as what CTI consumers would like to improve.

In this webcast, featuring Dave Shackleford, senior SANS instructor and GIAC technical director, attendees will learn:

  • Best practices and standards for integrating and utilizing CTI
  • Who's utilizing CTI data and for what purposes
  • Usefulness of reports and data output
  • Wish lists for future iterations of their CTI deployments

Click here to be among the first to receive the associated whitepaper written by Dave Shackleford.

This is the second part of a two-part webcast series releasing our 2017 CTI survey results. The first webcast, on Wednesday, March 15, 2017, at 1:00 p.m. Eastern, will focus on the how CTI is being implemented and the inhibitors that affect organizations' ability to establish and maintain programs. Click here to register for the Part 1 webcast.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Rebekah Brown

Rebekah Brown is the threat intelligence lead for Rapid7, supporting incident response, analytic response and global services. She is a former NSA network warfare analyst, U.S. Cyber Command training and exercise lead, and Marine Corps crypto-linguist who has helped develop threat intelligence programs at the federal, state and local levels, as well as in the private sector at a Fortune 500 company. She has an Associates in Chinese Mandarin, a BA in international relations and is wrapping up a MA in Homeland Security and a graduate certificate in intelligence analysis. Rebekah is a course author for SANS FOR578, Cyber Threat Intelligence.

Travis Farral

Travis Farral is the director of security strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response and industrial control systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.

Allan Thomson

Allan Thomson, Chief Technology Officer at LookingGlass, oversees the global CTO team that supports R&D and product engineering. Allanís three decades of experience across network, security and distributed systems technologies informs his technical and architecture vision across our portfolio of solutions. Before joining LookingGlass, he served as Principal Engineer at Cisco Systems, Inc. and worked with several start-up companies.†Allan is an active member of the Organization for the Advancement of Structured Information Standards (OASIS) Cyber Threat Intelligence Technical Committee and co-chairs the Interoperability Subcommittee. He has been actively engaged in the community effort to define STIX 2.0 and TAXII 2.0 (Trusted Automated Exchange of Indicator Information).

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.