Got GIAC? Free GIAC Cert Attempt Included with OnDemand 5 or 6 Day Training thru July 7


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cyber Threat Intelligence Today: SANS CTI Survey Results, Part 1

  • Tuesday, February 06, 2018 at 1:00 PM EST (2018-02-06 18:00:00 UTC)
  • Itay Kozuch, Dave Shackleford, Travis Farral, Zach Hill


  • Anomali
  • DomainTools
  • IntSights
  • Rapid7 Inc.
  • ThreatConnect

You can now attend the webcast using your mobile device!



Cyber threat intelligence (CTI) has been growing in use and maturing in capability. But what is threat information without context provided by the operational, vulnerability and security data (located in management systems organizations already have in place)? To truly be mature, CTI must be able to integrate with all these systems (and more) for prevention, detection, response and workflow support.

How well are organizations integrating intelligence with their detection and response programs? Not well enough, but those that are do experience benefits of increased visibility, faster and more accurate detection and response, according to results of past SANS surveys on CTI. 

In this webcast, we release the results of our 2018 Cyber Threat Intelligence Survey that measures the maturity of CTI programs based on how useful threat intelligence information is to security and response operations.

In this webcast, survey author and SANS Senior Instructor Dave Shackleford will discuss:

  • The usefulness of intelligence
  • What departments within the organization are utilizing intelligence and how
  • What works, what doesn't work: Best practices for utilizing intelligence
  • Future uses for intelligence

Register for this webcast and be among the first to receive the associated whitepaper written by Dave Shackleford.

Be sure to register to attend Part 2 of this webcast on Wednesday, February 7 to learn more about how the growing use of CTI impacts cyber security skills and best practices.

View the associated whitepaper here.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Itay Kozuch

Itay Kozuch is Director of Threat Research at IntSights Cyber Intelligence. A cyber security expert with over a decade of experience, Itay brings a unique customer perspective to IntSights’ research division. Prior to IntSights, he served as manager and head of cyber technologies at KPMG. He previously led cyber projects for Panama’s Cable Onda and the United Bank of Africa. Itay has also held security advisory roles with Deloitte LLP, Trustnet Ltd. and SECOZ. He holds a B.A. in political science from the Open University, and his certifications include MCSE, CISO, ISO - Certified Lead Auditor (information security), CISSP and CCSK.

Travis Farral

Travis Farral is the director of security strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response and industrial control systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.

Zach Hill

Zach Hill is the Director of Sales at DomainTools and has over 15 years of business strategy and enterprise sales experience. At DomainTools, he helps clients achieve their goals for utilizing threat intelligence in their security operations. He believes in empowering analysts by giving them valuable context on threats and moving them to a more proactive security posture via threat hunting. With a laser focus on customer needs, Zach helps define the DomainTools suite of security products including Iris and PhishEye.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.