Learn real-world skills from real-world cyber security practitioners. View upcoming Live Online Events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Hello Friend: Creating a Threat Intelligence Capability

  • Tuesday, January 10, 2017 at 12:00 PM EST (2017-01-10 17:00:00 UTC)
  • Scott Roberts, Rebekah Brown

You can now attend the webcast using your mobile device!



Friday afternoon and the new boss walks in: I want you to use threat intelligence to track down this group of hackers. What do you do? Do you buy a threat feed? Dive into the dark net? Troll LinkedIn for ex intelligence agency types? Update your resume?

Since the boss can't define success, it's your problem. Developing a threat intelligence capability starts with identifying specific problems faced, defining the value of the data that you have, and determining how to add perspective.

We will walk through the process of building a high value threat intelligence capability, the tools, people, processes, services, and outputs you'll need whether you're a one person security team or a multinational Evil Corp.

Attendees will leave with a strategy for right sizing threat intelligence capabilities, building a core foundation to support response, enabling executive decision making, and empowering proactive hunters.

Explore more on this topic at the Cyber Threat Intelligence Summit & Training in Arlington, VA, January 25 February 1, 2017. The two-day Summit is your perfect opportunity to acquire the skills and knowledge necessary for effectively implementing cyber threat intelligence in your organization. Click here for more information on the Cyber Threat Intelligence Summit & Training.

Speaker Bios

Scott Roberts

Scott J Roberts is an Incident Responder, Manager, and developer at GitHub, the world's code collaborative development platform. Scott has worked major investigations involving criminal fraud & abuse and nation state espionage while with Symantec, Mandiant, and others. He is a sought out speaker having presented on threat intelligence and incident response for SANS, Silicon Valley, & various BSides. He is an author of O'Reilly's upcoming Intelligence Driven Incident Response. Scott is also a member of the SANS CTI Summit and NYU Poly CSAW advisory boards.

Rebekah Brown

Rebekah Brown has spent more than a decade working in the intelligence community; her previous roles include NSA network warfare analyst, operations chief of a United States Marine Corps cyber unit, and a U.S. Cyber Command training and exercise lead. Rebekah has helped develop threat intelligence and security awareness programs at the federal, state and local level, as well as in the private sector. Today, Rebekah leads the Rapid7 threat intelligence programs, where her responsibilities include program architecture, analysis and operations. She is a course author and instructor for SANS FOR578 - Cyber Threat Intelligence, and author of Intelligence Driven Incident Response.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.