Save $200 on Cyber Security Training at SANS Miami 2018. Ends 12/27.


To attend this webcast, login to your SANS Account or create your Account.

Hello Friend: Creating a Threat Intelligence Capability

  • Tuesday, January 10th, 2017 at 12:00 PM EST (17:00:00 UTC)
  • Scott Roberts and Rebekah Brown
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Friday afternoon and the new boss walks in: I want you to use threat intelligence to track down this group of hackers. What do you do? Do you buy a threat feed? Dive into the dark net? Troll LinkedIn for ex intelligence agency types? Update your resume?

Since the boss can't define success, it's your problem. Developing a threat intelligence capability starts with identifying specific problems faced, defining the value of the data that you have, and determining how to add perspective.

We will walk through the process of building a high value threat intelligence capability, the tools, people, processes, services, and outputs you'll need whether you're a one person security team or a multinational Evil Corp.

Attendees will leave with a strategy for right sizing threat intelligence capabilities, building a core foundation to support response, enabling executive decision making, and empowering proactive hunters.

Explore more on this topic at the Cyber Threat Intelligence Summit & Training in Arlington, VA, January 25 February 1, 2017. The two-day Summit is your perfect opportunity to acquire the skills and knowledge necessary for effectively implementing cyber threat intelligence in your organization. Click here for more information on the Cyber Threat Intelligence Summit & Training.

Speaker Bios

Scott Roberts

Scott J Roberts is an Incident Responder, Manager, and developer at GitHub, the world's code collaborative development platform. Scott has worked major investigations involving criminal fraud & abuse and nation state espionage while with Symantec, Mandiant, and others. He is a sought out speaker having presented on threat intelligence and incident response for SANS, Silicon Valley, & various BSides. He is an author of O'Reilly's upcoming Intelligence Driven Incident Response. Scott is also a member of the SANS CTI Summit and NYU Poly CSAW advisory boards.

Rebekah Brown

Rebekah Brown is the threat intelligence lead for Rapid7, supporting incident response, analytic response and global services. She is a former NSA network warfare analyst, U.S. Cyber Command training and exercise lead, and Marine Corps crypto-linguist who has helped develop threat intelligence programs at the federal, state and local levels, as well as in the private sector at a Fortune 500 company. She has an Associates in Chinese Mandarin, a BA in international relations and is wrapping up a MA in Homeland Security and a graduate certificate in intelligence analysis. Rebekah is a course author for SANS FOR578, Cyber Threat Intelligence.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.