The State of Cyber Threat Intelligence: Part 2: The Value of CTI
- Wednesday, August 17th, 2016 at 1:00 PM EDT (17:00:00 UTC)
- Dave Shackleford, Rebekah Brown, Mark Doering and Aaron Shelmire
You can now attend the webcast using your mobile device!
How are people implementing their CTI programs, and how and where are those programs providing value? This webcast is the second of a two-part series that presents the results of the second SANS Cyber Threat Intelligence Survey. The goal is to learn from respondents' experiences with CTI, particularly the benefits and improvements they have achieved through their implementations so far.
Part 1, held on Tuesday, August 16, looks at how cyber threat intelligence is consumed and processed today, along with challenges.
Today's webcast focuses on how CTI programs are enabling organizations to improve their security programs and posture, as well as looking at respondents' future plans. Attendees will learn:
- What tool sets are most important for those working in CTI
- Whether organizations are experiencing faster response time and earlier detection that they can attribute to CTI programs
- What improvements respondents have noted in their programs since our 2015 survey
- Where they need their CTI programs to go in the future
You can read the associated whitepaper written by SANS Analyst and security expert Dave Shackleford.
View the associated whitepaper here.
Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.
Rebekah Brown is the threat intelligence lead for Rapid7, supporting incident response, analytic response and global services. She is a former NSA network warfare analyst, U.S. Cyber Command training and exercise lead, and Marine Corps crypto-linguist who has helped develop threat intelligence programs at the federal, state and local levels, as well as in the private sector at a Fortune 500 company. She has an Associates in Chinese Mandarin, a BA in international relations and is wrapping up a MA in Homeland Security and a graduate certificate in intelligence analysis. Rebekah is a course author for SANS FOR578, Cyber Threat Intelligence.
Mark Doering is a technical marketing engineer for NETSCOUT with more than 30 years of experience as a consultant for security and wireless architectures. He has led technical engineering teams, integration technologies and security product research and development. Before NETSCOUT, Mark worked in the Security Technology Group, the Borderless Network Security and Wireless Security product line, and the consulting services practices at Cisco for more than 17 years. During his tenure with Cisco, he helped define best practices, such as the Cisco SAFE Security Blueprint. Mark holds the GCIH and CISSP certifications.
Aaron Shelmire, principal threat researcher at Anomali, began work in the security field after machines he was responsible for were compromised in the 2004 Stakkato intrusions. At this point he went to graduate school at Carnegie Mellon University's Heinz College for Information Assurance, where he currently holds an adjunct position teaching network security analysis. He has been a security researcher at the Software Engineering Institutes CERT/CC initiative and Dell SecureWorks, with a focus on responding to and analyzing threat intelligence.