Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The State of Cyber Threat Intelligence: Part 2: The Value of CTI

  • Wednesday, August 17, 2016 at 1:00 PM EDT (2016-08-17 17:00:00 UTC)
  • Rebekah Brown, Dave Shackleford, Mark Doering, Aaron Shelmire


  • AlienVault
  • Anomali
  • Arbor Networks
  • HP Enterprise Security
  • NETSCOUT Systems, Inc.
  • Rapid7 Inc.

You can now attend the webcast using your mobile device!



How are people implementing their CTI programs, and how and where are those programs providing value? This webcast is the second of a two-part series that presents the results of the second SANS Cyber Threat Intelligence Survey. The goal is to learn from respondents' experiences with CTI, particularly the benefits and improvements they have achieved through their implementations so far.

Part 1, held on Tuesday, August 16, looks at how cyber threat intelligence is consumed and processed today, along with challenges.

Today's webcast focuses on how CTI programs are enabling organizations to improve their security programs and posture, as well as looking at respondents' future plans. Attendees will learn:

  • What tool sets are most important for those working in CTI
  • Whether organizations are experiencing faster response time and earlier detection that they can attribute to CTI programs
  • What improvements respondents have noted in their programs since our 2015 survey
  • Where they need their CTI programs to go in the future

You can read the associated whitepaper written by SANS Analyst and security expert Dave Shackleford.

View the associated whitepaper here.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Rebekah Brown

Rebekah Brown has spent more than a decade working in the intelligence community; her previous roles include NSA network warfare analyst, operations chief of a United States Marine Corps cyber unit, and a U.S. Cyber Command training and exercise lead. Rebekah has helped develop threat intelligence and security awareness programs at the federal, state and local level, as well as in the private sector. Today, Rebekah leads the Rapid7 threat intelligence programs, where her responsibilities include program architecture, analysis and operations. She is a course author and instructor for SANS FOR578 - Cyber Threat Intelligence, and author of Intelligence Driven Incident Response.

Mark Doering

Mark Doering is a technical marketing engineer for NETSCOUT with more than 30 years of experience as a consultant for security and wireless architectures. He has led technical engineering teams, integration technologies and security product research and development. Before NETSCOUT, Mark worked in the Security Technology Group, the Borderless Network Security and Wireless Security product line, and the consulting services practices at Cisco for more than 17 years. During his tenure with Cisco, he helped define best practices, such as the Cisco SAFE Security Blueprint. Mark holds the GCIH and CISSP certifications.

Aaron Shelmire

Aaron Shelmire, principal threat researcher at Anomali, began work in the security field after machines he was responsible for were compromised in the 2004 Stakkato intrusions. At this point he went to graduate school at Carnegie Mellon University's Heinz College for Information Assurance, where he currently holds an adjunct position teaching network security analysis. He has been a security researcher at the Software Engineering Institutes CERT/CC initiative and Dell SecureWorks, with a focus on responding to and analyzing threat intelligence.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.