Get the Skills you need from Home with SANS OnDemand


To attend this webcast, login to your SANS Account or create your Account.

So you Wanna Start a TI Program

  • Monday, August 26th, 2019 at 1:00 PM EDT (17:00:00 UTC)
  • Christian Nicholson
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


The talk plans to answer the question of what is a Threat Intelligence program, the level of program suitable for different organization types, what the base investment expectations for such a program are, and what the expected outcomes are in both the functional context and financial ROI context. Attendees should leave this webcast with a base understanding of how to begin a threat intelligence program, the options and tools available in the marketplace to them, and how to apply the data to Incident Response and Threat Hunting programs. The talk will cover a number of popular vendor tools with some comparisons as well as pros and cons, and also employ the data in an EDR (Endpoint Detection and Response) workflow to help highlight workflow automation and optimization enrichment opportunities such a program might grant.

Speaker Bio

Christian Nicholson

Since starting in security Iíve played in all the areas, working more assessments of every type I could anywhere I could find them. I broke into the market as a for hire freelancer, and went on to lead security teams at KPMG, one of the big four, as well as being a site lead for Foundstone responsible for designing and implementing security programs for the Fortune 5. My reason for joining in the Indelible venture is to better security for my clients and spread best practices in a way that really solves the root problem, as opposed to just tackling the symptoms. Security is truly a passion of mine, which is why I also teach on behalf of the SANS Institute!! I teach SANS SEC504 and SEC560, I've been a security practitioner for about 13 years now, during which I've worked and Small business all the way up to Fortune 5s, I started as a pentester and seeing the blue team got jealous and started working on Incident Response and SOC development in addition to my original red team roots.

Learn more about Christian Nicholson.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.