USMC Veteran – 2651 Secure Comms/Intel SysAdmin +14 Years in Information Technology/Security Specialties: Incident Response/Forensics Threat Intelligence.

Slides:



Advertisements
Similar presentations
Standardized Threat Indicators Tenable Formatted Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect.
Advertisements

Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.
Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Ch.5 It Security, Crime, Compliance, and Continuity
Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Computer Security: Principles and Practice
Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.
Antivirus Technology in State Government Kym Patterson State Chief Cyber Security Officer Department of Information Systems.
11 Canal Center Plaza, Alexandria, VA T F Enterprise Computing Conference (ECC) Workshop Alma R. Cole,
Dell Connected Security Solutions Simplify & unify.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Enterprise Visibility & Security Analytics Rocky DeStefano, VP of Strategy & Technology.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Network security Product Group 2 McAfee Network Security Platform.
Take back control: taming rogue device, user and application exposures Mark Blake, Capita Secure Managed Services Chris Gothard, Colt Technology Services.
Security Information and Event Management
Application Security in a cyber security program
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Incident Response… Be prepared for “not if” but “when” it happens.
Assuring Reliable and Secure IT Services Chapter 6.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
Big Data – Practical Steps Patricia Van Dyke Why do we care…  For the right reasons › Customers  For the forced reasons › Legislation.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.
Blue Coat Cloud Continuum
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Defining your requirements for a successful security (and compliance
Proactive Incident Response
Protect your Digital Enterprise
Your Partner for Superior Cybersecurity
Managing Compliance for All Departments
Hurricanes, Earthquakes, and Threat Intelligence
OIT Security Operations
Understanding DATA LOSS PREVENTION
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Capabilities Matrix Access and Authentication
Intelligence Driven Defense, The Next Generation SOC
Third Party Risk Governance in a Diverse Environment
CYBER THREAT INTELLIGENCE
NYBA 2017 Technology, Compliance &
Cyber Security coordination in Europe CERT-EU’s perspective
Prevent Costly Data Leaks from Microsoft Office 365
Cloud Computing Security: Mapping Concepts to Practical Techniques
Securing Your Digital Transformation
Organisation Model Assistant Director: IT & Digital
Detecting and Mitigating Threats: The Evolving Threat Landscape in the GCC
Let’s go Threat Hunting
Evolution Of Cybersecurity
Cyber Risk & Cyber Insurance - Overview
Enhanced alerting and collaborative incident management
AMI Security Roadmap April 13, 2007.
(With Hybrid Network Support)
Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.
Managing IT Risk in a digital Transformation AGE
Data Security and Privacy Techniques for Modern Databases
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
Security intelligence: solving the puzzle for actionable insight
UDTSecure TM.
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

USMC Veteran – 2651 Secure Comms/Intel SysAdmin +14 Years in Information Technology/Security Specialties: Incident Response/Forensics Threat Intelligence Offensive Security $dayjob = Senior Malware & Threat Intel Analyst $sidejob = AdroitSec LLC – Principal/Consultant

Or…

“Details of the motivations, intent, and capabilities of internal and external threat actors. Threat intelligence includes specifics on the tactics, techniques, and procedures of these adversaries. Threat intelligence's primary purpose is to inform business decisions regarding the risks and implications associated with threats.” - Forrester

. Etc.FeedsIOCs

Analysis Etc.FeedsIOCs

Prevention Detection

H/T: ThreatConnect

Threat Intel could be it’s own “Program”

Threat Intel Program OSINT Threat Research External Intelligence Services ISACs Firewall IPS/IDS Web Gateway Anti-Virus HIDs/HIPs DLP Network Endpoint SIEM Detection & Response Governance / Resistance

Realize that threat TI is 80% internal 20% external (relative to your business)

May not be a “technical” application

"A shiny threat intel capability without a mature IR capability is like putting a big ole fancy spoiler on a stock 4 cyl Dodge Neon.“

Visibility SIEM/Logs Network Hosts Threat Intel Analysis Verification Containment Remediation CSIRT Security reviews Identity mgmt Security design/reqs Vuln Mgmt Security Operations Policy Risk Management Security program design Compliance Reporting Audit Resist DetectIR Plan Ops IR

Threat Intelligence Consumption Asset Classification and Security Monitoring Incident Response Threat & Environment Manipulation Source: RecordedFuture.com – Robert Lee

Logs Network Endpoint Threat Intel Focal points: Logs Network Threat Intel Endpoint

Logs Network Endpoint Threat Intel Recon Weaponization DeliveryExploitationC2Exfiltration

Scope, Relevancy, Context, Breadth, Capabilities

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.