Sign up to save your podcasts
Or
Share EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class "Inside the Mind of APT"
-
"Navigating Tradeoffs of Attribution" paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class "Inside the Mind of APT"
-
"Navigating Tradeoffs of Attribution" paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
More shows like Cloud Security Podcast by Google
View all
Security Now (Audio)
2,009 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,020 Listeners
Smashing Security
319 Listeners
Click Here
416 Listeners
Darknet Diaries
8,061 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
189 Listeners
AWS Podcast
204 Listeners
Defense in Depth
74 Listeners
Cloud Security Podcast
57 Listeners
Cyber Security Headlines
139 Listeners
Risky Bulletin
44 Listeners