Sign up to save your podcasts
Or
Share EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class “Inside the Mind of APT”
-
“Navigating Tradeoffs of Attribution” paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
View all episodes
By Anton Chuvakin
4.8
3838 ratings
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class “Inside the Mind of APT”
-
“Navigating Tradeoffs of Attribution” paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
More shows like Cloud Security Podcast by Google
View all
Risky Business
363 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
633 Listeners
The Cloudcast
154 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
CyberWire Daily
1,005 Listeners
AWS Podcast
199 Listeners
Smashing Security
313 Listeners
Click Here
388 Listeners
Cybersecurity Today
141 Listeners
Kubernetes Podcast from Google
182 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
313 Listeners
Defense in Depth
72 Listeners
Cyber Security Headlines
120 Listeners
Risky Bulletin
33 Listeners