Sign up to save your podcasts
Or
Share EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class "Inside the Mind of APT"
-
"Navigating Tradeoffs of Attribution" paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class "Inside the Mind of APT"
-
"Navigating Tradeoffs of Attribution" paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
More shows like Cloud Security Podcast by Google
View all
WSJ Your Money Briefing
1,713 Listeners
WSJ What’s News
4,420 Listeners
Security Now (Audio)
2,011 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,028 Listeners
NVIDIA AI Podcast
343 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
Practical AI
212 Listeners
Cloud Security Podcast
57 Listeners
Cybersecurity Headlines
139 Listeners
Huberman Lab
29,272 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
688 Listeners
HBR On Leadership
170 Listeners
AI Security Podcast
9 Listeners