Sign up to save your podcasts
Or
Share EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class "Inside the Mind of APT"
-
"Navigating Tradeoffs of Attribution" paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class "Inside the Mind of APT"
-
"Navigating Tradeoffs of Attribution" paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
More shows like Cloud Security Podcast by Google
View all
WSJ Your Money Briefing
1,723 Listeners
WSJ What’s News
4,423 Listeners
Security Now (Audio)
2,010 Listeners
Risky Business
373 Listeners
CyberWire Daily
1,026 Listeners
NVIDIA AI Podcast
347 Listeners
Darknet Diaries
8,079 Listeners
Cybersecurity Today
177 Listeners
Practical AI
211 Listeners
Cloud Security Podcast
58 Listeners
Cybersecurity Headlines
140 Listeners
Huberman Lab
29,297 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
683 Listeners
HBR On Leadership
169 Listeners
AI Security Podcast
9 Listeners