Sign up to save your podcasts
Or
Share Season 1 - Episode 3 (Pedro Kertzman & Pedro Barros)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Season 1 - Episode 3 (Pedro Kertzman & Pedro Barros)
Navigating the world of threat intelligence feeds requires a critical eye and regular evaluation. Security analyst and educator Pedro Barros takes us through his journey from SOC analyst to threat intelligence professional, explaining why CTI should function as a pillar supporting all cybersecurity operations.
Pedro highlights a persistent problem in threat intelligence practice: the proliferation of "combo lists" - recycled data from old breaches presented as new threats. "If you're going to give me some intelligence, do some more work on it," he challenges feed providers, stressing the need for context that makes alerts truly actionable. Without proper evaluation, these feeds create false alarms that waste precious security resources.
The conversation delves into practical evaluation strategies for threat intelligence sources. Rather than simply accumulating feeds, Pedro recommends quarterly assessments focused on accuracy, timeliness, and relevance. This process should incorporate feedback from SOC analysts, detection engineers, and vulnerability management teams to ensure intelligence serves its purpose across the organization.
For aspiring CTI professionals, Pedro emphasizes understanding adjacent security disciplines as foundational knowledge. He recommends "Visual Threat Intelligence" by Thomas Roccia as essential reading, describing it as so engaging he "started reading it one day and finished it the same day." He also highlights the need for more academic programs to include dedicated threat intelligence courses as the field continues to mature.
Visit Pedro's blog at pemblabs.net to follow his work, including his upcoming analysis of a sophisticated phishing campaign using targeted delivery methods and Telegram bots. Connect with our community on the Cyber Threat Intelligence Podcast LinkedIn group to continue the conversation about building intelligence capabilities that actually matter.
Send us a text
Support the show
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
View all episodes
By Pedro KertzmanNavigating the world of threat intelligence feeds requires a critical eye and regular evaluation. Security analyst and educator Pedro Barros takes us through his journey from SOC analyst to threat intelligence professional, explaining why CTI should function as a pillar supporting all cybersecurity operations.
Pedro highlights a persistent problem in threat intelligence practice: the proliferation of "combo lists" - recycled data from old breaches presented as new threats. "If you're going to give me some intelligence, do some more work on it," he challenges feed providers, stressing the need for context that makes alerts truly actionable. Without proper evaluation, these feeds create false alarms that waste precious security resources.
The conversation delves into practical evaluation strategies for threat intelligence sources. Rather than simply accumulating feeds, Pedro recommends quarterly assessments focused on accuracy, timeliness, and relevance. This process should incorporate feedback from SOC analysts, detection engineers, and vulnerability management teams to ensure intelligence serves its purpose across the organization.
For aspiring CTI professionals, Pedro emphasizes understanding adjacent security disciplines as foundational knowledge. He recommends "Visual Threat Intelligence" by Thomas Roccia as essential reading, describing it as so engaging he "started reading it one day and finished it the same day." He also highlights the need for more academic programs to include dedicated threat intelligence courses as the field continues to mature.
Visit Pedro's blog at pemblabs.net to follow his work, including his upcoming analysis of a sophisticated phishing campaign using targeted delivery methods and Telegram bots. Connect with our community on the Cyber Threat Intelligence Podcast LinkedIn group to continue the conversation about building intelligence capabilities that actually matter.
Send us a text
Support the show
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!