Future of Threat Intelligence

Veeva Systems’ Justin Jettòn on Balancing Human Analysis and Automation in Threat Intel

Listen Later

In our latest episode of the Future of Threat Intelligence podcast, David welcomes Justin Jettòn, Senior Threat Intelligence Engineer at Veeva Systems who brings his military intelligence background to discuss the evolving landscape of cybersecurity. Drawing from his experience transitioning from forensics to threat intelligence, Justin explores how AI is transforming both offensive and defensive capabilities in cybersecurity. 

They discuss the potential of AI in early threat detection, the critical need for breaking down organizational silos to improve collective defense, and finding the right balance between automation and human analysis. Justin also emphasizes that while technology advances, the human element remains crucial for effective threat intelligence analysis.

Topics discussed:

  • Artificial intelligence is reducing the timeline between threat identification and new attack development, lowering barriers for adversaries.
  • Using AI models for "indications and warning" could help identify threat patterns earlier, enabling proactive defense strategies.
  • Breaking down organizational silos and creating security collectives is crucial for effective threat intelligence in modern cybersecurity.
  • Despite technological advances, human analysts remain essential for contextual understanding and strategic threat assessment.
  • Adding multiple security tools can extend detection time; organizations need better strategies for tool integration and automation.
  • Clear distinction between engineering and analyst roles, with engineers handling technology while analysts focus on assessment and dissemination.
  • Future security teams need balanced automation with human oversight, following the military's OODA (Observe, Orient, Decide, Act) loop.

    • Key Takeaways: 

    • Implement human verification checkpoints within automated security processes to maintain the "trust but verify" approach in threat intelligence workflows.
    • Evaluate your organization's security tool stack to prevent tool fatigue — focus on understanding each tool's workflow before adding new ones.
    • Develop comprehensive understanding of automation processes, from data collection points to decision thresholds, before deploying new security automation.
    • Establish cross-organizational information sharing frameworks to enhance collective threat detection capabilities through shared AI models.
    • Differentiate clearly between threat intelligence engineering and analyst roles to optimize team structure and workflow efficiency.
    • Incorporate the OODA loop (Observe, Orient, Decide, Act) methodology into your threat intelligence processes, ensuring human oversight at critical points.
    • Broaden your threat intelligence perspective by studying geopolitical events and connecting them to potential cybersecurity implications.
    • Create sampling protocols to regularly verify that automated security systems are functioning as intended and catching relevant threats.
    • Build collaborative relationships with ISPs, tech companies, and security vendors to expand threat detection capabilities beyond organizational boundaries.
    • Document automation workflows thoroughly to ensure security teams understand where decision points occur and how data flows through the system.
      • ...more
      View all episodesView all episodes
      Download on the App Store
      Future of Threat IntelligenceBy Team Cymru
      • 4.5
      • 4.5
      • 4.5
      • 4.5
      • 4.5

      4.5

      11 ratings

      More shows like Future of Threat Intelligence

      View all
      Global News Podcast by BBC World Service

      Global News Podcast

      7,710 Listeners

      WSJ What’s News by The Wall Street Journal

      WSJ What’s News

      4,357 Listeners

      WSJ Tech News Briefing by The Wall Street Journal

      WSJ Tech News Briefing

      1,637 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      637 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,023 Listeners

      The Daily by The New York Times

      The Daily

      112,351 Listeners

      Click Here by Recorded Future News

      Click Here

      415 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,013 Listeners

      Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security

      Talkin' About [Infosec] News, Powered by Black Hills Information Security

      94 Listeners

      True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics by SPYSCAPE

      True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics

      1,963 Listeners

      Cyber Security Headlines by CISO Series

      Cyber Security Headlines

      137 Listeners

      Security Matters by CyberArk

      Security Matters

      22 Listeners

      Bloomberg Tech by Bloomberg

      Bloomberg Tech

      60 Listeners

      Microsoft Threat Intelligence Podcast by Microsoft

      Microsoft Threat Intelligence Podcast

      22 Listeners

      Better Offline by Cool Zone Media and iHeartPodcasts

      Better Offline

      548 Listeners