BruCON 0x0E has ended
Friday, September 30 • 14:30 - 15:30
Cyber Threat Intelligence Analysts and You: Understanding the Discipline to Optimize Cyber Defense Collaboration

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The cyber threat intelligence (CTI) analyst role is arguably the most recent entrant to emerge under the cyber security career tracks with the job role, responsibilities, and skill requirements wide ranging and not well understood by organization leadership or cyber security peers. During this talk, we use the newly developed, open sourced, Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework, which outlines the predicate knowledge, skills, and abilities requirements for analysts to aptly support organizational risk exposure reduction initiatives.

We unpack the significant overlaps that exist between those in a cyber threat analyst's role and the other cyber security disciplines defined by NIST SP 800-181 to provide the groundwork for threat hunters, incident responders, red teamers, and others to understand how to optimize collaboration and support received from cyber threat intelligence analysts. We highlight the overlaps by examining the Framework's identifies 4 underpinning pillars--Problem Solving, Professional Effectiveness, Technical Literacy, and Cyber Threat Proficiency--with a distinct focus on how acute knowledge of cyber adversary operations can empower hunters and red teams to properly perform adversary emulation when testing the security posture of an organization.

We conclude by discussing how organizations can use this framework as a guidepost to grow and shape their CTI programs; ensure proper knowledge, skills, and ability coverage commensurate to support organizational cyber security elements; and to inform future training and hiring decisions.

avatar for John Doyle

John Doyle

Mr. Doyle has over fifteen years of experience working in Cyber Threat Intelligence, Digital Forensics, Cyber Policy, and Security Awareness and Education. He has spent over a decade tracking multiple state-sponsored cyber actors (APTs) to support strategic, operational, and tactical... Read More →

Friday September 30, 2022 14:30 - 15:30 CEST
01. Gouden Carolus