Workshop: How to Build a Threat Intel Program


Cypress May 9, 2017 2:20 pm - 3:50 pm

Bookmark and Share

Mark Arena
Ryan Duncil

Cyber threat intelligence (CTI) programs are often solely focused on indicators of compromise and malware detection. This workshop discussion uses a fictional eCommerce company as a case study to explors how to implement the intelligence cycle in your CTI program to better support your organization’s intelligence. We’ll cover:

  • Identifying the different types of intelligence consumers in your organization
  • Formulating production requirements
  • Writing prioritized intelligence requirements
  • Deducing collection requirements from your prioritized intelligence requirements
  • Mapping of collection requirements to collection capabilities
  • KPI generation for each part of the intelligence cycle

Participants are encouraged to bring a list of intelligence needs, requirements and priorities and be prepared to discuss tactics, challenges and processes for standing up and running a cyber threat intelligence program.