Monday, July 23 8 CPEs
For practitioners, by practitioners.
Keeping up with cyber threats is a continual and time-intensive process. MISTI's Threat Intelligence Summit, co-located with our IT Audit & Controls Conference, teaches attendees how to collect and use cyber threat intelligence to gain a better grasp on their threat landscape and respond to emerging threats more quickly and effectively. Stay tuned for more agenda details to come!
9:00 AM – 10:00 AM
Getting Your Organization to be More Intelligent About Threat Intelligence
Dave Ockwell-Jenner, Senior Manager & CISO, STORM & SITA
Some organizations have a hard time understanding the role of threat intelligence within their existing security and risk management programs. This can manifest itself in the organization appearing to lack support for threat intelligence initiatives and even (consciously or otherwise) sabotage a successful program. Threat Intelligence is a long-term program, not a cool security thing-du-jour.
In this session, SITA’s Dave Ockwell-Jenner will review some sneaky tricks for making sure your organization makes more intelligent decisions about its threat intelligence program.
10:10 AM – 11:00 AM
Looking for Intel in all the Right Places
DJ Goldsworthy, Director Security Operations and Threat Management, AFLAC
Whether you already have a mature threat intelligence program or are looking for a place to start, join this session to discover sources of intelligence that may be at your fingertips, and the methods to incorporate them into an automated threat intelligence system.
You will learn where to find excellent external sources of threat intelligence data, how to glean intelligence from your own cloud and on-premises solutions, and how to turn threat intelligence into successful preventative and detective controls.
11:10 AM – 12:00 PM
Starting a Threat Hunting Program – My Experiences Breaking into Threat Hunting
Jessa Gramenz, Director of Communications, National Cybersecurity Student Association
Knowing where to start with threat hunting can be tedious with all the information available. I sorted through the resources to find the tactics and frameworks most helpful for developing a threat hunting program. This talk will address the diamond model, cyber kill chain, cyber threat hunting loop, the hunting maturity model, the cyber threat hunt methodology including attack tree analysis, and putting it all together with threat intelligence to stay ahead of the attackers that are targeting your environment.
1:10 PM – 2:00 PM
From Bayonet to Light Saber: The Evolution of Threat Indicators
Barry Hensley, Senior Vice President, Chief Threat Intelligence Officer, SecureWorks
Since the Cold War, the global threat landscape has changed from one with a handful of conventional conflicts between nations, to a myriad of low intensity conflicts between states and non-state actors. The military forces of world powers found conventional units were inappropriate to address this threat and unconventional Special Forces units emerged to fill the capability gap.
The same transformation has occurred in the cyber threat landscape over the past two decades, however, many organizations are still relying on traditional defenses and responses, two decades out of date. Cyber adversaries are becoming increasingly sophisticated and creative in their tactics, techniques and procedures (TTPs), so security personnel need to understand what to look for and have the capability to hunt them across the organization. COL (USA, Ret) Barry Hensley will explain how to evolve your security team’s defensive capabilities from a simple reliance on known threat indicators, to leveraging the latest tools and methods to root out sophisticated threats. When in close combat with the adversary, real intelligence will allow your team to essentially ditch their bayonets and defend as Jedi.
2:10 PM – 3:00 PM
Ad Hoc Threat Intelligence
John Smith, Federal and Security Systems Engineer, ExtraHop
Threat intelligence can add an increased level of agility and situational awareness to any practitioner. While the industry itself is developing, strategies for deriving and threading threat intel into our surveillance strategies remain challenging. It is imperative that organizations take steps to make their threat intelligence investment more tactile by threading it into their existing transactions and communications.
There are several non-traditional ways to derive internal intelligence and mash it up with existing investments in ISACs and threat intelligence vendors. In this discussion we will cover the role of Dev/SecOps, skills needed, and how API-driven and open technologies are necessary to achieve "Advanced Persistent Surveillance" of critical systems.
3:10 PM – 4:00 PM
The WHO behind the WHAT
Jennifer Calardo, Red Team, United States Air Force Nuclear Weapons Center
As cybersecurity professionals we become so consumed with mitigating threats that we rarely stop to consider the threat beyond bit, bytes, and code. There is always someone creating the code with the intent to cause a compromise or infiltrate a network. When we discover who is behind the compromise we potentially identify motivation and intent, hence leading to active defense and mitigation. If an organization can identify what an adversary believes is the “crown jewel” the organization can better tailor their defenses. Having a true threat intelligence professional on your cyber threat intelligence team is crucial when attempting to identify the “who” behind the “what.”
In this session, Jennifer Calardo discusses the need for the private and public sectors to work together in order to combat state or non-state threat cyber threat actors and groups, and the benefits of networking and partnering with peer and public organizations.
4:10 PM – 5:00 PM
Communicating Threat Intelligence to Executives and Board
Tim Callahan, Senior VP Global Security Chief Security Officer, Aflac
Threat Intelligence is emerging as one of the most critical measures to get ahead of the threat. Effective intelligence lets one know what is coming “over the hill” and permit taking appropriate counter measures. The emphasis on intelligence in the past has been found mostly in advance cyber programs in financial institutions. As it is proving its effectiveness and value, other industries and smaller companies are looking to launch a threat intelligence program as well. So, how do you introduce a TIP to your leaders? How do you explain the value? And, how do you give executives and members of the board ongoing information about the program in a way that it can be understand and best display the its effeteness? This presentation will provide a practical approach to answer these questions and examples of how to convey the message and its importance to the overall cyber program.