This presentation will explore the different types of technical and non-technical sources that are behind threat intelligence collections and analysis. From internal incident response data to criminal forums to open source blogs, different sources serve different purposes for threat intelligence. I will discuss the variety of sources that a threat intelligence team may use, the pros and cons of using each source type, and why some sources may be more valuable or more credible, depending on your goals as a security organization. I will also show examples of different source types and walk through how to think critically about the information in front of you. While this talk focuses on formal threat intelligence processes, the audience will also learn how to understand which sources are better for people in different roles in a security organization and can help those without threat intelligence experience begin their own collections to stay up-to-date with the cyber threats that are the most relevant to them.
About the Speaker
Jessica Lee is a threat hunter on a 24/7/365 global managed threat hunting team, where she has the opportunity to disrupt and defend against today’s most sophisticated adversary groups. She has over seven years of experience in the field and began her career as a cybersecurity consultant helping commercial clients transform their Security Operations Center. She has also helped to build threat intelligence capabilities from the ground up at two Fortune 250 companies in the Oil and Gas and Financial Services industries. Jessica holds the Global Certified Forensic Analyst (GCFA), Global Certified Intrusion Analyst (GCIA), Global Cyber Threat Intelligence (GCTI), and GIAC Security Essentials (GSEC) certifications from GIAC Certifications.