View this email in your browser

Defense in Depth

Getting Ahead Of Your Threat Intelligence Program

A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? There are so many phases to execute properly. Blow it with any one and your threat intelligence effort is moot.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. We welcome our guest, Jon Oltsik of ESG Global.

Understanding the problems with a threat intelligence program

These can come in two fronts, on the planning end, but also in creating a virtuous feedback loop to keep improving it. "Planning and direction is the most troublesome as there is often a reluctance to fully understand, describe, document, and recognize the potential impact of the real threats to an organization,” said Lisa Young of Netflix. Lisa Ackerman of GSK made the point that all the reports in the world don’t do much good without input. “It is so hard to get feedback on the reports and briefings we present. How can we improve the service if we don't get feedback?”

Threat intelligence walks a tightrope

The end goal for any threat intelligence program is to produce something actionable. While there’s usually no lack of intel coming in, making sense of it remains a struggle. "No strategic Intel and the tactical Intel is too broad. If you have no tactical intel, the strategic Intel is vague and meant for leadership," said Scott Ponte of Amazon. There are advantages of sharing with others, noted Bill Harmer of Craft Ventures, "Cloud vendors that see across a wide swath of customers to be valuable as they can help me prevent issues without sharing the details of who was previously attacked."

Scale and resources are bottlenecks to any program

Threat intelligence programs are particularly difficult for SMBs, said Mathew Biby of Satcom Direct, “Budgets and resources are very limited and you simply do not have the necessary time to work through each of the phases in a linear fashion." Yishay Yovel of Cato Networks questioned if any but the very largest organizations should even entertain such a program, "What is the point of giving end user organizations raw data and expecting them to continuously consume, deploy, optimize, integrate, and use it?"

Threat intelligence needs to do a better job translating to business risk

It’s easy to forget that any threat intelligence program must fit into overall cybersecurity and business conversations about risk management. Part of this comes down to their siloed purview. But this can miss a much bigger opportunity. "Most threat intelligence teams look at security operations as their primary customer. We need to start doing more with the rest of IT," said Ryan Franklin of Amazon. 

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Comcast

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Dan Walsh, CISO, VillageMD.

Thanks to this week's headlines sponsor, Comcast

Cyber chatter from around the web...

Jump in on these conversations 

"Why is “cyber” popular over “infosec”? What’s the difference?" (

More here

)

"Endpoint Protection - Screw Gartner, let’s get honest and talk Good, Bad, and Ugly on products and vendors - Who’s the worst, and who’s your favorite?" (

More here

)

"Why do I keep hearing that CS is such a fast growing, high demand field yet I see so many here talking about how competitive it is?" (

More here

)

Meet Up!

In person CISO Series meetup for Virginia and DC listeners [9-8-23]

Hey all, CISO Series founder David Spark is going to be in the DC/Virginia area next week and is eager to meet you! By popular request, we're moving the meetup from DC to Arlington, Virginia. We had a great time when we came out in January, 2023, and we're looking forward to meeting you and more of you again. 

WHEN: Friday, September 8, 2023 from 5-7pm ET

WHERE: Bronson Bierhall 4100 Fairfax Dr,, Arlington, VA

Click the link to go to the event registration page on LinkedIn

.

Please share with all your friends in the area.

Live!

CISO Series Podcast LIVE in Silicon Valley - 10-17-2023

On October 17th, 2023 we're coming back yet again to do another live show at the ISSA-SV/SF monthly chapter meeting. Myself, David Spark, host of CISO Series will be joined by my co-host Mike Johnson, CISO, Rivian and a special guest (that means we're still in booking mode) to do a recording of CISO Series Podcast in front of a live audience. We did it last year in this beautiful theater at Microsoft's campus in Mountain View, CA. And we're coming back to do it again. It's happening from 5:00 - 9:00 PM PT.

Please come join us. Head here to register for the event. No charge to attend and after the show there will be schmoozing with food and drink. We look forward to seeing you there.Thanks to our sponsors Sysdig and Veza

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.