In the fifth episode, Will and Freddy delve into the world of Cyber Threat Intelligence (CTI) and sharing communities, exploring Will’s journey of becoming a cybersecurity professional, the importance of training and being part of sharing communities, the challenges faced in threat reporting, and the impact of AI on the field.
They discuss the evolution of CTI, the necessity for critical thinking, and the ethical considerations surrounding the use of AI in intelligence work.
The conversation emphasises the need for collaboration and knowledge sharing within the cybersecurity community to enhance overall effectiveness against cyber threats.
Takeaways
- The importance of foundational knowledge in cybersecurity.
- Real-world experience is crucial for developing analytical skills.
- Intelligence methodology training can significantly enhance an analyst’s capabilities.
- Community support is vital for sharing knowledge and resources.
- AI can assist in summarising and analysing data but has limitations.
- Ethical considerations are paramount when using AI in intelligence.
- Critical thinking is essential in evaluating threat reports.
- Transparency in threat reporting builds trust with stakeholders.
- Continuous learning and adaptation are necessary in cybersecurity.
- Collaboration within the community can lead to better threat mitigation.
Resources & References Mentioned
- Rob M. Lee – https://www.dragos.com/team/robert-m-lee/
- SANS FOR578: https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/
- SANS FOR589: https://www.sans.org/cyber-security-courses/cybercrime-investigations/
- Chainalysis Blockchain Intelligence: https://www.chainalysis.com/blockchain-intelligence/
- SANS blog post on Admiralty Scale https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/
- Oracle incident – https://www.csoonline.com/article/3953644/oracle-quietly-admits-data-breach-days-after-lawsuit-accused-it-of-cover-up.html
- Flavio Queiroz’s LinkedIn post – https://www.linkedin.com/posts/flavioqueiroz_threathunting-threatdetection-threatanalysis-activity-7310254153732141056-b-Ba/
- Council of Experts: https://blog.bushidotoken.net/2024/04/strengthening-proactive-cti-through.html
- Will’s Projects: https://github.com/BushidoUK#-my-projects
- Ransomware Tool Matrix: https://github.com/BushidoUK/Ransomware-Tool-Matrix
- Curated Intelligence: https://www.curatedintel.org/
- MITRE ATT&CK: https://attack.mitre.org/
- Diamond Model of Intrusion Analysis: https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf?adlt=strict
- Mapping TTPs: https://github.com/BushidoUK/MITRE-Mappings
- Curated Intel website – https://www.curatedintel.org/
- Microsoft Security Copilot: https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot
This interview was recorded on May 2nd, 2025 in Bournemouth, England.