Building a Threat Intelligence Community and Culture

On-Demand Event

Earn up to 6.5 CPE credits by attending this virtual event.

The enemy is performing reconnaissance on you, so it’s only fair that you turn the tables and collect insightful details on their go-to TTPs and their telltale IOCs. But to leverage this key information to the fullest, you’ll need to develop and nurture a threat intelligence culture within your organization – and you must be willing to openly share and communicate with the larger threat intel community that exists beyond your walls. This eSummit on December 6-7 will demonstrate how to do just that by covering such topics as: 

  • Results from CyberRisk Alliance’s exclusive Threat Intelligence research
  • How to nurture trust within your intel-sharing community
  • Assessing a threat report’s relevance and severity from your company’s POV
  • Leveraging dark web investigations and open-source intelligence to learn how you’re being targeted
  • The pros and cons of managed threat intel as-a-service
  • The challenges of collecting and interpreting threat intel research data

Tuesday, December 6th

OPENING KEYNOTE | 11:00 AM | Building trust within your own intelligence-sharing community

Ken Fishkin: Information Security Manager, Lowenstein Sandler LLP

Are you thinking of joining an ISAO, or perhaps even assembling your own informal threat-sharing alliance composed of likeminded organizations in the same industry or geographic region? If so, you might be wondering how you establish an open, bidirectional information flow between members, and how you ultimately secure yourself within the inner circle of trust. Also, is there some information that perhaps is too sensitive to share with everyone? This session, led by a member of the Legal Services Information Sharing and Analysis Organization’s (LS-ISAO) Executive and Threat Intelligence Committees, will address these and other issues, including recommendations for facilitating peer-to-peer discussions and keeping members proactive and vigilant.

11:30 AM
CISO panel: Getting the most from your MDR partner
Nikhil Kalani: VP and CISO, Reynolds & Reynolds
Bob Pellerin: Director, Information Security, The Fresh Market
Ross McKerchar: CISO, Sophos

Get practical advice on how to maximize both the impact and ROI of your MDR service in this exclusive webinar featuring three leading CISOs:

  • Nikhil Kalani, VP and CISO, Reynolds & Reynolds
  • Bob Pellerin, Director, Information Security, The Fresh Market
  • Ross McKerchar, CISO, Sophos

As cyberattacks increase in volume and complexity, organizations are increasingly turning to MDR services to provide the 24/7 threat and security tool expertise needed to stop advanced, human-led attacks.

Hear from your peers how they work with MDR services and get their tips for success, including metrics to target and engagement processes.

Over this half-hour session they’ll share lessons learned and stories of how to effectively integrate managed detection and response into your proactive security strategy.

12:00 PM
Countering cyber deception to mitigate risk
Dr. Francis Gaffney: Snr Director Threat Intelligence and Future Engineering, Mimecast

Emails are not limited to the virtual. For attack campaigns via collaborative platforms and email to be successful there usually needs to be the interaction between human and machine. This relies on an element of deception by the threat actor to lure the target to interact with the malicious entity contained within the communication, as a link, or as an attachment that takes them from the apparent safety of their internal environment to the external. This will often need to be launched through a user following an instruction in the communication, physically ‘clicking’ on the link, or opening an attachment. Research has identified that humans are the single biggest exploitable vulnerability within any network.

12:30 PM
RBVM on a budget?
Chris Goettl: Vice President of Product Management, Security Products, Ivanti

Organizations must evolve to a risk-based approach to vulnerability management to better protect against ransomware and other cyber threats. But what does that entail? And can it be done without breaking the bank? Join Chris Goettl, VP of Product Management for Security Products at Ivanti, as he analyzes a manual vs. solution-based approach to RBVM and helps you determine which best fits your situation – and budget.

1:00 PM

1:15 PM
CRA BI study takeaways: Threat intelligence

In November 2022, 183 security practitioners participated in a CRA BI study on the benefits and challenges of threat intelligence. Join Bill Brenner, CRA VP of content strategy, and Dana Jackson, CRA VP of research, for a look at where security teams continue to struggle, where threat intelligence has proven most helpful, and where on that front respondents plan to make investments in the coming year.

2:00 PM
Building a tailored threat intelligence program: Empower your security teams with threat intelligence
Karsten Chearis: Manager, US and LATAM Threat Intelligence Solutions Engineering, Rapid7

No organization is immune to cyber-attacks. We all watch it top the news headlines daily, and to make matters worse, threat actors have even more weapons and capabilities than ever before. Luckily as the bad actors get more creative, we’ve been busy innovating to help organizations unite risk and threat detection.

Join Rapid7 for a presentation on the latest info on threat intelligence. During this session we’ll walk you through a real life example; from phishing detection to triage and stakeholder communications through to the attack takedown.

We’ll discuss what threat intelligence tools you can adopt along with 4 easy steps to repel attacks and ensure more secure outcomes for your business.

2:30 PM
Deploy with confidence and have peace of mind against security threats
Cole Humphreys: Global Server Security Product Management, Hewlett Packard Enterprise
Allen Whipple: HPE NA Compute Server Management & Server Security SME 3), Hewlett Packard Enterprise
Brent Hollingsworth: Director, AMD EPYC Software Ecosystem

Today’s hybrid world demands compute engineered to deliver optimal performance, strong security features, and efficiency where and when it’s needed—from edge to cloud. From silicon to software, from factory to cloud, and from generation to generation, HPE ProLiant Gen11 servers with 4th Gen AMD EPYC™ processors is engineered with a fundamental security approach to defend against increasingly complex threats through an uncompromising focus to deliver constant security advancements that’s built into our DNA.

Protect your infrastructure, workloads, and data from threats to hardware, and risks from third-party software, with a trusted edge-to-cloud security posture built on an HPE compute core hardened through a proven, zero-trust approach to security.
• Industry-leading security innovation
• Extending protection to partner ecosystem
• Expanding trusted supply chain security
• Manage your entire environment with one secure, simplified, seamless-as-a-service compute lifecycle management experience

CLOSING KEYNOTE | 3:00 PM | Verizon’s DBIR: The challenges of collecting and interpreting threat intel research data

Chris Novak: Managing Director, Cyber Security Consulting, Verizon Business

The Verizon Data Breach Investigations Report is among the most highly regarded sources of research, analysis and intelligence around recent cybercriminal activity. But what are the challenges when conducting a major, sweeping cyber threat intel research project? How do you make sure your data is reliable and credible? What are the best methodologies for assessing industry perceptions on the latest cyber trends? And once you have the cyber threat data, how do you interpret and analyze it? Moreover, if you’re a reader, how do ascertain which findings are most relevant to you? In this session, Chris Novak, Verizon Business’s managing director of cybersecurity consulting, will address these questions, while also sharing important late developments and updates on findings from the 2022 DBIR publication.

Wednesday, December 7th

OPENING KEYNOTE | 11:00 AM | Outsourcing threat intel: Game-planning with your service provider

JJ Thompson: Strategic Advisor, DarkWeb IQ, Inc.

To make the most out of your company’s cyber threat intelligence feeds, it helps to have an insider’s perspective on which threats leave you the most vulnerable. And yet, some organizations don’t have the luxury of employing an internal team of their own threat analysts capable of aggregating intel feeds and then recommending the appropriate response. For many companies, those tasks are left to an external, managed threat intel service provider. So how do you optimize that relationship and make sure your provider is meeting your needs? This session will look at the benefits and drawbacks of threat intel-as-a-service, while offering tips on how to ensure that providers are prioritizing their clients’ most relevant needs and how to make externally sourced intel reports and recommendations actionable.

11:30 AM
Threat intelligence sharing: Together everyone achieves more
Scott Dowsett: Global Field CTO, Anomali

What lurks in the shadows? Can you find it? If so, can you share it?

Threat Intelligence is key to understanding your cybersecurity situation. But knowing your situation is not enough. One of the less common ways to benefit from threat intelligence is to share this information with other groups, which helps to reduce response time to events and enact preventative measures. Sharing takes one organization’s knowledge and spreads it across the entire industry to improve all security practices. We can defeat our adversaries by working as a team, not as individual organizations.

In this session, Scott Dowsett, Field CTO for Anomali, will discuss the discovery of threat intelligence sharing and how organizations benefit from the community’s collective knowledge and experience.

Key topics covered include:

• Threat intelligence cycle
• The obstacles to information sharing
• Standards for the exchange of information
• Best practices for information sharing
• Creating your own ISAC

Threat intelligence sharing is a critical tool for the cybersecurity community; join the session to learn how to start sharing today.

12:00 PM
Things To Do When Your Organization Becomes the Victim of a Phishing Attack
James McQuiggan: Security Awareness Advocate, KnowBe4

Organizations like yours are repeatedly attacked with phishing campaigns – no one is safe from them. But what needs to happen when one of your end users clicks a link or opens an attachment in a social engineering phishing email? You need to know how to quickly and effectively react to the attack and measure the overall risk.

In this on-demand webinar James McQuiggan, KnowBe4’s Technical Evangelist, shows you how your organization can quickly and effectively react to a phishing attack, mitigate the impact, and reduce your organizational risk in the future.

You’ll learn the some of the things to do when your organization becomes the victim of a phishing attack, like:
• Incident Response criteria for single or mass phishing infections
• Keys measures for your recovery process
• Tools that can help with your recovery process
• How threat intelligence can help you prevent future attacks
• The importance of training your users to report phishing red flags and avoid future incidents
Learn how to prepare and respond so that your organization doesn’t become another statistic!

THOUGHT LEADERSHIP PANEL | 12:30 PM | Assessing a threat report’s validity, relevance and severity from your company’s POV
Bruce Beam: CISO, Galway Holdings
Derrick Butts: Digital Continuity and Cyber-Business Transformation Advisor, Continuums Corp
Gordon Rudd: Stone Creek Coaching

Your latest batch of cyber threat intelligence reports come pouring in. Now comes the hard part: whittling them down to the most relevant developments, evaluating their credibility, and assessing how severe the risk level is for your organization. Which threats you prioritize is going to determine where your infosec team’s limited time and resources are allocated – so there’s a lot of thought that needs to go into this risk analysis process. This panel session will examine just what those important considerations are.

1:15 PM

1:30 PM
Trusted Access with Jamf
Michael Devins: Director, Product Marketing, Security, Jamf

Employees are choosing Apple devices and hybrid work is here to stay. Jamf helps organizations achieve Trusted Access; an experience that users love and a workplace that organizations trust.

2:00 PM
Cyber Threat Intelligence: Easier Said Than Done
Greg Ake: Researcher Tech Lead – R&D Detection Engineering and Threat Hunting, Huntress Labs

Hear from Greg Ake, the Researcher Tech Lead of ThreatOps R&D at Huntress, as he talks through some lessons learned on how scaling threat intelligence from internal and external sources may not always work in your favor and what to look out for when triaging and assessing data quality, efficacy, and its intended use.

CLOSING KEYNOTE | 2:30 PM | Combining OSINT with dark web investigations for a more complete intel picture

Aaron Roberts: Cyber Threat Intelligence Lead, Arqit

Some cybercriminal threat intelligence lies in the murkiest corners of the dark web, while other key tidbits lie exposed right out in the open. For a complete picture of the current threats targeting your organizations, it’s important to patrol both sides of the spectrum, and everything in between. This session will look at how to combine and analyze the dark-web and OSINT clues that your threat intelligence investigations uncover in order to help mitigate cyberattacks or even prevent them in the first place.

 *Please check back for updates to this agenda*


AnomaliHEWLETT PACKARDHuntress LabsIvantiJAMFKnowBe4MimecastRapid 7Sophos