MISTI’s Threat Intelligence Summit in New Orleans in just two weeks away, and like the city itself, we’re ready to laissez le bon temps rouler! Threat intelligence is serious business—it helps organizations understand emerging threats and prepare defenses appropriately. In the best case situations, an organization with a tight grasp on its threat landscape—from threat actors to likely types and methods of attacks—can use intelligence to drive down organizational risk.
Just because this is important stuff, though, doesn’t mean we can’t have some fun learning about and practicing threat intelligence along the way. And that’s precisely what we intend to do during the event, December 6-7, with pre- and post-conference workshops on Identity and Access Management and OSINT, respectively!
Woke up on the right side of the bed
The two-day Summit kicks off on Tuesday morning with a keynote from Dr. Neil Jenkins, Chief of Policy and Planning at the Department of Homeland Security’s National Cybersecurity and Communication Integration Center (NCCIC), National Protection and Programs Directorate (NPPD). During his talk, “Developing the National Cyber Incident Response,” Dr. Jenkins will reveal highlights of the soon-to-be-published National Cyber Incident Response Plan (NCIRP), which was instigated by President Obama’s Presidential Policy Directive 41 released earlier this year (a draft version of the NCIRP is currently open for public comment). Since the initiative was passed, the DHS has been collaborating with private sector, federal departments and agencies, and state and local governments to develop guidelines that offer a “coordination architecture for the ‘whole of the nation’” so that entities know how to respond and whom to call in the event of a major cyber attack. The NCIRP outlines a shared responsibility model, and attendees of the Threat Intelligence Summit will hear best practice advice and about a standardized framework for improving our nation’s incident response.
Not to be outdone, Chris Blask, Director of Industrial Control Systems Security at Unisys, will deliver the day two keynote entitled, “The Internet of Intelligence: The Evolution of the Self-Aware Global Network.” Blask, always pushing the envelope with his insights, posits that “threat intelligence” is too narrow a term to define how organizations must examine “the overall contextuality of threat intelligence.” With improved visibility into the global network, supported by threat intelligence and threat data (from internal telemetry and external sources), the industry can achieve broader awareness and have a greater impact on defending against the forces of evil—our cyber adversaries. Attendees will walk away with not just a new way to think about threat intelligence, but also a new perspective on what it means to be a cybersecurity practitioner, today and in the future.
What’s up with this Prince song inside my head?
Following the keynotes on both days of the Summit, we have two jam-packed tracks: Tools, Tactics, and Techniques and Strategy and Management. Understanding that no two organizations have threat intelligence programs at the same level of maturity, the Threat Intelligence Summit agenda will offer options for those just starting out, as well as those who maintain a robust program.
Tim Callahan, CISO at Aflac and conference Chairperson, will present, “Staffing for a Threat Management Program,” for those transitioning from information gathering to a holistic threat management capability. Putting the right people in place is one of the foundational elements to being able to run an effective program that provides actionable advice to the organization. Callahan will walk attendees through different perspectives on staffing your team, finding the right skill sets, staff management, and recruitment and training efforts.
For teams with staffing in place and looking to take the threat program to the next level, Rafal Los and Danny Pickens will present an interactive session on “Building a Requirements Meta-Model.” Attendees are encouraged to bring a laptop, tablet, or even just a pen and paper, as Los and Pickens will demonstrate then walk attendees through a hands-on modeling exercise that allows each individual to identify key stakeholders in their organization, ascertain requirements for the threat program, and then, most importantly, prioritize the requirements based on the specific goals of the threat program.
Hands up if you’re down to get down tonight
On the Tools, Tactics, and Techniques side, Diana Kelley, Executive Security Advisor at IBM, will demonstrate “Taking Your C-Suite Executives on a Tour of the Dark Web.” In this demonstration + advice session, attendees will get to see how to navigate the dark web to unearth hidden threat information, and just as critically (especially if you’re familiar with how to navigate and use the dark web), how to demonstrate to your executive team what having access to this level of information means and how it can be used to decrease the organization’s risk. Because security has the mindshare of executives but is still often viewed as the “department of FUD,” this session will provide practical tips on how to educate executives about threats and risk without resorting to scare tactics, instead helping you position yourself as a trusted advisor to the business.
During “Threat Intelligence Reality Check: Endpoint Detection and Response,” Mark Butler, VP of Security Architecture, Engineering & Operations, and ISO, will offer a case study on how Fiserv was able to enhance endpoint detection and response capabilities by leveraging threat intelligence to affect organizational improvements, forensic capabilities, software blocking, and improving hunting skills. The result: visibility enhancements, reduced number of infections over time, and a better understanding of Fiserv’s risk posture. Based on a real-life organizational transformation, attendees will learn what changes can be made in their own organizations to positively impact how they evaluate, respond to, and recover from incidents—all starting with threat intelligence.
We don’t even have to try; it’s always a good time
The above are just a few of the sessions in which attendees can participate at the Summit. Check out the full agenda for more information about the event, your favorite speakers, and topics of interest.
We know that networking is also extremely important for attendees of security conferences, so we’ve built in plenty of in-event networking time. Of course, the Summit hotel is located one mere block from the infamous Bourbon Street so you can continue your threat intelligence conversations with new friends and colleagues while enjoying the flavor of the city! Join us in two weeks to increase your threat intel knowledge, meet new industry colleagues, and learn how to improve the threat intelligence capabilities at your organization right away.