Our current vendors and methods for leveraging threat intelligence seem to be broken. They are slow and reactive. Instead we need to think about different ways to move forward from IOC-land to actual intelligence programs, what we need to get there, and what you make along the way. We will discuss what intelligence is and isn't and why establishing an intelligence program is more than just collecting a bunch of IoC's. How to build a program, why sharing information is important, and how to leverage existing resources to help jump start your programs.

Tim Gallo

I've been working in security for 20 years, everything from firewall management to security officer and consultant. I spent 8 years as a product manager for an intelligence vendor and recently coauthored an O'Reilly book on Ransomware, I was also a technical editor on books about DNS Security and Building Threat Intelligence Programs. I have strong opinions on the importance of building intelligence programs and how they can help your organization save money when done correctly, and can cost you a lot of money if done poorly. In the end, I'd like to try and share with others what I've seen go well and go wrong. I'm not a rockstar, nor am I some sort of guru. You won't find shrines to me in the halls of Twitter, nor the fields of LinkedIn, but you will find me there, sipping on information and bourbon.

Back to BSides NOVA 2018 video list