A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Contextual Threat Intelligence: Building a Data Science Capability into the Hunt Team - Brian Genz (Circle City Con 2016 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Contextual Threat Intelligence: Building a Data Science Capability into the Hunt Team
Brian Genz

Circle City Con 2016

I know…"Say Threat Intelligence, again-I dare you." Got it. But this talk isn,t about shiny new feeds or tools. It's about the need to re-think the collective skill sets required to give defenders a fighting chance of detecting evil *before* things go all nuclear and front-page-news. Specifically, this talk highlights the need to build a data science capability into the hunt team in order to sift through ever increasing amounts of data and derive actionable insights. Further, we,ll explore the need to add this skill set on top of existing domain knowledge of offensive and defensive tactics within information security.

This combined arsenal of knowledge and skills across the data science and infosec realms should also be deployed in the context of the Intelligence Cycle. From the initial phase of Planning & Direction through Collection, Processing & Exploitation, Analysis, and Dissemination, there are parallels between hunt team operations and kinetic ops. To illustrate this point, we will consider an example of a specialized Long Range Surveillance military unit that required rapid acquisition of personnel with specialized skill sets, training and preparation prior to a combat deployment.

Most importantly, it's about the people and their analytical expertise, not the tools.

Back to Circle City Con 2016 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast