Building Capable Threat Intelligence Programs

Feb 21, 2024

Component not found for block type: video-embed

Starting a cyber threat intelligence program (CTI) prompts many questions: What intelligence is most useful? Where are the data sources? How can you satisfy stakeholders? And ultimately, how you demonstrate that a CTI program prevented security incidents? John Fokker, head of threat intelligence at Trellix, says that it is possible to build effective CTI programs with smaller teams, but stakeholder buy-in is important. In this episode of Studio 471, we also discuss the Cyber Threat Intelligence Capability Maturity Model (CTI CMM), a framework under development by CTI experts. The framework, due to be released later this year, aims to guide organizations to building more capable and mature CTI programs.

Participants:
John Fokker, Head of Threat Intelligence, Trellix
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471

Emerging Threats//Apr 1, 2026

TeamPCP Supply Chain Attacks

TeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials, and extend attacks across software supply chains.

Emerging Threats//Mar 13, 2026

Handala Threat Group

An Iranian aligned threat group conducting destructive and espionage focused cyber operations against organizations in Israel and Western countries.

Emerging Threats//Jan 27, 2026

CrazyHunter Ransomware

CrazyHunter is a ransomware campaign targeting healthcare that weakens endpoint defenses and escalates privileges before encrypting systems at scale.

Sign up for our Executive Intel Update

Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.

Building Capable Threat Intelligence Programs

Related Articles

TeamPCP Supply Chain Attacks

Handala Threat Group

CrazyHunter Ransomware

Sign up for our Executive Intel Update

Sign up for our Executive Intel Update