Starting a cyber threat intelligence program (CTI) prompts many questions: What intelligence is most useful? Where are the data sources? How can you satisfy stakeholders? And ultimately, how you demonstrate that a CTI program prevented security incidents? John Fokker, head of threat intelligence at Trellix, says that it is possible to build effective CTI programs with smaller teams but stakeholder buy-in is important. In this episode of Studio 471, we also discuss the Cyber Threat Intelligence Capability Maturity Model (CTI CMM), a framework under development by CTI experts. The framework, due to be released later this year, aims to guide organizations to building more capable and mature CTI programs.
Participants:
John Fokker, Head of Threat Intelligence, Trellix
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471