EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why - podcast episode cover

EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why

Cloud Security Podcast by Google
Jul 03, 202327 minSeason 1Ep. 128
--:--
--:--
Listen in podcast apps:
Metacast
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Guest: 

  • John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud

 Topics:

  • You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?

  • There are many places to learn threat intel (TI), what is special about your new class? 

  • You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?

  • Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?

  • In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?

  • Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?

Resources:

 

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why | Cloud Security Podcast by Google - Listen or read transcript on Metacast