I know…”Say ‘Threat Intelligence’ again–I dare you.” Got it. But this talk isn’t about shiny new feeds or tools. It’s about the need to re-think the collective skill sets required to give defenders a fighting chance of detecting evil *before* things go all nuclear and front-page-news. Specifically, this talk highlights the need to build a data science capability into the hunt team in order to sift through ever increasing amounts of data and derive actionable insights. Further, we’ll explore the need to add this skill set on top of existing domain knowledge of offensive and defensive tactics within information security.
This combined arsenal of knowledge and skills across the data science and infosec realms should also be deployed in the context of the Intelligence Cycle. From the initial phase of Planning & Direction through Collection, Processing & Exploitation, Analysis, and Dissemination, there are parallels between hunt team operations and kinetic ops. To illustrate this point, we will consider an example of a specialized Long Range Surveillance military unit that required rapid acquisition of personnel with specialized skill sets, training and preparation prior to a combat deployment.
Most importantly, it’s about the people and their analytical expertise, not the tools.
