How proactive should we be about security? What’s the value of threat intelligence vs. just having security programs in place with no knowledge of what attackers are trying to do?



Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is AJ Nash, director of cyber intelligence strategy, Anomali.

Got feedback? Join the conversation on LinkedIn.

Thanks to this week’s podcast sponsor, Anomali

Anomali harnesses threat data, information, and intelligence to drive effective cyber security decisions.

On this episode of Defense in Depth, you’ll learn:

  • You can’t start a threat intelligence effort until you understand your internal threat landscape and business mission.
  • Sadly, very few organizations have a good answer to “What and where are your crown jewels/high valued assets?” But if you can answer that question, your threat intelligence will be far more effective.
  • It’s possible to understand internal and external landscape in parallel. But you won’t get great value of your intelligence until you understand your environment.
  • How do we judge the value of intelligence? It’s all about dealing with costs before the “boom” vs. afterwards. Because afterwards it’s far more expensive.
  • The reason to invest in threat intelligence is because once you know your assets, and you know what your adversaries are after, you can adjust your defenses accordingly.
  • If your goal is to harden everything, you’re going to be very busy. It’s not economically and physically possible.
  • Make sure you’re manning the threat intelligence and incident response teams properly. This is a common misstep that many shops make.
  • If you don’t have intelligence you’re doing reactive security, which nobody wants, yet that’s what many often end up doing.