Profile picture
CYINT_dude @CYINT_dude
, 16 tweets, 4 min read Read on Twitter
#threatintel thread! For the past couple of weeks I've focused on #threatintel REQUIREMENTS. As a consultant working with clients to develop their programs, I focused on this a lot--requirements are important. As a full-time analyst, it's much harder: because OPS!
But, really honing-in on the requirements--the specific questions that customers have, the topics they are interested in, how they can best consume information--has been a valuable investment. Here's what I've learned or re-discovered...
For each requirement (or set of requirements), there is information you need to answer the question and a process to follow to fulfill the requirement. Sometimes you'll have the information you need; sometimes you won't which means that you have to go get it (collection).
You can find the information, buy it, or develop and engineer something to get it. On the process side, you may have no process, an immature process, or a mature process to fulfill the requirement.
So as an exercise, write down each requirement: *every* question or concern you've heard from your stakeholders. You may find patterns and like-groupings so: write it down, stare at it, think about it, revise, and repeat until you have a solid list. This process can take a while.
Remember: the question you ask shapes the answer you will get. (Asking: "what is the mass of sun?" yields a different answer than "how many earths can fit into the sun?" or, "how many times larger is the sun than the earth?")
For *each* requirement, document the information you have and what's missing. Next, think about the process you would follow to answer that question and write that down too. Some requirements may draw blanks on the collection and process side. That's good!
This will all probably feel mundane--its mostly documentation. Boring! Cool analysis is much more fun! But, what you're doing is starting to paint a picture of your entire intel program and capabilities. This is a valuable tool for your management and for YOU the analyst.
For management, you can now tell a story and support your argument for more resources: "Here's everything our stakeholders have asked us. We can reliably fulfill 30% of our reqs. We don't have information to answer X req., and we need processes for X reqs."
"To develop the process and capabilities for X req. it means we'll probably have less time to focus on Y reqs., but we have mature collection and processes around Z reqs., so we don't expect a decline in output against those."
You can also tell mgmt. the story over time: how new info., processes, or other capabilities allowed you to fulfill additional reqs; how other changes have left reqs un-answered, or how some reqs can no longer be met (e.g., "this log source broke," or, "an analyst left the team")
For you the analyst--no matter how cool the analysis is, it *has* to anchor back to the goals of the security program. If you'd done a good job of gathering requirements, those goals will be reflected in the questions you're trying to help answer.
You can also start to see how your analysis lines-up against the requirements. For bigger teams, I could see this enabling a good division of labor.
This concludes my thoughts on #threatintel requirements! Many folks smarter than me have written and talked about the importance of requirements and how to do them well, just wanted to share my experience over the past couple of weeks : )
Another thought on #threatintel requirements: once you know where your gaps in your ability to fulfill certain reqs exist, this becomes a great tool for PLANNING. Set plans to develop capabilities, build collection to meet reqs you currently aren’t able to answer.
This will give you more ammunition to tell the #threatintel program story to management.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to CYINT_dude
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#threatintel

More from @CYINT_dude see all

Profile picture
I’m a proponent of writing things down. As #threatintel analysts, a big part of our job is recognizing patterns and making connections. But sometimes, we don’t see the connections. Our brains can’t recall as much information as we think they can (1/x).
This is why it’s imperative to document and memorialize your knowledge. Use your IOC database, your commercial TIP, OneNote, Excel, Wiki, IR ticketing system, whatever you have to capture artifacts, IOC, notes (2/x).
Tag your data (hopefully you have a consistent tagging scheme); organize it; capture enrichment data and attributes that may allow for future correlation. Does this take extra time? Is it annoying sometimes in the face of an active campaign or IR operations? You bet (3/x).
Read 9 tweets

Related threads

Profile picture
Do you have any 25k, 50k or 100k in your bank account that you are not using? Do you know you can earn extra income by investing that 25k, 50k or 100k? I’ll tell you how. #Thread 😊
In the last couple of years, I have tried to diversify my income stream. Besides earning salary as a Lecturer in one of the top UK Universities, I also try my hands on a few legit businesses, which we refer to side-hustles☺️
Beside these side hustles, I also have a few investments that yields very good interest at the end of every year. One of such is an investment in a Money Market Fund.
Read 9 tweets
Profile picture
ಸಿಂಧೂ ಸರಸ್ವತಿ ಸಂಸ್ಕೃತಿಯ ನಗರಗಳಲ್ಲಿ, ಮತ್ತು ಮಧ್ಯಪೂರ್ವ ದೇಶಗಳಲ್ಲಿ ನಡೆದ ಉತ್ಖನನ ಗಳಲ್ಲಿ ದೊರೆತ ಆಧಾರಗಳಿಂದ ೪೦೦೦ ವರ್ಷಗಳ ಹಿಂದೆಯೇ ಈ ಎರಡೂ ಭಾಗಗಳ ನಡುವೆ ವ್ಯಾಪಾರ ವ್ಯವಹಾರಗಳಿದ್ದದ್ದು ತಿಳಿದು ಬಂದಿದೆ.

#ಸರಣಿ #thread #trade in #AmaruShataka #ಪಯಣಿಗನನಲ್ಲೆ #ಅಮರುಕ #Amaruka
ಇದೇ ರೀತಿ, ಸುಮಾರು ೧೮೦೦ ವರ್ಷಗಳ ಹಿಂದಿನ ಒಂದು ಗ್ರೀಕ್ ನಾಟಕದದಲ್ಲೇ ಕನ್ನಡ ಅಥವಾ ಕನ್ನಡದಂತಹ ಭಾಷೆಯ ಕೆಲವು ಪದಗಳು ಕಂಡು ಬಂದಿರುವುದನ್ನು ನೋಡಿ, ವಿದ್ವಾಂಸರು ಭಾರತದ ಪಶ್ಚಿಮ ಕರಾವಳಿಗೂ, ಗ್ರೀಸ್, ರೋಮ್ ಮೊದಲಾದ ರಾಷ್ಟ್ರಗಳ ನಡುವೆಯೂ ವ್ಯಾಪಾರ ಸಂಬಂಧಗಳು ಇದ್ದಿರಬೇಕೆಂದು ಊಹಿಸಿದ್ದಾರೆ.

#ಸರಣಿ #thread #trade in #AmaruShataka
ಸಿಂಧೂ ನಾಗರಿಕತೆಯ ಸಮಯದಲ್ಲಿ ವ್ಯಾಪಾರದ ಕುರುಹುಗಳನ್ನು ಸಾಹಿತ್ಯದ ಆಕಾರಗಳಲ್ಲಿ ಹುಡುಕಲಾಗಲಾರದಾದರೂ, ಸುಮಾರು ೨೩೦೦ ವರ್ಷಗಳ ಹಿಂದಿನ ಕೌಟಿಲ್ಯನ ಅರ್ಥಶಾಸ್ತ್ರದಲ್ಲಿವ್ಯಾಪಾರಗಳು, ಸುಂಕ, ಊರಿನಲ್ಲಿ ಎಂತಹ ಸ್ಥಳದಲ್ಲಿ ಮಾರುಕಟ್ಟೆ ಇರಬೇಕು ಮೊದಲಾದ ವಿಷಯಗಳ ಬಗ್ಗೆ ಪ್ರಸ್ತಾಪವಿದೆ.
#Arthashastra #Trade #Kautilya #Chanayka #History
Read 51 tweets
Profile picture
FG'S ACTIONS ON COMMUNAL CONFLICTS
#thread
Few months past,Nigeria endured a continuation of the 30+perennial herdsmen/farming community clashes. Some of the notable actions @MBuhari has taken are presented below starting with a historical linkage with the more recent incidences
of the violence.
-2013 no fewer than 9 cases of herdsmen attacks were recorded in Benue State alone, with more than 190 people killed.
-2014 there were no fewer than 16 recorded attacks, in Benue, which claimed more than 230 victims.
-Between January and May 2015, 6 attacks left more than 300 people dead, again in Benue State alone.
Read 21 tweets
Profile picture
Ok. It’s time to go into Joshua’s memory box and tell his story #thread
Joshua was very much a rainbow baby 🌈 and we were so excited and over the moon when I finally made it into the second trimester. (Alex and I are both big rugby fans!)
I was working as a 1st year Registrar in A&E when I suddenly broke my waters at 24 weeks. I was transferred to Southampton @UHSFT who have a specialist level 3 Neonatal Intensive Care Unit. They were wonderful, and did everything they could to stop my labour over Father’s Day.
Read 69 tweets
Profile picture
Hello Loves,
I want to take a moment to send some love to the women who follow me. And I want to talk to you. (Everyone is welcomed to read this, but this feels quiet and intimate and something that I want to share within the “red tent” because it’s so tender.).
I’ve been quiet over the past couple of weeks. Some of my quiet is lovely & practical: busy, working mama getting my son settled into kindergarten. Some of it has been to allow myself reflection as I watch the volley of pain and anger pinball around re:Kavanaugh confirmation.
I know some of you might wish that I never address anything remotely “political” and that my socials could be simply as entertaining as you might consider my art to be. For those of you who do feel that way, I certainly hate disappointing anyone.
Read 10 tweets
Profile picture
This is a story about toxic friendships, and leaving those who do not help us grow. #Thread
In the past few weeks, I've had so many conversations about this topic. I just want to highlight toxic 'support member' culture.
One of my friends was complaining about their circle of friends, how one of them was a liar and a cheat, but noone was speaking up about it.
Read 16 tweets

Trending hashtags

#WeshallOvercome #veterinary #EC #CityNext #TheStormIsHere #prices #whiteness #half #report #MichaelFlynn #SuburbanErasure #BlackPanther #aboveandbeyond #Aadhaar #example #England #discrimination #Singapore #ConnectedFieldService #email #MacronLeaks #TLDR #TrumpRussiaInvestigation #Prakrta #Flow

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!