Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Mark Arena Profile picture
Mark Arena
@markarenaau
Company advisor. Intel 471 founder and former CEO. Opinions my own.
Feb 22, 2023 6 tweets 2 min read
After almost 9 years and record results in 2022 for @Intel471Inc , I am announcing that I’ll be stepping down as the CEO of Intel 471 effective 28 February. 1/6 Recently, I advised our Thoma Bravo partners that I wished to transition into being an advisor from my full time CEO role while remaining on the board. 2/6
Mar 22, 2022 5 tweets 1 min read
. @Intel471Inc's awesome intel team did some analysis of the average time from when access brokers advertise (publicly or privately) network access to orgs to when a victim is named on a ransomware service's name and shame blog. TLDR: average 71 days in 2021. [1/x] Prior to this analysis being done I would have thought that this time period would have shorter. IMO this really shows how important it is to have ongoing coverage of access brokers for both your own organization and your supply chain. [2/x]
Dec 5, 2020 9 tweets 2 min read
It's rare for someone to be experienced as a CTI analyst on both cyber espionage and cybercrime threat types. I see it often that experienced cyber espionage analysts create groups and infer links for cybercrime where they don't exist [01/xx] To truly analyze and understand cybercrime, one must understand that it's not at all like a cyber espionage group who can be bums on seats in a govt office with mostly their own tooling, infrastructure etc [02/xx]
Dec 4, 2020 6 tweets 2 min read
RE: ransomware, I see a lot of folks overly focusing on atomic indicators for ransomware. Ransomware is very easy to write and deploy and when a sophisticated cybercriminal is ready to deploy it, will test it out on a single system before deploying it to all [01/xx] #Ransomware What you should be focusing on is: 1) The precursors to ransomware, i.e. (not an exhaustive list) Emotet, TrickBot, Cobalt Strike, Empire. 2) Preparing and testing backups so you can recover fast in the event of a ransomware incident across your org. [02/xx]
Feb 7, 2020 24 tweets 10 min read
Key points from my “Lessons from the world's leading cyber threat intelligence (CTI) programs” talk at @gcfriyadh in Riyadh. Video will be shared soon. Talking points aren’t ideal for Twitter but I’ll give it a go [1/24] #ThreatIntel #CyberThreats @gcfriyadh A CTI program is all about reducing risk for an orgs. Risk = probability x impact. CTI about understanding the internal and external factors that impact probability + impact of risks so decisions can be made that reduce risk [2/24]