08-09, 10:00–11:30 (US/Pacific), Track 2: Workshops - Reserved (LVCC W309)
Are you eager to understand your threat actors, targets, and behaviors? Are you constrained by resources to get a cyber threat intel program up and running? Are you not sure which tools to start with for cyber threat intel? If so, then this workshop is for you! We walkthrough how you can build a cyber threat intelligence program using open-source tools at minimum cost. We discuss the major components of a cyber threat intel program and the steps (including people, process, and technology) to bring your program to existence. In this workshop, we will show you how to set up and install open-source threat intelligence tools and relevant feeds. We also demonstrate how to analyze and correlate data to produce actionable intelligence. Finally, we discuss metrics and a maturity model for your program.
Outline:
Intro to CTI
- What is CTI
- Threat Intel Types
- Why build a CTI
Major components for a CTI program
- Data Collection/Feeds
- Parsing and Storage
- Enrichment
- Dissemination
Steps in building CTI program
- Technology
- People
- Process
Lab: Step-by-step walkthrough of two CTI platforms (MISP and OpenCTI)
- Install the CTI platforms
- Add relevant data sources
- Analyzing data sources
- Effective data correlation
Metrics to track the progress and success of a CTI program
Maturity Model of a CTI program
Beginner
Apurv Singh Gautam is a Cybercrime Researcher working at Cyble. He focuses on monitoring and analyzing a wide spectrum of sources by utilizing HUMINT, SOCMINT, and OSINT and producing finished threat intelligence. Apurv has contributed to the SANS FOR589 course on Cybercrime Intelligence. He is passionate about giving back to the community and has already delivered several national and international talks and seminars at conferences like the SANS OSINT Summit, Defcon Blue Team Village, BSides Singapore, local security meetups, schools, and colleges. He loves volunteering with Station X to help students navigate into Cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games, Rainbow Six Siege.
Karan Dwivedi is a recognized cybersecurity expert. Currently, he serves as a security engineering manager at Google. Karan has led large-scale security projects at Google and Yahoo in the US for products like Google Search, Google Assistant, Yahoo Mail, Yahoo Finance, Flickr, etc, to safeguard over a billion users. At Yahoo, he was part of the security team responding to the world’s largest data breach. Karan contributed to the latest internet standard for scoring vulnerabilities, the Common Vulnerability Scoring System (CVSS 4.0). He is featured in major media like Hakin9 Media Magazine, Forensic Focus News, etc. He has delivered talks at national and international conferences like Tech Ex North America, Tech Summit SF, BSides Las Vegas, National Cyber Summit, etc, to influence private and public sectors. Karan was featured as a subject matter expert in the Google Cybersecurity Certificate program launched in May 2023 on Coursera, which had an enrollment of over 41000 students in a few weeks.