The Art of Cyber Threat Intelligence Workshop
Structured Analytical Techniques (SAT) and skills, as well as modern technologies for collecting and processing data, form a crucial combination for countering today’s advanced attacks. Only up-to-date and relevant intelligence information can give you an advantage over an attacker. Despite all the technological advances, ultimately it is the analyst who creates the intelligence, not the device. Become an intelligence analyst in a cyber incident for a day in this unique workshop and win a prize. In this workshop, participants will learn about several analytical techniques that can be used in the early stages of incident handling. The techniques are primarily applied for the purpose of determining the most important issues that arise at the beginning of each Cyber incident, up to connecting the events into a single flow using simplified visual representations, for example in Link Flow Analysis. The lecturer will guide the participants through the incident and show how structured analytical techniques can be applied in teamwork (encouraging a team of people and a diversity of experiences and thinking), all with the aim of removing bias and expert blindness that often leads analysts and forensics to a dead end. In the room where the workshop will be held, it would be perfect to arrange the tables so that we have five teams of three people each. Each team will receive a simple and guided explanation of how to use one of the techniques, together with an example of forensic findings from the incident, the goal of which is attribution. The first team to find out who the attacker is – will win a symbolic prize. Workshop outcome: To learn how simple structured analytical techniques have their application in cyber incidents and how they work.
About the Speaker
Bojan Alikavazovic is a member of the Security Operation Center (SOC) which monitors, processes and manages security incidents in various business environments. He has experience in threat research, reverse engineering of malicious code, penetration testing, security hardening, revision of network architecture with the aim of security improvement, and integration of various solutions for detection and blocking of cyber attacks.