November 15, 2022
by Hacker Valley Studio
November 15, 2022
by Hacker Valley Studio
Brian Kime, VP of Intelligence Strategy and Advisory at ZeroFox, talks about all things threat intelligence this week. Brian explains why he chose threat intelligence as his focus, where he’s seen opportunities for growth in recent years, and what challenges for cyber threat intelligence lie ahead. Using his intelligence experience developed first in the US Army Special Forces, Brian delivers his argument for intelligence-driven security, instead of the marketing-driven security industry we have today.
[00:00] Diving into the VP of Intelligence Strategy role
[05:25] Learning intelligence in the Army Special Forces
[10:09] Seeing the past, present, & future of threat intelligence
[19:31] Measuring efficacy & ROI of cyber threat data
[25:18] Building your own cyber threat intelligence capabilities
Thank you to our sponsors Axonius and NetSPI for bringing this episode to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
A lot of folks shift from intelligence into other areas of cyber, what inspired you to continue down the intelligence route?
After Brian graduated from Georgia Tech and the nation experienced the tragedy of 9/11, Brian felt called to enlist in the US Army Reserve. While the war in Afghanistan was not as short-lived as anyone expected, Brian found his calling in military intelligence, where he was inspired to put his experiences in IT and intelligence together. It turns out that fusion already existed in the form of cyber threat intelligence, and Brian wanted to focus on that completely.
“I want to bring all these things together and really start pushing our customers and pushing the security community in general towards more intelligence-driven security. Mostly, what I see even today still just feels like marketing-driven security.”
Where are we today with threat intelligence technology, in terms of challenges and opportunities?
Brian believes we’re already in a really exciting place today in terms of threat intelligence technology. What feels especially opportune for him at the moment includes opportunities and technology that involve internal data from previous threats, freely available external data from sources like blogs, and third-party vendors. However, the challenges facing threat intelligence now involve how to make that technology available for small and medium businesses.
“That's what I would love to see become the standard, that big corporations incorporate threat intelligence to the level that they can start to actually extend that value into their supply chain. That way, the whole system becomes more resilient, more secure.”
How does a security team measure the efficacy and ROI of intelligence?
In Brian’s opinion, most cybersecurity practitioners don't track the ROI of their intelligence vendors, or they fail to measure intelligence for effectiveness. The metrics cyber teams should focus on include number of new detections created, incidents discovered, adversary dwell time, and improved security decision making. Unfortunately, improved decision making is the hardest to measure because it requires practitioner feedback.
“At the end of the day, if stakeholders are making security decisions based on intelligence that I'm providing, that's a really good measure of effectiveness. All the security decisions that were influenced by threat intelligence, that's what we're going for.”
When you don't have an intelligence capability and you want to create one, what is typically the first thing that an intelligence team member does?
If you’re intending to collect data from your customers (which almost every company out there is trying to do), then Brian believes that privacy and security need to be considered from the start. Critical security controls and a solid framework are key to early success for even the smallest security team. The best place to start? Software and hardware inventory. If you don’t know what you have, you won’t be able to secure your technology properly.
“At the beginning of the critical security controls, it's always software and hardware inventory. If I don't know what I have, then I really can't do anything well in security. I can't do incident response because I don't know where my data is.”
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
It’s a classic technologist conundrum: Should I build or buy the solution I need to solve a problem? The “Build vs. Buy” conundrum is faced by technology teams worldwide. To help approach this riddle, Chris Cochran speaks to two industry veterans, Sl...
Embrace the AI Revolution in Cybersecurity! Ron Eddings explores the dynamic world of AI, from cybersecurity automation to anomaly detection. Learn how AI is being used by practitioners and creators to stay one step ahead of the adversary and the com...
For this week's episode, we brought back a fan favorite Security Teams Can't Do It All. This episode features guest Rob Wood, CISO at CMS, who discusses the challenges of data silos in the workplace and the importance of supportive leadership. Link...
In this episode, host Ron is joined by the CISO at Corvus Insurance, Jason Rebholz, to talk about the life of being a cybersecurity content creator. From his drive to create cyber content for technical and non-technical audiences to the sometimes har...
In this episode, hosts Ron and Chris are joined by special guest Eric Avigdor, VP of Product Management at Votiro. With humility as the focal point, Eric details his journey as a Product Manager — sharing his unique approach to leadership and custome...
Host Chris Cochran is joined by Marty Overman, Senior VP at Imperva, to discuss the importance of self-awareness and transparency in cybersecurity leadership. The two emphasize the need for leaders to recognize their strengths and weaknesses and unde...
In this episode, host Ron is joined by Jamie Blasco, co-founder and CTO at Nudge Security, to discuss the opportunities of SaaS as well as the security implications of AI. Jamie also considers the importance of striking a balance between productivity...
How do you effectively persuade team members and stakeholders to take action, convey the importance of new projects, or request additional resources? Communicating technical security information often leads to disconnection or worse, falls on deaf ea...
In this episode, Chris and Ron Eddings are joined by Jeff Man, a legend in cybersecurity. The conversation begins with Jeff sharing his experiences as a member of the first NSA red team and his involvement in groundbreaking projects. He discusses his...
In this episode, Chris and Ron interview Derek Wood from Duality Technologies, a leading privacy technology company to discuss the concept of homomorphic encryption and its significance in data security, privacy, and governance. Homomorphic encryptio...