Show Notes
Brian Kime, VP of Intelligence Strategy and Advisory at ZeroFox, talks about all things threat intelligence this week. Brian explains why he chose threat intelligence as his focus, where he’s seen opportunities for growth in recent years, and what challenges for cyber threat intelligence lie ahead. Using his intelligence experience developed first in the US Army Special Forces, Brian delivers his argument for intelligence-driven security, instead of the marketing-driven security industry we have today.
Timecoded Guide:
[00:00] Diving into the VP of Intelligence Strategy role
[05:25] Learning intelligence in the Army Special Forces
[10:09] Seeing the past, present, & future of threat intelligence
[19:31] Measuring efficacy & ROI of cyber threat data
[25:18] Building your own cyber threat intelligence capabilities
Sponsor Links:
Thank you to our sponsors Axonius and NetSPI for bringing this episode to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
A lot of folks shift from intelligence into other areas of cyber, what inspired you to continue down the intelligence route?
After Brian graduated from Georgia Tech and the nation experienced the tragedy of 9/11, Brian felt called to enlist in the US Army Reserve. While the war in Afghanistan was not as short-lived as anyone expected, Brian found his calling in military intelligence, where he was inspired to put his experiences in IT and intelligence together. It turns out that fusion already existed in the form of cyber threat intelligence, and Brian wanted to focus on that completely.
“I want to bring all these things together and really start pushing our customers and pushing the security community in general towards more intelligence-driven security. Mostly, what I see even today still just feels like marketing-driven security.”
Where are we today with threat intelligence technology, in terms of challenges and opportunities?
Brian believes we’re already in a really exciting place today in terms of threat intelligence technology. What feels especially opportune for him at the moment includes opportunities and technology that involve internal data from previous threats, freely available external data from sources like blogs, and third-party vendors. However, the challenges facing threat intelligence now involve how to make that technology available for small and medium businesses.
“That's what I would love to see become the standard, that big corporations incorporate threat intelligence to the level that they can start to actually extend that value into their supply chain. That way, the whole system becomes more resilient, more secure.”
How does a security team measure the efficacy and ROI of intelligence?
In Brian’s opinion, most cybersecurity practitioners don't track the ROI of their intelligence vendors, or they fail to measure intelligence for effectiveness. The metrics cyber teams should focus on include number of new detections created, incidents discovered, adversary dwell time, and improved security decision making. Unfortunately, improved decision making is the hardest to measure because it requires practitioner feedback.
“At the end of the day, if stakeholders are making security decisions based on intelligence that I'm providing, that's a really good measure of effectiveness. All the security decisions that were influenced by threat intelligence, that's what we're going for.”
When you don't have an intelligence capability and you want to create one, what is typically the first thing that an intelligence team member does?
If you’re intending to collect data from your customers (which almost every company out there is trying to do), then Brian believes that privacy and security need to be considered from the start. Critical security controls and a solid framework are key to early success for even the smallest security team. The best place to start? Software and hardware inventory. If you don’t know what you have, you won’t be able to secure your technology properly.
“At the beginning of the critical security controls, it's always software and hardware inventory. If I don't know what I have, then I really can't do anything well in security. I can't do incident response because I don't know where my data is.”
---------------
Links:
Keep up with our guest Brian Kime on LinkedIn and Twitter
Learn more about ZeroFox on LinkedIn and the ZeroFox website
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Recent Episodes
From Shadow IT to Full Asset Visibility with Wes Wright
Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take ...
Building Opportunities for Women and Minorities in Cybersecurity ...
How do you create waves of change in an industry? Connie Matthews, Founder and CEO of ReynCon, speaks with Ron about the power of resilience, mentorship, and taking that first bold step in ...
Rethinking Cybersecurity Hiring with Naomi Buckwalter
Is cybersecurity gatekeeping holding back the industry? Naomi Buckwalter, Senior Director of Product Security at Contrast Security and Founder of the Cybersecurity Gatebreakers Foundation, ...
AI, Deepfakes, and Human Risk in Cybersecurity with Perry Carpenter
In a world filled with AI-generated deceptions, how do we discern what’s real? Ron sits down with Perry Carpenter, author of FAIK: A Practical Guide to Living in a World of Deepfakes, ...
How to Become a True Security Leader with Nathan Case
How does one become a true security leader? According to Nathan Case, it’s not about titles—it’s about impact. In this episode, Nathan Case, VP of Cloud Security at Clarity, shares his journey ...
AI and the Future of Cyber Defense with John Hubbard
How can AI shape the future of cybersecurity defense? In this episode, we dive into SOC operations, AI integration, and the latest in threat detection with John Hubbard, Cyber Defense Curriculum ...
How Adversaries Are Living Off The Dark Web with Jason Haddix
Have you ever lost something important, only to find out someone moved it without telling you? The same thing happens with our personal and business data. But what if you could see what the ...
AT&T Dynamic Defense: Security Before It Reaches Your Company's ...
In this episode, Ron Eddings and Jen Langdon speak with Senthil Ramakrishnan, Assistant Vice President of Cybersecurity Product at AT&T Business. Senthil shares information about how a new ...
Soft Skills in Technical Sales to Connect and Sell More with ...
Technical skills open doors, but are soft skills sealing the deal? In this episode, Evgeniy Kharam reveals how communication and connection lead to success in technical sales. From ...
Recon Like An Adversary: Uncovering Modern Techniques in Attack ...
Ever wondered how the best defenders become unstoppable? They think like the attackers. In this episode with Jason Haddix, we reveal the strategies hackers don’t want you to know about and show ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon.