Show Notes
In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview Patrick Coughlin, Co-Founder and CEO of TruSTAR. Patrick began his career as a security analyst in Washington D.C. and the middle east. By working with government contractors, multinational corporations, and counter-terrorism units, Patrick learned that the biggest challenge that security analysts have is retrieving the needed information from disparate data sources. This discovery led Patrick to founding TruStar. Patrick’s focus is to help organizations automate the collection and curation of threat intelligence data.
Patrick’s analytical prowess originated from working at Booz Allen Hamilton where he learned a fundamental skill that all cybersecurity analysts should have - how to put together a slide deck. This skill helped Patrick articulate the importance of threat intelligence to leaders in the government and private sector.
As the episode progresses, Patrick details the differences between threat intelligence requirements for national security and enterprise. For enterprise threat intelligence programs, the goal is to accelerate automation of detection and rarely attribution. Patrick also mentions automation is only as effective as the data is cleaned, normalized, and prioritized.
What about the good, bad, and ugly of threat intelligence? Patrick describes that an organization can thrive by leveraging internal intelligence. This can be overlooked when organizations are fixated on buying threat data feeds and subscribing to ISAC feeds. Most enterprise organizations have a detection and response stack that is constantly providing information about threats relevant to their organization - which serves as great threat intelligence data.
Chris and Ron ask Patrick about the science vs art aspects of cybersecurity and threat intelligence. Patrick describes that there is room for both art and science in threat intelligence. While new concepts are being discovered, there is art in finding the needle in the haystack. However, at some point, intuition can be described into steps that a machine can repeat. For example, after years of analytical practice an analyst can describe how and why they are tagging threat intelligence related data in such a way that can be repeated by other analysts or automation.
This episode covers an abundance of tactics and techniques for threat intelligence analysts. Patrick describes the best place to begin automating threat intelligence is detection. An analyst can ask the question, “How do I get sources of known bad indicators into my detection stack so that I could drive high fidelity detections?”. As false positives decrease, your mean time to detection (MTTD) and resolution (MTTR) decrease which makes your threat intelligence and security operation team members more effective.
0:00 - Intro
1:53 - This episode features Patrick Coughlin, Co-Founder and CEO of TruSTAR
2:30 - Patrick’s background and start as a security analyst
5:19 - How to automate threat intelligence while reducing analyst fatigue
7:05 - How Patrick cultivated his analyst prowess
8:43 - Articulating threat intelligence to government and enterprise organizations
11:09 - Can a threat intelligence program be automated?
17:21 - Patrick’s experience of “good” and “bad” threat intelligence programs
20:31 - Logic vs Intuition in threat intelligence
27:04 - Artificial Intelligence and Machine Learning to make threat intelligence decisions
28:42 - Where to start when automating threat intelligence
30:02 - How to stay in touch with Patrick Coughlin
Links:
Connect with Patrick Coughlin on LinkedIn
Link to Patrick’s company TruSTAR
Learn more about Hacker Valley Studio.
Support Hacker Valley Studio on Patreon.
Follow Hacker Valley Studio on Twitter.
Follow hosts Ron Eddings and Chris Cochran on Twitter.
Learn more about our sponsor ByteChek.
Take our FREE course for building threat intelligence programs by visiting www.hackervalley.com/easy
Recent Episodes
How Can I Best Proactively Secure My SaaS?
In this episode, Ron Eddings will explore the massive adaptation of SaaS applications and ways to tame the beast. Our guest Yoni Shohet, Co-Founder & CEO at Valence Security, will help ...
What We All Should Be Talking About When It Comes to AI and ...
In this episode, Host Ron Eddings is joined by guests Anirban Banerjee, CEO and Co-Founder at Riscosity, and James Berthoty, Founder and Analyst at Latio Tech. Together they focus on data ...
Navigating AI as a CISO with Whitney Palacios
In this episode, Host Ron Eddings catches up with one of his colleagues, Whitney Palacios, Vice President and CISO at BigBear.ai. They explore the challenges and responsibilities of being a CISO ...
The Power of AppSec, Cyber Education, and Friendship with Tanya ...
In this episode, Host Ron Eddings catches up with longtime friend, Tanya Janca, Head of Education and Community at SemGrep and author of 'Alice and Bob Learn Application Security.' Tanya shares ...
Networking 2.0: The Future of Decentralized Networking & Access ...
In this episode, Hosts Ron Eddings, and Jen Langdon share takeaways from Ron's RSA conversation with Colin Constable, Co-Founder and CTO at Atsign On this show, they’ll break down Networking 2.0 ...
How AI and TPRM Makes Security the ‘Dept. of Innovation’ with Paul ...
In this episode, Host Ron Eddings enjoys a reprieve from the hectic RSA conference with guest Paul Valente, CEO of VISO Trust. Paul discusses how he used his extensive experience as a CISO to ...
A Deep Dive into MSSPs: Understanding the Evolution and Secrets ...
In this episode, Ron Eddings and Jen Langdon explore the origins of MSSPs and the solutions they offer to the cybersecurity industry with insights from Ricardo Nicolini, CTO at Bulletproof. ...
Zero Trust Tactics: Preventing Breaches with Ivan Fonseca & Nick ...
In this episode, Host Ron Eddings teams up with Ivan Fonseca and Nick Cottrell, Cybersecurity Engineers at ThreatLocker, as they break down the anatomy of previous breaches and the attacker’s ...
Enterprise Browsers: Work’s Natural Next Step
In this episode, Ron Eddings and Jen Langdon talk about the evolution of browsers and how enterprise browsers have entered to change the game for corporations. Special guest Brayden Rogers, ...
Building Tech and Adding Value in the Era of AI with Josh Danielson
In this episode, Ron Eddings talks with guest Josh Danielson, CEO at Kustos, about how his journey at a previous organization has led him to build and create new products in the industry. ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon.