Episode 114 - The Good, Bad, and Ugly of Threat Intelligence with Patrick Coughlin

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview Patrick Coughlin, Co-Founder and CEO of TruSTAR. Patrick began his career as a security analyst in Washington D.C. and the middle east. By working with government contractors, multinational corporations, and counter-terrorism units, Patrick learned that the biggest challenge that security analysts have is retrieving the needed information from disparate data sources. This discovery led Patrick to founding TruStar. Patrick’s focus is to help organizations automate the collection and curation of threat intelligence data.

Patrick’s analytical prowess originated from working at Booz Allen Hamilton where he learned a fundamental skill that all cybersecurity analysts should have - how to put together a slide deck. This skill helped Patrick articulate the importance of threat intelligence to leaders in the government and private sector. 

As the episode progresses, Patrick details the differences between threat intelligence requirements for national security and enterprise. For enterprise threat intelligence programs, the goal is to accelerate automation of detection and rarely attribution. Patrick also mentions automation is only as effective as the data is cleaned, normalized, and prioritized. 

What about the good, bad, and ugly of threat intelligence? Patrick describes that an organization can thrive by leveraging internal intelligence. This can be overlooked when organizations are fixated on buying threat data feeds and subscribing to ISAC feeds. Most enterprise organizations have a detection and response stack that is constantly providing information about threats relevant to their organization - which serves as great threat intelligence data.

Chris and Ron ask Patrick about the science vs art aspects of cybersecurity and threat intelligence. Patrick describes that there is room for both art and science in threat intelligence. While new concepts are being discovered, there is art in finding the needle in the haystack. However, at some point, intuition can be described into steps that a machine can repeat. For example, after years of analytical practice an analyst can describe how and why they are tagging threat intelligence related data in such a way that can be repeated by other analysts or automation. 

This episode covers an abundance of tactics and techniques for threat intelligence analysts. Patrick describes the best place to begin automating threat intelligence is detection. An analyst can ask the question, “How do I get sources of known bad indicators into my detection stack so that I could drive high fidelity detections?”. As false positives decrease, your mean time to detection (MTTD) and resolution (MTTR) decrease which makes your threat intelligence and security operation team members more effective.


0:00 - Intro

1:53 - This episode features Patrick Coughlin, Co-Founder and CEO of TruSTAR

2:30 - Patrick’s background and start as a security analyst

5:19 - How to automate threat intelligence while reducing analyst fatigue

7:05 - How Patrick cultivated his analyst prowess

8:43 - Articulating threat intelligence to government and enterprise organizations

11:09 - Can a threat intelligence program be automated?

17:21 - Patrick’s experience of “good” and “bad” threat intelligence programs

20:31 - Logic vs Intuition in threat intelligence

27:04 - Artificial Intelligence and Machine Learning to make threat intelligence decisions

28:42 - Where to start when automating threat intelligence

30:02 - How to stay in touch with Patrick Coughlin



Connect with Patrick Coughlin on LinkedIn

Link to Patrick’s company TruSTAR

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek

Take our FREE course for building threat intelligence programs by visiting www.hackervalley.com/easy


Cover for https://HackerValleyStudio.podbean.com/e/episode-151-health-is-wealth-with-alexis-robertson/

Episode 151 - Health is Wealth with Alexis Robertson

Today in the studio, we have Alexis Robertson, Director of Diversity and Inclusion at...


Cover for https://HackerValleyStudio.podbean.com/e/episode-150-making-a-difference-mindfully-with-natasha-barnes/

Episode 150 - Making a Difference Mindfully with Natasha Barnes

In this episode, we talk to our special guest, Natasha Barnes. Natasha is the Associa...


Cover for https://HackerValleyStudio.podbean.com/e/episode-149-permission-to-launch-with-kelsey-hightower/

Episode 149 - Permission to Launch with Kelsey Hightower

In this episode, we've brought in a special guest, Kelsey Hightower.  Kelsey is Princ...


Cover for https://HackerValleyStudio.podbean.com/e/episode-148-immersed-in-cybersecurity-with-james-hadley/

Episode 148 - Immersed in Cybersecurity with James Hadley

In this episode, have James Hadley, CEO of Immersive Labs, and we talk about the best...


Cover for https://HackerValleyStudio.podbean.com/e/episode-147-learning-cybersecurity-until-you-get-it-right-with-john-strand/

Episode 147 - Learning Cybersecurity Until You Get It Right with John Strand

In this episode, we brought back fan-favorite, John Strand.  He is owner of Black Hil...


Cover for https://HackerValleyStudio.podbean.com/e/hacker-valley-blue-season-2-finale/

Hacker Valley Blue Season 2 Finale

This is the finale of Know Thyself. What an incredible journey, we feel like this ent...


Cover for https://HackerValleyStudio.podbean.com/e/hacker-valley-blue-s2-episode-7-kevin-allison/

Hacker Valley Blue S2 Episode 7 - Kevin Allison

In this masterclass of HVB season 2 we brought in a master story teller in Kevin Alli...


Cover for https://HackerValleyStudio.podbean.com/e/hacker-valley-blue-s2-episode-6-john-strand/

Hacker Valley Blue S2 Episode 6 - John Strand

If want to get into computer security, you're going to learn to love it, you're going...


Cover for https://HackerValleyStudio.podbean.com/e/hacker-valley-blue-s2-episode-5-jamie-dicken-and-aaron-rinehart/

Hacker Valley Blue S2 Episode 5 - Jamie Dicken and Aaron Rinehart

In this episode, we brought in two exceptional guests that are no stranger to chaos. ...


Cover for https://HackerValleyStudio.podbean.com/e/hacker-valley-blue-s2-episode-4-lenny-zeltser/

Hacker Valley Blue S2 Episode 4 - Lenny Zeltser

In this episode, we brought back our good friend Lenny Zeltser.  Lenny is Chief Infor...


Cover for https://HackerValleyStudio.podbean.com/e/hacker-valley-blue-s2-episode-3-chani-simms/

Hacker Valley Blue S2 Episode 3 - Chani Simms

In this episode of Hacker Valley Blue, we brought in a guest who has been on a journe...


Cover for https://HackerValleyStudio.podbean.com/e/hacker-valley-blue-s2-episode-2-marcus-carey/

Hacker Valley Blue S2 Episode 2 - Marcus Carey

Know thy organization is key! Wise words from the powerful Marcus J. Carey.  Don’t be...



Chris Cochran

Chris Cochran

Cybersecurity is not technology centric, in my opinion. It is human centric. I am driven by my duty to not only protect people, but enlist and inspire the next generation of cybersecurity professionals.

Ronald Eddings

Ronald Eddings

The pursuit of knowledge always leads to something, so be open to whatever that is. It could be becoming the best, but it’s going to lead something and it’s most likely going to be a positive impact on your life.

Allan Alford

Allan Alford

It's not enough to be knowledgeable and skilled. Without passion you might as well be doing something else. Surround yourself with people who are passionate about what they do and the rest will come together.

CJ Howard

CJ Howard

Learning and listening allows you to access new perspectives and frames of mind. I believe that information is meant to be shared generously, but understanding without compassion is like a map without a legend.

Episode 151 - Health is Wealth with Alexis Robertson