BSides Atlanta 2022

Planning is Indispensable: Tools to Ensure Threat Intelligence Success
2022-08-27 , Room 402 - "Re-Imagine" track

This presentation will educate users on the importance of the overlooked Planning & Direction step of the Intelligence Cycle. Most presentations on this step merely teach "Go elicit requirements". In the real world, when a stakeholder is asked, “What are your intelligence requirements?” the answer is almost always, “Aren’t you supposed to tell me that?” Only about 10% of CISOs have military or intelligence community experience and within that cohort, even fewer have been intelligence commanders or policymakers trained to integrate intelligence into planning or policy. In this presentation, we'll discuss how to reverse engineer intelligence requirements via empathetic techniques. Then, attendees will learn how requirements drive the rest of the Intelligence Cycle (spoiler alert: the cycle isn’t a simple circle!). Attendees will learn best practices for eliciting intelligence requirements, designing an intelligence architecture, creating a robust collection plan, and collecting the right metrics!

Brian leads strategic intelligence production, competitive intelligence, and customer advisory at ZeroFox. He formerly led all threat intelligence, vulnerability risk management, and industrial control systems security research at Forrester. He is also a major in the United States Army Reserve Innovation Command where he seeks out operational innovation, concepts, and capabilities to enhance the readiness and lethality of the US Army as an Innovation Liaison Officer.

With over 15 years in Intelligence operations, Brian knows intelligence programs can only succeed with robust management support and an in-depth understanding of the environment and threats. Brian has worked at Secureworks where he helped defend the premier managed security service provider and later embedded in one of the firm’s largest client’s security teams. He also helped defend the electric grid from state-nexus actors at Southern Company. As an Army Reserve officer, he deployed to Operation Enduring Freedom where he provided intelligence support to special operations forces.

Brian holds many security certifications including CISSP, GLEG, GPEN, GCFA, GCCC, GCPM, GCIA, GCIH, GSEC and is an Army Cyber Operations Planner. He holds masters of science degrees from the SANS Technology Institute and Georgia State University, and a Bachelor of Science degree from Georgia Tech.