Tony Drake
Tony Drake has over 25 years of experience in information security and systems administration. He has worked in roles ranging from systems design and administration to incident response, tactical intelligence, and managing pen tests. He has worked for the last 20 years in various roles in financial firms including brokerage, banking, exchange and payments in roles ranging from jack-of-all-trades "security guy" to tactical intelligence and malware analysis. He has worked in all aspects of Pen Testing from scoping, and planning to managing results, to incident response. In his current role he serves as lead security researcher for the Intercontinental Exchange, solving tactical security problems with creative solutions.
He holds a CISSP as well as SANS certifications in Incident Response, Web Application Pen Testing, Network Pen Testing and Threat Intelligence, and OSINT.
Session
Everyone has a Cyber Threat Intelligence Program. Therefore we need to have a Cyber Threat Intelligence Program. The boss says "Go build it".So what do you do now? Based on a couple of decades of experience and observation of programs, I walk through what happens when you try to start a Cyber Threat Intelligence Program, how to do it wrong, and by contrast, how to do it right?