2025-08-05 – 17:00-17:45 (Africa/Abidjan), Florentine E
Cyber Threat Intelligence (CTI) analysts face overwhelming information, complex attribution problems, and adversaries practicing active deception. While technical indicators provide essential data, they often fall short in delivering comprehensive threat understanding. This beginner-level presentation introduces Structured Analytic Techniques (SATs) – methodologies developed in traditional intelligence – as powerful enhancers for CTI workflows. We'll explore how techniques like Analysis of Competing Hypotheses, Key Assumptions Check, Red Team Analysis, and more mitigate cognitive biases in cybersecurity. The session demonstrates practical integration of SATs with established frameworks including MITRE ATT&CK, the Diamond Model, and Intelligence Cycle. Attendees will learn implementation strategies, key metrics for analytical improvement, and gain actionable templates for immediate application. This methodological bridge between traditional intelligence practices and cybersecurity represents the next evolution in defense against sophisticated threats.
As cybersecurity professionals who have applied intelligence methodologies to enhance our defensive capabilities, we've found that structured analytic techniques significantly improve threat detection and response. While we both work in cybersecurity roles, we've integrated traditional intelligence frameworks to overcome common analytical challenges faced by security teams. This talk distills our practical experience into actionable techniques that any analyst can apply immediately.
Our journey with these techniques began after encountering recurring cognitive biases affecting incident analysis and threat assessment. Modern security operations face overwhelming data volumes, complex attribution challenges, and adversaries practicing deliberate deception - creating a perfect storm for analytical failure. By combining established methodologies from the intelligence community with cybersecurity practices, we've identified effective approaches that address these critical pain points without requiring extensive retraining or resource investment.
The core of our presentation revolves around several powerful structured techniques that we've found invaluable in security operations. These approaches help analysts systematically evaluate attribution evidence, test assumptions about threat actor capabilities, and establish strategic warning systems that go beyond technical indicators. In our experience, applying these methods leads to significant reductions in false positives and improvements in attribution accuracy when teams implement them correctly.
We'll demonstrate how specific SATs address everyday cybersecurity challenges, including attribution analysis, assumption testing, and anticipating threat actor movements. Attendees will receive practical examples and approaches they can adapt to their own environments, along with case studies demonstrating tangible improvements in detection accuracy and analytical rigor. The presentation includes detailed walkthroughs of real-world scenarios where these structured methods enhance threat detection and response, providing concrete examples that security teams can adapt to their unique requirements.
Alina is an experienced intelligence analyst focusing on cyber threats and emerging technologies. Her research interests include financial cyber crimes, cyber warfare, and protective security. Holding a BS in Computer Science and Master's in Applied Intelligence, Alina advocates for women in cybersecurity while mentoring the next generation of professionals.
Haily Beem is an experienced analyst specializing in incident response, digital forensics, and cyber threat intelligence. Her research explores how global conflicts influence cyber operations and risk exposure. She is passionate about empowering and mentoring early-career professionals interested in cybersecurity.