In this conversation, Freddy and Will delve into the world of Cyber Threat Intelligence (CTI) and sharing communities, exploring of Will T, the journey of a cybersecurity professional, the importance of training and community, the challenges faced in threat reporting, and the impact of AI on the field.

They discuss the evolution of CTI, the necessity for critical thinking, and the ethical considerations surrounding the use of AI in intelligence work. The conversation emphasizes the need for collaboration and knowledge sharing within the cybersecurity community to enhance overall effectiveness against cyber threats.

Takeaways

• The importance of foundational knowledge in cybersecurity.
• Real-world experience is crucial for developing analytical skills.
• Training can significantly enhance an analyst's capabilities.
• Community support is vital for sharing knowledge and resources.
• AI can assist in summarizing and analyzing data but has limitations.
• Ethical considerations are paramount when using AI in intelligence.
• Critical thinking is essential in evaluating threat reports.
• Transparency in threat reporting builds trust with stakeholders.
• Continuous learning and adaptation are necessary in cybersecurity.
• Collaboration within the community can lead to better threat mitigation.

Resources & References Mentioned

• Rob M. Lee - https://www.dragos.com/team/robert-m-lee/
• SANS FOR578: https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/
• SANS FOR589: https://www.sans.org/cyber-security-courses/cybercrime-investigations/
• Chainalysis Blockchain Intelligence: https://www.chainalysis.com/blockchain-intelligence/
• SANS blog post on Admiralty Scale https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/
• Oracle incident - https://www.csoonline.com/article/3953644/oracle-quietly-admits-data-breach-days-after-lawsuit-accused-it-of-cover-up.html
• Flavio Queiroz's LinkedIn post - https://www.linkedin.com/posts/flavioqueiroz_threathunting-threatdetection-threatanalysis-activity-7310254153732141056-b-Ba/
• Council of Experts: https://blog.bushidotoken.net/2024/04/strengthening-proactive-cti-through.html
• Will's Projects: https://github.com/BushidoUK#-my-projects
• Ransomware Tool Matrix: https://github.com/BushidoUK/Ransomware-Tool-Matrix
• Curated Intelligence: https://www.curatedintel.org/
• MITRE ATT&CK: https://attack.mitre.org/
• Diamond Model of Intrusion Analysis: https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf?adlt=strict
• Mapping TTPs: https://github.com/BushidoUK/MITRE-Mappings
• Curated Intel website - https://www.curatedintel.org/
• Microsoft Security Copilot: https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot

• 
  

Chapters

00:00 Introduction to Cyber Threat Intelligence

02:48 Career Journey in Cybersecurity

06:08 Understanding Cyber Threat Intelligence

09:06 The Role of Training in Cyber Intelligence

11:57 Teaching and Sharing Knowledge in Cybersecurity

15:08 The Importance of Community in Cyber Intelligence

17:54 Challenges in Cyber Threat Reporting

20:56 The Impact of AI on Cyber Threat Intelligence

24:08 Future of AI in Cybersecurity

26:47 Ethics and Challenges of AI in Intelligence

29:57 Conclusion and Final Thoughts

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on May 2nd, 2025 in Bournemouth, England.