Ryan Halstead, Director and Head of Cyber Defense and Threat Intelligence, Jack Henry & Associates
Ryan Halstead, Director and Head of Cyber Defense and Threat Intelligence, Jack Henry & Associates
“Smart-driven operations” is not just a concept; This is the core truth about how we organize knowledge to design defenses that ultimately keep our services online, data privacy, and customers happy. In addition, cyber intelligence informs the strategic decision-making process at the enterprise level by providing context and understanding of the cyber threat landscape.
In my experience, cyber intelligence can be a compass or a distraction. How many cozy bears do you have at home? Are the spiders scattered? It can quickly become overwhelming. How can you make sense of chaos? Let’s explore five concepts I learned to level up your cyber intelligence team.
Prioritize diversity of thought
Every effective threat intelligence team prioritizes diversity of thought. From creative problem solving to cultural competency, a diverse team with diverse backgrounds will only increase your success as a cyber intelligence practitioner. Diverse teams can better understand and communicate with a variety of stakeholders, including customers, executives, and technical experts.
Perhaps more importantly, diversity can provide different opinions and challenge accepted narratives or assumptions. Overall, diversity of thought fosters a more dynamic and adaptable team that is better able to navigate the ever-changing threat landscape and the actors behind it.
NumberIf you are not already using automation tools, workflows,
and systems that continuously monitor new threats and vulnerabilities
Emerging trends in cybersecurity, and you’re behind them
Improve your agility
The ability to quickly restructure and theoretically craft skills depends on infrastructure and team members who can quickly reconstruct information when new data is introduced, especially data that goes against what we previously understood. If you’re not already using automated tools, workflows, and systems to continuously monitor new threats, vulnerabilities, and emerging trends in cybersecurity, you’re already falling behind.
Develop the ability to quickly collect, analyze, and disseminate threat intelligence on the fly, allowing teams to respond quickly to evolving threats. While these tools can be purchased off the shelf, teams on a budget can easily develop them using open source software and services available online.
Who do you (not) know?
Open source intelligence (OSINT) is the backbone of the threat intelligence industry, but incorporating closed communities and trusted groups into your plan is critical. If possible, having someone on your team who has security clearance from a federal agency can also enrich your program. Communities built on trusting relationships can be difficult to join, but with time and perseverance, you can significantly expand your network.
A great way to discover these connections is through networking opportunities such as industry conferences and events. But don’t underestimate speaking opportunities and invitations to small gatherings to capitalize on connections and relationships. Don’t be afraid to ask questions – our unwillingness to engage is often the most powerful obstacle to our success.
Become a Hype Killer
In an age of headline bait, “breaking news” and endless social media scrolling, we have become numb to critically engaging with information. We often passively consume information without any analysis, which unknowingly undermines our ability to provide clear analysis and opinions. Start thinking critically about everything you read or hear.
The ultimate goal of eliminating hype is risk quantification. It’s all too easy to claim that the sky is falling once a week. When you habitually set off the fire alarm for the candles on your cake, your message quickly becomes unimportant. Help your team find the signal among the noise so that when the alarm is sounded, you have the right facts to back it up. Rather than abandoning victory as a direct corollary to eliminating hype, we cannot succumb to fatalism in this seemingly never-ending game of cops and robbers. As new zero-day vulnerabilities emerge and organized cybercriminals continue to gain ground, we should not succumb to accepting this reality. Defenders can win, and we need to pool our resources and alliances to defeat those seeking to steal and destroy. We must adopt a “Defend the Frontier” cybersecurity strategy that takes the fight to our adversaries’ doorsteps.
Remember, this battle is more than just the numbers on the screen, this is a war we must win to survive. The stakes have never been higher. This is a fight to get clean water flowing to our homes and schools, a fight to protect our hospitals and banks, and ultimately, a fight to preserve our democracy. It is our responsibility to focus, organize and do our best to go to the digital frontline.
