The US Special Operations Forces pioneered a methodology called F3EAD, which enabled amongst other things the ability to take out insurgent and terrorist networks. This methodology focuses on 'Finding' the adversary, 'Fixing' their location, 'Finishing' their operational utility, and collecting the materials associated with the target. This material is then 'Exploited' or used to extract operational details of the network they are associated with, 'Analyzed' for intelligence which is useful to find other targets, and 'Disseminated' for other friendly forces to conduct operations. This class focuses on modifying the F3EAD methodology for utility in Cyber Defense Operations to allow cyber defenders to incorporate intelligence practices into their daily operations and focus not only on one off indicators but the overall threat actor. Intelligence enables cyber defense teams to look at the cyber battlefield from the 50,000-foot view and piece together all aspects of the cyber adversarys operations. From what altitude are you viewing the cyber battlefield?
In this class you will learn the importance of Threat Intelligence, how to consume intelligence, and how to integrate it into your enterprise. This integration will focus on real time integration to allow threat intelligence to be processed at 'line speed'. Students will learn how to leverage intelligence for defense as well as investigative purposes. A key focus will be on identifying intelligence sources and exploiting them to extract intelligence. We will then explore how to enrich this intelligence and feed it into enterprise security solutions to enhance defensive postures. There will be some technical hands on activities exploring data visualization, forensic analysis, malware analysis, and dynamic memory analysis. Students will leave with a competence in identifying intelligence sources and incorporating them into automated solutions.
Cyber Defense Professionals, Incident Responders, SOC personnel, Intelligence Professionals, and anyone looking to incorporate intelligence processes into their existing work flow.
A basic understanding of networking, computer hardware, and security concepts.
Adam Meyers is the VP of Intelligence for CrowdStrike; in this role he overseas the team's daily activity, provides direction and strategic vision for the company's intelligence collection, reverse engineering, and analysis efforts. He also serves as a senior security researcher, who focuses on reverse engineering targeted malware threats, mobile malware and related technologies. Previously he was the Director, Cyber Security Intelligence with the National Products and Offerings Division of SRA International. In that role Mr. Meyers served as a senior subject matter expert for cyber threat and cyber security matters for a variety of SRA projects. Mr. Meyers provided both technical expertise at the tactical level and strategic guidance on overall security program objectives. Mr. Meyers also acted as the product manager for SRA Cyberlock, a dynamic malware analysis platform.