Know Thyself: Turning Your Intelligence Practice Inward


By Chris Cochran, Creative Director and Cybersecurity Advocate, Axonius

When you spend most of your career looking outward at potential threats that could affect your coworkers, technology, and business, looking inward might be last on your list.

As cybersecurity professionals, we're inundated with complex situations and daunting what-ifs every day. While navigating these circumstances is a huge part of our jobs, it can make us more reactive and less proactive. This is why looking inward and getting to know what's really happening at your organization is so important.

Let me explain... or perhaps Chinese military general, author, and philosopher Sun Tzu could do it better:

"If you know the enemy and know yourself, you need not fear the result of a hundred battles."

As threat intelligence and cybersecurity practitioners, we've dueled with the omnipresent "enemy." We've triumphed in more than our fair share of "battles." We've mastered looking outward. So let's turn our gaze inward to understand ourselves and our environments more completely.

The EASY Framework

Earlier this year, the Hacker Valley Studio podcast released its "Know Thyself" season, and spent several episodes examining what it means to understand yourself and your roles and responsibilities as a security practitioner. Turns out, this introspective process is eerily similar to what it's like for threat intelligence analysts observing an adversarial cyber actor.

Enter: the EASY framework.

When I invented the EASY framework for threat intelligence, I did it with external intelligence in mind. At that time, I didn't realize it also applies to internal intelligence, other aspects of cybersecurity, and service-centric roles across the board.

EASY operationalizes intelligence, guiding you down a path of impact.

  • E for Elicit Requirements: What do you need to understand about your environment to make better decisions and take action to improve your security posture? Do you have complete visibility into all assets? What information is needed to perform incident response?
  • A for Assess Collection Plan: Now that we know what data we'll need, how do we get it? What sources do we need and how can we get them in place to be queried? How do we normalize data to see the full picture of what's happening on our network?
  • S for Strive for Impact: This is where we show the value of internal intelligence. What does "healthy" look like for us? Can we automate detections so we know when something suspicious or malicious is happening? Who can make a difference using this information?
  • Y for Yield to Feedback: Feedback is a gift — use it. Ask yourself or your coworkers: is the information we deliver clear, accurate, and valuable? Is there a better medium to deliver information to different stakeholders? How can we be better?

As we look inward and focus on internal intelligence, we might be surprised by what we find — positive and negative. Nonetheless, we're learning more about ourselves, and that's what's truly important.

Ready to begin your journey to internal intelligence? Axonius has solved the asset intelligence challenge for you. Understand what you have and how it fits into the bigger picture of your technical environment. Sign up for a free trial of Axonius at

Sustaining Partners