Panel: A Vulcan mindmeld: from your mind to my mind

This presentation forms part of the CTA's Threat Intelligence Practitioners' Summit

Thursday 29 September 2022, 11:00 - 11:30

Moderator: Kathi Whitbey (Palo Alto Networks)
Righard Zwienenberg (ESET)
Noortje Henrichs (Netherlands NCSC)
Derek Manky (Fortinet)

Is sharing threat intelligence content, with or without context, at an early stage beneficial or distracting? Please join this panel of cybersecurity experts as they explore the concepts around sharing threat intelligence today across organizations, such as:

  1. How it has benefited each in their work;
  2. How the expansion of organizations willing to share threat intelligence has affected each of them in their own organizations;
  3. How sheer volumes of data sharing can cause alert fatigue;
  4. And how sharing additional context around IOCs is benefiting the cyber ecosystem;
  5. Or is it just adding more distractions?

Kathi-Whitbey.jpg

Kathi Whitbey

Kathi Whitbey currently serves as Principal Business Operations Manager for Unit 42 within Palo Alto Networks. In this role, Kathi was an integral part in the process for incorporating the Cyber Threat Alliance (CTA), to include the initial CTA Platform development efforts for sharing information among member companies. Kathi's previous roles have included software development management and technical training efforts for various US government organizations. Kathi has also worked for the US Department of State and travelled all over the world educating employees on custom software applications.

In her free time, Kathi serves as a volunteer Emergency Medical Technician (EMT) and was afforded the opportunity to serve in that role supporting the US Navy at Camp Lemonnier, Djibouti, Africa for 12 months. Kathi has an M.S. degree in information systems.

 

Righard-Zwienenberg-web.jpg

Righard Zwienenberg

Righard Zwienenberg started dealing with computer viruses in 1988 after encountering the first virus problems. His interest thus kindled he has studied virus behaviour and presented solutions and detection schemes ever since. Starting as an independent consultant, later as R&D Manager at CSE Ltd, as a researcher for ThunderBYTE, as Chief Research Officer at Norman, and currently as Senior Research Fellow at ESET. Over the years he has served in many extra roles in different industry organizations. Currently he is still serving on the board of AVAR, on the Technical Overview Board of the WildList and as the Vice Chair of the Executive Committee of IEEE ICSG. In 2018, Zwienenberg joined the Europol European Cyber Crime Center (EC3) Advisory Group as an ESET representative. Zwienenberg has been a member of CARO since late 1991. He is a frequent speaker at conferences – among these Virus Bulletin, EICAR, AVAR, RSA, InfoSec, SANS, CFET, ISOI, SANS Security Summits, IP Expo, Government Symposia, SCADA seminars - and general security seminars.

@RighardZw

 

Noortje-Henrichs.jpg

Noortje Henrichs

Noortje works at the Dutch National Centre for Cybersecurity (NCSC) and leads the Threat Analysis team and the Cyber Threat Intelligence team.

From collection to dissemination, she is responsible for the execution of all phases of the threat intelligence lifecycle. She aims to deliver relevant and timely information on generic as well as sector-specific digital threats to the NCSC constituency. As part of a national CERT, it is her mission to offer partners, institutions and organizations a complete national threat landscape, that combines technical information with tactical context (and vice versa).

 

Derek-Manky.jpg

Derek Manky

Derek Manky brings more than 20 years of experience to a strategic and visionary cybersecurity role, working with FortiGuard Labs at Fortinet. Manky leads FortiGuard Labs' global threat intelligence team which consults with leading CSOs/CISOs of Fortune 500 companies worldwide across multiple industries. Manky provides thought leadership to industry and has presented research and strategy worldwide at many premier security conferences. As a cybersecurity expert, his work has included meetings with leading political figures and key policy stakeholders globally, including law enforcement, which helps define the future of cybersecurity. In 2019, he was selected as one of six nationwide delegates to represent Canada as a Canadian leader from the field of cyber, through his leadership and expertise in cybersecurity. He is a contributing author to the World Economic Forum Partnership against Cybercrime Report. Manky has been recipient of his technical university's honourable 2019 BCIT Distinguished Alumni Award.

Manky orchestrates global threat intelligence initiatives with Fortinet, including the World Economic Forum Partnership against Cybercrime, Cyber Threat Alliance (CTA), NATO NICP, INTERPOL Expert Working Group, and the Forum for Incident Response and Security Teams (FIRST). Manky has been with the Cyber Threat Alliance since it was founded in May 2014 and sits on the steering committee, working with leading security executives and CEO direction in industry. His vision is applied to help shape the future of proactive cybersecurity, with the ultimate goal to make a positive impact towards the global war on cybercrime.

He works globally with the security industry and Computer Emergency Response Team (CERT) to connect the dots, streamlining mitigation advice and threat forecasts based on personal knowledge and a team of world-class experts at Fortinet and FortiGuard Labs. This strategy is integrated into advanced technology frameworks to fight cyber attacks, while keeping clients secure. Manky designed a zero-day vulnerability disclosure framework, which has been reliably used for years to responsibly fix security issues before black hat attackers get a chance to exploit victims.

Manky sits on a computing science advisory committee and meets with universities to provide security industry input that he hopes will help shape the bright young minds of tomorrow. In an effort to educate, he is regularly featured in top tier media and guest articles including, but not limited to, CNN, Bloomberg, NBC, MSNBC, Wired, CSO, Forbes, Wall Street Journal, Dark Reading, and the Financial Times. Manky has also been the recipient of CRN's 'Security Superstar' award. He continues to dedicate his career to security, research and education.

Back to VB2022 Programme page

Other VB2022 papers

The threat is stronger than the execution: realities of hacktivism in the 2020s

VB2022 paper: The threat is stronger than the execution: the realities of hacktivism in the 2020s

Uncovering a broad criminal ecosystem powered by one of the largest botnets, Glupteba

VB2022 paper: Uncovering a broad criminal ecosystem powered by one of the largest botnets, Glupteba

Zeroing in on XENOTIME: analysis of the entities responsible for the Triton event

VB2022 paper: Zeroing in on XENOTIME: analysis of the entities responsible for the Triton event

Prilex: the pricey prickle credit card complex

VB2022 paper: Prilex: the pricey prickle credit card complex

Exploit archaeology: a forensic history of in-the-wild NSO Group exploits

VB2022 paper: Exploit archaeology: a forensic history of in-the-wild NSO Group exploits

Hunting the Android/BianLian botnet

VB2022 paper: Hunting the Android/BianLian botnet

EvilPlayout: attack against Iran’s state TV and radio broadcaster

VB2022 paper: EvilPlayout: attack against Iran’s state TV and radio broadcaster

Russian wipers in the cyberwar against Ukraine

VB2022 paper: Russian wipers in the cyberwar against Ukraine

War of the worlds: a study in a ransomware IR learnings & victories

VB2022 paper: War of the worlds: a study in a ransomware IR learnings & victories

Script kiddy on the deep & dark web: looks serious? But empty suit!

VB2022 presentation: Script kiddy on the deep & dark web: looks serious? But empty suit!

SHAREM: shellcode analysis framework with emulation, a disassember, and timeless debugging

VB2022 paper: SHAREM: shellcode analysis framework with emulation, a disassember, and timeless debugging

Combating control flow flattening in .NET malware

VB2022 paper: Combating control flow flattening in .NET malware

(Encryption) time flies when you're having fun: the case of the exotic BlackCat ransomware

VB2022 paper: (Encryption) time flies when you're having fun: the case of the exotic BlackCat ransomware

Sha Zhu Pan: cocktail of cryptocurrency, social engineering and fake apps targeting Android and iPhone users

VB2022 paper: Sha Zhu Pan: cocktail of cryptocurrency, social engineering and fake apps targeting Android and iPhone users

Web3 + scams = it's a match!

VB2022 paper: Web3 + scams = it's a match!

Operation Dragon Castling: suspected APT group hijacks WPS Office updater to target East Asian betting companies

VB2022 paper: Operation Dragon Castling: suspected APT group hijacks WPS Office updater to target East Asian betting companies

Scarcuft's information-gathering activities

VB2022 paper: Scarcuft's information-gathering activities

Unmasking WindTape

VB2022 paper: Unmasking WindTape

Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning

VB2022 paper: Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning

Lazarus & BYOVD: evil to the Windows core

VB2022 paper: Lazarus & BYOVD: evil to the Windows core

Keeping up with the Emotets: configuration extraction and analysis

VB2022 paper: Keeping up with the Emotets: configuration extraction and analysis

Exploiting COVID-19: how threat actors hijacked a pandemic

VB2022 paper: Exploiting COVID-19: how threat actors hijacked a pandemic

The long arm of the prisoner: social engineering from Kenyan prisons

VB2022 paper: The long arm of the prisoner: social engineering from Kenyan prisons

CTA TIPS "What if"

VB2022 CTA Threat Intelligence Practitioners' Summit presentation: "What if"

CTA TIPS Finding IOCs in unexpected places

VB2022 CTA Threat Intelligence Practitioners' Summit presentation: Finding IOCs in unexpected places

CTA TIPS Threat intelligence sharing in practice – lessons learned from the Cyber Threat Alliance

VB2022 CTA Threat Intelligence Practitioners' Summit presentation: Threat intelligence sharing in practice – lessons learned…

CTA TIPS A Vulcan mindmeld: from your mind to my mind

VB2022 CTA Threat Intelligence Practitioners' Summit presentation: A Vulcan mindmeld: from your mind to my mind

CTA TIPS From threat intelligence to active defence based on Industroyer.V2

VB2022 CTA Threat Intelligence Practitioners' Summit presentation: From threat intelligence to active defence based on…

CTA TIPS Fireside chat: IMAGINE - changing the narrative in threat intelligence collaboration

VB2022 CTA Threat Intelligence Practitioners' Summit presentation: Fireside chat: IMAGINE - changing the narrative in threat…

CTA TIPS Enhanced threat intelligence for runtime detection

VB2022 CTA Threat Intelligence Practitioners' Summit presentation: Enhanced CTI with runtime memory forensics

CTA TIPS Tips for vetting and generating value in automated TI

VB2022 CTA Threat Intelligence Practitioners' Summit presentation: Tips for vetting and generating value in automated TI

CTA TIPS Closing keynote

VB2022 CTA Threat Intelligence Practitioners' Summit presentation: Closing keynote

The ATT&CK DarkHotel playbook: hunt and breach & attack simulation

VB2022 paper: The ATT&CK DarkHotel playbook: hunt and breach & attack simulation

Building resilience through threat intelligence (partner presentation)

VB2022 presentation: Building resilience through threat intelligence (partner presentation)

Workshop: Modern threat hunting

VB2022 workshop led by VirusTotal

Keynote: Why are you telling me this?

VB2022 keynote address: Why are you telling me this?

You OTA know: combating malicious Android system updaters

VB2022 paper: You OTA know: combating malicious Android system updaters

Creepy things that glow in the dark: a deep look at POLONIUM's undocumented tools

VB2022 paper: Creepy things that glow in the dark: a deep look at POLONIUM's undocumented tools

Lessons learned from 6 LAPSUS$ incident (responses)

VB2022 paper: Lessons learned from 6 LAPSUS$ incident (responses)

Your own personal Panda: inside the CVE-2022-1040 attack

VB2022 paper: Your own personal Panda: inside the CVE-2022-1040 attack

Operation MINAZUKI: underwater invasive espionage

VB2022 paper: Operation MINAZUKI: underwater invasive espionage

Good-bye macros: peeking into a threat landscape without Office macros

VB2022 paper: Good-bye macros: peeking into a threat landscape without Office macros

The impact of mobile networks on the 2022 Russian invasion of Ukraine

VB2022 paper: The impact of mobile networks on the 2022 Russian invasion of Ukraine

Not Safe for Windows (NSFW): a China-based threat with a lot to say

VB2022 paper: Not Safe for Windows (NSFW): a China-based threat with a lot to say

An inconvenient truth about Apple security updates

VB2022 paper: An inconvenient truth about Apple security updates

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.