Thursday 3 October 14:00 - 14:30, Small talks
Kathi Whitbey (Palo Alto Networks)
Jeannette Jarvis (Fortinet)
Dan Saunders (NTT)
John Fokker (McAfee)
Many myths and misunderstandings surround threat intelligence sharing. If I share, I give away my only real advantage. If I share, then I expose my weakness to competitors. Information I get from others is likely to be false anyway. These myths and others hamper collaboration, in turn preventing the industry from optimizing security for end-users. But the truth belies these myths: no one organization, whether government or corporate, has the ability to see the full picture without sharing. And without that broader picture, your products and services simply cannot be as effective as they could be. This panel will examine and ‘pop’ some long-standing myths. In particular, the panel members will address technical misconceptions in areas such as data normalizing and formatting, as well as the ethical, cultural, business, technical, and operational impediments to sharing data and publishing research. Attendees will come away with a better understanding of the real challenges to effective threat intelligence sharing as well ways to overcome them.
(This presentation forms part of the Threat Intelligence Practitioners’ Summit)
Kathi Whitbey currently serves as the Program Manager for Cyber Threat Intelligence Information Sharing programs within Palo Alto Networks. In this role, Kathi was an integral part in the process for incorporating the CTA, to include the CTA Platform development efforts. Kathi’s previous roles have included software development management and technical training efforts for various US government agencies. Kathi has been fortunate to have travelled all over the world educating employees on custom software applications. In her free time, Kathi serves as a volunteer Emergency Medical Technician (EMT), and served in that role in Djibouti, Africa supporting the US Navy. Kathi has an M.S. degree in information systems.
Orla is a member of Symantec’s Security, Technology, and Research team (STAR). STAR is Symantec's cyber threat frontline, responsible for identifying, analysing and responding to the latest attacks and threats. In her 20 years at Symantec, Orla has been at the forefront of investigations into some of the most well-known cyber threats, such as Stuxnet and WannaCry. Orla is responsible for developing and publishing threat intelligence reports and speaks regularly at industry conferences and customer events on Internet security and cyber threats.
Dan has worked in the field of digital forensics and incident response for over eight years and is a member of NTT Security EMEA Incident Response team, responding to cybersecurity incidents worldwide. His specialist experience was forged within a UK law enforcement regional cybercrime unit and also hi-tech crime unit, working on high-profile, international investigations into the most serious incidents of network-based organized criminal activity. Dan has frequently worked on international investigations relating to cyber-dependent crime, including but not limited to computer misuse act, network intrusions & insider threat.
John Fokker is Head of Cyber Investigations for McAfee's Advanced Threat Research team. Prior to joining McAfee, he worked at the National High Tech Crime Unit (NHTCU), the Dutch national police unit dedicated to investigating advanced forms of cybercrime. Within NHTCU he led the data science group, which focused on threat intelligence research. During his career he has supervised numerous large-scale cybercrime investigations and takedowns. Fokker is also one of the cofounders of the NoMoreRansom Project. He started his career with the Netherlands Police Agency as a digital forensics investigator within a task force against organized crime. Before joining the national police, he served in the special operations and counterterrorism group of the Royal Netherlands Marine Corps.
John Bambenek (University of Illinois at Urbana-Champaign)
Reserve speaker (TBA)
Pierre-Luc Vaudry (ZEROSPAM Security)
Olivier Coutu (ZEROSPAM Security)