Panel: Bursting the myths about threat intelligence sharing

Thursday 3 October 14:00 - 14:30, Small talks

Kathi Whitbey (Palo Alto Networks)
Jeannette Jarvis (Fortinet)
Dan Saunders (NTT)
John Fokker (McAfee)

Many myths and misunderstandings surround threat intelligence sharing. If I share, I give away my only real advantage. If I share, then I expose my weakness to competitors. Information I get from others is likely to be false anyway. These myths and others hamper collaboration, in turn preventing the industry from optimizing security for end-users. But the truth belies these myths: no one organization, whether government or corporate, has the ability to see the full picture without sharing. And without that broader picture, your products and services simply cannot be as effective as they could be. This panel will examine and ‘pop’ some long-standing myths. In particular, the panel members will address technical misconceptions in areas such as data normalizing and formatting, as well as the ethical, cultural, business, technical, and operational impediments to sharing data and publishing research. Attendees will come away with a better understanding of the real challenges to effective threat intelligence sharing as well ways to overcome them.

(This presentation forms part of the Threat Intelligence Practitioners’ Summit)



Kathi Whitbey

Kathi Whitbey currently serves as the Program Manager for Cyber Threat Intelligence Information Sharing programs within Palo Alto Networks. In this role, Kathi was an integral part in the process for incorporating the CTA, to include the CTA Platform development efforts. Kathi’s previous roles have included software development management and technical training efforts for various US government agencies. Kathi has been fortunate to have travelled all over the world educating employees on custom software applications. In her free time, Kathi serves as a volunteer Emergency Medical Technician (EMT), and served in that role in Djibouti, Africa supporting the US Navy. Kathi has an M.S. degree in information systems.



Orla Cox

Orla is a member of Symantec’s Security, Technology, and Research team (STAR).  STAR is Symantec's cyber threat frontline, responsible for identifying, analysing and responding to the latest attacks and threats. In her 20 years at Symantec, Orla has been at the forefront of investigations into some of the most well-known cyber threats, such as Stuxnet and WannaCry. Orla is responsible for developing and publishing threat intelligence reports and speaks regularly at industry conferences and customer events on Internet security and cyber threats.


Dan-Saunders-web.jpg Dan Saunders

Dan has worked in the field of digital forensics and incident response for over eight years and is a member of NTT Security EMEA Incident Response team, responding to cybersecurity incidents worldwide. His specialist experience was forged within a UK law enforcement regional cybercrime unit and also hi-tech crime unit, working on high-profile, international investigations into the most serious incidents of network-based organized criminal activity. Dan has frequently worked on international investigations relating to cyber-dependent crime, including but not limited to computer misuse act, network intrusions & insider threat.


John Fokker

John Fokker is Head of Cyber Investigations for McAfee's Advanced Threat Research team. Prior to joining McAfee, he worked at the National High Tech Crime Unit (NHTCU), the Dutch national police unit dedicated to investigating advanced forms of cybercrime. Within NHTCU he led the data science group, which focused on threat intelligence research. During his career he has supervised numerous large-scale cybercrime investigations and takedowns. Fokker is also one of the cofounders of the NoMoreRansom Project. He started his career with the Netherlands Police Agency as a digital forensics investigator within a task force against organized crime. Before joining the national police, he served in the special operations and counterterrorism group of the Royal Netherlands Marine Corps.



Back to VB2019 Programme page

Other VB2019 papers

RetroMal: analysing malware on the earliest computing platforms

Andrew Brandt (Sophos)

Spoofing in the reeds with Rietspoof

Jan Sirmer (Avast Software)
Luigino Camastra (Avast software)
Adolf Středa (Avast software)

Fireside chat: Being a CISO at a cybersecurity company: a view from the hot seat

Chester Wisniewski (Sophos)
Ross McKerchar (Sophos)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.