TechSpective Podcast Episode 099
Do you like to do jigsaw puzzles? I generally don’t have the patience, but my wife is a jigsaw puzzle fanatic. Gathering threat intelligence is a lot like assembling a jigsaw puzzle.
Whether you do jigsaw puzzles or not, you probably at least understand the concept enough to know that if I just give you 13 random pieces from a 1,000-piece puzzle and you don’t have access to the box to see what the finished puzzle is supposed to look like, it’s relatively useless. That is essentially how a lot of threat intelligence works. Different organizations and security vendors each have visibility to gather information–but only from their own perspective and without knowing what the big picture is.
Maggie MacAlpine, Cyber Engagement Lead for the Center for Threat Informed Defense at MITRE Engenuity, joins me on this episode to talk about the things they are working on at MITRE. Prior to joining MITRE, she served as a security strategist for Cybereason (where we were coworkers). During her decade-long career focused on cybersecurity, she also co-founded the DEF CON Voting Village, served as a contributing researcher on the “Security Analysis of the Estonian Internet Voting System” (in partnership with the University of Michigan), and appeared in the HBO documentary, “Kill Chain”. She has discussed cybersecurity threats at numerous conferences including DEF CON, the Diana Initiative, ShmooCon Hacker Conference, and PacSec Tokyo, and she has presented on Capitol Hill and at the US Naval War College.
The project that Maggie is most excited by addresses this jigsaw puzzle dilemma. MITRE developed the Sightings Ecosystem to advance our collective ability to see threat activity across organizations, platforms, vendors, and geographic boundaries. With participating organizations sharing their set of pieces from the jigsaw puzzle, Sightings Ecosystem provides visibility into trending attacks and helps organizations understand which techniques should be a higher priority.
Check out the full episode for more about threat intel with Sightings Ecosystem and what’s going on at MITRE Engenuity and the interesting tools they’re working on at the Center for Threat Informed Defense. We also digress into a discussion of election security and why I am opposed to state sovereignty on various levels.
The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:
Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.
If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.