Name: The Threat Intelligence Playbook: Keys to Building Your Own Threat Intelligence
Start: 2018-11-07T18:00:00Z
End: 2018-11-07T18:00:59.000Z
Location: BrightTALK
Rating: 4.5

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Join Travis Luckey, CIO of the City of Beaverton, Oregon, as he reviews key elements of the city’s data privacy and security program. He’ll cover what is collected, how that data is classified, and highlight some of the city’s important data governance
 initiatives, such as sensitivity labels and password-less authentication, that help secure private information and ensure it can only be accessed by those with a need to know about it. We’ll save time afterward for questions/conversation.

The key takeaways for attendees can be summarized as (1) understanding how the city safeguards community data through modern security practices, and (2) learning about current initiatives in the city, including sensitivity labeling and password-less
 authentication.

Your Hometown Knows A Lot About You - How Do They Keep That Information Safe?

This presentation explores how organizations can transform privacy from a compliance obligation into a driver of trust and innovation. It introduces the concept of an AI Privacy Impact Assessment (AIPIA) — a structured approach to identifying, assessing, and mitigating privacy risks across the AI lifecycle. By integrating principles from global standards such as GDPR, ISO/IEC 42001, ISO/IEC 23894, and the NIST AI RMF, AIPIA helps ensure that AI systems remain transparent, accountable, and aligned with ethical and regulatory expectations. The session highlights how privacy impact assessments uncover risks like data misuse, bias, or inference leakage and translate them into actionable governance measures. Ultimately, it positions privacy as a cornerstone of responsible AI adoption—enhancing organizational resilience, stakeholder confidence, and long-term competitive advantage.

AI Privacy Impact Assessment (AIPIA): From Compliance to Competitive Advantage

The Cyber Resilience Act sets mandatory requirements for manufacturers to implement cybersecurity risk management, produce and maintain SBOMs and manage vulnerabilities across the product lifecycle. This session explains obligations and shows practical ways to embed resilience in development and deployment pipelines. It also highlights how preparing now supports readiness for future regulations such as the AI Act, creating innovation and business advantage. 

Key Takeaways:
 • Understand CRA requirements for software and device makers.
 • Learn how SBOM and vulnerability handling affect compliance.
 • See examples of compliance by design practices in action.
 • Foresight into upcoming regulations and frameworks, such as the AI Act.

Preparing for CRA: What Manufacturers, Developers, and Security Leaders Need to Know

This presentation shows what kind of information is online about people and companies, how I find and use that information in social engineering campaigns, and most importantly how to take back some level of control to protect our privacy. Most of it is focused on personal privacy - how this information got out there in the first place, why it's not a good thing, how to find and delete it, all mixed in with my personal experience of going through this process. It also contains examples of successful social engineering campaigns demonstrating exactly how seemingly innocent information can be used against an individual or organization.

How to Protect Yourself From People Like Me

The path to the boardroom is often hidden from view, leaving many aspiring directors unsure of how the process really works. In this episode, we shine a spotlight on the mechanics of board-member selection, from how nominating committees identify candidates to the role networks, skills, and emerging competencies like cybersecurity and ESG play in shaping the pipeline. Joining us are experts from a leading executive search firm and seasoned industry leaders with direct experience in selecting board members. Together, they will reveal what differentiates candidates, how boards make decisions, and what it truly takes to earn a seat at the table.

Behind Closed Doors: How Board Members Really Get Selected

AI is being deployed faster than most security teams can govern it. Whether it’s shadow AI models running without approval or sensitive data flowing into third-party tools without scrutiny, the result is the same: heightened regulatory risk and operational blind spots. Most organizations don’t have a clear system for AI oversight, leaving models and the data that fuels them outside the lines of compliance and control.

This session unpacks how to bring structure to the chaos. From cataloging every AI model and its data inputs to enforcing usage policies and surfacing accountability metrics, CISOs can – and must – take the lead in governing enterprise AI.

Key Takeaways

● Catalog Models and Data: Build visibility across all AI models in use, including third-party and shadow tools, and map their data sources.
● Set Clear AI Usage Policies: Define what’s allowed, what’s not, and what needs review – ensuring alignment across security, legal, compliance, and the business.
● Align with Governance Requirements: Ensure your AI programs meet regulatory, ethical, and corporate mandates before external frameworks mandate it.
● Monitor and Report: Put oversight in motion with active monitoring, risk scoring, and audit-ready reporting across your AI footprint.
● Get Ahead of Regulation: With global regulatory frameworks still catching up, internal governance is your best defense – and offense – for safe, scalable AI adoption.

Actionable Oversight for Enterprise AI: Governing Models, Data, and Risk

AI is in your business now, often outside policy and visibility. Adversaries, regulators, and your own teams are moving fast. 

The result: unmanaged risk from shadow AI, agentic systems, and a surge of machine identities (tokens, API keys, service accounts) that can act without oversight. Traditional IAM alone won’t contain it. This CISO briefing lays out a board-ready operating model for AI governance at speed and scale. We’ll define decision rights, an enterprise AI register, and risk tiers that drive controls. We’ll show how to bound agent actions, enforce least privilege for non-human identities, protect data and models, and produce continuous, audit-ready evidence. Expect plain language, real examples, and a focus on measurable outcomes: faster approvals, smaller blast radius, clearer accountability, and defensible reporting. 

Leave with a 90-day plan and a concise set of KPIs/KRIs any executive can track to prove coverage, reduce exposure, and enable safe, profitable AI adoption across the enterprise.

CISO Briefing: Board-Ready AI Governance at Speed and Scale

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Public sector organizations and enterprises worldwide face increasingly sophisticated cyber threats that can disrupt operations, erode trust, and compromise mission success. Cyber resilience, defined as the ability to anticipate, withstand, recover from, and adapt to cyber events is now a critical component of national, organizational, and digital security strategies.

This session explores how cyber resilience strengthens deterrence and operational continuity across sectors by ensuring systems and data remain available, trustworthy, and secure - even under attack. Central to this is data centricity: treating data as the most valuable asset and ensuring its protection, governance, and accessibility at all times. By safeguarding data through classification, encryption, access control, and continuous monitoring - aligned with Zero Trust and proactive data security principles - organizations can deny adversaries the opportunity to disrupt essential services or degrade decision-making.

Participants will gain insights into how building resilience at the data and system levels not only protects critical operations but also establishes confidence, credibility, and deterrence in a globally connected environment.

Featuring:
Travis Rosiek, Public Sector CTO, Rubrik (https://www.linkedin.com/in/travis-rosiek-3255b669/)

Cyber Resilience as Deterrence

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

This session explores building cyber resilience using the NIST Cybersecurity Framework 2.0's Identify, Protect, Detect, Respond, and Recover approach to minimize operational impact from cyber incidents.

Discover how real-world attacks compromise backups, resulting in lengthy and uncertain recovery periods that may compel organizations to revert to outdated manual processes. The key focus: Leveraging AI to rapidly identify clean data, detect threats early, and enable quick recovery with minimal operational disruption.

Featuring:
Jim McGann, CMO, Index Engines (https://www.linkedin.com/in/mcgann/)

AI with Intention: Threat Detection and Trusted Data Recovery

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

With resilience, our aim is to “remain viable amidst adversity.” We prevent what we can, presuming a certain number of incidents will occur, forcing us to detect and recover. We know relying solely on technical controls is no longer sufficient. Malicious actors are increasingly focused on social engineering. We also know that one-third of incidents begin outside of our enterprise. We must focus on a collaboration of people, process, technology, and the organization across the entire cyber life cycle inside and outside of our enterprise.

This session will walk through the underlying principles to guide your journey while discussing the role of the Business Impact Analysis (BIA), the Operational Resilience Framework (ORF), and the Cyber Resilience Capability Maturity Model (CR-CMM) as tools to achieve your resilience objectives.

Featuring:
Alex Sharpe, Principle, Sharpe, LLC (https://www.linkedin.com/in/alex-sharpe-3rd/)
Mark Orsi, CEO, GRF (https://www.linkedin.com/in/markorsi/)

Principles and Tools for your Resilience Journey

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Resilience in security ensures an organization's ability to anticipate, detect, withstand, recover, and adapt to cyber threats. To counter the ever-evolving cyber threat landscape, organizations rely on cybersecurity tools to prevent, detect, and respond to cyberattacks. 

This presentation will compare these tools to the NIST 800-160 and MITRE ATT&CK models, highlighting any remaining gaps and challenges. This research employs a systematic literature review and case study approach to examine the present state of cybersecurity tools and their applicability. This research adopts the Resilience Engineering Theory to review and evaluate the resilience of cybersecurity tools.

Featuring:
Oluwatomisin Giwamogorewa, Cybersecurity Doctoral Candidate, Marymount University (https://www.linkedin.com/in/ogiwamogorewa/)
Oluwatobi Babatunde, Cybersecurity Doctoral Candidate, Marymount University (https://www.linkedin.com/in/oluwatobi-babatunde)
Ricky Katsuya, Cybersecurity Doctoral Candidate, Marymount University (www.linkedin.com/in/ricky-katsuya-51071421)

Cyber Resilient Tools: Current Innovations and Future Challenges

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Users fundamentally face risks that vary among different ICT sectors, constantly evolve, and require reasonable allocations of resources and actions. 

As cybersecurity incidents and related losses continue to increase, multiple private and public sector activities and actions have emerged as different understandings of what is reasonable. In legal terms "reasonable cybersecurity" is the duty of care that an organization owes its customers. However, what is reasonable remains largely undefined and no global compilation exists of its use for cybersecurity purposes.

Featuring:
Curtis Dukes, EVP & GM Security Best Practices, Center for Internet Security (CIS) (https://www.linkedin.com/in/curtis-dukes-aa9966129/)

Reasonable Cybersecurity: Emerging New Developments

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Major cyber incidents expose gaps in critical asset protection, raising the question: how can MITRE ATT&CK help strengthen cyber resilience?

This presentation explores how MITRE ATT&CK reveals lessons learned from real-world incidents - starting from Groups, through TTPs and Mitigations, to the intersection with cyber resilience via the MITRE Cyber Resiliency Engineering Framework (CREF). It demonstrates how ATT&CK with the CREF Navigator can help organizations shift from reactive threat tracking to proactive, resilience-oriented planning. By analyzing cyber incidents and IT disruptions, we underscore how MITRE ATT&CK can serve not only as a threat-tracking tool but also as a valuable reference for strengthening cyber resilience against both evolving adversaries and technological disruptions.

Featuring:
Lorenzo Vacca, Cybersecurity Manager, RSM Italy (https://www.linkedin.com/in/lorenzo-vacca/)

Applying MITRE ATT&CK for Cyber Resilience: A Lessons-Learned Approach

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Cyber defenders need a clear understanding of how security controls and capabilities align with their threat identification efforts, risk assessments, and security control programs. To support this, MITRE CTID has developed an open-source repository of mappings connecting security controls and capabilities to adversarial behaviors as described in MITRE ATT&CK. These mappings provide a foundation for a threat-informed approach by meeting the following objectives:

- Application of threat-informed analysis and decision-making to security control program design and implementation.
- Connect the design and implementation of controls to the adversary behaviors they mitigate.
- Improve management and board reporting with respect to control investment and threat protection.

Featuring:
Tiffany Bergeron, Chief Architect, Mappings Program - Center for Threat-Informed Defense, MITRE (https://www.linkedin.com/in/tiffany-bergeron/)

Unite ATT&CK and Security Controls for a Resilient Future

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Combining FAIR and Threat-Informed Defense to Evaluate Real-World Threat Exposure

Cybersecurity risk assessments frequently depend on qualitative scoring of controls based on standards like ISO 27001, NIST CSF 2.0, or CIS Controls. While these standards help establish good structure of a cybersecurity program, they fall short in addressing how real-world adversaries operate. They don’t guide prioritization based on actual attack techniques or measure the real effectiveness of defenses. We propose a threat-informed risk assessment framework that integrates threat-informed defense methods to link adversary behavior to mitigation coverage and directly inform the Loss Event Frequency input of the FAIR model.

Featuring:
Mehdi, Azaouioui, CEO & Founder, Limbersecurity (https://www.linkedin.com/in/mehdi-azaouioui-51a4431b/)

Framework for Threat-Informed Cyber Risk Assessment

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Building a strong cyber resilience strategy can be a complicated and lengthy process, and not all organizations have the same requirements. In this session, we highlight where organizations are focusing to build and then constantly improve on the building blocks of:

- Securing systems, especially the backup environment, aligning to zero trust principles and hardening against attacks
- Enhancing the ability to detect threat actor activity, such as using near real time information to protect high value storage systems which are not often well monitored due to their closed nature
- Technologies to protect systems and data to better enable timely recovery of operations from minimal, moderate and severe attacks.

Featuring:
Jim Shook, Director, Cybersecurity & Compliance Practice Cyber Resilience, Dell Technologies (https://www.linkedin.com/in/jamesshook/)

Practical Lessons In Building Cyber Resilience

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

This expert panel will explore the critical shift from reactive cybersecurity postures to proactive cyber resilience engineered by design. Featuring leading voices from policy, architecture, implementation, and incident response, this session will bridge theory and practice on how resilience can and must be built into systems from the start — not added as an afterthought.

Featuring:
Francesco Chiarni, CEO & Chief Researcher, High Value Target (https://www.linkedin.com/in/chiarini/)
Jimmy Sanders, Information Security Leader President, ISSA International (https://www.linkedin.com/in/jimmy-s-cissp-crisc-cism/)
Ron Ross, Chief Executive Officer, RONROSSECURE, LLC (https://www.linkedin.com/in/ronrossecure/)
Mark Winstead, Principal Systems Security Engineer, MITRE (https://www.linkedin.com/in/markwinstead/)
Patrick Lechner, Managing Director, Resion (https://www.linkedin.com/in/patrick-lechner-resilience/)

Engineering Trust — Building Cyber Resilience by Design

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

MITRE’s Applied Cyber Resiliency Engineering (ACRE) methodology is a structured and repeatable implementation of NIST SP 800-160 Vol. 2 Rev. 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach”. ACRE has been designed to be applicable at all stages of the system development lifecycle and to provide documented traceability from an assessment of the system’s mission context to system requirements that support cyber resiliency in that context. MITRE’s Cyber Resiliency Engineering Framework (CREF) Navigator is a web-based tool that allows cyber engineers to easily trace the relationships defined in NIST SP 800-160 Vol. 2 Rev. 1. 

This presentation will provide a high-level overview of the ACRE along with a demonstration of using the CREF Navigator to implement the methodology.

Featuring:
David Mann, Ph.D., Principal Cybersecurity Scientist, MITRE
Shane Steiger, Cyber Security Research - Resiliency & Innovation, MITRE

Applied Cyber Resiliency Engineering (ACRE)

Acronyms such as IOCs (indicators of compromise) and IOAs (indicators of attack) are ubiquitous in the security industry. But a recent SANS Institute survey revealed that a vast majority of security professionals don't even know how many indicators they receive or can use. Join DomainTools Sales Engineer, Taylor Wilkes-Pierce to learn how IOCs and IOAs can work in tandem to build your own threat intelligence, enrich your investigations and overall security strategy. 


In this webinar, you will learn

How security professionals go about sourcing indicators
What can you do with IOCs/IOAs after locating valuable indicators
To pivot through threat actor infrastructure and determine the "Who" and the "How Bad".

Moderator: 
C-A Washington, Founder, Image & Etiquette Institute

Speakers:
Taylor Wilkes-Pierce, Sales Engineer, DomainTools
Ken Dunham, Senior Director, Technical Cyber Threat Intelligence, Optiv
Greg Reith, Sr. Solutions Architect, CenturyLink

The Threat Intelligence Playbook: Keys to Building Your Own Threat Intelligence

Threat Intelligence

SANS

Indicators of Compromise

Indicators of Attack

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Threat Intelligence Playbook: Keys to Building Your Own Threat Intelligence

Presented by

About this talk

Information Systems Security Association