Episode Summary:
Modern cyber threat intelligence rooted in military origins, splits into two main practices: academic and practical. Academic threat intelligence involves mature teams like Unit 42 and Google, dedicating resources to in-depth research beyond daily security operations. Practical threat intelligence, in contrast, describes the reality of everyday work of intelligence analysts in smaller teams, often multitasking.
MacKenzie believes the field is overly influenced by academic and marketing-driven perspectives, neglecting the value of democratized, actionable and transparent intelligence. While intelligence sharing is key to success, the practical application of intelligence within security teams remains unclear. MacKenzie discusses how intelligence interacts with a security team, what real-world intelligence analysts do for a security team and how to bridge the gap between cool graphs made in Maltego and practical data you can use to secure environments.