Weather. The first thing I ask my Alexa before I get ready to step outside my home. Have you ever gone outside the home without knowing what the weather was? If you did, I’m certain it was because of an emergency situation and you had to rush. In most situations every human will get this little piece of intelligence so that they may move to the next step of the decision-making process. What’s more interesting is the way that each individual consumes it may also be different. All coming to slightly different answers, and some quicker than others. Most will likely do a quick scan on their mobile device or shout out to Alexa. If your mobile device is not in reach, maybe you ask your significant other? It’s easy to shout and ask, “what’s the weather like?” You get an answer, “I think it’s in the 50’s today”. That answer may not be accurate, but you got an answer.
It’s foundational knowledge like this that allows you to make your next move. This is the first critical piece of intel that is part of your decision-making process on what to wear for the day. Now comes the next part, where are you going? What else do you have going on that day? Do you have a client meeting in the office? Happy hour with the client? School activities afterwards? Perhaps it’s all of the above. The weather and the calendar go hand in hand for me and I must know both at the beginning of my day. But it doesn’t stop at the “what to wear.” The harder part is the preparation for what’s to come so that I can be equipped to have a successful day and also be present for my kids activities in the evening if I’m lucky enough to be home that day.
So lets walk through my calendar tomorrow…
9 AM Breakfast meeting with partner
12 PM Lunch meeting with client
2 PM Internal meeting with sales
3 PM – 5 PM Email and administrative items
6 PM – Cubs Scouts Den meeting
Tomorrow’s high in Chicago is 45 and a low of 18. Thankfully no rain or snow. I don’t have to worry about shoveling or snow-blowing…so glad this has not happened yet in Chicago! I’ve got a partner meeting and a client meeting but both casual since they are not in the office. Then internal meetings over the phone and finally email and catch up from my home office. No need to dress up tomorrow. Business casual day, possibly even jeans with a coat. This doesn’t stop here. I’ve only figured out what to wear. I also needed to prepare for who I’m meeting with and making sure I can have intelligent conversations with the partner and my client. Do I know their business model? Planning for next year? Do we currently do business with them? How can the partner help. As for the customer, How can I help the customer? Do they do any business with us currently, and what is it? For later in the evening, I need to be sure I am home in time for the scouts meeting!
Let’s kick it up a notch now and enter the realm of cybersecurity. I’m an analyst, get to the office and look at my SIEM (Security Information and Event Management) but I have no idea where to look first. I have a ton of alerts sitting in my console, and I just start to blindly pick one that sounded interesting. Lets look at that “Emotet” infection on that one system, that seems fun! This is very much like not knowing the weather before going out for the day, or not knowing your calendar of events for the day so that you can prioritize where you need to be at first. What if I started doing my email and admin tasks FIRST, even though I was suppose to be at a breakfast meeting In the morning. It is when you have an intelligence led security operations that allows you to make informed decisions on what you need to wear and where you need to be first and not gobble up time or do things that should be de-prioritized.
What if you did have intelligence but it was open source research that you did for the day. You get your daily fix from yoursecuritynews.com. Maybe even have some feed that comes in but does not apply to the data flowing into your operations? That almost seems like looking at the weather a week ago and hoping it’s still accurate. Or better yet are you even looking at the right city? Similar to the weather in the right city, does that phishing campaign even effect you? This is not new to anyone in the cybersecurity field, especially the folks in the SOC. The purpose of writing this is to raise awareness for others outside of the industry and to clarify a small component of cybersecurity…threat intelligence. It is important. But it's not just important on having it. It becomes a necessity when the intelligence is consumable and you can take action on it just like we all take actions by consuming the right intelligence and knowing what to wear for the day and where to go.
The original article can be found here.
Comments