EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts

06/24/24 • 32 min

Guest:

Topics:

Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”?
We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that!
In Anton’s experience, a lot of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that?
One aspect of threat intelligence that’s always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one?
You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like?
Are there other parts of your background that inform the work you’re doing and how you see yourself at Google?
How does that impact our go to market for threat intelligence, and what’re we up to when it comes to keeping the Internet and broader world safe?

Resources:

Guest:

Topics:

Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”?
We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that!
In Anton’s experience, a lot of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that?
One aspect of threat intelligence that’s always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one?
You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like?
Are there other parts of your background that inform the work you’re doing and how you see yourself at Google?
How does that impact our go to market for threat intelligence, and what’re we up to when it comes to keeping the Internet and broader world safe?

Resources:

Guests:

Topics:

Most organizations you see use both cloud and on-premise environments. What are the most common challenges organizations face in securing their hybrid cloud environments?
You do IR so in your experience, what are top 5 mistakes organizations make that lead to cloud incidents?
How and why do organizations get the attack surface wrong? Are there pillars of attack surface?
We talk a lot about how IAM matters in the cloud. Is that true that AD is what gets you in many cases even for other clouds?
What is your best cloud incident preparedness advice for organizations that are new to cloud and still use on-prem as well?

Resources:

Guests:

Topics:

You talk about “teamwork under adverse conditions” to describe expedition behavior (EB). Could you tell us what it means?
You have been involved in response to many high profile incidents, one of the ones we can talk about publicly is one of the biggest healthcare breaches at this time. Could you share how Expedition Behavior played a role in our response?
Apart from during incident response which is almost definitionally an adverse condition, how else can security teams apply this knowledge?
If teams are going to embrace an expeditionary behavior mindset, how do they learn it? It’s probably not feasible to ship every SOC team member off to the Okavango Delta for a NOLS course. Short of that, how do we foster EB in a new team?
How do we create it in an existing team or an under-performing team?

Resources: