So you want to be a "Cyber Threat Analyst" eh?

BSidesNOVA 2017

Presented by: Anthony Melfi
Date: Saturday February 25, 2017
Time: 09:00 - 10:00
Location: Classroom A/B
Track: Track 3

Abstract: Despite being around for well over six years, the position of a "cyber threat analyst" is one that is still not yet clearly defined. The lack of definition is due to the positions popularity and infancy. For example, there are vastly different job descriptions which are all labeled as "cyber threat analyst". This talk isn't about stating which definition is right or wrong. This presentation is about the set of skills, concepts and theories which enable an analyst to be successful under any definition of "cyber threat analyst". This presentation will provide key theories, concepts and required skills of the profession. For beginners it is a road-map. For experienced analysts it is a cross-pollination of ideas.

Outline: Introduction -An Overview of the Cyber Threat Analyst landscape -A recommended definition for " Cyber Threat Analyst" -Figure out your environment: Porters five forces analysis for the threat analyst Knowing how to talk and organize like a business: Porters Value Chain for SOC and analyst shops -Pick your own risk analysis. Example: Operational Risk Management (ORM) -If you only remember one thing from this talk: The Diamond Model of Intrusion Analysis -Choose your own attack phases: The Lockheed Martin Kill Chain & EC counsel phases of attack -Mitigation and understanding how to use defense in-depth concepts like the Lockheed Martin Cyber Threat Matrix -The Pyramid of Pain..and you! aka No good deed goes unpunished: How to prioritize your analytic life and avoid management's Lenny-like crushing grasp when they love you SOOO much! -Quick check to put it all together -Organizing your research aka pivoting whilst keeping your sanity -Tips on collaboration and avoiding being Alice in Wonderland (common analytic pivoting pitfalls to avoid) -How to support a SOC and play match-maker on the security team -Recommend courses, certifications, reading and means to break into the industry

Anthony Melfi

Hey there friends! I am Anthony "Sweater Vest Tony" Melfi and I am a cyber threat analyst. While in the Navy for 11 years, I was in a rating that was the jack of all trades. For the past seven years I have run, taught, and mentored large and small cyber threat analyst shops. I am also a former National Cryptologic School instructor for cyber threat analysis. I have seen my profession grow but, it seems there are vastly different opinions on what a analyst does. Which is right? Which is wrong? It honestly doesn't matter, we analysts are still the jack of all trades. What matters is that an analyst understands key, universal concepts and theories. More importantly is the ability to apply them to provide a 360 degree view of a given event, incident or activity. For interested parties, this presentation can be your road-map. For my fellow analysts, this is an opportunity to cross-pollinate some ideas that you may not be familiar with. Finally, I would tell you a joke about UDP, but you might not get it....


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats