All is naught if the talent is not embedded in the enterprise. Evaluating internal talent to ensure the right mindset is working on organizational threat intelligence is important. Some suggest that each cyber security threat intelligence operation would benefit from having a veteran of the armed services with an intelligence background. With limited cyber security expertise available, alternative sources of talent are necessary.

• Taking stock of the talent in house
• Realizing inherent skill sets currently not being utilized
• Sourcing for additional talent to fit TI criteria
• Continually refreshing the team as technology advances

Investigating current feeds to ensure action has been taken at some point is cogent business practice. If there is no signal to the noise, the feed is not intelligent- it’s not even information, it is taking talent away from actual security activities thus making the enterprise more vulnerable and less secure.

• Identifying current feeds providing actionable information
• Tasking internal teams with refreshing in-house information to ensure nothing is being missed
• Challenging external teams to identify potential actionable information being missed by internal teams
• Ensuring that non-actionable feeds are cut 

Actionable information makes for quality intelligence. Once true threat intelligence is coursing through the veins of the organization, a next step is automation. To automate prior to knowing that the intelligence is quality is simply speeding up bad decisions and providing the potential for exponential growth of bad decisions.

• Understanding bad information is not good no matter how fast it moves nor how much of it is present
• Realizing automation increases speed and provides exponential output
• Ensuring that industry information remains informational
• Insisting that company feeds remain actionable

Threat hunting is all the rage. And of course, a forward-leaning posture is necessary in 2021 cyber security. While many are diving into threat hunting- few do it well. And even fewer have the discipline in a state where it could be automated with positive effect.

• Realizing the myriad initiatives that can be undertaken before threat hunting
• Ensuring basic hygiene of your tech stack all the way through to the enablement of your distributed workforce
• Ensuring the cyber security operation is firing on all cylinders prior to engaging in analog threat hunting
• Only automating tried and true analog processes which are the result of a pristine operation

Getting to a point that automated response and remediation information so the organization can make cogent decisions on how the threat intelligence is actually thwarting threats is enterprise nirvana.

• Is there actually quality information from automated response and remediation flowing back through the organization?
• How is the quality information being evaluated and tuned into insights?
• In what ways are the insights providing enough depth for cogent decision making?
• How is quality information consistently being rejuvenated to ensure fresh insight for the enterprise?